WebDAV

From ArchWiki

WebDAV (Web Distributed Authoring and Versioning) is an extension of HTTP/1.1 and therefore can be considered to be a protocol. It contains a set of concepts and accompanying extension methods to allow read and write across the HTTP/1.1 protocol. Instead of using NFS or SMB, WebDAV offers file transfers via HTTP.

The goal of this article is to setup a simple WebDAV configuration using a web server.

Server

Apache

Install the Apache HTTP Server.

Uncomment the modules for DAV and auth_digest:

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so
LoadModule auth_digest_module modules/mod_auth_digest.so

Uncomment the include line for conf/extra/httpd-dav.conf:

# Distributed authoring and versioning (WebDAV)
Include conf/extra/httpd-dav.conf

Check the following line in /etc/httpd/conf/extra/httpd-dav.conf:

DAVLockDB /etc/httpd/var/DavLock

Make sure you add it outside of any other directives, for instance right under the DocumentRoot definition.

If you want a clean setup consider a /srv/dav structure instead of /etc/httpd/uploads, but that's what i found at the default.

Next, check the aliases (also outside of any directives) in /etc/httpd/conf/extra/httpd-dav.conf:


DavLockDB "/etc/httpd/var/DavLock"

Alias /uploads "/etc/httpd/uploads"

<Directory "/etc/httpd/uploads">
    Dav On

    AuthType Digest
    AuthName DAV-upload
    # You can use the htdigest program to create the password database:
    #   htdigest -c "/etc/httpd/user.passwd" DAV-upload admin
    AuthUserFile "/etc/httpd/user.passwd"
    AuthDigestProvider file

    # Allow universal read-access, but writes are restricted
    # to the admin user.
    <RequireAny>
        # require that these methods are used (PROPFIND allows directory listing) ...
        Require method GET POST OPTIONS PROPFIND
        # or that the user is admin (f.e. PUT is required to write a file, MKCOL for folders)
        Require user admin
        
        # -- Notes ---
        # more info on methods in the webdav rfc: http://www.webdav.org/specs/rfc4918.html
        # POST treated as PUT: https://datatracker.ietf.org/doc/html/rfc5995
       
        
    </RequireAny>
</Directory>

Create the directory:

# mkdir -p /etc/httpd/var

Check the permissions of DavLockDB's directory and ensure it is writable by the webserver user http:

# chown -R http:http /etc/httpd/var
# mkdir -p /etc/httpd/uploads
# chown -R http:http /etc/httpd/uploads

nginx

Install nginx-mainline (the mainline variant of nginx) and nginx-mainline-mod-dav-extAUR.

At the top of your /etc/nginx/nginx.conf and outside any blocks, add:

load_module /usr/lib/nginx/modules/ngx_http_dav_ext_module.so;

Add a new location for WebDAV to your server block, for example:

location /dav {
    root   /srv/http;

    dav_methods PUT DELETE MKCOL COPY MOVE;
    dav_ext_methods PROPFIND OPTIONS;

    # Adjust as desired:
    dav_access user:rw group:rw all:r;
    client_max_body_size 0;
    create_full_put_path on;
    client_body_temp_path /srv/client-temp;
    autoindex on;

    allow 192.168.178.0/24;
    deny all;
}

The above example requires the directories /srv/http/dav and /srv/client-temp to exist.

You may want to use bind mounts to make other directories accessible via WebDAV.

rclone

Install the rclone package. It supports exporting a remote or local directory using webdav.

To serve the contents of /srv/http with no authentication:

$ rclone serve webdav /srv/http

Caddy

Install the caddy-webdav-gitAUR package, or use xcaddy-binAUR and build Caddy with the WebDAV module:

$ xcaddy build --with github.com/mholt/caddy-webdav

To serve the contents of /srv/webdav on the path dav using port 80, add the following to your Caddyfile:

:80 {
    rewrite /dav /dav/
    webdav /dav/* {
       root /srv/webdav
       prefix /dav
    }
    file_server
}

Then run Caddy:

$ caddy run

Client

Cadaver

Install the cadaver package.

After installation, test the WebDAV server:

$ cadaver http://localhost/dav
dav:/dav/> mkcol test
Creating `test': succeeded.
dav:/dav/> ls
Listing collection `/dav/': succeeded.
Coll: test

Dolphin

To create a permanent WebDAV folder in Dolphin select Network in the remotes section of the places sidebar, then press the Add Network Folder button. The network folder wizard will appear. Select WebFolder (webdav), and fill in the subsequent form.

Alternately just click the path bar and then enter the url with webdav:// protocol specifier.

Nautilus

In Nautilus just choose "connect to server" and enter the address with dav:// or davs:// protocol specified:

dav://127.0.0.1/dav
Note: If you get a "HTTP Error: Moved permanently" with dav://, try to use davs:// as the protocol instead.

rclone

rclone is a command line tool that lets you sync to/from, or mount (with many caching options), remote file systems including WebDAV.

Thunar

In Thunar just press Ctrl+l and enter the address with dav or davs protocol specified:

davs://webdav.yandex.ru

Authentication

There are numerous different protocols you can use:

  • plain
  • digest
  • others

Apache

Using htdigest(1) (remove the -c option if the file exists):

# htdigest -c /etc/httpd/conf/passwd WebDAV username
Note: Make sure digest authentication is enabled in httpd.conf by the presence of this entry: LoadModule auth_digest_module modules/mod_auth_digest.so

Using plain htpasswd(1) (remove the -c option if the file exists):

# htpasswd -c /etc/httpd/conf/passwd username

Next, httpd.conf must be edited to enable authentication. One method would be to require the user foo for everything:

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
  AuthName "WebDAV"
  AuthUserFile /etc/httpd/conf/passwd
  Require user foo
</Directory>
Note: AuthName must match the realm name passed when using the htdigest command for digest authentication. For basic/plain authentication, this line may be removed. Also, make sure that the AuthUserFile path matches that used with the htdigest or htpasswd commands above.

If you want to permit everybody to read, you could use this in your httpd.conf

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
  AuthName "WebDAV"
  AuthUserFile /etc/httpd/conf/passwd
  Require all granted
  <LimitExcept GET HEAD OPTIONS PROPFIND>
    Require user foo
  </LimitExcept>
</Directory>

Do not forget to restart httpd.service after making changes.

Note: If you get an 405 error with Apache, add DirectoryIndex disabled to your Directory section.

Troubleshooting

Some file explorers cannot edit directories in nginx WebDAV

nginx WebDAV requires a directory path ends with a slash (/), but some file explorers does not append a / at the end of the path.

This can be worked-around, by either removing the corresponding checking code and recompile it, or by appending the following code in a nginx server block to add / at the end of a request, if needed:

# The configuration was based on: https://nworm.icu/post/nginx-webdav-dolphin-deken/
# if the request method is MKCOL or is to a directory, add / at the end of the request if it was missing 
if ($request_method = MKCOL) {
    rewrite ^(.*[^/])$ $1/ break; 
}
if (-d $request_filename) { 
    rewrite ^(.*[^/])$ $1/ break; 
}

# if the request method is copy or move a directory, add / at the end of the request if it was missing
set $is_copy_or_move 0;
set $is_dir 0;
if (-d $request_filename) { 
    set $is_dir 1; 
}
if ($request_method = COPY) {
    set $is_copy_or_move 1;
}
if ($request_method = MOVE) {
    set $is_copy_or_move 1;
}
set $is_rewrite "${is_dir}${is_copy_or_move}";
if ($is_rewrite = 11) {
    rewrite ^(.*[^/])$ $1/ break;
}