'[SOGo] CardDAV with iOS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sogo-users
Subject:    [SOGo] CardDAV with iOS
From:       "Stephen Jones" (lloydsystems () fastmail ! com ! au) <users () sogo ! nu>
Date:       2017-10-01 18:22:42
Message-ID: 1506882162.314761.1124222008.0E8C2A0A () webmail ! messagingengine ! com
[Download RAW message or body]

Hello,

I have been having issues with CardDAV and Apple iOS. I have SOGo
version 2.3.22 running on CentOS 6 with Apache 2.2. In the past I had
Apple devices successfully syncing calendar and contacts with SOGo, and
the configuration I used is still there. I recently fired up an old
iPhone 4S (iOS 5), which used to sync to SOGo, and attempted to connect
it again. The calendar worked OK but the contacts did not.

My Apache configuration has 3 virtual hosts on ports 80, 443 and 8843
(for CardDAV). The SOGo.conf for Apache is basically default, but the
proxy stuff I have moved to the virtual host container (as I believe
that's where it should be) leaving this:

Alias /SOGo.woa/WebServerResources/ \
      /usr/lib64/GNUstep/SOGo/WebServerResources/
Alias /SOGo/WebServerResources/ \
      /usr/lib64/GNUstep/SOGo/WebServerResources/
<Directory /usr/lib64/GNUstep/SOGo/>
    AllowOverride None
    <IfVersion < 2.4>      
        Order deny,allow
        Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all granted
    </IfVersion>
    <IfModule expires_module>
      ExpiresActive On
      ExpiresDefault "access plus 1 year"
    </IfModule>
</Directory>
<IfModule rewrite_module>
  RewriteEngine On
  RewriteRule ^/.well-known/caldav/?$ /SOGo/dav [R=301]
  RewriteRule ^/.well-known/carddav/?$ /SOGo/dav [R=301]
</IfModule>

The virtual hosts are defined in a vhosts.conf file thus:

<VirtualHost 12.34.56.78:80>
    ServerName www.mydomain.com
    # general stuff...
</VirtualHost>

<VirtualHost 12.34.56.78:443>
    ServerName www.mydomain.com
    # general SSL stuff...
# --- This section moved from SOGo.conf ---
    ProxyRequests Off
    SetEnv proxy-nokeepalive 1
    ProxyPreserveHost On
    ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
    <Proxy http://127.0.0.1:20000/SOGo>
        <IfModule headers_module>
            RequestHeader set "x-webobjects-server-port" "443"
            RequestHeader set "x-webobjects-server-name" "%{HTTP_HOST}e"
            env=HTTP_HOST
            RequestHeader set "x-webobjects-server-url"
            "https://%{HTTP_HOST}e" env=HTTP_HOST
            RequestHeader unset "x-webobjects-remote-user"
            RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
        </IfModule>
        AddDefaultCharset UTF-8
        Order allow,deny
        Allow from all
    </Proxy>
# --- End section moved from SOGo.conf ---
    RewriteEngine On
    RewriteOptions Inherit
</VirtualHost>

<VirtualHost 12.34.56.78:8843>
    ServerName www.mydomain.com:8843
    # basic SSL stuff added...
    RewriteEngine On
    RewriteOptions Inherit
    ProxyRequests Off
    SetEnv proxy-nokeepalive 1
    ProxyPreserveHost On
    ProxyPassInterpolateEnv On
    ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/ interpolate
    ProxyPass /SOGo http://127.0.0.1:20000/SOGo interpolate
    ProxyPass / http://127.0.0.1:20000/SOGo/dav/ interpolate
    <Location />
        Order allow,deny
        Allow from all
    </Location>
    <Proxy http://127.0.0.1:20000>
        RequestHeader set "x-webobjects-server-port" "8843"
        RequestHeader set "x-webobjects-server-name"
        "www.mydomain.com:8843"
        RequestHeader set "x-webobjects-server-url"
        "https://www.mydomain.com:8843"
        RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
        RequestHeader set "x-webobjects-remote-host" "127.0.0.1"
        AddDefaultCharset UTF-8
    </Proxy>
    ErrorLog logs/mydomain-8843_error.log
    CustomLog logs/mydomain-8843_access.log combined
    LogLevel warn
</VirtualHost>

The CardDAV virtual host is pretty much straight out of the SOGo manual
but with the port changed to 8843 and the basic SSL settings added. The
rewrite inherit picks up the 'well-known' rule in SOGo.conf.

As I recall, on the iPhone you add a CardDAV account with server
www.mydomain.com and your username and password. After the initial
timeout failure (about 1 hour), save it and edit the settings to change
the port to 8843 with SSL on. Well, it doesn't work - not any more. It
appears from the logs that it fails to authenticate, not because of an
invalid username/password, but it just fails to even find the account.

If I use a web browser and navigate to https://www.mydomain.com:8843 I
am greeted with a login prompt, which is the expected behavoiur. But
adding protocol/port to the server string in the phone does not work.

I trawled through a million posts on issues with SOGo and Apple CardDAV
and finally stumbled on a solution from someone's sample config. I
replaced this line:
ProxyPass /principals http://127.0.0.1:20000/SOGo/dav/ interpolate
with these 2:
RewriteRule ^/principals/users/(.*)$ /proxy/$1 [PT]
ProxyPass /proxy http://127.0.0.1:20000/SOGo/dav/ interpolate

It now works properly. I am competent with Apache but I don't really
understand why this fixes the issue. My original config is as per the
manual and used to work. Perhaps something has changed in SOGo as I have
upgraded versions over time? Any thoughts?

Regards,
Steve Jones
-- 
users@sogo.nu
https://inverse.ca/sogo/lists
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic