WebDav/Server: Unterschied zwischen den Versionen

Aus Foxwiki
K Dirkwagner verschob die Seite DAV:Server nach WebDav:Server, ohne dabei eine Weiterleitung anzulegen
Keine Bearbeitungszusammenfassung
Zeile 1: Zeile 1:
[[Category:Nextcloud:Verwaltung]]
= WebDAV-Server  =
This can be combined with user authentication (using LDAP or a number of other password mechanisms).
 
== WebDAV Server Installation  ==
=== Install Apache webserver  ===
Apache2 must be installed, either alone or as part of a LAMP server.
# APT install apache2
 
or
 
apt-get install tasksel
tasksel install lamp-server
 
=== Open your firewall  ===
* Remember, WebDAV is an HTTP server. The incoming default HTTP and/or HTTPS ports (80 and/or 443) should be open to the server.
* It is, of course, also possible to use custom ports by changing the allowed incoming ports in the firewall, the virtual host configuration file, and, of course, the URL used to reach the WebDAV server.
 
=== Enable the Apache2 WebDAV modules  ===
Enable the dav and dav_fs modules:
# a2enmod dav_fs
 
Restart Apache2
# systemctl restart apache2
 
=== Create a folder for WebDAV use  ===
There are two options:
* Create a WebDAV directory in the /var/www folder:
sudo mkdir /var/www/WebDAV1
or
 
Create a WebDAV directory in the /home/user/ (also known as ~/) folder and create a symbolic link:
mkdir ~/WebDAV1
sudo ln -s ~/WebDAV1 /var/www/* Create a subdirectory for files:
mkdir /var/www/WebDAV1/files* Note: In the next several steps, file/folder ownership and permissions can also be adjusted from a File Manager (such as Dolphin in Kubuntu or Nautilus in Ubuntu) as root:
sudo dolphin
or
sudo nautilus
* Make sure the owner of whichever WebDAV folder was created (and its subfolders, using the -R recursive switch) is www-data (the user ID for Apache2) and the group is that of your user ID (or, alternatively, root):
sudo chown -R www-data:user /var/www/WebDAV1
or
sudo chown -R www-data:user ~/WebDAV1
 
Alternatively you could create a WebDAV [http://ubuntuguide.org/wiki/Ubuntu:All#Users_and_Groups user group] so that some group of local users could access the files locally (instead of through WebDAV). Add the individual users to that group and use WebDAV as the group instead of a single user (or root), for example:
sudo chown -R www-data:WebDAV /var/www/WebDAV1
 
To allow files in the WebDAV folder (and its subfolders, using the -R recursive switch) to be Read/Write but not eXecutable (which may be a security risk on some servers):
sudo chmod 664 -R /var/www/WebDAV1
 
or
 
sudo chmod 664 -R ~/WebDAV1* Some users find that broader permissions may be required, and instead allow Read/Write/eXecute for the Owner / Group (but not all users):
 
sudo chmod 770 -R /var/www/WebDAV1
 
or
 
sudo chmod 770 -R ~/WebDAV1
 
=== Create or edit the virtual host file  ===
* Edit the virtual host (vhost) file used for the URL through which WebDAV will be accessed
#  kate /etc/apache2/sites-available/mydomainhost
 
where mydomainhost is the name of the virtual host configuration file used for your URL. If you are using the default virtual host file, edit that one.
 
Add the line
Alias /WebDAV1 /var/www/WebDAV1/files
 
so that accessing the WebDAV folder using the URL
http://myhost.mydomain.org/WebDAV1
will forward to the correct folder (/var/www/WebDAV1) on the computer.
 
The final virtual host file ought to resemble:
<VirtualHost *>
<nowiki>#</nowiki>
<nowiki># UseCanonicalName off</nowiki>
<nowiki># ServerName WebDAV1.mydomain.org</nowiki>
ServerName myhost.mydomain.org
ServerAlias 192.168.0.155 WebDAV1.mydomain.org
<nowiki>#</nowiki>
ServerAdmin root@localhost
DocumentRoot /var/www/
<nowiki>#</nowiki>
Alias /WebDAV1 /var/www/WebDAV1/files
<nowiki>#</nowiki>
  <Directory /var/www/WebDAV1/>
  Options Indexes MultiViews
  AllowOverride None
  Order allow,deny
  allow from all
  </Directory>
</VirtualHost>
 
* In this example, the WebDAV server is on the primary server, so the URL is the same as that of the primary server (and would be accessed from http://myhost.mydomain.org/WebDAV1).
* The primary server's IP address on the LAN (in this example) is 192.168.0.155, so to access it from the LAN, this address could also be used: http://192.168.0.155/WebDAV1. *
 
Enable the virtual host (vhost):
# ln -s /etc/apache2/sites-available/mydomainhost /etc/apache2/sites-enabled/*
Restart Apache2:
# /etc/init.d/apache2 restart*
Test that the folders are reachable through Apache2 using:
http://localhost/WebDAV1
or
http://192.168.0.155/WebDAV1
 
=== Create password access for the WebDAV folders  ===
* Note: This method uses HTTP Basic Authentication as outlined in the [http://httpd.apache.org/docs/2.0/mod/mod_dav.html Apache documentation]. However, this same documentation recommends against routine use of HTTP Basic Authentication (which transmits unencrypted passwords, inviting password sniffing) and instead recommends [http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html HTTP Digest Authentication] (or at least HTTP Basic Authentication [http://httpd.apache.org/docs/2.0/mod/mod_ssl.html over SSL]). Refer to the Apache documentation for more details.
* Create the WebDAV password file /var/www/WebDAV1/passwd.dav with the user testuser. For more info see [http://httpd.apache.org/docs/2.0/howto/auth.html here]. (The -c switch creates the file if it does not exist.):
 
sudo htpasswd -c /var/www/WebDAV1/passwd.dav testuser
 
Type in a password for the user testuser.
 
We will later use this userID when connecting to the WebDAV URL:
 
http://myhost.mydomain.org/WebDAV1 * Add other users (e.g. testuser2, testuser3, etc.) as needed. (Omit the -c switch because the password file already exists.)
 
sudo htpasswd /var/www/WebDAV1/passwd.dav testuser2
 
Note: See [http://ubuntuguide.org/index.php?title=WebDAV&printable=yes#Creating_passwords_for_Windows_clients below] for adding a password for users accessing WebDAV folders from Windows clients. * Change the permissions of the /var/www/WebDAV1/passwd.dav file so that only www-data (as owner) and user (or, alternatively, root) as the group can access it:
 
sudo chown www-data:user /var/www/WebDAV1/passwd.dav
sudo chmod 660 /var/www/WebDAV1/passwd.dav
 
Note: I personally use chmod 460, which does not allow the www-data owner to write to the file (only read permissions are allowed). Only members of the local group user can read/write to the file using this chmod 460 setting. * Edit the virtual host (vhost) file /etc/apache2/sites-available/mydomainhost (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
 
sudo kate /etc/apache2/sites-available/mydomainhost
 
and add the following lines to it:
 
<nowiki>#</nowiki>
  <Location /WebDAV1>
  DAV On
  AuthType Basic
  AuthName "WebDAV1"
  AuthUserFile /var/www/WebDAV1/passwd.dav
  Require valid-user
  </Location>
 
The final virtual host (vhost) file should resemble:
 
<VirtualHost *>
<nowiki>#</nowiki>
<nowiki># UseCanonicalName off</nowiki>
<nowiki># ServerName WebDAV1.mydomain.org</nowiki>
  ServerName myhost.mydomain.org
  ServerAlias 192.168.0.155 WebDAV1.mydomain.org
<nowiki>#</nowiki>
  ServerAdmin root@localhost
  DocumentRoot /var/www/
<nowiki>#</nowiki>
  Alias /WebDAV1 /var/www/WebDAV1/files
<nowiki>#</nowiki>
  <Directory /var/www/WebDAV1/>
  Options Indexes MultiViews
  AllowOverride None
  Order allow,deny
  allow from all
</Directory>
<nowiki>#</nowiki>
  <Location /WebDAV1>
  DAV On
  AuthType Basic
  AuthName "WebDAV1"
  AuthUserFile /var/www/WebDAV1/passwd.dav
  Require valid-user
  </Location>
</VirtualHost>
 
Reload Apache:
/etc/init.d/apache2 reload
 
=== Testing WebDAV  ===
Install cadaver, a command-line WebDAV client:
sudo apt-get install cadaver* Test if WebDAV works:
cadaver http://localhost/WebDAV1/
 
You should be prompted for a user name. Type in testuser and then the password for testuser. If all goes well, you should be granted access which means WebDAV is working ok. To leave the WebDAV shell, type quit:
server1:~# cadaver http://localhost/WebDAV1/
Authentication required for test on server `localhost':
Username: testuser
Password: *******
dav:/WebDAV1/> quit
Connection to `localhost' closed.
server1:~#
 
=== Set up Digest Authorization (encrypted passwords)  ===
Enable the [http://httpd.apache.org/docs/2.0/mod/mod_auth_digest.html HTTP Digest Authentication] module:
sudo a2enmod auth_digest* Create a digest authorization password file:
sudo htdigest -c /var/www/WebDAV1/digestpasswd.dav WebDAV1digest testuser* Add other users (e.g. testuser2, testuser3, etc.) as needed. (Omit the -c switch because the password file already exists.)
sudo htdigest /var/www/WebDAV1/digestpasswd.dav WebDAV1digest testuser2
 
Note: See [http://ubuntuguide.org/index.php?title=WebDAV&printable=yes#Creating_passwords_for_Windows_clients below] for adding a password for users accessing WebDAV folders from Windows clients. * Change the permissions of the /var/www/WebDAV1/digestpasswd.dav file so that only www-data (as owner) and user (or, alternatively, root) as the group can access it:
 
sudo chown www-data:user /var/www/WebDAV1/digestpasswd.dav
sudo chmod 660 /var/www/WebDAV1/digestpasswd.dav
 
Note: I personally use chmod 460, which does not allow the www-data owner to write to the file (only read permissions are allowed). Only members of the local group user can read/write to the file using this chmod 460 setting.
 
Edit the virtual host (vhost) file /etc/apache2/sites-available/mydomainhost (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/apache2/sites-available/mydomainhost
 
and this time add the following lines to it:
 
<nowiki>#</nowiki>
  <Location /WebDAV1>
  DAV On
  AuthType Digest
  AuthName "WebDAV1digest"
  AuthUserFile /var/www/WebDAV1/digestpasswd.dav
  Require valid-user
  </Location>
 
so that the final file resembles:
 
<VirtualHost *>
<nowiki>#</nowiki>
<nowiki># UseCanonicalName off</nowiki>
<nowiki># ServerName WebDAV1.mydomain.org</nowiki>
  ServerName myhost.mydomain.org
  ServerAlias 192.168.0.155 WebDAV1.mydomain.org
<nowiki>#</nowiki>
  ServerAdmin root@localhost
  DocumentRoot /var/www/
<nowiki>#</nowiki>
  Alias /WebDAV1 /var/www/WebDAV1/files
<nowiki>#</nowiki>
<Directory /var/www/WebDAV1/>
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
  </Directory>
<nowiki>#</nowiki>
<nowiki># <Location /WebDAV1></nowiki>
<nowiki># </nowiki> DAV On
<nowiki># </nowiki> AuthType Basic
<nowiki># </nowiki> AuthName "WebDAV1"
<nowiki># </nowiki> AuthUserFile /var/www/WebDAV1/passwd.dav
<nowiki># </nowiki> Require valid-user
<nowiki># </Location></nowiki>
<nowiki>#</nowiki>
  <Location /WebDAV1>
  DAV On
  AuthType Digest
  AuthName "WebDAV1digest"
  AuthUserFile /var/www/WebDAV1/digestpasswd.dav
  Require valid-user
  </Location>
</VirtualHost>
 
=== Enable WebDAV lock  ===
Although optional, the lock database prevents multiple users from overwriting the same file simultaneously.
* Create a global Apache2 configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/apache2/conf.d/WebDAV
 
and add the single line:
DavLockDB /var/lock/apache2/DAVLock
 
It may be necessary to also add this line to the dav_fs configuration file:
sudo kate /etc/apache2/mods-available/dav_fs.conf
 
This directive indicates that the locking database files will be named DAVLock by the dav_lock module. These database files will be stored by Apache in the /var/lock/apache2 folder. * By default, Apache2 allows a WebDAV client to set the file lock time. Many WebDAV clients, for example, impose a file lock time of 2 minutes. A longer lock time can optionally be imposed by the WebDAV server by adding an additional line:
DAVMinTimeout 5
 
where in this example the minimum file lock time is set to 5 minutes for all clients. (The default is DAVMinTimeout 0, which indicates that no minimum file lock time is imposed by the server and it is left up to the individual WebDAV clients). * Enable the Apache2 dav_lock module:
sudo a2enmod dav_lock* Restart Apache2:
sudo /etc/init.d/apache2 restart
 
== Multiple WebDAV servers on a LAN using a single IP address and router  ==
Note: This section is undergoing editing. * To run multiple servers (including WebDAV servers) on multiple computers on a LAN using only a single IP address and router, see [http://ubuntuguide.org/wiki/Apache2_reverse_proxies this solution] using reverse proxies in Apache.
* Each server should have a unique WebDAV folder name. Instead of using WebDAV1 and WebDAV1, different names, such as WebDAV2 and WebDAV2, WebDAV3 and WebDAV3, WebDAV4 and WebDAV4, etc., should be used on each of the individual computers.
* Each computer's WebDAV folder would then be reached by its own unique label, e.g.
 
http://myhost.mydomain.org/WebDAV1
 
or
 
http://myhost.mydomain.org/WebDAV2
 
or
 
http://myhost.mydomain.org/WebDAV3
 
Alternatively, if each computer has its own unique URL, the unique URL can be used. Adjust the reverse proxy virtual host file (on the primary server that acts as the proxy/reverse proxy to the other servers) accordingly in order to enable this.
 
This does not always work and a lot of troubleshooting and trial and error is needed to perfect rewrite rules. Sometimes a more relaible method is to just use the RedirectMatch rule with the actual LAN IP address of the second server.
 
Here is a detailed example, although there are many ways to accomplish this. * On the primary server of the LAN (the one to which the router initially directs port 80 traffic), make sure the proxy/reverse proxy modules of Apache2 are enabled and then restart Apache:
 
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo /etc/init.d/apache2 restart
 
Also makes sure the rewrite module is on:
 
sudo a2enmod rewrite
 
* This example assumes the primary server has its own set of WebDAV folders (as in the steps outlined above), labeled WebDAV1/WebDAV1.
* Duplicate the steps for the second server, substituting WebDAV2 and WebDAV2 in each step.
* On the primary server, edit the virtual host file for the primary URL (e.g. /etc/apache2/sites-available/mydomainhost) by which the LAN is reached (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/apache2/sites-available/mydomainhost* Near the beginning of the file add the lines:
 
<nowiki>#</nowiki>
  UseCanonicalName off
<nowiki># </nowiki>
  RewriteEngine On
  RedirectMatch (.*)/WebDAV2 http://192.168.0.156/WebDAV2
 
This example assumes, of course, that the second server is located on the LAN at IP address 192.168.0.156. This ensures that the newly transformed URL gets sent to the correct IP address on the LAN. This is the proxy function of the first server. (It also specifies the reverse process.)
 
The file should now resemble:
<VirtualHost *>
<nowiki>#</nowiki>
  UseCanonicalName off
<nowiki># </nowiki>
  RewriteEngine On
  RedirectMatch (.*)/WebDAV2 http://192.168.0.156/WebDAV2
<nowiki># </nowiki>
<nowiki># ServerName WebDAV1.mydomain.org</nowiki>
  ServerName myhost.mydomain.org
  ServerAlias 192.168.0.155 WebDAV1.mydomain.org
<nowiki>#</nowiki>
  ServerAdmin root@localhost
  DocumentRoot /var/www/
<nowiki>#</nowiki>
  Alias /WebDAV1 /var/www/WebDAV1/files
<nowiki>#</nowiki>
<Directory /var/www/WebDAV1/>
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
  </Directory>
<nowiki>#</nowiki>
<nowiki># <Location /WebDAV1></nowiki>
<nowiki># </nowiki> DAV On
<nowiki># </nowiki> AuthType Basic
<nowiki># </nowiki> AuthName "WebDAV1"
<nowiki># </nowiki> AuthUserFile /var/www/WebDAV1/passwd.dav
<nowiki># </nowiki> Require valid-user
<nowiki># </Location></nowiki>
<nowiki>#</nowiki>
  <Location /WebDAV1>
  DAV On
  AuthType Digest
  AuthName "WebDAV1digest"
  AuthUserFile /var/www/WebDAV1/digestpasswd.dav
  Require valid-user
  </Location>
</VirtualHost>
 
While this method is not required, it allows the second WebDAV server to be accessed from another computer on the LAN either by http://myhost.mydomain.org/WebDAV2 or by http://WebDAV2.mydomain.org. Using this method, by editing only the virtual host file on the primary server (that acts as proxy), access to the secondary WebDAV server can be selectively restricted to the LAN only or can be enabled for complete access from the Internet at large.
 
== WebDAV with LDAP  ==
Note: This section is undergoing editing.
 
If an LDAP server exists already, you can use the Apache2 [http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html mod_authnz_ldap] module.
 
Do you intend to place each person's website in a separate directory below the common DAV root? If so, you'll probably want to limit access to each directory to its specific user for security. An .htpasswd file in each directory is the easiest solution, but it's safer to put all the access rules in the global WebDAV configuration file located in the /etc/apache2/sites-enabled folder.
 
== References  ==
* [https://wiki.archlinux.org/index.php/Simple_WebDav_Setup Simple WebDAV setup] and [https://wiki.archlinux.org/index.php/WebDAV_authentication WebDAV authentication] (from the ArchLinux wiki)
* [http://www.debian-administration.org/articles/285 Debian Administration article on WebDAV]  
* [http://barracudaserver.com/products/BarracudaDrive/tutorials/mapping_windows_drive.lsp Tutorial] for using a Windows client to access a WebDAV folder.
* [http://www.webdav.org/mod_dav/install.html#apache WebDAV in Apache]
 
[[Category:Netzwerke:WebDAV]]
[[Category:Netzwerke:WebDAV]]

Version vom 14. Mai 2022, 20:33 Uhr

WebDAV-Server

This can be combined with user authentication (using LDAP or a number of other password mechanisms).

WebDAV Server Installation

Install Apache webserver

Apache2 must be installed, either alone or as part of a LAMP server.

# APT install apache2

or

apt-get install tasksel
tasksel install lamp-server

Open your firewall

  • Remember, WebDAV is an HTTP server. The incoming default HTTP and/or HTTPS ports (80 and/or 443) should be open to the server.
  • It is, of course, also possible to use custom ports by changing the allowed incoming ports in the firewall, the virtual host configuration file, and, of course, the URL used to reach the WebDAV server.

Enable the Apache2 WebDAV modules

Enable the dav and dav_fs modules:

# a2enmod dav_fs

Restart Apache2

# systemctl restart apache2

Create a folder for WebDAV use

There are two options:

  • Create a WebDAV directory in the /var/www folder:
sudo mkdir /var/www/WebDAV1

or

Create a WebDAV directory in the /home/user/ (also known as ~/) folder and create a symbolic link:

mkdir ~/WebDAV1
sudo ln -s ~/WebDAV1 /var/www/* Create a subdirectory for files: 
mkdir /var/www/WebDAV1/files* Note: In the next several steps, file/folder ownership and permissions can also be adjusted from a File Manager (such as Dolphin in Kubuntu or Nautilus in Ubuntu) as root: 
sudo dolphin

or

sudo nautilus
  • Make sure the owner of whichever WebDAV folder was created (and its subfolders, using the -R recursive switch) is www-data (the user ID for Apache2) and the group is that of your user ID (or, alternatively, root):
sudo chown -R www-data:user /var/www/WebDAV1

or

sudo chown -R www-data:user ~/WebDAV1

Alternatively you could create a WebDAV user group so that some group of local users could access the files locally (instead of through WebDAV). Add the individual users to that group and use WebDAV as the group instead of a single user (or root), for example:

sudo chown -R www-data:WebDAV /var/www/WebDAV1

To allow files in the WebDAV folder (and its subfolders, using the -R recursive switch) to be Read/Write but not eXecutable (which may be a security risk on some servers):

sudo chmod 664 -R /var/www/WebDAV1

or

sudo chmod 664 -R ~/WebDAV1* Some users find that broader permissions may be required, and instead allow Read/Write/eXecute for the Owner / Group (but not all users): 
sudo chmod 770 -R /var/www/WebDAV1

or

sudo chmod 770 -R ~/WebDAV1

Create or edit the virtual host file

  • Edit the virtual host (vhost) file used for the URL through which WebDAV will be accessed
#  kate /etc/apache2/sites-available/mydomainhost

where mydomainhost is the name of the virtual host configuration file used for your URL. If you are using the default virtual host file, edit that one.

Add the line

Alias /WebDAV1 /var/www/WebDAV1/files

so that accessing the WebDAV folder using the URL

http://myhost.mydomain.org/WebDAV1

will forward to the correct folder (/var/www/WebDAV1) on the computer.

The final virtual host file ought to resemble:

<VirtualHost *>
#
# UseCanonicalName off
# ServerName WebDAV1.mydomain.org
ServerName myhost.mydomain.org
ServerAlias 192.168.0.155 WebDAV1.mydomain.org
#
ServerAdmin root@localhost
DocumentRoot /var/www/
#
Alias /WebDAV1 /var/www/WebDAV1/files
#
 <Directory /var/www/WebDAV1/>
  Options Indexes MultiViews
  AllowOverride None
  Order allow,deny
  allow from all
 </Directory>
</VirtualHost>
  • In this example, the WebDAV server is on the primary server, so the URL is the same as that of the primary server (and would be accessed from http://myhost.mydomain.org/WebDAV1).
  • The primary server's IP address on the LAN (in this example) is 192.168.0.155, so to access it from the LAN, this address could also be used: http://192.168.0.155/WebDAV1. *

Enable the virtual host (vhost):

# ln -s /etc/apache2/sites-available/mydomainhost /etc/apache2/sites-enabled/* 

Restart Apache2:

# /etc/init.d/apache2 restart* 

Test that the folders are reachable through Apache2 using:

http://localhost/WebDAV1 

or

http://192.168.0.155/WebDAV1

Create password access for the WebDAV folders

  • Note: This method uses HTTP Basic Authentication as outlined in the Apache documentation. However, this same documentation recommends against routine use of HTTP Basic Authentication (which transmits unencrypted passwords, inviting password sniffing) and instead recommends HTTP Digest Authentication (or at least HTTP Basic Authentication over SSL). Refer to the Apache documentation for more details.
  • Create the WebDAV password file /var/www/WebDAV1/passwd.dav with the user testuser. For more info see here. (The -c switch creates the file if it does not exist.):
sudo htpasswd -c /var/www/WebDAV1/passwd.dav testuser

Type in a password for the user testuser.

We will later use this userID when connecting to the WebDAV URL:

http://myhost.mydomain.org/WebDAV1 * Add other users (e.g. testuser2, testuser3, etc.) as needed. (Omit the -c switch because the password file already exists.)

sudo htpasswd /var/www/WebDAV1/passwd.dav testuser2

Note: See below for adding a password for users accessing WebDAV folders from Windows clients. * Change the permissions of the /var/www/WebDAV1/passwd.dav file so that only www-data (as owner) and user (or, alternatively, root) as the group can access it:

sudo chown www-data:user /var/www/WebDAV1/passwd.dav
sudo chmod 660 /var/www/WebDAV1/passwd.dav

Note: I personally use chmod 460, which does not allow the www-data owner to write to the file (only read permissions are allowed). Only members of the local group user can read/write to the file using this chmod 460 setting. * Edit the virtual host (vhost) file /etc/apache2/sites-available/mydomainhost (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):

sudo kate /etc/apache2/sites-available/mydomainhost

and add the following lines to it:

#
 <Location /WebDAV1>
  DAV On
  AuthType Basic
  AuthName "WebDAV1"
  AuthUserFile /var/www/WebDAV1/passwd.dav
  Require valid-user
 </Location>

The final virtual host (vhost) file should resemble:

<VirtualHost *>
#
# UseCanonicalName off
# ServerName WebDAV1.mydomain.org
 ServerName myhost.mydomain.org
 ServerAlias 192.168.0.155 WebDAV1.mydomain.org
#
 ServerAdmin root@localhost
 DocumentRoot /var/www/
#
 Alias /WebDAV1 /var/www/WebDAV1/files
#
 <Directory /var/www/WebDAV1/>
  Options Indexes MultiViews
  AllowOverride None
  Order allow,deny
  allow from all
</Directory>
#
 <Location /WebDAV1>
  DAV On
  AuthType Basic
  AuthName "WebDAV1"
  AuthUserFile /var/www/WebDAV1/passwd.dav
  Require valid-user
 </Location>
</VirtualHost>

Reload Apache:

/etc/init.d/apache2 reload

Testing WebDAV

Install cadaver, a command-line WebDAV client:

sudo apt-get install cadaver* Test if WebDAV works: 
cadaver http://localhost/WebDAV1/

You should be prompted for a user name. Type in testuser and then the password for testuser. If all goes well, you should be granted access which means WebDAV is working ok. To leave the WebDAV shell, type quit:

server1:~# cadaver http://localhost/WebDAV1/
Authentication required for test on server `localhost':
Username: testuser
Password: *******
dav:/WebDAV1/> quit
Connection to `localhost' closed.
server1:~#

Set up Digest Authorization (encrypted passwords)

Enable the HTTP Digest Authentication module:

sudo a2enmod auth_digest* Create a digest authorization password file: 
sudo htdigest -c /var/www/WebDAV1/digestpasswd.dav WebDAV1digest testuser* Add other users (e.g. testuser2, testuser3, etc.) as needed. (Omit the -c switch because the password file already exists.) 
sudo htdigest /var/www/WebDAV1/digestpasswd.dav WebDAV1digest testuser2

Note: See below for adding a password for users accessing WebDAV folders from Windows clients. * Change the permissions of the /var/www/WebDAV1/digestpasswd.dav file so that only www-data (as owner) and user (or, alternatively, root) as the group can access it:

sudo chown www-data:user /var/www/WebDAV1/digestpasswd.dav
sudo chmod 660 /var/www/WebDAV1/digestpasswd.dav

Note: I personally use chmod 460, which does not allow the www-data owner to write to the file (only read permissions are allowed). Only members of the local group user can read/write to the file using this chmod 460 setting.

Edit the virtual host (vhost) file /etc/apache2/sites-available/mydomainhost (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):

sudo kate /etc/apache2/sites-available/mydomainhost
and this time add the following lines to it: 
#
 <Location /WebDAV1>
  DAV On
  AuthType Digest
  AuthName "WebDAV1digest"
  AuthUserFile /var/www/WebDAV1/digestpasswd.dav
  Require valid-user
 </Location>

so that the final file resembles:

<VirtualHost *>
#
# UseCanonicalName off
# ServerName WebDAV1.mydomain.org
 ServerName myhost.mydomain.org
 ServerAlias 192.168.0.155 WebDAV1.mydomain.org
#
 ServerAdmin root@localhost
 DocumentRoot /var/www/
#
 Alias /WebDAV1 /var/www/WebDAV1/files
#
<Directory /var/www/WebDAV1/>
   Options Indexes MultiViews
   AllowOverride None
   Order allow,deny
   allow from all
 </Directory>
#
# <Location /WebDAV1>
#  DAV On
#  AuthType Basic
#  AuthName "WebDAV1"
#  AuthUserFile /var/www/WebDAV1/passwd.dav
#  Require valid-user
# </Location>
#
 <Location /WebDAV1>
  DAV On
  AuthType Digest
  AuthName "WebDAV1digest"
  AuthUserFile /var/www/WebDAV1/digestpasswd.dav
  Require valid-user
 </Location>
</VirtualHost>

Enable WebDAV lock

Although optional, the lock database prevents multiple users from overwriting the same file simultaneously.

  • Create a global Apache2 configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/apache2/conf.d/WebDAV

and add the single line:

DavLockDB /var/lock/apache2/DAVLock

It may be necessary to also add this line to the dav_fs configuration file:

sudo kate /etc/apache2/mods-available/dav_fs.conf

This directive indicates that the locking database files will be named DAVLock by the dav_lock module. These database files will be stored by Apache in the /var/lock/apache2 folder. * By default, Apache2 allows a WebDAV client to set the file lock time. Many WebDAV clients, for example, impose a file lock time of 2 minutes. A longer lock time can optionally be imposed by the WebDAV server by adding an additional line:

DAVMinTimeout 5

where in this example the minimum file lock time is set to 5 minutes for all clients. (The default is DAVMinTimeout 0, which indicates that no minimum file lock time is imposed by the server and it is left up to the individual WebDAV clients). * Enable the Apache2 dav_lock module:

sudo a2enmod dav_lock* Restart Apache2: 
sudo /etc/init.d/apache2 restart

Multiple WebDAV servers on a LAN using a single IP address and router

Note: This section is undergoing editing. * To run multiple servers (including WebDAV servers) on multiple computers on a LAN using only a single IP address and router, see this solution using reverse proxies in Apache.

  • Each server should have a unique WebDAV folder name. Instead of using WebDAV1 and WebDAV1, different names, such as WebDAV2 and WebDAV2, WebDAV3 and WebDAV3, WebDAV4 and WebDAV4, etc., should be used on each of the individual computers.
  • Each computer's WebDAV folder would then be reached by its own unique label, e.g.
http://myhost.mydomain.org/WebDAV1 

or

http://myhost.mydomain.org/WebDAV2 

or

http://myhost.mydomain.org/WebDAV3 

Alternatively, if each computer has its own unique URL, the unique URL can be used. Adjust the reverse proxy virtual host file (on the primary server that acts as the proxy/reverse proxy to the other servers) accordingly in order to enable this.

This does not always work and a lot of troubleshooting and trial and error is needed to perfect rewrite rules. Sometimes a more relaible method is to just use the RedirectMatch rule with the actual LAN IP address of the second server.

Here is a detailed example, although there are many ways to accomplish this. * On the primary server of the LAN (the one to which the router initially directs port 80 traffic), make sure the proxy/reverse proxy modules of Apache2 are enabled and then restart Apache:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo /etc/init.d/apache2 restart

Also makes sure the rewrite module is on:

sudo a2enmod rewrite
* This example assumes the primary server has its own set of WebDAV folders (as in the steps outlined above), labeled WebDAV1/WebDAV1. 
  • Duplicate the steps for the second server, substituting WebDAV2 and WebDAV2 in each step.
  • On the primary server, edit the virtual host file for the primary URL (e.g. /etc/apache2/sites-available/mydomainhost) by which the LAN is reached (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/apache2/sites-available/mydomainhost* Near the beginning of the file add the lines: 
#
 UseCanonicalName off
# 
 RewriteEngine On
 RedirectMatch (.*)/WebDAV2 http://192.168.0.156/WebDAV2

This example assumes, of course, that the second server is located on the LAN at IP address 192.168.0.156. This ensures that the newly transformed URL gets sent to the correct IP address on the LAN. This is the proxy function of the first server. (It also specifies the reverse process.)

The file should now resemble:

<VirtualHost *>
#
 UseCanonicalName off
# 
 RewriteEngine On
 RedirectMatch (.*)/WebDAV2 http://192.168.0.156/WebDAV2
# 
# ServerName WebDAV1.mydomain.org
 ServerName myhost.mydomain.org
 ServerAlias 192.168.0.155 WebDAV1.mydomain.org
#
 ServerAdmin root@localhost
 DocumentRoot /var/www/
#
 Alias /WebDAV1 /var/www/WebDAV1/files
#
<Directory /var/www/WebDAV1/>
   Options Indexes MultiViews
   AllowOverride None
   Order allow,deny
   allow from all
 </Directory>
#
# <Location /WebDAV1>
#  DAV On
#  AuthType Basic
#  AuthName "WebDAV1"
#  AuthUserFile /var/www/WebDAV1/passwd.dav
#  Require valid-user
# </Location>
#
 <Location /WebDAV1>
  DAV On
  AuthType Digest
  AuthName "WebDAV1digest"
  AuthUserFile /var/www/WebDAV1/digestpasswd.dav
  Require valid-user
 </Location>
</VirtualHost>

While this method is not required, it allows the second WebDAV server to be accessed from another computer on the LAN either by http://myhost.mydomain.org/WebDAV2 or by http://WebDAV2.mydomain.org. Using this method, by editing only the virtual host file on the primary server (that acts as proxy), access to the secondary WebDAV server can be selectively restricted to the LAN only or can be enabled for complete access from the Internet at large.

WebDAV with LDAP

Note: This section is undergoing editing.

If an LDAP server exists already, you can use the Apache2 mod_authnz_ldap module.

Do you intend to place each person's website in a separate directory below the common DAV root? If so, you'll probably want to limit access to each directory to its specific user for security. An .htpasswd file in each directory is the easiest solution, but it's safer to put all the access rules in the global WebDAV configuration file located in the /etc/apache2/sites-enabled folder.

References