haproxy: WebDAV は Microsoft Windows では動作しません

そのため、HAproxy は仮想 IP 上で http/https をリッスンします。

Web トラフィックを処理する Apache2 サーバーが 2 台あります (apacheserver1 と apacheserver2)。

すべて正常に動作しています。Web ページが提供され、クライアントは https の使用を強制され、SSL 証明書は正しく署名され、ユーザーは Finder (Mac) と Nautilus (Linux) を使用して WebDAV 領域に接続できます。

素晴らしい。

さて、ここで深刻な問題が発生します。Windows クライアントは WebDAV 経由で接続できません。

コマンドは次のとおりです:

net use X: \\myserver.com@SSL\home\eamorr

そしてエラー:

System error 67 has occurred. 

（私は問題なく接続できますhttps://myserver.com/home/eamorr(Mac/Linuxの場合)

私がする時：

net use X: \\apacheserver1.com@8080\home\eamorr

正常に動作します (apacheserver1:8080 に直接接続しています - SSL なし)。

私がする時：

net use X: \\apacheserver1.com@SSL@8081\home\eamorr

正常に動作します (apacheserver1:8081 に直接接続しています - SSL が有効になっています)。

しかし、haproxy を経由すると、機能しなくなります...

これが私の haproxy 設定です:

frontend www-http
bind 137.43.99.100:80   #A virtual IP
#reqadd X-Forwarded-Proto:\ http
default_backend http-backend


frontend www-https
bind 137.43.93.215:443 ssl crt /etc/apache2/ssl/combined.pem
#reqadd X-Forwarded-Proto:\ http
#reqirep Destination:\ https(.*) Destination:\ http\\1
#rspidel ^translate
default_backend http-backend


backend http-backend
cookie JSESSIONID insert
#reqirep Destination:\ https(.*) Destination:\ http\\1
server apacheserver1 137.43.99.101:8080 cookie apacheserver1 check
server apacheserver2 137.43.99.102:8080 cookie apacheserver2 check
#redirect scheme https if !{ ssl_fc }   #forces https!
#option forwardfor
#http-request set-header X-Forwarded-Port %[dst_port]
#http-request add-header X-Forwarded-Proto https if { ssl_fc }

接続しようとすると

net use X: \\myserver.com@SSL\home\eamorr #Windowsコマンド

サーバー側の HAProxy ログ (/var/log/haproxy.log) は次のとおりです。

Mar  5 11:51:00 apacheserver1 haproxy[22786]: 137.43.130.107:51168 [05/Mar/2015:11:50:25.233] www-https~ http-backend/apacheserver1 35691/0/1/11/35703 301 511 - - --NI 1/1/0/1/0 0/0 "OPTIONS /home/eamorr HTTP/1.1"
Mar  5 11:51:01 apacheserver1 haproxy[22786]: 137.43.130.107:51168 [05/Mar/2015:11:51:00.936] www-https~ http-backend/apacheserver1 97/0/0/2/99 301 497 - - --NI 1/1/0/1/0 0/0 "OPTIONS /home HTTP/1.1"

以下は Apache2 からの出力です (trace8 デバッグ情報が有効になっています)。

Request received from client: OPTIONS /home HTTP/1.1
Headers received from client:
User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
translate: f
Host: myserver.com
AH01626: authorization result of Require all granted: granted
AH01626: authorization result of <RequireAny>: granted
request authorized without authentication by access_checker_ex hook: /home
fixups hook gave 301: /home
Response sent with status 301, headers:
Date: Thu, 05 Mar 2015 12:09:50 GMT
Server: Apache/2.4.7 (Ubuntu)
Location: http://myserver.com/home/
Content-Length: 312
Content-Type: text/html; charset=iso-8859-1
core_output_filter: flushing because of FLUSH bucket
core_output_filter: flushing because of FLUSH bucket

Linux から接続すると (問題なく動作します!)、次のメッセージが表示されます/var/log/haproxy.log。

Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.062] www-https~ http-backend/apacheserver1 114/0/0/14/128 200 303 - - --NI 1/1/0/1/0 0/0 "OPTIONS /home/eamorr HTTP/1.1"
Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.190] www-https~ http-backend/apacheserver1 3/0/0/3/6 207 474 - - --VN 1/1/0/1/0 0/0 "PROPFIND /home/eamorr HTTP/1.1"
Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.196] www-https~ http-backend/apacheserver1 1/0/0/2/3 200 172 - - --VN 1/1/0/1/0 0/0 "OPTIONS /home/ HTTP/1.1"
Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.200] www-https~ http-backend/apacheserver1 31/0/0/3/34 207 901 - - --VN 1/1/0/1/0 0/0 "PROPFIND /home/eamorr HTTP/1.1"
Mar  5 12:20:10 apacheserver1 haproxy[22786]: 137.43.130.107:51295 [05/Mar/2015:12:20:10.234] www-https~ http-backend/apacheserver1 52/0/0/10/62 207 2188 - - --VN 1/1/0/1/0 0/0 "PROPFIND /home/eamorr HTTP/1.1"

Apache2 の出力は次のとおりです。

Request received from client: OPTIONS /home/eamorr HTTP/1.1
Setting redirect-carefully
Headers received from client:
Host: myserver.com
Accept-Encoding: gzip, deflate
User-Agent: gvfs/1.20.1
Accept-Language: en-ie, en;q=0.9, en;q=0.8
AH01626: authorization result of Require all granted: granted
AH01626: authorization result of <RequireAny>: granted
request authorized without authentication by access_checker_ex hook: /home/eamorr
Content-Type 'application/octet-stream' ...
... did not match 'application/xml'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'application/rss+xml'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'application/x-javascript'
... did not match 'application/javascript'
... did not match 'application/ecmascript'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'text/css'
Content-Type condition for 'deflate' did not match
Content-Type 'application/octet-stream' ...
... did not match 'text/html'
... did not match 'text/plain'
... did not match 'text/xml'
Content-Type condition for 'deflate' did not match
Response sent with status 200, headers:
Date: Thu, 05 Mar 2015 12:15:44 GMT
Server: Apache/2.4.7 (Ubuntu)
DAV: 1,2
DAV: <http://apache.org/dav/propset/fs/1>
MS-Author-Via: DAV
Allow: OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK
Content-Length: 0
core_output_filter: flushing because of FLUSH bucket

私は本当に、本当にここに閉じ込められている。

Apache/2.4.7 (Ubuntu 14.04.2) haproxy 1.5.11