Installing WebDAV
You can install lighttpd (if it’s not already installed), the lighttpd WebDAV module and the apache2-utils package (which contains the tool htpasswd which we will need later on to generate a password file for the WebDAV share) as follows:
1 | sudo apt-get install lighttpd lighttpd-mod-webdav apache2-utils |
Afterwards, we must make sure that the directory /var/run/lighttpd is owned by the www-data user and group. This directory will contain an SQLite database needed by WebDAV:
1 | sudo chown www-data:www-data /var/run/lighttpd/ |
Next, we enable the modules mod_auth and mod_webdav:
1 | sudo lighty-enable-mod auth sudo lighty-enable-mod webdav |
Reload lighttpd afterwards:
1 | sudo systemctl restart lighttpd |
Creating A Virtual Host
I will now create a lighttpd vhost (www.example.com) in the directory /var/www/web1/web. If you already have a vhost for which you’d like to enable WebDAV, you must adjust this tutorial to your situation.
First, we create the directory /var/www/web1/web and make the lighttpd user (www-data) the owner of that directory:
1 | sudo mkdir -p /var/www/web1/web sudo chown www-data:www-data /var/www/web1/web |
Then we open /etc/lighttpd/lighttpd.conf and add the following vhost to the end of the file:
1 | :~$ vim /etc/lighttpd/lighttpd.conf |
Afterwards we restart lighttpd:
1 | :~$ sudo systemctl restart lighttpd |
Configure The Virtual Host For WebDAV
Now we create the WebDAV password file /var/www/web1/passwd.dav with the user test (the -c switch creates the new password file):
1 | :~$ htpasswd -c /var/www/web1/passwd.dav test |
You will be asked to type in a password for the user test.
(Please don’t use the -c switch if /var/www/web1/passwd.dav is already existing because this will recreate the file from scratch, meaning you lose all users in that file!)
Now we change the permissions of the /var/www/web1/passwd.dav file so that only root and the members of the
1 | :~$ chown root:www-data /var/www/web1/passwd.dav |
Now we modify our vhost in /etc/lighttpd/lighttpd.conf so that it looks as follows:
1 | :~$ vim /etc/lighttpd/lighttpd.conf |
The alias.url directive makes ( together with /webdav, WebDAV is invoked, but you can still access the whole document root of the vhost. All other URLs of that vhost are still “normal” HTTP.
Restart lighttpd afterwards:
1 | :~$ sudo systemctl restart lighttpd |
Test WebDAV
Browser
1 | :~$ firefox http://www.shixuen.com/webdav |
Cadaver - WebDAV client
We will now install cadaver, a command-line WebDAV client:
1 | :~$ apt-get install cadaver |
To test if WebDAV works, type:
1 | :~$ cadaver http://www.shixuen.com/webdav/ |
You should be prompted for a user name. Type in test and then the password for the user test. If all goes well, you should be granted access which means WebDAV is working ok. Type quit to leave the WebDAV shell:
1 | root@server1:~# cadaver http://www.shixuen.com/webdav/ |
Modules
mod_auth
Supported Methods
lighttpd supports both authentication methods described by RFC 2617:
basic
The Basic method transfers the username and the password in cleartext over the network (base64 encoded) and might result in security problems if not used in conjunction with a crypted channel between client and server.
digest
The Digest method only transfers a hashed value over the network which performs a lot of work to harden the authentication process in insecure networks.
Backends
Depending on the method lighttpd provides various way to store the credentials used for the authentication.
- For basic auth:
- plain
- htpasswd
- htdigest
- ldap
- gssapi
- mysql
- pam
- sasl
- For digest auth:
- plain
- htdigest
References:
- Post link: https://www.shixuen.com/web/lighttpd_webdav.html
- Copyright Notice: All articles in this blog are licensed under BY-NC-SA unless stating additionally.
lighttpd.conf
沒有留言:
張貼留言