Apache-2.4

讓 Webdav 工作

  • January 30, 2018

這是一個星期我試圖讓 webdav 在 Vhost 上工作但沒有任何成功……

這是我的設置:

Debian 9

Apache 2.4

Virtualmin 6.01

SuexecUserGroup "#1039" "#1038"
ServerName dav.mydom.com
DocumentRoot /home/dav/public_html
ErrorLog /var/log/virtualmin/dav.mydom.com_error_log
CustomLog /var/log/virtualmin/dav.mydom.com_access_log combined
<Directory "/home/dav/public_html">
Options Indexes MultiViews
AllowOverride None
Require all granted
</Directory>
Alias /webdav /home/dav/public_html
<location /webdav>
Dav on
AuthType Basic
AuthBasicProvider file
AuthName "WebDav"
AuthUserFile /home/dav/public_html/.htpasswd
<Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK OPTIONS>
 Require valid-user
</Limit>
</location>
ProxyPassMatch ^/(.*.php(/.*)?)$ fcgi://localhost:8005/home/dav/public_html/$1
RemoveHandler .php
RemoveHandler .php7.0
php_admin_value engine Off

試圖用屍體測試它,我收到消息我什至無法輸入我的使用者名並通過

[matth@www ~]# cadaver http://dav.mydom.com/webdav/
Authentication required for WebDav on server `dav.mydom.com':
Username: 
Authentication aborted!
Could not open collection:
Could not authenticate to server: rejected Basic challenge
dav:/webdav/? 

我還通過創建 .netrc 通行證來自動進行身份驗證進行測試,但我很好:

[matth@www ~]# cadaver https://dav.mydom.com/webdav
Could not access /webdav/ (not WebDAV-enabled?):
405 Method Not Allowed
Connection to `db.ducorporation.com' closed.
dav:!> 

訪問日誌

s.r.c.ip - - [18/Jan/2018:04:03:29 +0100] "OPTIONS /test.txt HTTP/1.1" 200 4236 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:30 +0100] "HEAD /test.txt HTTP/1.1" 200 620 "https://app.dom.com/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:31 +0100] "OPTIONS /test.txt HTTP/1.1" 200 1146 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:32 +0100] "HEAD /test.txt HTTP/1.1" 200 620 "https://app.dom.com/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:32 +0100] "OPTIONS /test.txt HTTP/1.1" 200 1146 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:33 +0100] "PUT /test.txt HTTP/1.1" 405 938 "https://app.dom.com/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"

error.log為空

使用 suexec,我確保 Apache 在正確的使用者下執行,並且在身份驗證後,對任何文件的訪問也可以從 Web 瀏覽器工作。

還經過測試

  • 不使用locationdirectory

  • 禁用目錄索引

  • Auth none/Digest/Basic

  • DocumentRoot 路徑上的 Webdav 文件夾以及子文件夾

  • 將 public_html 文件夾的所有權更改為 apache 使用者 - 我不做的其他事情不記得了

通過所有這些測試,我得到了同樣的錯誤

使用 Firefox/litmus/cadaver/webdav 客戶端應用程序完成了我的測試使用 Firefox 和 webdav 應用程序,我可以讀取和下載文件,但不能編輯PUT獲取405 error(意思PUT 是不允許的,但在我的<Limit>部分允許)使用 litmus/屍體至今沒機會做任何事……

希望我足夠清楚

任何輸入將不勝感激

編輯:添加了 apache 日誌

馬修

這是我最終設法使其工作的方法:

此配置適用於SSL vhost 的 Apache 2.4,HTTP重定向到SSL

我必須設置一個專用文件夾,其中 Apache 使用者具有專用的讀/寫訪問權限。

為了更安全,我希望 Apache 以特定使用者身份執行,但今天似乎最簡單的方法是使用MPM-ITK顯然與MPM-Prefork我現在使用的模組不兼容的方法。

一旦我了解了從MPM-Prefork``MPM-ITK 遷移的後果,我會嘗試一下。

歡迎對安全改進提出任何意見!

Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite"
Header always set Access-Control-Expose-Headers "ETag"
Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK"
Header always set Access-Control-Allow-Credentials "true"

RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ blank.html [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]
ServerName my.domain.com
DocumentRoot /home/www/public_html
ErrorLog /var/log/virtualmin/my.domain.com_error_log
CustomLog /var/log/virtualmin/my.domain.com_access_log combined
DavLockDB /home/www/public_html/DavLock
<Directory /home/www/public_html>
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://my.domain.com/$1 [R,L]
Options Indexes MultiViews SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>

Alias /webdav /home/www/public_html

<Location "/webdav">
Dav on
DirectoryIndex none
AuthType Basic
AuthBasicProvider file
AuthUserFile /home/www/public_html/.htpasswd
AuthName "WebDav"
<Limit GET HEAD POST PUT OPTIONS MOVE DELETE COPY LOCK UNLOCK>
 Require valid-user
</Limit>
<Limit  OPTIONS>
 Require all granted
</Limit>
DavDepthInfinity off
</Location>
SSLEngine on
SSLCertificateFile /home/my/ssl.cert
SSLCertificateKeyFile /home/my/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/my/ssl.ca
RemoveHandler .php
RemoveHandler .php7.0
php_admin_value engine Off
RedirectMatch ^/(?!webdav) "https://my.domain.com/webdav"

引用自:https://serverfault.com/questions/892435