Ben Stienstra

Linux, Unix, network, radio and more...

User Tools

Site Tools


centos7_webdav

~~TOC~~

CentOS 7, WebDAV

Requirements

  • A server or VM.
  • CentOS 7.
  • Connection CentOS repository.
  • Firewall port 443 not open yet.

Installation

  • Install the required packages:
    yum install httpd mod_ssl
  • Start Apache at boot and start the service now:
    systemctl enable httpd
    systemctl start httpd
  • Check if DAV module's has been loaded:
    # httpd -M |grep -i dav
     dav_module (shared)
     dav_fs_module (shared)
     dav_lock_module (shared)
  • Enable the headers module (for HSTS), create /etc/httpd/conf.modules.d/00-headers.conf
    LoadModule headers_module modules/mod_headers.so

Configuration

  • Configure Apache, edit: /etc/httpd/conf/httpd.conf:
    ServerAdmin
    ServerName
  • Configure SSL, edit: /etc/httpd/conf.d/ssl.conf:
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5'
    SSLHonorCipherOrder on
    
    SSLCertificateFile
    SSLCertificateKeyFile
    SSLCACertificateFile
  • Create placeholder, edit: /var/www/html/index.html:
    <html>
    Nothing here...
    </html>
  • Modify ServerTokens, create /etc/httpd/conf.d/aaa-security.conf:
    ServerTokens ProductOnly
    ServerSignature Off
  • Configure WebDAV
    • edit /etc/httpd/conf.d/aab-webdav.conf:
      DAVLockDB /var/lib/dav/DAVlock
      DAVMinTimeout 180
    • Create virtual host, edit /etc/httpd.conf.d/webdav.conf
      <VirtualHost webdav.example.com:443>
        ServerName  webdav.example.com
        ServerAdmin webdav@example.com
      
      
        ErrorLog logs/webdav-ssl_error_log
        TransferLog logs/webdav-ssl_access_log
        CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
        LogLevel warn
      
        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3
        SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5'
        SSLHonorCipherOrder on
        SSLCertificateFile 
        SSLCertificateKeyFile 
        SSLCACertificateFile
      
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
      
        DocumentRoot /var/www/html/
      
        # user-a
        Alias /user1 /var/www/html/user-a
      
       <Directory /var/www/html/user-a>
            DAV             On
            AuthType        Basic
            AuthName        "WebDAV"
             AuthUserFile    /usr/local/apache/webdav-users
            Require         valid-user
        </Directory>
      
        <Location /user-a/>
           Require     user user-a
       </Location>
      </VirtualHost>
  • Create user directories:
    mkdir /var/www/html/user-a
    mkdir /var/www/html/user-b
  • Create a new directory:
    mkdir /usr/local/apache
    chmod -R 750 /usr/local/apache
    chown -R apache.apache /usr/local/apache
  • Create users:
    htpasswd -c -B /usr/local/apache/webdav-users user-a
    htpasswd -B /usr/local/apache/webdav-users user-b
    chown apache. /usr/local/apache/webdav-users
    chmod 640 /usr/local/apache/webdav-users
    # generate password with pwgen
  • Change SELinux policy for write access to WebDAV directory:
    yum install policycoreutils-python
    semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/user-a(/.*)?"
  • Enable firewall:
    firewall-cmd --zone <your zone> --permanent --add-service https
    firewall-cmd --reload

Test

  • For example from Gnome Nautilus.
centos7_webdav.txt · Last modified: 2017/01/09 20:01 by admin