{{tag>[centos7 linux http apache webdav]}}
=====CentOS 7, WebDAV=====

====Requirements====
  * A server or VM.
  * CentOS 7.
  * Connection CentOS repository.
  * Firewall port 443 not open yet.

====Installation====
  * Install the required packages:<code>
yum install httpd mod_ssl
</code>
  * Start Apache at boot and start the service now: <code>systemctl enable httpd
systemctl start httpd</code>
  * Check if DAV module's has been loaded:<code># httpd -M |grep -i dav
 dav_module (shared)
 dav_fs_module (shared)
 dav_lock_module (shared)
</code>
  * Enable the headers module (for HSTS), create ''/etc/httpd/conf.modules.d/00-headers.conf''<code>
LoadModule headers_module modules/mod_headers.so
</code>

====Configuration====
  * Configure Apache, edit: ''/etc/httpd/conf/httpd.conf'':<code>
ServerAdmin
ServerName</code>
  * Configure SSL, edit: ''/etc/httpd/conf.d/ssl.conf'':<code>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5'
SSLHonorCipherOrder on

SSLCertificateFile
SSLCertificateKeyFile
SSLCACertificateFile
</code>
  * Create placeholder, edit: ''/var/www/html/index.html'':<code>
<html>
Nothing here...
</html></code>
  * Modify ServerTokens, create ''/etc/httpd/conf.d/aaa-security.conf'':<code>
ServerTokens ProductOnly
ServerSignature Off
</code>
  * Configure WebDAV
    * edit ''/etc/httpd/conf.d/aab-webdav.conf'':<code>
DAVLockDB /var/lib/dav/DAVlock
DAVMinTimeout 180</code>
    * Create virtual host, edit ''/etc/httpd.conf.d/webdav.conf''<code>
<VirtualHost webdav.example.com:443>
  ServerName  webdav.example.com
  ServerAdmin webdav@example.com


  ErrorLog logs/webdav-ssl_error_log
  TransferLog logs/webdav-ssl_access_log
  CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  LogLevel warn

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5'
  SSLHonorCipherOrder on
  SSLCertificateFile 
  SSLCertificateKeyFile 
  SSLCACertificateFile

  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

  DocumentRoot /var/www/html/

  # user-a
  Alias /user1 /var/www/html/user-a

 <Directory /var/www/html/user-a>
      DAV             On
      AuthType        Basic
      AuthName        "WebDAV"
       AuthUserFile    /usr/local/apache/webdav-users
      Require         valid-user
  </Directory>

  <Location /user-a/>
     Require     user user-a
 </Location>
</VirtualHost>
</code>
   * Create user directories:<code>
mkdir /var/www/html/user-a
mkdir /var/www/html/user-b
</code> 
  * Create a new directory:<code>
mkdir /usr/local/apache
chmod -R 750 /usr/local/apache
chown -R apache.apache /usr/local/apache
</code>
   * Create users:<code>
htpasswd -c -B /usr/local/apache/webdav-users user-a
htpasswd -B /usr/local/apache/webdav-users user-b
chown apache. /usr/local/apache/webdav-users
chmod 640 /usr/local/apache/webdav-users
# generate password with pwgen
</code>
  * Change SELinux policy for write access to WebDAV directory:<code>
yum install policycoreutils-python
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/user-a(/.*)?"
</code>
  * Enable firewall:<code>
firewall-cmd --zone <your zone> --permanent --add-service https
firewall-cmd --reload</code>
====Test====
  * For example from Gnome Nautilus.