Webdav

Please note that this is a draft version.

The following tutorial explains how to enable WebDAV access to your MBWE using lighttpd. To use this tutorial you will need to enable ssh access and install Optware.

The benefits of using WebDav are:

  • WebDav is supported natively in the most common operating systems (Mac OS X, Linux, Windows XP)
  • WebDav can be secured using ssl encryption
  • WebDav can be used to transfer large files (larger than 8mb)
  • WebDav is used by many other programs and protocols (e.g. CalDav, calendar sharing; Zotero Firefox Extension)

But! The webdav module for lighttpd does not have all operations implemented yet (http://redmine.lighttpd.net/wiki/1/Docs:ModWebDAV):

The WebDAV module is a very minimalistic implementation of RFC 2518. Minimalistic means that not all operations are implemented yet.
So far, mounting an open-access WebDAV resource into Windows XP (Network Places), Mac OS X (Finder) and Linux (Konqueror) works. Mounting an authenticated WebDAV resource works in Mac OS X and Linux. The basic litmus tests are passed.

I have actually managed to mount an authenticated WebDAV resource in Windows XP as well. But I have only been able to move, copy and delete. I have not been able to open files directly on the WebDAV resource.
The webdav module does not work at all with Windows Vista (http://redmine.lighttpd.net/issues/1492)

Install Optware lighttpd and mod_webdav dependancies

The build of lighttpd that comes built into the MBWE does not support WebDav. You will need to replace inbuilt lighttpd with Optware version (thanks frater). mod_webdav also requires some extra packages (libxml2 and sqlite), you should also install some of the mod_auth dependancies here as well (openldap and openssl):

# ipkg update
# ipkg install lighttpd libxml2 sqlite openssl openldap
# ldconfig

Make mybook start the opt version of lighttpd instead of the preinstalled

Backup lighttpd.sh:

# cp /etc/init.d/lighttpd.sh /etc/init.d/lighttpd.sh.bak

Edit /etc/init.d/lighttpd.sh to use Optware lighttpd

Comment out this line:

DAEMON=/usr/sbin/$NAME

… and add this line just below:
DAEMON=/opt/sbin/$NAME

Configure lighttpd for webdav

Backup your lighttpd.config file and your lighttpd user file:

# cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.bak
# cp /var/private/lighttpd.htdigest.user /var/private/lighttpd.htdigest.user.bak

Edit /etc/lighttpd/lighttpd.conf

Change the server.modules section in /etc/lighttpd/lighttpd.conf to load mod_webdav. This section should look something like this:

server.modules          = (
                            "mod_auth",
                            "mod_access",
                            "mod_alias",
                            "mod_cgi",
                            "mod_fastcgi",
                            "mod_webdav",
                            "mod_accesslog"
)

To enable WebDav access on the /dav folder in your webroot add this to the bottom of your lighttpd.conf file:

$HTTP["url"] =~ "^/dav($|/)" {
        webdav.activate       = "enable"
#       webdav.sqlite-db-name = "/opt/var/run/lighttpd/lighttpd.webdav_lock.db"
        dir-listing.activate  = "enable"
        webdav.is-readonly    = "disable"
        auth.require          = ( "/dav" => ( "method"  => "digest",
                                              "realm"   => "webdav",
                                              "require" => "valid-user" ) )
}

This section of the config file tells lighttpd to activate WebDav on the /dav folder (/usr/www/lib/dav) and its subfolders.

Decide which location /dav should point to (e.g. /shares/internal/PUBLIC/)

/dav does not exist, so you have to create it. If you want to be able to access a share using webdav, just create dav as a symbolic link to the share, like this:

# ln -s /shares/internal/PUBLIC/ /usr/www/lib/dav

Add webdav users

auth.require ensures that people need a password to access the WebDav share. If you set realm to "nas admin", the web interface user and password will be used.
In the example above I have set the realm to "webdav" and I created a small utilitiy to add users to that realm. Download the utility:

# cd /opt/sbin/
# wget http://mybookworld.wikidot.com/local--files/webdav/add_webdav_user.sh
# chmod 775 /opt/sbin/add_webdav_user.sh

Then use it to add users (put in the username you want instead of USERNAME and the password you want instead of PASSWORD):

add_webdav_user.sh USERNAME PASSWORD

The users are stored in this file: /var/private/lighttpd.htdigest.user. The utility adds the user to the file with the realm "webdav" and password in correct format. The easiest way to change password is probably to remove the corresponding row in /var/private/lighttpd.htdigest.user and run htdigest.sh to readd the user again, but with the new password. To remove a user, remove the corresponding line in /var/private/lighttpd.htdigest.user.

webdav.sqlite-db-name is commented out because I have not got this working properly yet

This means that there is currently no locks or props support.
If you want to try, uncomment webdav.sqlite-db-name in lighttpd.conf and create the folder for the sqlite database and change ownership to www-data:

# mkdir /opt/var/run/lighttpd
# chown www-data:www-data /opt/var/run/lighttpd

The database gets created, but it does not work anyway…

Enable encryption

Generate a SSL certificate:

# mkdir /opt/etc/lighttpd/ssl
# cd /opt/etc/lighttpd/ssl
# openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# chmod 0600 server.pem

When you generate the certificate you will be asked a couple of questions. As far as I understand you can answer whatever you want to. It will not be a correct certificate, but it will work :-).
For country codes, please see http://www.digicert.com/ssl-certificate-country-codes.htm.

Enable SSL encryption

Add the following lines to the bottom of your /etc/lighttpd/lighttpd.conf file to enable encryption using the SSL certificate you just generated:

$SERVER["socket"] == ":443" {
        ssl.engine  = "enable"
        ssl.pemfile = "/opt/etc/lighttpd/ssl/server.pem"
}

Additional lighttpd and webdav configurations

Please refer to: http://redmine.lighttpd.net/wiki/1/Docs:ConfigurationOptions

Troubleshooting

/usr/sbin/lighttpd: can't resolve symbol 'gzopen64'

After you have added mod_webdav to server.modules in lighttpd.conf and you restart the lighttpd server with this command:

# /etc/init.d/lighttpd.sh restart

You get this error:

/usr/sbin/lighttpd: can't resolve symbol 'gzopen64'

This problem is due to lighttpd binary loading /lib/libz.so instead of /opt/lib/libz.so. The only way to solve it is to enable LDSO_RUNPATH support in uclibc. Simply install LDSO_RUNPATH enabled firmware to solve this issue.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License