这一周我一直尝试让 webdav 在 Vhost 上运行,但没有成功......
这是我的设置:
Debian 9
Apache 2.4
Virtualmin 6.01
SuexecUserGroup "#1039" "#1038"
ServerName dav.mydom.com
DocumentRoot /home/dav/public_html
ErrorLog /var/log/virtualmin/dav.mydom.com_error_log
CustomLog /var/log/virtualmin/dav.mydom.com_access_log combined
<Directory "/home/dav/public_html">
Options Indexes MultiViews
AllowOverride None
Require all granted
</Directory>
Alias /webdav /home/dav/public_html
<location /webdav>
Dav on
AuthType Basic
AuthBasicProvider file
AuthName "WebDav"
AuthUserFile /home/dav/public_html/.htpasswd
<Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK OPTIONS>
Require valid-user
</Limit>
</location>
ProxyPassMatch ^/(.*.php(/.*)?)$ fcgi://localhost:8005/home/dav/public_html/$1
RemoveHandler .php
RemoveHandler .php7.0
php_admin_value engine Off
尝试用尸体进行测试时,我收到消息称我甚至无法输入我的用户名并通过
[matth@www ~]# cadaver http://dav.mydom.com/webdav/
Authentication required for WebDav on server `dav.mydom.com':
Username:
Authentication aborted!
Could not open collection:
Could not authenticate to server: rejected Basic challenge
dav:/webdav/?
我也通过创建 .netrc 密码进行自动身份验证进行了测试,但是我这样做很好:
[matth@www ~]# cadaver https://dav.mydom.com/webdav
Could not access /webdav/ (not WebDAV-enabled?):
405 Method Not Allowed
Connection to `db.ducorporation.com' closed.
dav:!>
访问日志
s.r.c.ip - - [18/Jan/2018:04:03:29 +0100] "OPTIONS /test.txt HTTP/1.1" 200 4236 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:30 +0100] "HEAD /test.txt HTTP/1.1" 200 620 "https://app.dom.com/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:31 +0100] "OPTIONS /test.txt HTTP/1.1" 200 1146 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:32 +0100] "HEAD /test.txt HTTP/1.1" 200 620 "https://app.dom.com/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:32 +0100] "OPTIONS /test.txt HTTP/1.1" 200 1146 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
s.r.c.ip - - [18/Jan/2018:04:03:33 +0100] "PUT /test.txt HTTP/1.1" 405 938 "https://app.dom.com/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"
错误日志是空的
使用 suexec,我确保 Apache 在正确的用户下运行,并且经过身份验证后,可以从 Web 浏览器访问任何文件。
还测试了
- 不使用location但directory
- 禁用目录索引
- Auth none/Digest/Basic
- DocumentRoot 路径上的 Webdav 文件夹以及子文件夹
- 将 public_html 文件夹的所有权更改为 apache 用户 - 我不记得的其他一些事情
经过所有这些测试,我得到了同样的错误
使用 Firefox/litmus/cadaver/webdav 客户端应用程序完成测试使用 Firefox 和 webdav 应用程序,我可以读取和下载文件,但不能编辑PUT获取405 error(意思PUT 是不允许,但在我的<Limit>部分是允许的)使用 litmus/cadaver 到目前为止没有机会做任何事情……
希望我说得足够清楚,
如有任何意见,我们将不胜感激
编辑:添加了 apache 日志
马思
答案1
以下是我最终设法让它工作的方法:
此配置适用于 Apache 2.4SSL虚拟主机HTTP一次重定向至SSL。
我必须设置一个专用文件夹,Apache 用户在该文件夹中拥有专用的读/写访问权限。
为了更安全,我希望让 Apache 以特定用户身份运行,但目前看来最简单的方法是使用,但显然与我现在使用的模块MPM-ITK不兼容。 一旦我了解从“MPM-ITK”迁移到“MPM-ITK”的后果,我就会尝试一下。MPM-PreforkMPM-Prefork
欢迎任何有关安全改进的评论!
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Headers "origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite"
Header always set Access-Control-Expose-Headers "ETag"
Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK"
Header always set Access-Control-Allow-Credentials "true"
RewriteEngine On RewriteCond %{REQUEST_METHOD} OPTIONS RewriteRule ^(.*)$ blank.html [R=200,L,E=HTTP_ORIGIN:%{HTTP:ORIGIN}]
ServerName my.domain.com
DocumentRoot /home/www/public_html
ErrorLog /var/log/virtualmin/my.domain.com_error_log
CustomLog /var/log/virtualmin/my.domain.com_access_log combined
DavLockDB /home/www/public_html/DavLock
<Directory /home/www/public_html>
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://my.domain.com/$1 [R,L]
Options Indexes MultiViews SymLinksIfOwnerMatch
AllowOverride None
Require all granted
</Directory>
Alias /webdav /home/www/public_html
<Location "/webdav">
Dav on
DirectoryIndex none
AuthType Basic
AuthBasicProvider file
AuthUserFile /home/www/public_html/.htpasswd
AuthName "WebDav"
<Limit GET HEAD POST PUT OPTIONS MOVE DELETE COPY LOCK UNLOCK>
Require valid-user
</Limit>
<Limit OPTIONS>
Require all granted
</Limit>
DavDepthInfinity off
</Location>
SSLEngine on
SSLCertificateFile /home/my/ssl.cert
SSLCertificateKeyFile /home/my/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/my/ssl.ca
RemoveHandler .php
RemoveHandler .php7.0
php_admin_value engine Off
RedirectMatch ^/(?!webdav) "https://my.domain.com/webdav"