Hello,
I thought I would ask here for some help with WebDav through HAproxy.
So I have successfully set up HAproxy to listen for http/https on a virtual
IP.
I have two Apache2 (apacheserver1 and apacheserver2) servers serving web
traffic.
Everything is working fine - I am serving web pages, my clients are forced
to use https, my SSL cert is signed correctly and my users can connect to
their WebDAV areas using Finder (Mac) and Nautilus (Linux).
Great.
Now, here comes the serious trouble - **Windows clients can't connect via
WebDAV.**
Here is the command:
`net use X: \\myserver.com@SSL\home\eamorr`
And the error:
System error 67 has occurred.
(I can connect perfectly fine to https://myserver.com/home/eamorr on
Mac/Linux)
When I do:
`net use X: \\apacheserver1.com@8080\home\eamorr`
It works fine (I'm connecting directly to apacheserver1:8080 - no SSL).
When I do:
`net use X: \\apacheserver1.com@SSL@8081\home\eamorr`
It works fine (I'm connecting directly to apacheserver1:8081 - SSL enabled).
But when I go through the haproxy, it just will not work...
Here's my haproxy config:
frontend www-http
bind 137.43.99.100:80 #A virtual IP
#reqadd X-Forwarded-Proto:\ http
default_backend http-backend
frontend www-https
bind 137.43.93.215:443 ssl crt /etc/apache2/ssl/combined.pem
#reqadd X-Forwarded-Proto:\ http
#reqirep Destination:\ https(.*) Destination:\ http\\1
#rspidel ^translate
default_backend http-backend
backend http-backend
cookie JSESSIONID insert
#reqirep Destination:\ https(.*) Destination:\ http\\1
server apacheserver1 137.43.99.101:8080 cookie apacheserver1 check
server apacheserver2 137.43.99.102:8080 cookie apacheserver2 check
#redirect scheme https if !{ ssl_fc } #forces https!
#option forwardfor
#http-request set-header X-Forwarded-Port %[dst_port]
#http-request add-header X-Forwarded-Proto https if { ssl_fc }
When I try to connect via
`net use X: \\myserver.com@SSL\home\eamorr` #A Windows command
here's the server-side HAProxy log (/var/log/haproxy.log):
Mar 5 11:51:00 apacheserver1 haproxy[22786]: 137.43.130.107:51168
[05/Mar/2015:11:50:25.233] www-https~ http-backend/apacheserver1
35691/0/1/11/35703 301 511 - - --NI 1/1/0/1/0 0/0 "OPTIONS /home/eamorr
HTTP/1.1"
Mar 5 11:51:01 apacheserver1 haproxy[22786]: 137.43.130.107:51168
[05/Mar/2015:11:51:00.936] www-https~ http-backend/apacheserver1
97/0/0/2/99 301 497 - - --NI 1/1/0/1/0 0/0 "OPTIONS /home HTTP/1.1"
And here's the output from Apache2 (with trace8 debugging info enabled):
Request received from client: OPTIONS /home HTTP/1.1
Headers received from client:
User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
translate: f
Host: myserver.com
AH01626: authorization result of Require all granted: granted
AH01626: authorization result of <RequireAny>: granted
request authorized without authentication by access_checker_ex hook:
/home
fixups hook gave 301: /home
Response sent with status 301, headers:
Date: Thu, 05 Mar 2015 12:09:50 GMT
Server: Apache/2.4.7 (Ubuntu)
Location: http://myserver.com/home/
Content-Length: 312
Content-Type: text/html; charset=iso-8859-1
core_output_filter: flushing because of FLUSH bucket
core_output_filter: flushing because of FLUSH bucket
When I connect from Linux (which works fine!), I get the following
`/var/log/haproxy.log`:
Mar 5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295
[05/Mar/2015:12:20:10.062] www-https~ http-backend/apacheserver1
114/0/0/14/128 200 303 - - --NI 1/1/0/1/0 0/0 "OPTIONS /home/eamorr
HTTP/1.1"
Mar 5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295
[05/Mar/2015:12:20:10.190] www-https~ http-backend/apacheserver1 3/0/0/3/6
207 474 - - --VN 1/1/0/1/0 0/0 "PROPFIND /home/eamorr HTTP/1.1"
Mar 5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295
[05/Mar/2015:12:20:10.196] www-https~ http-backend/apacheserver1 1/0/0/2/3
200 172 - - --VN 1/1/0/1/0 0/0 "OPTIONS /home/ HTTP/1.1"
Mar 5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295
[05/Mar/2015:12:20:10.200] www-https~ http-backend/apacheserver1
31/0/0/3/34 207 901 - - --VN 1/1/0/1/0 0/0 "PROPFIND /home/eamorr HTTP/1.1"
Mar 5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295
[05/Mar/2015:12:20:10.234] www-https~ http-backend/apacheserver1
52/0/0/10/62 207 2188 - - --VN 1/1/0/1/0 0/0 "PROPFIND /home/eamorr
HTTP/1.1"
and here is the Apache2 output:
Request received from client: OPTIONS /home/eamorr HTTP/1.1
Setting redirect-carefully
Headers received from client:
Host: myserver.com
Accept-Encoding: gzip, deflate
User-Agent: gvfs/1.20.1
Accept-Language: en-ie, en;q=0.9, en;q=0.8
AH01626: authorization result of Require all granted: granted
AH01626: authorization result of <RequireAny>: granted
request authorized without authentication by access_checker_ex hook:
/home/eamorr
Content-Type 'application/octet-stream' ...
... did not match 'application/xml'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'application/rss+xml'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'application/x-javascript'
... did not match 'application/javascript'
... did not match 'application/ecmascript'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'text/css'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'text/html'
... did not match 'text/plain'
... did not match 'text/xml'
Content-Type condition for 'deflate' did not match
Response sent with status 200, headers:
Date: Thu, 05 Mar 2015 12:15:44 GMT
Server: Apache/2.4.7 (Ubuntu)
DAV: 1,2
DAV: <http://apache.org/dav/propset/fs/1>
MS-Author-Via: DAV
Allow:
OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK
Content-Length: 0
core_output_filter: flushing because of FLUSH bucket
Apache/2.4.7 (Ubuntu 14.04.2)
haproxy 1.5.11
Thank you for your help,
--
Eamonn Hynes
