How to set up WebDAV hosting on Apache

WebDAV (Web-based Distributed Authoring and Versioning) is a way to share files over HTTP, much like you would use Samba or NFS. It has more limitations, and less speed, than filesystems like Samba or NFS, but with the proliferation of web servers and the ability to reach websites from multiple clients in various locations, WebDAV certainly has its appeal. Unlike Samba or NFS, which are best suited for local area networks, you can use an HTTP server anywhere in the world and likewise access it from anywhere.

WebDAV support is also baked right into most modern operating systems, making it extremely easy to access as a client. Setting it up on the server, however, may be more of a challenge. Certainly setting it up correctly can be.

Using Apache on Red Hat Enterprise Linux 5 (or CentOS 5) as an example, let’s look at setting up a WebDAV server. First and foremost, you will need mod_dav and mod_dav_fs support, which can be found in the httpd package; if you have Apache installed, you will have support for WebDAV already available (other distributions may package WebDAV support modules separately, such as apache-mod_dav). The first step is to create /etc/httpd/conf.d/webdav.conf which will be where we configure WebDAV. The reason we are putting our configuration file there is due to this gem in /etc/httpd/conf/httpd.conf:

Include conf.d/*.confThis tells Apache to automatically pick up all configuration files (*.conf) in /etc/httpd/conf.d/. The contents of /etc/httpd/conf.d/webdav.conf will look similar to this:

LimitXMLRequestBody 131072 DavLockDB /var/dav/DavLock Alias /dav "/srv/www/dav" Dav On Options +Indexes IndexOptions FancyIndexing AddDefaultCharset UTF-8 AuthType Basic AuthName "WebDAV" AuthUserFile /etc/httpd/conf/dav.passwd Require valid-user This sets up the required WebDAV settings necessary to make it work properly. Here we have defined a number of things; one that is important to note is the location of the DavLockDB file (this must be writable by the user running Apache — usually apache or nobody). The directory storing the lock file needs to be writable, so create a new directory specifically for this purpose:

# mkdir -p /var/dav# chown nobody:nobody /var/davYou will also want to ensure that /srv/www/dav is writable by the user running Apache as well:

# mkdir -p /srv/www/dav# chown nobody:nobody /srv/www/dav# chmod 755 /srv/www/davFinally, you need to create the password file for authentication. In the above example the password file was specified as /etc/httpd/conf/dav.passwd, so use htpasswd to create it:

# htpasswd -c /etc/httpd/conf/dav.passwd [user]You will be prompted for [user]’s password and then htpasswd will create the file. At this point you can restart Apache:

# service httpd restartYou can now point a web browser to http://yoursite.com/dav/ and it should prompt you for a login. You won’t be able to do anything special in the web browser, but you can use another WebDAV client to try uploading and downloading files, such as cadaver:

# cadaver https://yoursite.com/davAuthentication required for Private on server `yoursite.com':Username: userPassword:dav:/dav/> lsListing collection `/dav/': succeeded.Coll: omnifocus 0 Aug 8 14:30 somefile.txt 115 Jul 17 15:03For more security, wrap WebDAV up in SSL by adding it to an appropriate SSL-based virtual host. This will encrypt your password and data-in-transit.

This should also work with most other Linux distributions using Apache, possibly changing some paths to configuration files or package names. All in all, setting up WebDAV doesn’t have to be difficult, but all of these steps are required, otherwise some WebDAV clients will fail with inexplicably weird errors. This also provides a quick and easy way to store files in a remote location, securely, with the ability to obtain them from anywhere.