Difference between revisions of "WebDAV"

From ArchWiki
Jump to: navigation, search
m (Merge duplicated info.)
m (rm unnecessary emphasis)
 
(23 intermediate revisions by 17 users not shown)
Line 1: Line 1:
[[Category:Networking]]
+
[[Category:Network sharing]]
WebDAV('''Web''' '''D'''istributed '''A'''uthoring and '''V'''ersioning) is an extension of HTTP 1.1 and therefore can be considered to be a procotol. It contains a set of concepts and accompanying extension methods to allow read and write across the HTTP 1.1 protocol. Instead of using [[NFS]] or [[Samba|SMB]], WebDAV offers file transfers via HTTP.  
+
[[ja:WebDAV]]
 +
WebDAV (Web Distributed Authoring and Versioning) is an extension of HTTP 1.1 and therefore can be considered to be a procotol. It contains a set of concepts and accompanying extension methods to allow read and write across the HTTP 1.1 protocol. Instead of using [[NFS]] or [[SMB]], WebDAV offers file transfers via HTTP.  
  
The goal of this how to is to setup a simple WebDAV configuration using Apache.
+
The goal of this how to is to setup a simple WebDAV configuration using a [[:Category:Web server|web server]].
  
See also [[File Sharing with Webdav and DNSSD]].
+
== Server ==
 +
=== Apache ===
 +
Install the [[Apache HTTP Server]].
  
== Server (Apache) ==
+
Uncomment the modules for DAV:
Install Apache as explained in the [[LAMP]] article.
+
{{bc|
 +
LoadModule dav_module modules/mod_dav.so
 +
LoadModule dav_fs_module modules/mod_dav_fs.so
 +
LoadModule dav_lock_module modules/mod_dav_lock.so
 +
}}
  
Now enable WebDAV. Add the following line to {{ic|/etc/httpd/conf/httpd.conf}}.
+
Add the following line to {{ic|/etc/httpd/conf/httpd.conf}}.
 
  DAVLockDB /home/httpd/DAV/DAVLock
 
  DAVLockDB /home/httpd/DAV/DAVLock
  
Line 16: Line 23:
 
Next, add the following (also outside of any directives):
 
Next, add the following (also outside of any directives):
 
{{bc|
 
{{bc|
 +
Alias /dav "/home/httpd/html/dav"
 +
 
<Directory "/home/httpd/html/dav">
 
<Directory "/home/httpd/html/dav">
 
   DAV On
 
   DAV On
 
   AllowOverride None
 
   AllowOverride None
 
   Options Indexes FollowSymLinks
 
   Options Indexes FollowSymLinks
   Order allow,deny
+
   Require all granted
  Allow from all
 
 
</Directory>
 
</Directory>
 
}}
 
}}
  
=== Create directories ===
+
Create the directory:
 +
# mkdir -p /home/httpd/DAV
  
  # mkdir -p /home/httpd/DAV
+
Check the permissions of DavLockDB's directory and ensure it is writable by the webserver [[user]] {{ic|http}}:
 +
# chown -R http:http /home/httpd/DAV
 +
  # mkdir -p /home/httpd/html/dav
 +
# chown -R http:http /home/httpd/html/dav
 +
 
 +
===Nginx===
 +
Install the mainline variant of [[nginx]] and {{AUR|nginx-mainline-mod-dav-ext}}.
 +
 
 +
At the top of your {{ic|/etc/nginx/nginx.conf}} and outside any blocks, add
 +
{{bc|
 +
load_module /usr/lib/nginx/modules/ngx_http_dav_ext_module.so;
 +
}}
 +
 
 +
Add a new {{ic|location}} for WebDAV to your {{ic|server}} block, for example:
 +
{{bc|
 +
location /dav {
 +
    root  /srv/http;
 +
 
 +
    dav_methods PUT DELETE MKCOL COPY MOVE;
 +
    dav_ext_methods PROPFIND OPTIONS;
 +
 
 +
    # Adjust as desired:
 +
    dav_access all:rw;
 +
    client_max_body_size 0;
 +
    create_full_put_path on;
 +
    client_body_temp_path /srv/client-temp;
 +
    autoindex on;
 +
 
 +
    allow 192.168.178.0/24;
 +
    deny all;
 +
}
 +
}}
  
Check the permissions of DavLockDB's directory and insure it is writable by the apache user (http):
+
The above example requires the directories {{ic|/srv/http/dav}} and {{ic|/srv/client-temp}} to exist.
# chown -R http:http /home/httpd/DAV # Otherwise you wouldn't be able to upload files
 
  
# mkdir -p /home/httpd/html/dav
+
You may want to use bind mounts to make other directories accessible via WebDAV.
# chown -R nobody.nobody /home/httpd/html/dav
 
  
== Client (Cadaver) ==
+
== Client ==
Cadaver is a command line WebDAV client. It can be installed with the package {{Pkg|cadaver}}, available in the [[official repositories]].
+
=== Cadaver ===
 +
[[Install]] the package {{Pkg|cadaver}}.
  
=== Test it ===
+
After installation, test the WebDAV server:
 
  # cadaver http://localhost/dav
 
  # cadaver http://localhost/dav
 
  dav:/dav/> mkcol test
 
  dav:/dav/> mkcol test
Line 45: Line 84:
 
  Listing collection `/dav/': succeeded.
 
  Listing collection `/dav/': succeeded.
 
  Coll: test
 
  Coll: test
dav:/dav/> exit
 
  
If the above worked as shown, then you are good to go.
+
=== Thunar ===
 +
 
 +
In [[Thunar]] just press {{ic|Ctrl+l}} and enter the address with ''dav'' or ''davs'' protocol specified:
 +
 
 +
davs://webdav.yandex.ru
  
 
== Authentication ==
 
== Authentication ==
Make sure you add permissions for viewing and dav access to the directory, and maybe even make that directory ssl access only.
 
 
 
There are numerous different protocols you can use:
 
There are numerous different protocols you can use:
 
* plain
 
* plain
Line 57: Line 97:
 
* others
 
* others
  
Two examples follow, in which {{ic|foo}} is the username:
+
=== Apache ===
 
 
 
Using digest:
 
Using digest:
 
  # basic form: htdigest -c /path/to/file AuthName username
 
  # basic form: htdigest -c /path/to/file AuthName username
  htdigest -c /etc/httpd/conf/passwd WebDAV foo
+
  htdigest -c /etc/httpd/conf/passwd WebDAV '''username'''
  
 
{{Note|Make sure digest authentication is enabled in {{ic|httpd.conf}} by the presence of this entry: {{ic|LoadModule auth_digest_module modules/mod_auth_digest.so}}}}
 
{{Note|Make sure digest authentication is enabled in {{ic|httpd.conf}} by the presence of this entry: {{ic|LoadModule auth_digest_module modules/mod_auth_digest.so}}}}
Line 67: Line 106:
 
Using plain:
 
Using plain:
 
  # basic form: htpasswd -c /path/to/file username
 
  # basic form: htpasswd -c /path/to/file username
  htpasswd -c /etc/httpd/conf/passwd foo
+
  htpasswd -c /etc/httpd/conf/passwd '''username'''
  
 
Next, {{ic|httpd.conf}} must be edited to enable authentication. One method would be to require the user {{ic|foo}} for everything:
 
Next, {{ic|httpd.conf}} must be edited to enable authentication. One method would be to require the user {{ic|foo}} for everything:
Line 75: Line 114:
 
   AllowOverride None
 
   AllowOverride None
 
   Options Indexes FollowSymLinks
 
   Options Indexes FollowSymLinks
  Order allow,deny
 
 
   AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
 
   AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
 
   AuthName "WebDAV"
 
   AuthName "WebDAV"
 
   AuthUserFile /etc/httpd/conf/passwd
 
   AuthUserFile /etc/httpd/conf/passwd
 
   Require user foo
 
   Require user foo
  Allow from all
 
 
</Directory>
 
</Directory>
 
}}
 
}}
Line 92: Line 129:
 
   AllowOverride None
 
   AllowOverride None
 
   Options Indexes FollowSymLinks
 
   Options Indexes FollowSymLinks
  Order allow,deny
 
 
   AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
 
   AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
 
   AuthName "WebDAV"
 
   AuthName "WebDAV"
 
   AuthUserFile /etc/httpd/conf/passwd
 
   AuthUserFile /etc/httpd/conf/passwd
   Allow from all
+
   Require all granted
 
   <LimitExcept GET HEAD OPTIONS PROPFIND>
 
   <LimitExcept GET HEAD OPTIONS PROPFIND>
     require user foo
+
     Require user foo
 
   </LimitExcept>
 
   </LimitExcept>
 
</Directory>
 
</Directory>
 
}}
 
}}
  
Don't forget to restart apache after making changes!
+
Do not forget to restart apache after making changes!
 
  # systemctl restart httpd
 
  # systemctl restart httpd

Latest revision as of 05:01, 2 August 2017

WebDAV (Web Distributed Authoring and Versioning) is an extension of HTTP 1.1 and therefore can be considered to be a procotol. It contains a set of concepts and accompanying extension methods to allow read and write across the HTTP 1.1 protocol. Instead of using NFS or SMB, WebDAV offers file transfers via HTTP.

The goal of this how to is to setup a simple WebDAV configuration using a web server.

Server

Apache

Install the Apache HTTP Server.

Uncomment the modules for DAV:

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so

Add the following line to /etc/httpd/conf/httpd.conf.

DAVLockDB /home/httpd/DAV/DAVLock

Make sure you add it outside of any other directives, for instance right under the DocumentRoot definition.

Next, add the following (also outside of any directives):

Alias /dav "/home/httpd/html/dav"

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  Require all granted
</Directory>

Create the directory:

# mkdir -p /home/httpd/DAV

Check the permissions of DavLockDB's directory and ensure it is writable by the webserver user http:

# chown -R http:http /home/httpd/DAV
# mkdir -p /home/httpd/html/dav
# chown -R http:http /home/httpd/html/dav

Nginx

Install the mainline variant of nginx and nginx-mainline-mod-dav-extAUR.

At the top of your /etc/nginx/nginx.conf and outside any blocks, add

load_module /usr/lib/nginx/modules/ngx_http_dav_ext_module.so;

Add a new location for WebDAV to your server block, for example:

location /dav {
    root   /srv/http;

    dav_methods PUT DELETE MKCOL COPY MOVE;
    dav_ext_methods PROPFIND OPTIONS;

    # Adjust as desired:
    dav_access all:rw;
    client_max_body_size 0;
    create_full_put_path on;
    client_body_temp_path /srv/client-temp;
    autoindex on;

    allow 192.168.178.0/24;
    deny all;
}

The above example requires the directories /srv/http/dav and /srv/client-temp to exist.

You may want to use bind mounts to make other directories accessible via WebDAV.

Client

Cadaver

Install the package cadaver.

After installation, test the WebDAV server:

# cadaver http://localhost/dav
dav:/dav/> mkcol test
Creating `test': succeeded.
dav:/dav/> ls
Listing collection `/dav/': succeeded.
Coll: test

Thunar

In Thunar just press Ctrl+l and enter the address with dav or davs protocol specified:

davs://webdav.yandex.ru

Authentication

There are numerous different protocols you can use:

  • plain
  • digest
  • others

Apache

Using digest:

# basic form: htdigest -c /path/to/file AuthName username
htdigest -c /etc/httpd/conf/passwd WebDAV username
Note: Make sure digest authentication is enabled in httpd.conf by the presence of this entry: LoadModule auth_digest_module modules/mod_auth_digest.so

Using plain:

# basic form: htpasswd -c /path/to/file username
htpasswd -c /etc/httpd/conf/passwd username

Next, httpd.conf must be edited to enable authentication. One method would be to require the user foo for everything:

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
  AuthName "WebDAV"
  AuthUserFile /etc/httpd/conf/passwd
  Require user foo
</Directory>
Note: AuthName must match the name passed when using the htdigest command for digest authentication. For basic/plain authentication, this line may be removed. Also, make sure that the AuthUserFile path matches that used with the htdigest or htpasswd commands above

If you want to permit everybody to read, you could use this in your httpd.conf

<Directory "/home/httpd/html/dav">
  DAV On
  AllowOverride None
  Options Indexes FollowSymLinks
  AuthType Digest # substitute "Basic" for "Digest" if you used htpasswd above
  AuthName "WebDAV"
  AuthUserFile /etc/httpd/conf/passwd
  Require all granted
  <LimitExcept GET HEAD OPTIONS PROPFIND>
    Require user foo
  </LimitExcept>
</Directory>

Do not forget to restart apache after making changes!

# systemctl restart httpd