Lu cat !

So, it’s been a long time since my last blog post. A very long time. I thought I’d start with a controversial topic of WebDAV. Now before people castrate me, I’ve never setup a WebDAV server before, but it was something I’ve had an interest in for a while. So, here is a short How-To (I guess) on what I’ve done so far. I’m looking for anyone to give me advice on better security. Using a RADUIS server is an obvious choice here, but for now, let’s take a look. This

To start with, we’re going to need to install Apache and to enable the WebDAV modules for Apache. To do this, just run the commands below.

sudo apt-get install apache2

Once Apache is installed, we can get on with enabling the all important DAV modules.

sudo a2enmod dav
sudo a2enmod dav_fs
sudo a2enmod dav_lock
sudo a2enmod ssl

We’re also going to set this server up with SSL encryption, so WebDAV will run on a seperate port. Now, I’m no expert in SSL, I’m just doing enough to get it working. More attention would be needed on this subject in a production environment. First we’re going to change directory to somewhere where we can work, I chose my home dir and now we’ll create the SSL certificate files.

sudo openssl genrsa -out webdav.example.com.key 1024
sudo openssl req -new -key webdav.example.com.key -out webdav.example.com.csr
sudo openssl x509 -in webdav.example.com.csr -out webdav.example.com.crt -req -signkey webdav.example.com.key -days 365

During these creations I received some issues due to permissions problems or errors. So I ran the operations as root and the problems cleared, whether this is the right thing to do or not, I leave as an exercise to the comments. During the creation of the certificates, you’ll be asked to input information. I generally didn’t pay too much attention to it, however, what I did do, was to leave out the password when prompted. I wasn’t sure if this would affect the usage of the SSL certificate in Apache. Maybe someone can help me out here. Next we copy these files to the apache directory.

sudo cp webdav.example.com.key /etc/apache2/
sudo cp webdav.example.com.crt /etc/apache2/

Now comes the fun part, configuring Apache. First, as my requirement was to run this on a seperate port, we have to edit the file /etc/apache2/ports.conf to look like the following

Listen 80

<IfModule mod_ssl.c>
    Listen 443
    Listen 81
</IfModule>

Notice we’ve added the Listen 81 directive. This will make SSL Apache listen for incoming connections on port 81. It has been said that you should add information for each browser attemping to access the webdav system, but I didn’t find this necessary……at least, not yet anyway. In anycase, it would be of the form BrowserMatch "^gnome-vfs/1.0" redirect-carefully

Now we need to create the directory to store the data in, and make it useable by Apache.

sudo mkdir -p /var/www/webdav/writing
sudo chown -R root.www-data /var/www/webdav
sudo chmod -R 770 /var/www/webdav

Great, so now WebDAV has somewhere to put the data. Now we need to setup the main apache configuration and setup permissions. For this system, we wanted to have a directory that was writable by only a special user, and read access to everything. So we made another directory called writing, as seen above. So, onto the permissions and Apache setup. To start with we create the htpasswd file below and add passwords where prompted.

sudo htpasswd -c /etc/apache2/.htpasswd read-only
sudo htpasswd /etc/apache2/.htpasswd writeable

This creates two new users, called read-only and writeable. Now lets edit the file /etc/apache2/sites-available/webdav, and enter the following into it.

NameVirtualHost *:81
<VirtualHost *:81>
        ServerAdmin webmaster@localhost
        ServerName webdav.example.com
        SSLEngine On
        SSLProxyEngine On
        SSLCertificateFile /etc/apache2/webdav.example.com.crt
        SSLCertificateKeyFile /etc/apache2/webdav.example.com.key
        DocumentRoot /var/www/
  Alias /webdav/ "/var/www/webdav/"
  <Directory /var/www/webdav>
     DAV on
     AuthType Basic
     AuthUserFile /etc/apache2/webdav/.htpasswd
     AuthName "You need to be authenticated"
     require valid-user
  </Directory>
  <Directory /var/www/webdav/writing>
     <Limit POST PUT DELETE COPY MOVE PROPPATCH>
     require user writeable
     </Limit>
  </Directory>
</VirtualHost>

Now we need to make the site active and restart apache like so;

sudo a2ensite webdav
sudo /etc/init.d/apache2 restart

For the moment, you can ignore all warnings and now you should have a working webdav server. You can test it, by entering this url into a gnome browser davs://[email protected]:81/webdav

Alternatively, you can use the command line tool cadaver, obviously installing it first and running

cadaver https://[email protected]:81/webdav

There you go. This should give you a working Secure WebDAV server, for messing around with. NOT for production, but good for learning more about WebDAV and experimenting. Any errors, please let me know so I can edit it and fix it up