NginX WebDav 504 Gateway Error

I converted my install from Apache to NginX and can’t seem to get WebDav to work. Here are my configs can anyone see where I missed up/ missed something? When typing into a browser I get a 504 error from Nginx. Cyberduck will not connect.

NginX conf

# Required for only office document server
map $http_x_forwarded_proto $the_scheme {
    default $http_x_forwarded_proto;
    "" $scheme;
}

map $http_x_forwarded_host $the_host {
    default $http_x_forwarded_host;
    "" $host;
}

map $http_upgrade $proxy_connection {
    default upgrade;
    "" close;
}
server {
    listen       80;
    server_name  domain.com;
    rewrite ^ https://$http_host$request_uri? permanent;    # force redirect http to https
    server_tokens off;
}
server {
    listen 443 http2;
    ssl on;
    ssl_certificate /etc/apache2/ssl/domain_com.crt;        # path to your cacert.pem
    ssl_certificate_key /etc/apache2/ssl/privkey.key;    # path to your privkey.pem
    server_name domain.com;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/dhparam.pem;

    # secure settings (A+ at SSL Labs ssltest at time of writing)
    # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
    ssl_prefer_server_ciphers on;

    proxy_set_header X-Forwarded-For $remote_addr;

    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

    location / {
        fastcgi_pass    127.0.0.1:8000;
        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO           $fastcgi_script_name;

        fastcgi_param   SERVER_PROTOCOL        $server_protocol;
        fastcgi_param   QUERY_STRING        $query_string;
        fastcgi_param   REQUEST_METHOD      $request_method;
        fastcgi_param   CONTENT_TYPE        $content_type;
        fastcgi_param   CONTENT_LENGTH      $content_length;
        fastcgi_param   SERVER_ADDR         $server_addr;
        fastcgi_param   SERVER_PORT         $server_port;
        fastcgi_param   SERVER_NAME         $server_name;
        fastcgi_param   REMOTE_ADDR         $remote_addr;
        fastcgi_param   HTTPS               on;
        fastcgi_param   HTTP_SCHEME         https;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;
        fastcgi_read_timeout 36000;
        client_max_body_size 0m;
    }
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0m;
        proxy_request_buffering off;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    location /media {
        root /home/user/Seafile/seafile-server-latest/seahub;
    }

location /seafdav {
    fastcgi_pass    127.0.0.1:8080;
    fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
    fastcgi_param   PATH_INFO           $fastcgi_script_name;

    fastcgi_param   SERVER_PROTOCOL     $server_protocol;
    fastcgi_param   QUERY_STRING        $query_string;
    fastcgi_param   REQUEST_METHOD      $request_method;
    fastcgi_param   CONTENT_TYPE        $content_type;
    fastcgi_param   CONTENT_LENGTH      $content_length;
    fastcgi_param   SERVER_ADDR         $server_addr;
    fastcgi_param   SERVER_PORT         $server_port;
    fastcgi_param   SERVER_NAME         $server_name;
    fastcgi_param   HTTPS               on;
    fastcgi_param   HTTP_SCHEME         https;

    client_max_body_size 0m;
    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
    send_timeout  36000s;

    # This option is only available for Nginx >= 1.8.0. See more details below.
    proxy_request_buffering off;

    access_log      /var/log/nginx/seafdav.access.log;
    error_log       /var/log/nginx/seafdav.error.log;
}

   location /onlyofficeds/ {
       # THIS ONE IS IMPORTANT ! - Trailing slash !
        proxy_pass http://127.0.0.1:88/;

        proxy_http_version 1.1;
        client_max_body_size 100m; # Limit Document size to 100MB
        proxy_read_timeout 3600s;
        proxy_connect_timeout 3600s;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $proxy_connection;

       # THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash !
       proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;

        proxy_set_header X-Forwarded-Proto $the_scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

seafdav.conf

[WEBDAV]

# Default is false. Change it to true to enable SeafDAV server.
enabled = true

port = 8080

# Change the value of fastcgi to true if fastcgi is to be used
fastcgi = true

# If you deploy seafdav behind nginx/apache, you need to modify "share_name".
share_name = /seafdav

Have a look at it.

This error appears once:
2017/06/27 10:02:08 [error] 19704#19704: *4844 upstream sent unsupported FastCGI protocol version: 72 while reading response header from upstream, client: 52.27.160.204, server: domain.com, request: “OPTIONS /seafdav HTTP/1.1”, upstream: “fastcgi://127.0.0.1:8080”, host: “domain.com

These two errors are repeated a several times:

2017/06/27 10:08:52 [error] 19709#19709: *6786 upstream sent unsupported FastCGI protocol version: 72 while reading response header from upstream, client: 10.0.1.1, server: domain.com, request: “GET /seafdav HTTP/2.0”, upstream: “fastcgi://127.0.0.1:8080”, host: “domain.com

2017/06/27 10:20:57 [error] 23109#23109: *6991 upstream sent unsupported FastCGI protocol version: 72 while reading response header from upstream, client: 10.0.1.1, server: domain.com, request: “HEAD /seafdav/ HTTP/1.1”, upstream: “fastcgi://127.0.0.1:8080”, host: “domain.com

When I run netstat -tap
I do not see anything listening on 8080

Did you set this?

Are your sure SeafDAV ist listening on port 8000 (netstat -tulpen | grep 8000)?

Did you mean 8080? Where do you see 8000?

@Robbie Stupid question, did you restart nginx and seafile after the config change?
You need to restart seafile not just seahub for the change to take place.

Also make sure that iptables do not block the host itself locally, but normally that is not an issue.

1 Like

Yes I did it has my actual domain there.

Yes the server has actually physically been rebooted. IP tables don’t appear to be blocking a thing.

Yes, thanks. Actually meant 8080.

Hi,
Same issue on latest version of seafile 9.0.8 in docker container. The server is running, but it does not write logs, port 8080 is open and when requested, the server does not respond and the client falls off by timeout.

ps ax | grep dav.
      162 ?        S      0:37 /usr/bin/python3 -m wsgidav.server.server_cli --server gunicorn --root / --log-file /opt/seafile/logs/seafdav.log --pid /opt/seafile/pids/seafdav.pid --port 8080 --host 0.0.0.0
      165 ?        Sl     6:39 /usr/bin/python3 -m wsgidav.server.server_cli --server gunicorn --root / --log-file /opt/seafile/logs/seafdav.log --pid /opt/seafile/pids/seafdav.pid --port 8080 --host 0.0.0.0

The problem recurs once a week. So far I solved the problem by restarting the process
pkill -HUP -f wsgidav.server.server_cli

Help fix the problem.

Again unavailable port 8080
run the strace on the process wsgidav.server.server_cli

epoll_ctl(10, EPOLL_CTL_DEL, 696, 0x7fff7a6b5864) = 0
ioctl(696, FIONBIO, [0])                = 0
epoll_ctl(10, EPOLL_CTL_DEL, 717, 0x7fff7a6b5864) = 0
ioctl(717, FIONBIO, [0])                = 0
getppid()                               = 162
fchmod(11, 001)                         = 0
epoll_wait(10, [{events=EPOLLIN, data={u32=9, u64=9}}], 1, 1000) = 1
accept4(9, {sa_family=AF_INET, sin_port=htons(44072), sin_addr=inet_addr("10.0.0.2")}, [16], SOCK_CLOEXEC) = 23
getsockname(23, {sa_family=AF_INET, sin_port=htons(8080), sin_addr=inet_addr("10.0.0.52")}, [128 => 16]) = 0
ioctl(23, FIONBIO, [1])                 = 0
ioctl(23, FIONBIO, [0])                 = 0
getppid()                               = 162
futex(0x940b28, FUTEX_WAKE_PRIVATE, 1)  = 1
futex(0x940b30, FUTEX_WAKE_PRIVATE, 1)  = 1
fchmod(11, 000)                         = 0
futex(0x940b2c, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=5940800, tv_nsec=383030003}, FUTEX_BITSET_MATCH_ANY) = -1 EAGAIN (Resource temporarily unavailable)
futex(0x940b14, FUTEX_WAKE_PRIVATE, 2147483647) = 1
futex(0x940b30, FUTEX_WAIT_PRIVATE, 2, NULL) = -1 EAGAIN (Resource temporarily unavailable)
futex(0x940b30, FUTEX_WAKE_PRIVATE, 1)  = 0
futex(0x940b2c, FUTEX_WAKE_PRIVATE, 1)  = 1
futex(0x940b30, FUTEX_WAKE_PRIVATE, 1)  = 1
epoll_wait(10, [], 1, 1000)             = 0
getppid()                               = 162
fchmod(11, 001)                         = 0
epoll_wait(10, [], 1, 1000)             = 0
getppid()                               = 162
futex(0x940b2c, FUTEX_WAKE_PRIVATE, 1)  = 1
futex(0x940b30, FUTEX_WAKE_PRIVATE, 1)  = 1
fchmod(11, 000)                         = 0
epoll_wait(10, [], 1, 1000)             = 0
getppid()                               = 162
futex(0x940b28, FUTEX_WAKE_PRIVATE, 1)  = 1
futex(0x940b30, FUTEX_WAKE_PRIVATE, 1)  = 1
fchmod(11, 001)                         = 0
epoll_wait(10, [], 1, 1000)             = 0
getppid()                               = 162
fchmod(11, 000)                         = 0
epoll_wait(10, [], 1, 1000)             = 0
futex(0x940b28, FUTEX_WAIT_BITSET_PRIVATE, 0, {tv_sec=5940805, tv_nsec=387375330}, FUTEX_BITSET_MATCH_ANY) = -1 EAGAIN (Resource temporarily unavailable)
futex(0x940b30, FUTEX_WAKE_PRIVATE, 1)  = 0

My gunicorn supervisor does not kill the hung process and therefore does not create a new worker process. So I had to write a script that kills the hung process.
The gunicorn options are in the binary and I can’t change them.