{{tag>[centos7 linux http apache webdav]}}
=====CentOS 7, WebDAV=====
====Requirements====
* A server or VM.
* CentOS 7.
* Connection CentOS repository.
* Firewall port 443 not open yet.
====Installation====
* Install the required packages:
yum install httpd mod_ssl
* Start Apache at boot and start the service now: systemctl enable httpd
systemctl start httpd
* Check if DAV module's has been loaded:# httpd -M |grep -i dav
dav_module (shared)
dav_fs_module (shared)
dav_lock_module (shared)
* Enable the headers module (for HSTS), create ''/etc/httpd/conf.modules.d/00-headers.conf''
LoadModule headers_module modules/mod_headers.so
====Configuration====
* Configure Apache, edit: ''/etc/httpd/conf/httpd.conf'':
ServerAdmin
ServerName
* Configure SSL, edit: ''/etc/httpd/conf.d/ssl.conf'':
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5'
SSLHonorCipherOrder on
SSLCertificateFile
SSLCertificateKeyFile
SSLCACertificateFile
* Create placeholder, edit: ''/var/www/html/index.html'':
Nothing here...
* Modify ServerTokens, create ''/etc/httpd/conf.d/aaa-security.conf'':
ServerTokens ProductOnly
ServerSignature Off
* Configure WebDAV
* edit ''/etc/httpd/conf.d/aab-webdav.conf'':
DAVLockDB /var/lib/dav/DAVlock
DAVMinTimeout 180
* Create virtual host, edit ''/etc/httpd.conf.d/webdav.conf''
ServerName webdav.example.com
ServerAdmin webdav@example.com
ErrorLog logs/webdav-ssl_error_log
TransferLog logs/webdav-ssl_access_log
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5'
SSLHonorCipherOrder on
SSLCertificateFile
SSLCertificateKeyFile
SSLCACertificateFile
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
DocumentRoot /var/www/html/
# user-a
Alias /user1 /var/www/html/user-a
DAV On
AuthType Basic
AuthName "WebDAV"
AuthUserFile /usr/local/apache/webdav-users
Require valid-user
Require user user-a
* Create user directories:
mkdir /var/www/html/user-a
mkdir /var/www/html/user-b
* Create a new directory:
mkdir /usr/local/apache
chmod -R 750 /usr/local/apache
chown -R apache.apache /usr/local/apache
* Create users:
htpasswd -c -B /usr/local/apache/webdav-users user-a
htpasswd -B /usr/local/apache/webdav-users user-b
chown apache. /usr/local/apache/webdav-users
chmod 640 /usr/local/apache/webdav-users
# generate password with pwgen
* Change SELinux policy for write access to WebDAV directory:
yum install policycoreutils-python
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/user-a(/.*)?"
* Enable firewall:
firewall-cmd --zone --permanent --add-service https
firewall-cmd --reload
====Test====
* For example from Gnome Nautilus.