Problems with WebDAV clients on 6.0.7 under Apache 2.4 HTTPS

I’m using Ubuntu 16.04.1 with Apache 2.4 with the Community Edition 6.0.7 under Apache SSL, with a valid SSL certificate. The web gui and Seafile OS sync client are working just fine. Webdav via Seafdav however is only working via BitKinex but sadly this is slower than all other Webdav clients.

Using a browser

I tried to verify that seafdav works by navigating using Chrome to htttps://cloud.domain.com/seafdav and I could login fine and see the libraries, and also downloaded a file, checking that its contents are correct. It all looks fine.

Using BitKinex

This worked flawlessly. Listed the tree, was able to download files (contents were fine) and also upload files. Sadly, it’s much slower than using the browser or Cyberduck to upload and download (about 3 times slower for some reason …).

Using the native Windows 8.1. DAV client

I then tried the Windows 8.1 x64 native client by opening a connection to htttps://cloud.domain.com/seafdav. This fails instantly saying “The folder you chose does not appear to be valid. Please choose another”. It doesn’t prompt me to login. The apache access log shows a 401 response, which means Auth failed (but it never prompted me). The only line in the apache log is:

<MY_IP> - - [08/Jan/2017:16:37:40 +0000] "OPTIONS /seafdav HTTP/1.1" 401 4137 "-" "Microsoft-WebDAV-MiniRedir/6.3.9600"

There is an error in seahub_django_request.log:

2017-01-08 16:17:39,291 [WARNING] django.request:98 _reject Forbidden (Referer checking failed - no Referer.): /

What referer? This doesn’t look right…

Using Cyberduck

I configured Cyberduck for Webdav HTTP/SSL, port 443, hostname cloud.domain.com, added /seafdav to More options > path name and used the correct username and password when prompted. Upon opening the connection Cyberduck shows “Login successful” in the status bar but then pauses for about 10 seconds and fails with a popup saying “Not a valid DAV response (200 OK), Try again?”. If I click “Try again” then it instantly shows the directory with the Libraries. Has anyone else got this?

The apache logs don’t show any peculiarity when Cyberduck gave that error after login:

<MY_IP> - - [08/Jan/2017:16:27:39 +0000] "HEAD /seafdav/ HTTP/1.1" 200 3290 "-" "Cyberduck/5.2.3.21496 (Windows 8.1/6.3) (x86)"
<MY_IP> - - [08/Jan/2017:16:27:39 +0000] "PROPFIND /seafdav/ HTTP/1.1" 200 7693 "-" "Cyberduck/5.2.3.21496 (Windows 8.1/6.3) (x86)"

Also, seafdav.log has no contents and no other logs from the seafile /logs folder shows any entry related to the time that Cyberduck attempted connecting.

Also, if I leave the Cyberduck option "Preferences > Transfers > General > Transfer files = Open multiple connections" (which is the default) and I download a PNG file then the contents of the downloaded file are corrupt. Loooking inside the the PNG file, I notice that it has prepended HTML tags to the actual binary PNG content:

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01//EN' 'http://www.w3.org/TR/html4/strict.dtd'><html><head>
  <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
  <title>200 OK</title>
</head><body>
  <h1>200 OK</h1>
  <p>200 OK</p>
<hr/>
<a href='https://github.com/mar10/wsgidav/'>WsgiDAV/1.2.0.pre</a> - 2017-01-08 16:21:24.776939
</body></html>HTTP/1.1 200 OK
Content-Length: 367633
Last-Modified: Sun, 13 Dec 2015 17:01:43 GMT
Content-Type: image/png
Date: Sun, 08 Jan 2017 16:21:28 GMT
ETag: "3a526f8ec280c24b946da13106f4afcc2eb61a0b"
Server: WsgiDAV/1.2.0.pre CherryPy/3.2.4 Python/2.7.12
‰PNG

   
IHDR  `  	Ö   S&À   sRGB ®Îé   gAMA  ±üa   	pHYs  t  tÞfx  ÿ¥IDAT
...

This is really weird but it may be a bug in Cyberduck rather than Seafile. Downloading a JPG file works fine. If I change the Cyberduck transfer options from “Open multiple connections” to “Use browser connection” then the PNG is also downloaded correctly.

Config files

My seafile.conf is

[WEBDAV]
enabled = true
port = 8080
fastcgi = false
share_name = /seafdav

The relevant Apache conf is:

        RewriteEngine On

        Alias /media  /seafile/server/seafile-server-latest/seahub/media
        <Location /media>
            ProxyPass !
            Require all granted
        </Location>

        ProxyPass /seafhttp http://127.0.0.1:8082
        ProxyPassReverse /seafhttp http://127.0.0.1:8082
        RewriteRule ^/seafhttp - [QSA,L]

        ProxyPass /seafdav http://127.0.0.1:8080/seafdav
        ProxyPassReverse /seafdav http://127.0.0.1:8080/seafdav

        SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
        ProxyPass / fcgi://127.0.0.1:8000/

Any clues?