解决 webdav 连接 seafile 无法重命名文件等操作造成的 SeafDAV: MOVE returns 502 Bad Gateway 错误

本文使用 docker-compose 搭建 seafile server（此时我在使用的 Server Version: 9.0.5），compose file 如下，参考自官方 https://docs.seafile.com/d/cb1d3f97106847abbf31/files/?p=/docker/docker-compose.yml

version: '2.0'
services:
  db:
    image: mariadb:10.5
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=123456 # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - ./seafile-mysql/db:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  memcached:
    image: memcached:1.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net

  seafile:
    image: seafileltd/seafile-mc:latest
    container_name: seafile
    ports:
      - "8088:80"
#      - "443:443"  # If https is enabled, cancel the comment.
    volumes:
      - ./seafile-data:/shared   # Requested, specifies the path to Seafile data persistent store.
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=123456  # Requested, the value shuold be root's password of MySQL service.
      - TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - [email protected] # Specifies Seafile admin user, default is '[email protected]'.
      - SEAFILE_ADMIN_PASSWORD=123456     # Specifies Seafile admin password, default is 'asecret'.
      - SEAFILE_SERVER_LETSENCRYPT=false   # Whether use letsencrypt to generate cert.
      - SEAFILE_SERVER_HOSTNAME=seafile.example.com # Specifies your host name.
    depends_on:
      - db
      - memcached
    networks:
      - seafile-net

networks:
  seafile-net:

在 VPS 宿主机包一个 nginx，解决 tls 问题，nginx 配置如下，证书和域名相关配置自行修改

log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';

server {

        listen       80;
        server_name  seafile.example.com;
        rewrite ^ https://$http_host$request_uri? permanent;    # Forced redirect from HTTP to HTTPS
        server_tokens off;
}
server {
        listen 443;

        ssl_certificate    /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key    /etc/letsencrypt/live/example.com/privkey.pem;
        server_name seafile.example.com;
        server_tokens off;

        # HSTS for protection against man-in-the-middle-attacks
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

        # DH parameters for Diffie-Hellman key exchange
        #ssl_dhparam /etc/nginx/dhparam.pem;

        # Supported protocols and ciphers for general purpose server with good security and compatability with most clients
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers off;

        # Supported protocols and ciphers for server when clients > 5years (i.e., Windows Explorer) must be supported
        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
        #ssl_prefer_server_ciphers on;

        ssl_session_timeout 5m;
        #ssl_session_cache shared:SSL:5m;

        location / {
                proxy_pass         http://127.0.0.1:8088;
                proxy_set_header   Host $host:$server_port;
                #proxy_set_header   Host $host;
                proxy_set_header   X-Real-IP $remote_addr;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header   X-Forwarded-Host $server_name;
                proxy_set_header   X-Forwarded-Proto https;

                access_log      /var/log/nginx/seahub.access.log seafileformat;
                error_log       /var/log/nginx/seahub.error.log;

                proxy_read_timeout  1200s;

                client_max_body_size 0;
        }

}

我这样运行了一个多月，一直正常无误，但是有一个问题比较困扰：创建了文件夹无法重命名，创建了文件也同样无法重命名。今天看了一下后台日志（日志文件：seafile 容器中的 /opt/seafile/logs/seafdav.log），发现是

MOVE /webdav/test.md" dest="https://xxx/seafdav/webdav/testabc.md", length=0, depth=0, overwrite=F, elap=0.014sec -> 502 Bad Gateway

这并非什么写入权限不对等问题，这样看应该是 nginx 的配置不当导致的，nginx 反向代理下的 http 请求配置错误导致的 502 bad gateway。

最终发现这个回答下的 @eruditewriter 提出的方案解决了我的问题，非常感谢！详细请阅读此帖: https://forum.seafile.com/t/seafdav-move-command-causing-502/11582/25

最终我的解决方案，找到容器中 nginx 配置文件 /shared/nginx/conf/seafile.nginx.conf 在 server 块最外围增加如下代码

map $http_destination $nossl_destination {
    "~^https:(.+)$" $1;
    "~^http:(.+)$" $1;
}

再在 location /seafdav 代码块中增加一行配置

proxy_set_header Destination "http:$nossl_destination";

在容器中执行 nginx -t、nginx -s reload 之后再次测试重命名文件，it works!!!

看下日志

MOVE /webdav/test.md" dest="http://xxx/seafdav/webdav/test-tt.md", length=0, depth=0, overwrite=F, elap=0.035sec -> 204 No Content

204 No Content 。问题已解决。