centos7_webdav
Table of Contents
CentOS 7, WebDAV
Requirements
- A server or VM.
- CentOS 7.
- Connection CentOS repository.
- Firewall port 443 not open yet.
Installation
- Install the required packages:
yum install httpd mod_ssl
- Start Apache at boot and start the service now:
systemctl enable httpd systemctl start httpd
- Check if DAV module's has been loaded:
# httpd -M |grep -i dav dav_module (shared) dav_fs_module (shared) dav_lock_module (shared)
- Enable the headers module (for HSTS), create
/etc/httpd/conf.modules.d/00-headers.conf
LoadModule headers_module modules/mod_headers.so
Configuration
- Configure Apache, edit:
/etc/httpd/conf/httpd.conf
:ServerAdmin ServerName
- Configure SSL, edit:
/etc/httpd/conf.d/ssl.conf
:SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5' SSLHonorCipherOrder on SSLCertificateFile SSLCertificateKeyFile SSLCACertificateFile
- Create placeholder, edit:
/var/www/html/index.html
:<html> Nothing here... </html>
- Modify ServerTokens, create
/etc/httpd/conf.d/aaa-security.conf
:ServerTokens ProductOnly ServerSignature Off
- Configure WebDAV
- edit
/etc/httpd/conf.d/aab-webdav.conf
:DAVLockDB /var/lib/dav/DAVlock DAVMinTimeout 180
- Create virtual host, edit
/etc/httpd.conf.d/webdav.conf
<VirtualHost webdav.example.com:443> ServerName webdav.example.com ServerAdmin webdav@example.com ErrorLog logs/webdav-ssl_error_log TransferLog logs/webdav-ssl_access_log CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" LogLevel warn SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5' SSLHonorCipherOrder on SSLCertificateFile SSLCertificateKeyFile SSLCACertificateFile Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" DocumentRoot /var/www/html/ # user-a Alias /user1 /var/www/html/user-a <Directory /var/www/html/user-a> DAV On AuthType Basic AuthName "WebDAV" AuthUserFile /usr/local/apache/webdav-users Require valid-user </Directory> <Location /user-a/> Require user user-a </Location> </VirtualHost>
- Create user directories:
mkdir /var/www/html/user-a mkdir /var/www/html/user-b
- Create a new directory:
mkdir /usr/local/apache chmod -R 750 /usr/local/apache chown -R apache.apache /usr/local/apache
- Create users:
htpasswd -c -B /usr/local/apache/webdav-users user-a htpasswd -B /usr/local/apache/webdav-users user-b chown apache. /usr/local/apache/webdav-users chmod 640 /usr/local/apache/webdav-users # generate password with pwgen
- Change SELinux policy for write access to WebDAV directory:
yum install policycoreutils-python semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/user-a(/.*)?"
- Enable firewall:
firewall-cmd --zone <your zone> --permanent --add-service https firewall-cmd --reload
Test
- For example from Gnome Nautilus.
centos7_webdav.txt · Last modified: 2021/10/09 15:14 by 127.0.0.1