Ben's notes

Linux, Unix, network, radio...

User Tools

Site Tools

Trace: centos7_webdav
centos7_webdav

This is an old revision of the document!

Table of Contents

, , , ,

~~TOC~~

CentOS 7, WebDAV

Requirements

  • A server or VM.
  • CentOS 7.
  • Connection CentOS repository.
  • Firewall port 443 not open yet.

Installation

  • Install the required packages:
    yum install httpd mod_ssl
  • Start Apache at boot and start the service now: 
    systemctl enable httpd
systemctl start httpd
  • Check if DAV module's has been loaded:
    # httpd -M |grep -i dav
 dav_module (shared)
 dav_fs_module (shared)
 dav_lock_module (shared)

Configuration

  • Configure Apache, edit: /etc/httpd/conf/httpd.conf:
    ServerAdmin
ServerName
  • Configure SSL, edit: /etc/httpd/conf.d/ssl.conf:
    SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5'
SSLHonorCipherOrder on

SSLCertificateFile
SSLCertificateKeyFile
SSLCACertificateFile
  • Create placeholder, edit: /var/www/html/index.html:
    <html>
Nothing here...
</html>
  • Modify ServerTokens, create /etc/httpd/conf.d/aaa-security.conf:
    ServerTokens ProductOnly
ServerSignature Off
  • Configure WebDAV
    • edit /etc/httpd/conf.d/aab-webdav.conf:
      DAVLockDB /var/lib/dav/DAVlock
DAVMinTimeout 180
    • Create virtual host, edit /etc/httpd.conf.d/webdav.conf
      <VirtualHost webdav.example.com:443>
  ServerName  webdav.example.com
  ServerAdmin webdav@example.com


  ErrorLog logs/webdav-ssl_error_log
  TransferLog logs/webdav-ssl_access_log
  CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  LogLevel warn

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5'
  SSLHonorCipherOrder on
  SSLCertificateFile 
  SSLCertificateKeyFile 
  SSLCACertificateFile

  DocumentRoot /var/www/html/

  # user-a
  Alias /user1 /var/www/html/user-a

 <Directory /var/www/html/user-a>
      DAV             On
      AuthType        Basic
      AuthName        "WebDAV"
       AuthUserFile    /usr/local/apache/webdav-users
      Require         valid-user
  </Directory>

  <Location /user-a/>
     Require     user user-a
 </Location>
</VirtualHost>
  • Create user directories:
    mkdir /var/www/html/user-a
mkdir /var/www/html/user-b
  • Create a new directory:
    mkdir /usr/local/apache
chmod -R 750 /usr/local/apache
chown -R apache.apache /usr/local/apache
  • Create users:
    htpasswd -c -B /usr/local/apache/webdav-users user-a
htpasswd -B /usr/local/apache/webdav-users user-b
chown apache. /usr/local/apache/webdav-users
chmod 640 /usr/local/apache/webdav-users
# generate password with pwgen
  • Change SELinux policy for write access to WebDAV directory:
    yum install policycoreutils-python
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/user-a(/.*)?"
  • Enable firewall:
    firewall-cmd --zone <your zone> --permanent --add-service https
firewall-cmd --reload

Test

  • For example from Gnome Nautilus.
centos7_webdav.1483972359.txt.gz · Last modified: 2017/01/09 14:32 by admin