This provides a password-protected wevDAV file server with two kinds of
user access:
Browser-based: a read-only view, navigating down the file tree.
This view will see a top-level directory of all the shares, each of
which can be navigated.
wevDAV client: read-write access via an application, typically
attached into macOS Finder or Windows File Explorer.
Each attachment sees only the content of the relevant share.
Fundamental technical issues addressed in this configuration:
The most common wevDAV clients are not strictly standards-conformant
(the trailing slash deviation) but nginx enforces
the standard → a significant workaround is required to make the
clients work on the server.
The more recent common wevDAV clients require webDAV level 2 locking
otherwise they allow only read-only mode. However, nginx has
been tardy providing this locking; it is only available in recent
versions and Debian packaging requires the variant with all options
built in. In Ubuntu, a supporting version only became available on
22.04 release.
Installation
graham:~sudo apt updategraham:~sudo apt install nginx-full libnginx-mod-http-cache-purge \
libnginx-mod-http-dav-ext libnginx-mod-http-fancyindex \
libnginx-mod-http-headers-more-filter libnginx-mod-nchangraham:~cd /etc/nginxgraham:/etc/nginxsudo vi snippets/webdav_server.confgraham:/etc/nginxsudo vi snippets/webdav.confgraham:/etc/nginxsudo vi conf.d/webdav.conf
Add a virtual server
Add virtual server docs.geddy.au.
graham:/etc/nginxsudo vi sites-available/docs.geddy.augraham:/etc/nginxsudo mkdir -p /srv/http/docs.geddy.augraham:/etc/nginxcd /srv/http/docs.geddy.augraham:/srv/http/docs.geddy.ausudo mkdir htmlgraham:/srv/http/docs.geddy.ausudo chown root:www-data htmlgraham:/srv/http/docs.geddy.ausudo chmod 2755 htmlgraham:/srv/http/docs.geddy.ausudo mkdir html/.config html/downloadsgraham:/srv/http/docs.geddy.ausudo vi html/.config/autoindex.cssgraham:/srv/http/docs.geddy.ausudo mkdir realmgraham:/srv/http/docs.geddy.ausudo chmod 755 realmgraham:/srv/http/docs.geddy.ausudo ls -alR | grep -v '\.$' | grep -v '^$' | grep -v '^total '
.:
drwxr-sr-x 5 root www-data 4096 Aug 17 17:39 html
drwxr-xr-x 2 root www-data 4096 Aug 27 22:36 realm
./html:
drwxr-sr-x 2 root www-data 4096 Aug 27 18:46 .config
drwxr-sr-x 2 root www-data 4096 Aug 27 18:46 downloads
./html/.config:
-rw-r--r-- 1 root www-data 338 Aug 27 18:46 autoindex.css
./html/downloads:
./realm:
Verify created file tree: names, ownerships and permissions.
graham:/srv/http/docs.geddy.aucd /etc/nginx/sites-enabledgraham:/etc/nginx/sites-enabledsudo ln -s ../sites-available/docs.geddy.au . # note the trailing dot!
graham:/etc/nginx/sites-enabledsudo systemctl reload nginxgraham:/etc/nginx/sites-enabledsudo systemctl status nginx
Verify systemd thinks nginx has started successfully.
Browse to http://docs.geddy.au, overriding any
browser concerns about navigating to a http (not https) site
(this will be fixed later).
Verify LetsEncrypt think they have installed a new certificate.
Select LetsEncrypt's option to permanently route traffic to ssl.
Browse to https://docs.geddy.au
to verify ssl access.
Add a share to virtual server
Add share shared to virtual server docs.geddy.au.
This is often referred to externally by some variation on syntax
//docs.geddy.au/shared.
graham:/etc/nginx/sites-enabledsudo vi docs.geddy.augraham:~cd /srv/http/docs.geddy.augraham:/srv/http/docs.geddy.ausudo mkdir html/sharedgraham:/srv/http/docs.geddy.ausudo chmod 2770 html/sharedgraham:/srv/http/docs.geddy.ausudo vi html/shared/README.txtgraham:/srv/http/docs.geddy.ausudo touch realm/shared # no users yet
Browse to docs.geddy.au.
Verify that clicking on shared causes a login popup.
We have no users yet so cannot login.
Add a virtual user to share
Add virtual user fred.nerk to share
//docs.geddy.au/shared.
This is done at per-share level (as opposed to per-domain level)
to assign individual access rights to each share,
at the cost of duplicating user/password declarations.
The alternative is to have a single realm for all shares, or to symlink
all realms to a master copy.
graham:~echo "fred.nerk:$(openssl passwd -apr1)" | \
sudo tee -a /srv/http/docs.geddy.au/realm/shared
Password: fred.nerk's password
Browse to https://docs.geddy.au.
Verify that clicking on shared causes a login popup.
This time, enter username fred.nerk and the password,
and verify that access is gained and the README.txt file
is selectable.
See webDAV Clients
for more comprehensive user access testing.