Table of Contents
Introduction
WebDAV is an extension of the HTTP protocol that allows users to manage files on servers. There are many ways to use a WebDAV server. For example, you can share Word or Excel documents with your colleagues by uploading them to your WebDAV server. You can even share your music collection with your family and friends by simply giving them a URL. All this can be achieved without them installing anything.
Why WebDAV?
WebDAV offers several advantages:
- Native integration on all major operating systems(Windows, Mac, Linux); there is no need to install third party software to use WebDAV.
- Support for partial transfers.
Depending on your situation, WebDAV may be the best solution for your needs.
Why Apache?
Prerequisites
You'll need a Ubuntu 14.04 server.
Before we start, let us first create a user with __sudo__ access. You can run commands as __root__, but it is not encouraged due to security concerns. There is an excellent article on adding users on Ubuntu 14.04 should you wish to learn more.
Creating a User
When you first create a the cloud provider instance, you will be given credentials that allows you to log in as __root__. As __root__, let us first add a user called __alex__.
~~~~
adduser alex
~~~~
You will be prompted to create a password for the user __alex__ as shown below. There will be further prompts for information about the user __alex__. You may enter them if you wish.
~~~~
Adding user `alex' …
Adding new group `alex' (1000) …
Adding new user alex' (1000) with group alex' …
Creating home directory `/home/alex' …
Copying files from `/etc/skel' …
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for alex
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
~~~~
Granting sudo Privileges to the User
After creating a new user, the next step is to grant the user __alex__ sudo privileges. Assuming you are still logged in as __root__, add the user __alex__ to the __sudo__ group by typing in the following command.
~~~~
usermod -aG sudo alex
~~~~
Users in the __sudo__ group are granted __sudo__ privileges. Now you can log out and log in as the user __alex__.
Step One — Installing Apache
Let us get Apache installed.
~~~~
sudo apt-get update
sudo apt-get install apache2
~~~~
The Apache web server should be installed and running.
Step Two — Setting Up WebDAV
There are three steps to set up WebDAV. We designate a location, enable the necessary modules, and configure it.
Preparing the Directory
We need to designate a folder for serving WebDAV. We'll create the new directory /var/www/webdav for this. You will also need to change the owner to www-data (your Apache user) in order to allow Apache to write to it.
~~~~
sudo mkdir /var/www/webdav
sudo chown -R www-data:www-data /var/www/
~~~~
Enabling Modules
Next we enable the WebDAV modules using a2enmod
~~~
sudo a2enmod dav
sudo a2enmod dav_fs
~~~
The Apache modules are found under /etc/apache2/mods-available. This creates a symbolic link from /etc/apache2/mods-available to /etc/apache2/mods-enabled.
Configuration
Open or create the configuration file at /etc/apache2/sites-available/000-default.conf using your favorite text editor.
~~~~
nano /etc/apache2/sites-available/000-default.conf
~~~~
On the first line, add the __DavLockDB__ directive configuration:
~~~~
DavLockDB /var/www/DavLock
~~~~
And the __Alias__ and __Directory__ directives inside the VirtualHost section:
~~~~
Alias /webdav /var/www/webdav
<Directory /var/www/webdav>
DAV On
</Directory>
~~~~
The file should look like this after editing.
~~~~
DavLockDB /var/www/DavLock
<VirtualHost *:80>
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#Include conf-available/serve-cgi-bin.conf
Alias /webdav /var/www/webdav
<Directory /var/www/webdav>
DAV On
</Directory>
</VirtualHost>
~~~~
The DavLockDB directive designates the name of the DAV Lock database. It should be a path to a file. The file does not need to be created. The directory should be writeable by the Apache server.
The Alias directive maps requests to http://your.server/webdav to the /var/www/webdav folder.
If you restart the Apache server, you will have a working WebDAV server without authentication.
Restart the Apache server like this:
~~~~
sudo service apache2 restart
~~~~
Testing
WebDAV without authentication allows only read access for the users. For testing, let us create a sample file.
~~~~
echo "this is a sample text file" | sudo tee -a /var/www/webdav/sample.txt
~~~~
A text file called __sample.txt__ should be created in __/var/www/webdav__. It should contain the text _this is a sample text file_.
Now we can try logging in from an external computer. The WebDAV server should be found at __http://<your.server.com>/webdav__. For the sake of brevity, we are only showing how to log in without credentials on a Mac.
On Mac, open __Finder__. On the menu bar, find __Go__ and select the option __Connect to Server__.
Select the __Connect as Guest__ option. Then, click __Connect__.
You should be logged in. If you connect to that shared file system and enter the webdav folder, you should be able to see the file sample.txt that was created earlier. The file should be downloadable.
Step Three — Adding Authentication
A WebDAV server without authentication is not secure. In this section we'll add authentication to your WebDAV server using the Digest authentication scheme.
Basic or Digest Authentication?
There are many authentication schemes available. This table illustrates the compatibility of the various authentication schemes on different operating systems. Note that if you are serving HTTPS, we are assuming your SSL certificate is valid (not self-signed).
If you are using __HTTP__, use Digest authentication as it will work on all operating systems. If you are using __HTTPS__, you have the option of using Basic authentication.
We're going to cover the __Digest__ authentication scheme since it works on all the operating systems without the need for an SSL certificate.
Digest Authentication
Let us generate the file (called users.password) that stores the passwords for the users. In Digest authentication, there is the __realm__ field which acts as a namespace for the users. We will use __webdav__ as our __realm__. Our first user will be called __alex__.
To generate the digest file, we have to install the dependencies.
~~~~
sudo apt-get install apache2-utils
~~~~
We are going to add users next. Let us generate the user password file using the command below.
~~~~
sudo htdigest -c /etc/apache2/users.password webdav alex
~~~~
This adds the user __alex__ to the password file. There should be a password prompt to create the password for __alex__.
For subsequent addition of users, you should remove the __c__ flag. Here's another example adding a user called __chris__. Create a password when prompted.
~~~~
sudo htdigest /etc/apache2/users.password webdav chris
~~~~
We also need to allow Apache to read the password file, so we change the owner.
~~~~
sudo chown www-data:www-data /etc/apache2/users.password
~~~~
After the password file is created, we should make changes to the configuration at /etc/apache2/sites-available/000-default.conf.
Add the following lines to the __Directory__ directive
~~~~
AuthType Digest
AuthName "webdav"
AuthUserFile /etc/apache2/users.password
Require valid-user
~~~~
The final version should look like this (with the comments removed).
~~~~
DavLockDB /var/www/DavLock
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /webdav /var/www/webdav
<Directory /var/www/webdav>
DAV On
AuthType Digest
AuthName "webdav"
AuthUserFile /etc/apache2/users.password
Require valid-user
</Directory>
</VirtualHost>
~~~~
The mod_authn module contains the definitions for the authentication directives.
The __AuthType__ directive instructs Apache that for the /var/www/webdav directory, there should be authentication using the __Digest__ scheme.
__Digest__ authentication requires a value for __realm__ which we set as __webdav__. __Realm__ acts like a namespace. When you have users which have the same name, you can separate them using different values for __realm__. We use the __AuthName__ directive to set the value for __realm__.
The __AuthUserFile__ directive is used to indicate the location of the password file.
The __Require__ directive states that only valid users who authenticate themselves are able to acess that directory.
Finally, enable the Digest module and restart the server for the settings to take effect.
~~~~
sudo a2enmod auth_digest
sudo service apache2 restart
~~~~
Step Four - Accessing the Files
We'll demonstrate how to access your WebDAV server from the native file browsers of Mac, Windows, and Linux (Ubuntu). We are going to demonstrate file and folder operations on just the Mac for the sake of brevity, although you can add, edit, and delete files on the server from all operating systems.
You can also access the files over the Internet using a web browser.
You may need to eject the drive and reconnect to it if you tested it earlier before we added authentication.
Mac
On a Mac, open __Finder__. On the menu bar, find __Go__ and select the option __Connect to Server__.
Enter the server address. It should be __http://<your.server>/webdav__. Press __Connect__.
You will be prompted for a username and pssword. Enter one of the users we created on the server and press __Connect__.
Once you have connected, the directory should appear in __Finder__.
You can copy and save files to the webdav directory, and create subdirectories. Here is the initial state of the directory on the server:
You can add or rename files and create new directories exactly as normal with Finder. Below is the end result.
Windows
On Windows, open __File Explorer__. On the left sidebar, you should find the __Network__ icon.
Right click on the __Network__ icon. It should show the context menu with the option __Map network drive__. Click on that.
Enter the server address in the folder field. It should be __http://<your.server>/webdav__. Select the __Connect using different credentials__ if your login is different. Press __Finish__.
You will be prompted for a username and password. Enter them and press __OK__.
Once you have connected, it should appear as a network drive on the left sidebar of your __File Explorer__.
Linux (Ubuntu)
We are using Ubuntu 14.04 as our Linux desktop operating system. On Ubuntu, open __Files__. THere is a __Connect to Server__ option on the left sidebar. Click on that.
Enter the server address. It should be __dav://<your.server>/webdav__. Press __Connect__.
You will be prompted for a username and password. Enter them and press __Connect__.
Once you have connected, the directory should appear under the __Network__ listing.
Conclusion
In this article, we have gone through how to set up a WebDAV server using Apache on Ubuntu 14.04. We have also discussed how to configure Digest authentication to secure the server. Lastly, we have shown you how to connect to the WebDAV server from all three major operating systems using their native file browsers.
