Introduction
Web Distributed Authoring and Versioning (WebDAV) is a HTTP extension that provides a framework for remotely creating and modifying files on a server. WsgiDAV is a WebDAV server written in python. This guide will help you through the installation of WsgiDAV version 3.0 on a Rcs server running Debian 10. We will also obtain an SSL certificate to provide a secure connection as well as PAM authentication.
Prerequisites
- A Debian 10 system to which you have privileged access (via the root user or any sudo user.)
- The
$EDITOR
environment variable must be set to a text editor of your choice. - A registered domain name is required. Its nameservers must be configured with an
A
record pointing to your server's IPv4 address, and optionally anAAAA
record pointing to the IPv6 address. - Familiarity with the YAML syntax is recommended.
The placeholder dav.example.com
will be used for your server's domain name.
Installation
SSL certificate
We will start by updating the system and obtaining a free SSL certificate from Let's Encrypt. To do so, first update your system and install the certbot
utility:
sudo apt update
sudo apt upgrade -y
sudo apt install -y certbot
In the command below, replace dav.example.com
and email@domain.tld
with your domain name and email address respectively before executing it:
sudo certbot certonly --standalone --agree-tos -m email@domain.tld -d dav.example.com
Your server will be sent a challenge to verify that you control the domain name specified. If it succeeds, the certificate will be issued and saved, along with other files such as the private key, under /etc/letsencrypt/live/dav.example.com/
.
Installing WsgiDAV
First, install the python package manager pip
:
sudo apt update
sudo apt install -y python3-pip
WsgiDAV requires a HTTP server that supports WSGI. We will install the default option, which is Cheroot. We will also install the lxml python library, which tends to perform better than the XML library installed by default. The PAM (Pluggable Authentication Module) python3 library is needed as well. Install the required packages using the pip
tool:
sudo pip3 install wsgidav cheroot lxml python-pam
Configuring WsgiDAV
The WsgiDAV executable is stored in /usr/local/bin
, so we will place the configuration file in the /usr/local/etc
directory. Download the sample configuration file with the following commands:
sudo mkdir -p /usr/local/etc
sudo wget https://github.com/mar10/wsgidav/raw/master/sample_wsgidav.yaml -O /usr/local/etc/wsgidav.yaml
Open it with your editor:
sudo $EDITOR /usr/local/etc/wsgidav.yaml
Find the following lines in the "SSL Support" section:
# ssl_certificate: "wsgidav/server/sample_bogo_server.crt"
# ssl_private_key: "wsgidav/server/sample_bogo_server.key"
# ssl_certificate_chain: null
Replace them with the following:
ssl_certificate: "/etc/letsencrypt/live/dav.example.com/cert.pem"
ssl_private_key: "/etc/letsencrypt/live/dav.example.com/privkey.pem"
ssl_certificate_chain: "/etc/letsencrypt/live/dav.example.com/chain.pem"
Next, we will configure the share paths by mapping HTTP paths (such as /
) to corresponding locations on the filesystem (such as /var/www/dir1
). For demonstration purposes, we will share two directories, one of which will be read-only. Find the provider_mapping
block in the "SHARES" section:
provider_mapping:
"/": "/path/to/share1"
"/pub":
root: "/path/to/share2"
readonly: true
"/share3":
provider: path.to.CustomDAVProviderClass
args: ["/path/to/share3", "second_arg"]
kwargs: {"another_arg": 42}
Replace it:
provider_mapping:
"/":
root: "/var/www/html/documents"
readonly: false
"/reports":
root: "/var/www/html/reports"
readonly: true
With these mappings, https://dav.example.com:8080/
will correspond to the /var/www/html/documents
directory on the server, while https://dav.example.com:8080/reports
will map to /var/www/html/reports
with no write access.
For authentication, we will use the PAM driver. This removes the need for separate WebDAV user accounts and allows system users to login using their usual credentials.
In the "AUTHENTICATION" section, find these lines:
accept_basic: true
accept_digest: true
default_to_digest: true
domain_controller: null
Replace them with the following:
accept_basic: true
accept_digest: false
default_to_digest: false
domain_controller: wsgidav.dc.pam_dc.PAMDomainController
You can now test your server:
sudo wsgidav -c /usr/local/etc/wsgidav.yaml
Open https://dav.example.com:8080/
in your web browser. Since we configured PAM authentication, you will need to login with your Linux user account. Use Ctrl + C to stop the server before proceeding.
Installing as a service
In order to run your WebDAV server as a system service managed by systemd, create a unit file:
sudo $EDITOR /etc/systemd/system/wsgidav.service
Enter the following:
[Unit]
Description=WsgiDAV WebDAV server
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/wsgidav -c /usr/local/etc/wsgidav.yaml
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=wsgidav_service
[Install]
WantedBy=multi-user.target
Then create a configuration file for the system logging service:
sudo $EDITOR /etc/rsyslog.d/wsgidav_service.conf
Populate the file with the following:
if $programname == 'wsgidav_service' then /var/log/wsgidav.log
& stop
Save and exit, then use the commands below to create the log file:
sudo touch /var/log/wsgidav.log
sudo chown root:adm /var/log/wsgidav.log
Finally, load the new systemd unit file and restart the logging service before starting WsgiDAV:
sudo systemctl daemon-reload
sudo systemctl restart rsyslog.service
sudo systemctl start wsgidav.service
You can now use systemctl
to start, stop and restart your WebDAV server. WsgiDAV's standard output and error will be logged to /var/log/wsgidav.log
, and can also be accessed using sudo journalctl -u wsgidav.service
.
If you want the WebDAV server to start automatically at system boot time, execute:
sudo systemctl enable wsgidav.service