Protokollinkonsistenz im WebDAV-Authentifizierungs-Handshake gelöst

2026-02-07 09:31:49 +01:00
parent 6d913a402b
commit 6510cc0d78
2 changed files with 30 additions and 3 deletions
--- a/nginx.conf
+++ b/nginx.conf
@@ -0,0 +1,27 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+
+include /etc/nginx/modules-enabled/*.conf;
+# HIER ENTFERNEN!
+
+events {
+    worker_connections 4096;
+    multi_accept on;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    proxy_hide_header Upgrade;
+    sendfile on;
+    access_log /var/log/nginx/access.log;
+    error_log  /var/log/nginx/error.log;
+    server_names_hash_bucket_size 128;
+    include /etc/nginx/conf.d/*.conf;
+    
+    # HIER EINFÜGEN:
+    include /etc/nginx/conf.d/proxy_generated/*.conf;
+
+    # IPv4-Port 80: globaler Redirect auf HTTPS
+}
--- a/sync-ispconfig-proxy.sh
+++ b/sync-ispconfig-proxy.sh
@@ -65,7 +65,7 @@ write_nginx_config() {

    if [ -f "$cert_dir/fullchain.cer" ]; then
        if_ssl="if (\$scheme != \"https\") { return 301 https://\$host\$request_uri; }"
-        ssl_block="listen 443 ssl http2; listen [::]:443 ssl http2;
+        ssl_block="listen 443 ssl; listen [::]:443 ssl;
    ssl_certificate $cert_dir/fullchain.cer;
    ssl_certificate_key $cert_dir/${domain}.key;
    ssl_protocols TLSv1.2 TLSv1.3;
@@ -78,6 +78,7 @@ write_nginx_config() {
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_hide_header Upgrade;
        proxy_buffer_size 128k;
        proxy_buffers 4 256k;
        proxy_busy_buffers_size 256k;
@@ -87,8 +88,7 @@ write_nginx_config() {
    [ -d "/var/www/${domain}/web" ] && local_root="root /var/www/${domain}/web/; index index.php index.html;"

    local path_block=""
-    [[ "$redirect_path" == /* && "$redirect_path" != "/urldummy/" ]] && path_block="location ${redirect_path} { $if_ssl proxy_pass http://[$target_ip]:80${redirect_path}; $proxy_settings proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection \"upgrade\"; }"
-
+[[ "$redirect_path" == /* && "$redirect_path" != "/urldummy/" ]] && path_block="location ${redirect_path} { $if_ssl proxy_pass http://[$target_ip]:80${redirect_path}; $proxy_settings proxy_http_version 1.1;}"
    cat <<EOF > "$config_path"
 server {
    $ssl_block