webDAV server using nginx module

airwoodix · September 1, 2020, 9:59pm

Hello!

As a follow-up to this question, does anyone have experience with serving webDAV requests using the built-in nginx module (with dav-ext) rather than a heavy app like seafile or nextcloud?

My naive try did not succeed. With the config below, a PROPFIND request to https://my-domain.tld/webdav gets redirected (302) to https://my-domain.tld/yunohost/sso which then logically fails with 405 (method not supported). I guess that the authentication is not handled properly. Any idea how to fix this?

Thanks in advance!

nginx config (/etc/nginx/conf.d/my-domain.tld.d/webdav.conf)

rewrite ^/webdav$ /webdav/ permanent;
location /webdav/ {
    # Force usage of https
    if ($scheme = http) {
    rewrite ^ https://$server_name$request_uri? permanent;
    }

    root /var/www/webdav;
    client_body_temp_path /tmp/nginx/client;

    dav_methods PUT DELETE MKCOL COPY MOVE;
    dav_ext_methods PROPFIND OPTIONS;
    create_full_put_path on;
    dav_access user:rw;

    include conf.d/yunohost_panel.conf.inc;
}

ljf · September 2, 2020, 11:15am

You need to add a persistent rules in SSOWat ( see /etc/ssowat ). the rule should disable sso on request /webdav/ . For example with skipped_uris property.

ivancan · September 2, 2020, 3:03pm

dav_access user:rw;

You have no yunohost user on the system, but admin.

example: if you create titi in yunohost, titi can not login via SSH (user)

so, either ngnix to LDAP or LDAP to PAM

let’s look at the options.

Any experts around ?

ljf · September 2, 2020, 3:19pm

Yunohost user are like system user thanks to the service nscdu (if i remember well). You can login with ssh if you enable the access (not recommended).

marc · October 22, 2022, 4:11pm

Hi,
I managed to create a Webdav server thanks to your discussion and to the nginx webdav documentation

I created a file named webdav.conf in /etc/nginx/conf.d/mon-domain.tld.d

rewrite ^/webdav$ /webdav/ permanent;
location /webdav/ {

    root     /var/www;

    client_body_temp_path /var/www/webdav_client_temp;

    dav_methods PUT DELETE MKCOL COPY MOVE;

    create_full_put_path  on;
    dav_access            group:rw  all:r;


  # Include SSOWAT user panel.
  include conf.d/yunohost_panel.conf.inc;
}

Then i created directories mentionned in this webavconf,

mkdir /var/www/webdav
mkdir /var/www/webdav_client_temp
chmod 777 /var/www/webdav
chmod 777 /var/www/webdav_client_temp

Of course, these chmod are not satisfying, they should be restricted to yunohost users

Then i edited the ssowat config to allow the connexion
it is in /etc/ssowat/conf.json

in "permissions":, i added


        "webdav.main": {
            "auth_header": true,
            "label": "Webdav",
            "public": true,
            "show_tile": true,
            "uris": [
                "mon-domain.tld/webdav"
            ],
            "users": [
                "utilisateur1",
                "uilisateur2" (etc)
            ]
        }

I restarted the nginx service
It works

I hope this can help

Maybe it would be convenient to transform this in a full Yunohost application.
Can somebody help?

gwlegion · February 7, 2023, 3:43pm

+1 for the webdav application …

Maknho · April 30, 2023, 7:35am

+1 for the
webdav app