Difference between revisions of "WebDAV"

From ArchWiki
Jump to: navigation, search
(systemd and style changes)
(Create directories: Merged section, bit of clean-up)
 
(31 intermediate revisions by 18 users not shown)
Line 1: Line 1:
[[Category:Networking]]
+
[[Category:Network sharing]]
WebDAV stands for '''Web''' '''D'''istributed '''A'''uthoring and '''V'''ersionin, see RFC 2518[http://www.ietf.org/rfc/rfc2518.txt].  
+
[[ja:WebDAV]]
 +
WebDAV ('''Web''' '''D'''istributed '''A'''uthoring and '''V'''ersioning) is an extension of HTTP 1.1 and therefore can be considered to be a procotol. It contains a set of concepts and accompanying extension methods to allow read and write across the HTTP 1.1 protocol. Instead of using [[NFS]] or [[SMB]], WebDAV offers file transfers via HTTP.  
  
WebDAV is an extension of the HTTP 1.1 Procotol, therefore can be considered to be a Procotol, and contains a set of concepts and accompanying extension methods to allow read and write across the HTTP 1.1 protocol.  Instead of using nfs, or smb, WebDAV offers file transfers via HTTP.  
+
The goal of this how to is to setup a simple WebDAV configuration using a [[:Category:Web server|web server]].
  
The goal of this how to is to setup webdav with apache. Simple configuration only.
+
== Server ==
 +
=== Apache ===
 +
Install the [[Apache HTTP Server]].
  
See also [[File Sharing with Webdav and DNSSD]].
+
Uncomment the modules for DAV:
 
+
{{bc|
== Apache Installation ==
+
LoadModule dav_module modules/mod_dav.so
{{pkg|apache}} and {{pkg|cadaver}} is needed.
+
LoadModule dav_fs_module modules/mod_dav_fs.so
This how to does not cover installation and initial setup of apache. You must [[Daemons#Restarting|restart]] Apache (httpd) after any changes to httpd.conf.
+
LoadModule dav_lock_module modules/mod_dav_lock.so
 
+
}}
==WebDav Configuration==
+
  
=== httpd.conf ===
+
Add the following line to {{ic|/etc/httpd/conf/httpd.conf}}.
Edit /etc/httpd/conf/httpd.conf. Add the following line:
+
 
  DAVLockDB /home/httpd/DAV/DAVLock
 
  DAVLockDB /home/httpd/DAV/DAVLock
  
Make sure you add it outside of any other directives, at the \"top level\" of the config file heirarchy.
+
Make sure you add it outside of any other directives, for instance right under the {{ic|DocumentRoot}} definition.
* note: I put it right under the DocumentRoot definition.
+
  
Next, add the following:
+
Next, add the following (also outside of any directives):
 
{{bc|
 
{{bc|
 +
Alias /dav "/home/httpd/html/dav"
 +
 
<Directory "/home/httpd/html/dav">
 
<Directory "/home/httpd/html/dav">
 
   DAV On
 
   DAV On
 
   AllowOverride None
 
   AllowOverride None
 
   Options Indexes FollowSymLinks
 
   Options Indexes FollowSymLinks
   Order allow,deny
+
   Require all granted
  Allow from all
+
 
</Directory>
 
</Directory>
 
}}
 
}}
  
*note: This should also be put in the top level heiracrchy. I put it right before the "UserDir public_html" section, and after the most previous "</Directory>".
+
Create the directory:
 +
# mkdir -p /home/httpd/DAV
  
=== /srv/http <-> /home/httpd Amendment ===
+
Check the permissions of DavLockDB's directory and ensure it is writable by the webserver [[user]] {{ic|http}}:
{{Poor writing|written in first person.}}
+
# chown -R http:http /home/httpd/DAV
This didn't work out of the box. I'm hoping the original author can figure out how to adjust this tutorial b/c I'm far from an expert.
+
# mkdir -p /home/httpd/html/dav
Anyways, I could only connect to my dav folder after putting it below my DocumentRoot. For my fresh installation DocumentRoot "/srv/http" not "/home/httpd/". I'm not unsure if this is the author's choice and old default or completely irrelevant.
+
# chown -R http:http /home/httpd/html/dav
To sum up, if you use /srv/http instead of /srv/http above (and in other parts of this document) the whole thing works - the rest of my analysis is guesstimation.
+
  
=== Create directories ===
+
== Client ==
{{bc|
+
=== Cadaver ===
(root@box httpd)# mkdir -p /home/httpd/DAV
+
[[Install]] the package {{Pkg|cadaver}}.
(root@box httpd)# chown -R http:http /home/httpd/DAV # Otherwise you wouldn't be able to upload files
+
(root@box httpd)# mkdir -p /home/httpd/html/dav
+
(root@box httpd)# chown -R nobody.nobody /home/httpd/html/dav
+
}}
+
  
==Test==
+
After installation, test the WebDAV server:
=== Install cadaver ===
+
  # cadaver http://localhost/dav
Cadaver is a command line webdav client. It is good for testing.
+
dav:/dav/> mkcol test
If it is not in a repository, you can download the file manually from my repository and install it, or you can add my repository to your repo list in pacman.conf.
+
Creating `test': succeeded.
For more information about those options check CacTus.
+
dav:/dav/> ls
Ok. Now back to it..
+
Listing collection `/dav/': succeeded.
  (root@box httpd)# pacman -S cadaver
+
Coll: test
 
+
=== Try to connect ===
+
Note: ipaddress can also be a hostname
+
{{bc|
+
(root@box httpd)# cadaver http://ipaddress/dav
+
dav:/dav/> mkcol test
+
Creating `test': succeeded.
+
dav:/dav/> ls
+
Listing collection `/dav/': succeeded.
+
Coll:   test                                   0  Feb 22 20:31
+
dav:/dav/> exit
+
}}
+
 
+
If the above worked as shown, then you are good to go.
+
 
+
Make sure you add [[WebDAV_authentication|permissions]] for viewing and dav access to the directory, and maybe even make that directory ssl access only.
+
  
 
== Authentication ==
 
== Authentication ==
Make sure you add permissions for viewing and dav access to the directory, and maybe even make that directory ssl access only.
 
 
 
There are numerous different protocols you can use:
 
There are numerous different protocols you can use:
 
* plain
 
* plain
Line 80: Line 59:
 
* others
 
* others
  
This is an example for using digest (make sure it is enabled in httpd.conf)
+
=== Apache ===
{{bc|htdigest -c /etc/httpd/conf/passwd WebDAV foo}}
+
Using digest:
 +
# basic form: htdigest -c /path/to/file AuthName username
 +
htdigest -c /etc/httpd/conf/passwd WebDAV '''username'''
  
Please make sure that the path is identical to the one you entered in your httpd.conf.  Also when using digest you have to enter the AuthName from httpd.conf.  For plain authentication you would not need this.
+
{{Note|Make sure digest authentication is enabled in {{ic|httpd.conf}} by the presence of this entry: {{ic|LoadModule auth_digest_module modules/mod_auth_digest.so}}}}
  
To require user *foo* for everything:
+
Using plain:
 +
# basic form: htpasswd -c /path/to/file username
 +
htpasswd -c /etc/httpd/conf/passwd '''username'''
 +
 
 +
Next, {{ic|httpd.conf}} must be edited to enable authentication. One method would be to require the user {{ic|foo}} for everything:
 
{{bc|
 
{{bc|
 
<Directory "/home/httpd/html/dav">
 
<Directory "/home/httpd/html/dav">
Line 91: Line 76:
 
   AllowOverride None
 
   AllowOverride None
 
   Options Indexes FollowSymLinks
 
   Options Indexes FollowSymLinks
  Order allow,deny
+
   AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
   AuthType Digest
+
 
   AuthName "WebDAV"
 
   AuthName "WebDAV"
 
   AuthUserFile /etc/httpd/conf/passwd
 
   AuthUserFile /etc/httpd/conf/passwd
Require user foo
+
  Require user foo
Allow from all
+
 
</Directory>
 
</Directory>
 
}}
 
}}
 +
 +
{{Note|{{ic|AuthName}} must match the name passed when using the {{ic|htdigest}} command for digest authentication. For basic/plain authentication, this line may be removed. Also, make sure that the {{ic|AuthUserFile}} path matches that used with the {{ic|htdigest}} or {{ic|htpasswd}} commands above}}
  
 
If you want to permit everybody to read, you could use this in your httpd.conf
 
If you want to permit everybody to read, you could use this in your httpd.conf
Line 106: Line 91:
 
   AllowOverride None
 
   AllowOverride None
 
   Options Indexes FollowSymLinks
 
   Options Indexes FollowSymLinks
  Order allow,deny
+
   AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
   AuthType Digest
+
 
   AuthName "WebDAV"
 
   AuthName "WebDAV"
 
   AuthUserFile /etc/httpd/conf/passwd
 
   AuthUserFile /etc/httpd/conf/passwd
   Allow from all
+
   Require all granted
<LimitExcept GET HEAD OPTIONS PROPFIND>
+
  <LimitExcept GET HEAD OPTIONS PROPFIND>
require user foo
+
    Require user foo
</LimitExcept>
+
  </LimitExcept>
 
</Directory>
 
</Directory>
 
}}
 
}}
 +
 +
Do not forget to restart apache after making changes!
 +
# systemctl restart httpd

Latest revision as of 14:10, 13 January 2017

WebDAV (Web Distributed Authoring and Versioning) is an extension of HTTP 1.1 and therefore can be considered to be a procotol. It contains a set of concepts and accompanying extension methods to allow read and write across the HTTP 1.1 protocol. Instead of using NFS or SMB, WebDAV offers file transfers via HTTP.

The goal of this how to is to setup a simple WebDAV configuration using a web server.

Server

Apache

Install the Apache HTTP Server.

Uncomment the modules for DAV:

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so

Add the following line to /etc/httpd/conf/httpd.conf.

DAVLockDB /home/httpd/DAV/DAVLock

Make sure you add it outside of any other directives, for instance right under the DocumentRoot definition.

Next, add the following (also outside of any directives):

Alias /dav "/home/httpd/html/dav"

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  Require all granted
</Directory>

Create the directory:

# mkdir -p /home/httpd/DAV

Check the permissions of DavLockDB's directory and ensure it is writable by the webserver user http:

# chown -R http:http /home/httpd/DAV
# mkdir -p /home/httpd/html/dav
# chown -R http:http /home/httpd/html/dav

Client

Cadaver

Install the package cadaver.

After installation, test the WebDAV server:

# cadaver http://localhost/dav
dav:/dav/> mkcol test
Creating `test': succeeded.
dav:/dav/> ls
Listing collection `/dav/': succeeded.
Coll: test

Authentication

There are numerous different protocols you can use:

  • plain
  • digest
  • others

Apache

Using digest:

# basic form: htdigest -c /path/to/file AuthName username
htdigest -c /etc/httpd/conf/passwd WebDAV username
Note: Make sure digest authentication is enabled in httpd.conf by the presence of this entry: LoadModule auth_digest_module modules/mod_auth_digest.so

Using plain:

# basic form: htpasswd -c /path/to/file username
htpasswd -c /etc/httpd/conf/passwd username

Next, httpd.conf must be edited to enable authentication. One method would be to require the user foo for everything:

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
  AuthName "WebDAV"
  AuthUserFile /etc/httpd/conf/passwd
  Require user foo
</Directory>
Note: AuthName must match the name passed when using the htdigest command for digest authentication. For basic/plain authentication, this line may be removed. Also, make sure that the AuthUserFile path matches that used with the htdigest or htpasswd commands above

If you want to permit everybody to read, you could use this in your httpd.conf

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
  AuthName "WebDAV"
  AuthUserFile /etc/httpd/conf/passwd
  Require all granted
  <LimitExcept GET HEAD OPTIONS PROPFIND>
    Require user foo
  </LimitExcept>
</Directory>

Do not forget to restart apache after making changes!

# systemctl restart httpd