Hello Sander
I use HAProxy 1.6.9 and Owncloud 9.1.1. I managed to get it working by
bypassing HAProxy in the initial configuration and tweaking the URLs.
Here is my config (I'll be interested to see yours):
*globallog 127.0.0.1local0#log 127.0.0.1local1
noticechroot /var/lib/haproxystats socket
/run/haproxy/admin.sock mode 660 level adminstats timeout
30suser haproxygroup haproxydaemon# Default
SSL material locationsca-base /etc/ssl/certscrt-base
/etc/ssl/private# Default ciphers to use on SSL-enabled listening
sockets.# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNUL!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl-default-bind-options no-sslv3 no-tls-tickets #disable SSLv3
tune.ssl.default-dh-param 2048 #tune DH to 2048defaultslog
globalmodehttpoption httplogoption
dontlognulltimeout connect 5000timeout client 5
timeout server 5errorfile 400
/etc/haproxy/errors/400.httperrorfile 403
/etc/haproxy/errors/403.httperrorfile 408
/etc/haproxy/errors/408.httperrorfile 500
/etc/haproxy/errors/500.httperrorfile 502
/etc/haproxy/errors/502.httperrorfile 503
/etc/haproxy/errors/503.httperrorfile 504
/etc/haproxy/errors/504.httpfrontend publicbind *:80bind
*:443 ssl crt /etc/haproxy/letsencrypt/redirect scheme https if !{
ssl_fc }mode http# Define hostsacl owncloud
hdr(host) -i owncloud.mydomain.com ##
figure out which one to useuse_backend owncloud_server if
owncloudbackend owncloud_servermode httphttp-request
set-header X-Forwarded-Port %[dst_port]http-request add-header
X-Forwarded-Proto https if { ssl_fc }rspadd
Strict-Transport-Security:\ max-age=15768000;\ includeSubDomains #enable
HSTS header for this backendrspadd X-XSS-Protection:\ 1;\
mode=block #enable XSS protection for this backendbalance
leastconnoption httpcloseoption forwardforcookie
JSESSIONID prefixserver srv01 10.10.10.101:80
cookie A check*
Thanks !
2016-11-11 21:06 GMT+00:00 Sander Klein :
> On 2016-11-11 15:28, Alexandre Besnard wrote:
>
> I use HAProxy as a reverse proxy to terminate SSL connections towards
>> all my VMs. So far so good except with Owncloud and CalDav.
>>
>> When Owncloud is hidden behind HAProxy, I am not able to configure my
>> CalDav account under the Calendar app in Mac OS X (it works fine on
>> iOS or Android). If I bypass HAProxy and terminate the connection
>> directly on Apache server on my Owncloud VM, I am able to add the
>> account in the OS X Calendar, hence why I suspect HAProxy being the
>> problem.
>>
>> When HAProxy is in front of my Owncloud VM, I can see the following
>> happening in the Apache access logs:
>>
>> 10.10.10.118 - - [11/Nov/2016:14:12:54 +] "PROPFIND
>> /.well-known/caldav HTTP/1.1" 301 577 "-" "Mac+OS+X/10.11.6 (15G1108)
>> accountsd/113"
>> 10.10.10.118 - - [11/Nov/2016:14:12:54 +] "PROPFIND / HTTP/1.1"
>> 405 996 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113"
>> 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND /caldav/v2
>> HTTP/1.1" 405 1002 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113"
>> 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND
>> /principals/users/wikus/ HTTP/1.1" 405 1006 "-" "Mac+OS+X/10.11.6
>> (15G1108) accountsd/113"
>> 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND /principals/
>> HTTP/1.1" 405 1002 "-" "Mac+OS+X/10.11.6 (15G1108) accountsd/113"
>> 10.10.10.118 - - [11/Nov/2016:14:12:55 +] "PROPFIND
>> /dav/principals/ HTTP/1.1" 405 1000 "-" "Mac+OS+X/10.11.6 (15G1108)
>> accountsd/113
>>
>> and I am unable to explain it…. Do we need to have a specific conf for
>> CalDav ? (by the way Cardav has the same issue).
>>
>
> Not the most helpful answer, but I have haproxy running with no special
> config at all in front of owncloud. I have been using Caldav without
> problems on osx 10.7-10.12
>
> Can you share your config without any sensitive information? And, what
> version of haproxy are you using?
>
> Greets,
>
> Sander
>
