This guide outlines how to create secured WebDAV access with authentication that can be securely accessed remotely.
Here we assume a working Apache server running Linux (Ubuntu 16.04 in our case).
Guide
Our goal is to use https and Apache authentication for WebDAV access to our server. We can then access specific files on our server, mount the WebDAV share on our desktops (from anywhere), or even use it to setup a simple password manager as outlined in this excellent article by Tim Stallard here (note we've taken several steps from Tim below).
In this guide we'll do the following:
- create a directory structure for WebDAV on our server;
- create username and password access file that Apache will use to protect our WebDAV share;
- setup a virtual host in Apache for access with SSL (so need to setup SSL certs as well);
Create directory structures we will use for WebDAV
We first need to think about and create several folders that will hold both an htpasswd file (that Apache will use for authentication) and a folder where we will keep files that WebDAV will allow access to.
I decided to create a folder in /var (called 'webdav') and in there keep my authentication file and the WebDAV folder. The following will create my folder structure, and set the relevant permissions (so authenticated web users can access files):
sudo mkdir /var/webdav cd /var/webdav sudo mkdir files sudo chown www-data:www-data files/ sudo chmod 700 files/
Create an access file that Apache file will use for authentication
Now that our basic folder structure is implemented, we'll create a file which will store authentication details that Apache will use to protect our WebDAV share.
The following will create an htpasswd file and add a username and password to said file, and set the relevant permissions:
sudo htpasswd -c /var/webdav/.htpasswd <USERNAME> sudo chown www-data:www-data /var/webdav/.htpasswd sudo chmod 600 /var/webdav/.htpasswd
Note that the -c flag will create the .htpasswd file. Replace <USERNAME> with a desired username. htpasswd will then prompt you to enter a password (twice).
Changing user passwords
Once the .htpasswd file has been created, you can change a user password:
sudo htpasswd /var/webdav/.htpasswd <USERNAME>
where <USERNAME> is the user name of the user whose password you want to change.
Setup Apache to protect our WebDAV share using authentication details
Now we just need to setup Apache with a virtual host configured for https access and authentication.
Before we proceed we'll need to enable the apache module dav_fs:
sudo a2enmod dav_fs
Next we setup our Apache virtual host. See my Apache reverse-proxy SSL to multiple server applications guide for how to do this.
For me, I basically added something like the following to my .conf file for my Apache virtual hosts:
<VirtualHost *:443> ServerName files.example.com DocumentRoot /var/webdav/files <Location /> AuthType "Basic" AuthName "Password Manager" AuthBasicProvider file AuthUserFile "/var/webdav/.htpasswd" Require valid-user DAV On Options Indexes </Location> </VirtualHost> <VirtualHost *:80> ServerName files.example.com Redirect Permanent / https://files.example.com/ </VirtualHost>
Adding SSL certificate
Once the above is added you can easily add an SSL certificate using certbot-auto. Assuming you have certbot-auto setup, simply run:
sudo certbot-auto --apache
This will generate an SSL certificate for your subdomain and modify your virtual host to use said certificates.
Restarting apache
Don't forget to now reload or restart apache
sudo service apache2 reload
Accessing
You should now be able to access your WebDAV share directly from a browser or mount it on your OS by using the previously defined username and password.
References
- https://timstallard.me.uk/blog/2016-11-03-keepass/
- https://httpd.apache.org/docs/2.4/programs/htpasswd.html
Related articles