【发布时间】:2026-01-05 10:05:02
【问题描述】:
我有一个 NGINX 服务器在 ARM64 架构上的 OpenBSD 7.0 上运行(这部分应该不是问题。)我正在尝试将其设置为接受 WebDav 请求PUT、MKCOL、DELETE 、MOVE 和 COPY。到目前为止,最后三个工作正常。我遇到了MKCOL 的问题。我首先要指出的是,我不打算将它与 WebDav 客户端一起使用,我现在正在使用 curl 手动制定请求,并且稍后可能会自动执行该过程。当我执行时
$ curl -nkfX MKCOL https://example.com/asd/
我明白了
curl: (22) The requested URL returned error: 405 Not Allowed
NGINX 错误日志显示
2021/12/06 17:19:04 [error] 8105#61261231328: *2563 mkdir() "/mnt/sd1c/documents" failed (17: File exists), client: [AN IP ADDRESS], server: example.com, request: "MKCOL /asd/ HTTP/1.1", host: "example.com"
我也尝试过在请求 URI 末尾不使用 /。我已经尝试使用 URI /work/asd/(有和没有/),其中/work/ 已经存在于/mnt/sd1c/documents 中。 /mnt/sd1c/documents 是服务器的根目录。
我还有一个问题,它返回 404,但错误日志中没有任何内容。此错误已通过将 example.com 文件的 location / 块内的 try_files $uri $uri/ =404; 更改为 try_files $uri $uri/ /;(目前是这样)来修复。
我不知道问题出在哪里。
这是服务器配置:
example.com
server {
#listen 80;
#listen [::]:80;
# SSL configuration
###
#
listen 443 ssl;
listen [::]:443 ssl;
dav_methods off;
dav_access user:rw group:rw all:r;
include common;
root /mnt/sd1c/documents;
server_name example.com;
ssl_client_certificate /var/www/ccrt/ca.crt;
ssl_verify_client optional;
index there_shouldnt_ever_be_a_file_called_this_so_yeah.html;
location / {
dav_methods PUT DELETE COPY MOVE MKCOL;
autoindex on;
autoindex_format xml;
xslt_string_param path $uri;
xslt_stylesheet /mnt/sd1c/www/example.com/internal/autoindex_format.xslt
is_ssl_client_verify="$ssl_client_verify"
val_remote_user="$remote_user";
auth_basic $ssl_client_verify_auth;
auth_basic_user_file /mnt/sd1c/www/example.com/passwd/documents;
satisfy any;
default_type text/plain;
try_files $uri $uri/ /;
}
}
常见
set $cors_origin "";
if ($http_origin ~* "^https?://example.com$") {
set $cors_origin $http_origin;
}
add_header Access-Control-Allow-Origin '$cors_origin';
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
charset utf8;
if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE|COPY|MOVE|MKCOL)$ )
{
return 405;
}
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 444 494 495 496 497 300 301 302 303 304 307 /.i/error;
location /scripts {
alias /mnt/sd1c/www/example.com/scripts;
try_files $uri $uri/ $uri.js =404;
}
location /.i {
alias /mnt/sd1c/www/example.com/internal;
internal;
try_files $uri $uri/ $uri.html =404;
location ~ ^/.i/error(?:\.html)?$ {
ssi on;
auth_basic off;
try_files $uri $uri/ $uri.html =404;
}
}
location /style {
alias /mnt/sd1c/www/example.com/style;
try_files $uri $uri/ $uri.css =404;
}
location ~ /\.ht {
deny all;
}
location /images {
alias /mnt/sd1c/www/example.com/images;
try_files $uri $uri/ $uri.png =404;
}
location ~ 418 {
return 418;
}
我的 nginx.conf
#user nobody;
user www-data www-data;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
client_body_temp_path /mnt/sd1c/client_body_tmp;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
server_names_hash_bucket_size 64;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
include map;
include http;
include example.com;
}
地图
map $request_uri $request_uri_path {
"~^(?P<path>[^?]*?/?)/*(\?.*)?$" $path;
}
map $ssl_client_verify $ssl_client_verify_auth {
SUCCESS off;
default "Private Documents.";
}
map $status $status_text {
400 'Bad Request';
401 'Unauthorized';
402 'Payment Required';
403 'Forbidden';
404 'Not Found';
405 'Method Not Allowed';
406 'Not Acceptable';
407 'Proxy Authentication Required';
408 'Request Timeout';
409 'Conflict';
410 'Gone';
411 'Length Required';
412 'Precondition Failed';
413 'Payload Too Large';
414 'URI Too Long';
415 'Unsupported Media Type';
416 'Range Not Satisfiable';
417 'Expectation Failed';
418 'I\'m a teapot';
421 'Misdirected Request';
422 'Unprocessable Entity';
423 'Locked';
424 'Failed Dependency';
425 'Too Early';
426 'Upgrade Required';
428 'Precondition Required';
429 'Too Many Requests';
431 'Request Header Fields Too Large';
451 'Unavailable For Legal Reasons';
500 'Internal Server Error';
501 'Not Implemented';
502 'Bad Gateway';
503 'Service Unavailable';
504 'Gateway Timeout';
505 'HTTP Version Not Supported';
506 'Variant Also Negotiates';
507 'Insufficient Storage';
508 'Loop Detected';
510 'Not Extended';
511 'Network Authentication Required';
300 'Multiple Choices';
301 'Moved Permanently';
302 'Found';
303 'See Other';
304 'Not Modified';
305 'Use Proxy';
306 'Switch Proxy';
307 'Temporary Redirect';
308 'Permanent Redirect';
default 'Something went wrong.';
}
http
server_tokens off;
gzip on;
client_body_buffer_size 1k;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
add_header X-Frame_Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
【问题讨论】: