Setting up WebDav on Apache2 with Digest AUTH enabled

Introduction

This article is a brief guide to setting up WebDAV on Apache2 in Ubuntu 10.04 (Lucid Lynx) with Digest AUTH enabled. Some of the guides already available around the web focus on Basic AUTH or provide partially confusing information about Digest AUTH (including the official Apache2 documentation). Hence the need for this article.

Environment that I used

  • Ubuntu 10.04 (Lucid Lynx) server
  • Running inside a Virtualbox VM
  • All you need is apt-get install apache2

Apache modules required

  • dav_fs
  • auth_digest
  • authn_file (was enabled by default for me)

Enable each of these modules using a2enmod as follows

sudo a2enmod dav_fs
sudo a2enmod auth_digest
sudo a2enmod authn_file

Create webdav location

The webdav directory location must be readable and write-able by the Apache user (typically www-data). In this example I am assuming the default DocumentRoot of /var/www.

sudo mkdir -p /var/www/webdav
sudo chown www-data:www-data /var/www/webdav

Add Location section to Apache config

Again I am assuming the default site 000-default

sudo vi /etc/apache2/sites-enabled/000-default

    <Location /webdav/>
        Dav On
        AuthType Digest
        AuthName "webdav"
        AuthDigestDomain /webdav/
        AuthDigestProvider file
        AuthUserFile /var/www/.htdigest
        Require valid-user
    </Location>

Important things to note:

  • AuthDigestFile (referenced in the Debian HOWTO) does NOT work - produces an error when you test the config using apache2ctl configtest

  • I have the htdigest file created using htdigest under /var/www, but I am sure it can be elsewhere too
  • The key is to point the auth-digest module at a provider using the AuthDigestProvider line and use the AuthUserFile (used by authn_file module) to point at the actual htdigest created file. This is to me rather confusing, since the Apache docs ALSO refer to AuthDigest, but (only) this worked for me.

  • the '/' at the end of '/webdav/' is critical
  • You MUST use a Location tag and not a Directory tag.

Create Digest AUTH password file

htdigest -c /var/www/.htdigest webdav my_webdav_user

htdigest will prompt for the password and then create the .htdigest file. In the example above, webdav (parameter 3 to htdigest) is the AuthDigestDomain you entered in the Apache conf file. my_webdav_user is the WebDav username.

Check the Apache config

apache2ctl configtest

If you get a response Syntax OK, you can proceed

Reload the new Apache config

sudo /etc/init.d/apache2 force-reload

Testing WebDav

You can use the command line WebDAV client cadaver to test the WebDav capability.

sudo apt-get install cadaver

cadaver is similar to the FTP client. It allows you to connect to a WebDav server, navigate the Webdav share - including list files and directories, make directories etc.

A sample cadaver session is below:

user@remote:~$ cadaver http://lucid-server/webdav/
Authentication required for webdav on server `lucid-server':
Username: my_webdav_user
Password: 
dav:/webdav/> ls
Listing collection `/webdav/': collection is empty.
dav:/webdav/> mkcol hello
Creating `hello': succeeded.
dav:/webdav/> cd hello
dav:/webdav/hello/> ls
Listing collection `/webdav/hello/': collection is empty.
dav:/webdav/hello/> cd ..
dav:/webdav/> rmcol hello
Deleting collection `hello': succeeded.
dav:/webdav/> ls
Listing collection `/webdav/': collection is empty.

Press "Ctrl-D" to exit the cadaver session.

While you are accessing the WebDav share using cadaver, you see entries such as the following in Apache's access.log:

10.0.0.1 - - [19/May/2010:16:38:15 -0700] "OPTIONS /webdav/ HTTP/1.1" 401 882 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:19 -0700] "OPTIONS /webdav/ HTTP/1.1" 200 487 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:19 -0700] "PROPFIND /webdav/ HTTP/1.1" 207 1000 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:22 -0700] "PROPFIND /webdav/ HTTP/1.1" 207 1000 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:27 -0700] "MKCOL /webdav/hello/ HTTP/1.1" 201 626 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:29 -0700] "PROPFIND /webdav/hello/ HTTP/1.1" 207 1006 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:30 -0700] "PROPFIND /webdav/hello/ HTTP/1.1" 207 1006 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:32 -0700] "PROPFIND /webdav/ HTTP/1.1" 207 1000 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:35 -0700] "PROPFIND /webdav/hello/ HTTP/1.1" 207 1006 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:35 -0700] "DELETE /webdav/hello/ HTTP/1.1" 204 282 "-" "cadaver/0.23.2 neon/0.28.2"
10.0.0.1 - my_webdav_user [19/May/2010:16:38:36 -0700] "PROPFIND /webdav/ HTTP/1.1" 207 1000 "-" "cadaver/0.23.2 neon/0.28.2"

See Also

Apache2WebDavDigestAUTH (last edited 2010-05-20 16:23:48 by bilbo)