My quest for a perfect WebDAV server on GoFlex Net that works with KDE Dolphin and iPad2 (or how to setup lighttpd WebDAV with SSL) August 23, 2011 03:07PM |
Registered: 12 years ago Posts: 128 |
[Sun Jul 31 16:45:57 2011] [error] [client 192.168.1.24] File does not exist: /media/HDD/files/test.txtSecondly, when I did the same via Dolphin (Kubuntu's standard file manager) , I got the "password mismatch" error
[Mon Aug 01 00:28:49 2011] [error] [client 192.168.1.39] Digest: user files: password mismatch: /files/The funny thing is that despite the errors everything seemed to work just fine. I tried googling those errors and found quite many similar problem descriptions but no solutions. Then I learned that when using SSL you don't really need the digest auth, since SSL makes sure that the whole communication is encrypted and so I switched to the basic auth. That made the "password mismatch errors" go away and so I was quite happy until I tried uploading big files (like 180 MB) to my WebDAV server via Dolphin. This time I got the "could not get next bucket brigade [500, #0]" error.
[Tue Aug 23 16:24:15 2011] [error] [client 192.168.1.39] Could not get next bucket brigade (URI: /files/arc.zip) [500, #0]The bad thing is that this error wasn't as harmless as the previous ones and indeed caused the upload to fail. After some experiments I found out that the error didn't occur when uploading smaller files (even 50MB were still fine) or when turning SSL off. I even tried installing a newer apache version from Debian Wheezy but that didn't solve the problem either. Finally, being completely pissed off with Apache, I decided to give lighttpd a chance. To be honest, using digest auth and SSL gave me the password mismatch error even when using lighttpd, so I suspect that it might be a solely KDE problem. However, when using basic auth and SSl everything worked great and I had absolutely no problems uploading large files. So far so good. Just as I managed to solve my Dolphin-related problems, I got new problems with iFiles. For some reason it refused to play nicely with lighttpd, displaying only half of the files in a WebDAV folder and duplicating certain folders. So I decided to try something else and found a wonderful app called WebDAV Navigator. The best thing is that it can do pretty much the same as iFiles but is completely free. The only thing I'm missing is the ability to edit text files which is present in iFiles but apart from that WebDAV Navigator is really great. It correctly displays the content of my WebDAV folders and allows me to easily upload or download files.
apt-get install lighttpd lighttpd-mod-webdav apache2-utils openssl lighttpd-enable-mod auth webdavNow we should create the folders for the webdav accounts. Those usually should be located
ln -s /media/HDD/service /var/www/service ln -s /media/HDD/ebooks /var/www/ebooks ln -s /media/USB/files /var/www/filesWe also have to make sure, that all webdav folders are always owned by www-data.
chown -R www-data:www-data /media/HDD/service chown -R www-data:www-data /media/HDD/ebooks chown -R www-data:www-data /media/USB/files chown -R www-data:www-data /var/www/service chown -R www-data:www-data /var/www/ebooks chown -R www-data:www-data /var/www/filesNow we create the users for the accounts and make the auth file accessible only for lighttpd and root
htpasswd -c /etc/lighttpd/dav_auth service_user -> Password htpasswd /etc/lighttpd/dav_auth ebooks_user -> Password htpasswd /etc/lighttpd/dav_auth files_user chown root:www-data /etc/lighttpd/dav_auth chmod 640 /etc/lighttpd/dav_authFinally, let's add the WebDAV accounts to the lighttpd config:
nano /etc/lighttpd/conf-enabled/10-webdav.conf
$HTTP["url"] =~ "^/service($|/)" { webdav.activate = "enable" webdav.is-readonly = "disable" auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/lighttpd/dav_auth" auth.require = ( "" => ( "method" => "basic", "realm" => "webdav_service", "require" => "user=service_user" ) ) } $HTTP["url"] =~ "^/ebooks($|/)" { webdav.activate = "enable" webdav.is-readonly = "disable" auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/lighttpd/dav_auth" auth.require = ( "" => ( "method" => "basic", "realm" => "webdav_ebooks", "require" => "user=ebooks_user" ) ) } $HTTP["url"] =~ "^/files($|/)" { webdav.activate = "enable" webdav.is-readonly = "disable" auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/lighttpd/dav_auth" auth.require = ( "" => ( "method" => "basic", "realm" => "webdav_files", "require" => "user=files_user" ) ) }
"require" => "user=<username>"directive we make sure each user is allowed to login only into his own account. If you want to allow every user to login into any account, replace "user=<username>" by "valid-user"
/etc/init.d/lighttpd restartand try to access http://goflex-ip/files. For KDE Dolphin use webdav://goflex-ip/files
nano /etc/lighttpd/lighttpd.confand add this
debug.log-request-header = "enable" debug.log-response-header = "enable" debug.log-request-handling = "enable" debug.log-file-not-found = "enable" debug.log-condition-handling = "enable"in order to make lighttpd's log files more informative. The log file is located at /var/log/lighttpd/error.log. Use less to study it carefully
less /var/log/lighttpd/error.logand find out what's going wrong.
lighttpd-enable-mod sslNow we need to create a self-signed SSL certificate. Here I'm basically using this guide
cd /etc/lighttpd openssl req -config /etc/ssl/openssl.cnf -new -out server.csrNote the PEM passphrase and challenge password since you'll need them afterwards. Things like Country name, Province Name, Locality Name, Organization Name, Organization Unit Name,Email Address and An optional company name are not really important, so you can supply everything you want. What is important is the Common Name, since it should match the name of your lighttpd-site. For instance, in my /etc/hostname I have
mygoflexand in my /etc/hosts
192.168.1.56 mygoflex.mynet.com mygoflexwhere 192.168.1.56 is the static IP of mygoflex. I also can succesfully ping mygoflex.mynet.com from my Kubuntu laptop. Thus, as a common name I should supply
mygoflex.mynet.comAfter that we run
openssl rsa -in privkey.pem -out server.keyand enter the PEM passphrase
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650For lighttpd we need a so called pem, which can be created by issuing
cat server.crt server.key > server.pemNext we restart lighttpd
/etc/init.d/lighttpd restartand enjoy the result:
https://goflex-ip/files (Web browser) webdavs://goflex-ip/files (KDE Dolphin)Both KDE Dolphin and Firefox complain about unverified certificate, which is correct, since your cert is a self signed one and doesn't come from a Certificate authority. Just tell your programms to accept the certficiate and you're done.
/etc/lighttpd/conf-enabled/10-ssl.confEdit: I got a strange mail from cron, complaining about /etc/cron.daily/lighttpd:
su: Authentication failure (ignored) su: Authentication failure (ignored)The solution was to add www-data to /etc/shadow:
www-data:*:15210:0:99999:7:::
Re: My quest for a perfect WebDAV server on GoFlex Net that works with KDE Dolphin and iPad2 (or how to setup lighttpd WebDAV with SSL) August 31, 2011 12:18PM |
Registered: 13 years ago Posts: 19 |
Re: My quest for a perfect WebDAV server on GoFlex Net that works with KDE Dolphin and iPad2 (or how to setup lighttpd WebDAV with SSL) August 31, 2011 12:55PM |
Registered: 12 years ago Posts: 128 |
Re: My quest for a perfect WebDAV server on GoFlex Net that works with KDE Dolphin and iPad2 (or how to setup lighttpd WebDAV with SSL) September 02, 2011 04:54AM |
Registered: 13 years ago Posts: 19 |
$ apt-get install lighttpd lighttpd-mod-webdav apache2-utils openssl lighttpd-enable-mod auth webdav Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package lighttpd-enable-mod E: Unable to locate package auth E: Unable to locate package webdav
$ uname -ra Linux ds-debian 3.0.3-dockstar #1 Sun Aug 28 20:16:48 CEST 2011 armv5tel GNU/Linux
$ cat /etc/apt/sources.list deb http://repo.dev-eth0.de/ squeeze main deb http://ftp.de.debian.org/debian testing main contrib non-free deb http://ftp.de.debian.org/debian/ squeeze main contrib non-free deb http://security.debian.org/ squeeze/updates main contrib non-free deb-src http://ftp.de.debian.org/debian/ squeeze main contrib non-free deb-src http://security.debian.org/ squeeze/updates main contrib non-free
Re: My quest for a perfect WebDAV server on GoFlex Net that works with KDE Dolphin and iPad2 (or how to setup lighttpd WebDAV with SSL) September 02, 2011 05:23AM |
Registered: 12 years ago Posts: 128 |
Re: My quest for a perfect WebDAV server on GoFlex Net that works with KDE Dolphin and iPad2 (or how to setup lighttpd WebDAV with SSL) September 16, 2011 11:32AM |
Registered: 12 years ago Posts: 9 |
passwd --lock www-data
Re: My quest for a perfect WebDAV server on GoFlex Net that works with KDE Dolphin and iPad2 (or how to setup lighttpd WebDAV with SSL) September 27, 2012 04:29AM |
Admin Registered: 13 years ago Posts: 18,495 |
$HTTP["url"] =~ "^/media($|/)" { webdav.activate = "enable" webdav.is-readonly = "disable" auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/lighttpd/dav_auth" auth.require = ( "" => ( "method" => "basic", "realm" => "webdav_service", "require" => "user=media_user" ) ) }
# cat /var/log/lighttpd/error.log 2012-09-27 02:09:20: (log.c.166) server started 2012-09-27 02:09:34: (request.c.306) fd: 8 request-len: 391 GET /media/ HTTP/1.1 Host: 192.168.0.220 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.25 (KHTML, like Gecko) Version/6.0 Safari/536.25 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 DNT: 1 Authorization: Basic bWVkaWFfdXNlcjpjYWxvY251b25ndHJ1aQ== Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: keep-alive 2012-09-27 02:09:34: (response.c.241) run condition 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.471) SERVER["socket"] ( :80 ) compare to [::]:80 2012-09-27 02:09:34: (configfile-glue.c.534) 1 (uncached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.273) 2 global/HTTPurl=~^/media($|/) nej 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: unknown 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.273) 2 global/HTTPurl=~^/media($|/) nej 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: unknown 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.273) 2 global/HTTPurl=~^/media($|/) nej 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: unknown 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.273) 2 global/HTTPurl=~^/media($|/) nej 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: unknown 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.273) 2 global/HTTPurl=~^/media($|/) nej 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: unknown 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.273) 2 global/HTTPurl=~^/media($|/) nej 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: unknown 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.273) 2 global/HTTPurl=~^/media($|/) nej 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: unknown 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.273) 2 global/HTTPurl=~^/media($|/) nej 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: unknown 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.273) 2 global/HTTPurl=~^/media($|/) nej 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: unknown 2012-09-27 02:09:34: (response.c.300) -- splitting Request-URI 2012-09-27 02:09:34: (response.c.301) Request-URI : /media/ 2012-09-27 02:09:34: (response.c.302) URI-scheme : http 2012-09-27 02:09:34: (response.c.303) URI-authority: 192.168.0.220 2012-09-27 02:09:34: (response.c.304) URI-path : /media/ 2012-09-27 02:09:34: (response.c.305) URI-query : 2012-09-27 02:09:34: (response.c.349) -- sanatising URI 2012-09-27 02:09:34: (response.c.350) URI-path : /media/ 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.471) HTTP["url"] ( /media/ ) compare to ^/media($|/) 2012-09-27 02:09:34: (configfile-glue.c.534) 2 (uncached) result: true 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (mod_access.c.135) -- mod_access_uri_handler called 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (response.c.470) -- before doc_root 2012-09-27 02:09:34: (response.c.471) Doc-Root : /var/www 2012-09-27 02:09:34: (response.c.472) Rel-Path : /media/ 2012-09-27 02:09:34: (response.c.473) Path : 2012-09-27 02:09:34: (response.c.521) -- after doc_root 2012-09-27 02:09:34: (response.c.522) Doc-Root : /var/www 2012-09-27 02:09:34: (response.c.523) Rel-Path : /media/ 2012-09-27 02:09:34: (response.c.524) Path : /var/www/media/ 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (response.c.541) -- logical -> physical 2012-09-27 02:09:34: (response.c.542) Doc-Root : /var/www 2012-09-27 02:09:34: (response.c.543) Rel-Path : /media/ 2012-09-27 02:09:34: (response.c.544) Path : /var/www/media/ 2012-09-27 02:09:34: (response.c.561) -- handling physical path 2012-09-27 02:09:34: (response.c.562) Path : /var/www/media/ 2012-09-27 02:09:34: (response.c.569) -- file found 2012-09-27 02:09:34: (response.c.570) Path : /var/www/media/ 2012-09-27 02:09:34: (response.c.719) -- handling subrequest 2012-09-27 02:09:34: (response.c.720) Path : /var/www/media/ 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (mod_indexfile.c.150) -- handling the request as Indexfile 2012-09-27 02:09:34: (mod_indexfile.c.151) URI : /media/ 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (mod_access.c.135) -- mod_access_uri_handler called 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (mod_compress.c.719) -- handling file as static file 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 1 (cached) result: false 2012-09-27 02:09:34: (configfile-glue.c.583) === start of condition block === 2012-09-27 02:09:34: (configfile-glue.c.541) 2 (cached) result: true 2012-09-27 02:09:34: (mod_staticfile.c.408) -- handling file as static file 2012-09-27 02:09:34: (mod_staticfile.c.439) not a regular file: /media/ -> /var/www/media/ 2012-09-27 02:09:34: (response.c.731) -- subrequest finished 2012-09-27 02:09:34: (response.c.128) Response-Header: HTTP/1.1 404 Not Found Content-Type: text/html Content-Length: 345 Date: Thu, 27 Sep 2012 09:09:34 GMT Server: lighttpd/1.4.31
Re: My quest for a perfect WebDAV server on GoFlex Net that works with KDE Dolphin and iPad2 (or how to setup lighttpd WebDAV with SSL) September 27, 2012 10:32PM |
Admin Registered: 13 years ago Posts: 18,495 |
$HTTP["host"] == "mydockstar" { # enable directory listing server.dir-listing = "enable" $HTTP["url"] =~ "^/media($|/)" { webdav.activate = "enable" webdav.is-readonly = "enable" auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/lighttpd/dav_auth" auth.require = ( "" => ( "method" => "basic", "realm" => "media_files", "require" => "user=media" ) ) } }