lookas

Share files through WebDAV on OpenWrt

2019-05-11

OpenWrt ( https://openwrt.org/ )It is a very powerful router firmware, and many functions can be achieved by installing software packages. WebDAV ( http://www.webdav.org/ )It is an extension of HTTP and can be used to share files. So, we can try to install the corresponding software package on OpenWrt to enable the device to support WebDAV.

This article is migrated from the old blog. The original link is https://lookas2001.com/openwrt-%e4%b8%8a%e9%80%9a%e8%bf%87 -webdav-%e5%85%b1%e4%ba%ab%e6%96%87%e4%bb%b6/

Compared with SMB and AFP, WebDAV is faster in actual testing. This may be due to the fact that WebDAV is based on HTTP. The HTTP server may have some black technology to improve the speed when reducing the occupancy (or it may be because WebDAV in the next step is based on http rather than https).

In addition, the reason for writing this article is that SMB and AFP already have relatively complete tutorials, such as these two articles https://openwrt.org/docs/guide-user/services/nas/samba_configuration https://openwrt.org/docs/guide-user/services/nas/netatalk_configuration However, WebDAV lacks documentation.

Lighttpd ( https://www.lighttpd.net/ )It is a lightweight but fully functional HTTP server. It is observed that it provides WebDAV mod, so it can be used to implement WebDAV server.

Install Lighttpd and WebDAV Auth modules

before opkg update To update the local package information.

adopt opkg install lighttpd lighttpd-mod-webdav lighttpd-mod-auth lighttpd-mod-authn_file You can install all the software packages you depend on in one click.

If the download speed is slow or the download is difficult, you can manually go to http://downloads.openwrt.org Download the corresponding package and then install it, or set up a network proxy (this is not within the scope of this article, you need to find your own way).

Configure Lighttpd

Unlike SMB, which provides a unified configuration interface for uci, Lighttpd needs to be modified under/etc/lighttpd.

adopt vi /etc/lighttpd/lighttpd.conf Open the main configuration file of lighttpd.

Available through cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.bak Set a backup to facilitate the restoration in case of configuration errors.

This is a configured configuration file:

 server.document-root = "/mnt"
 server.upload-dirs = ( "/tmp" ) server.errorlog = "/var/log/lighttpd/error.log"
 server.pid-file = "/var/run/lighttpd.pid"
 server.username = "http"
 server.groupname = "www-data"

 index-file.names = ( "index.php" , "index.html" , "index.htm", "default.htm", ) static-file.exclude-extensions = ( ".php" , ".pl" , ".fcgi" ) ### Options that are useful but not always necessary:
 #server.chroot               = "/"
 server.port = eighty-one
 #server.bind                 = "localhost"
 #server.tag                  = "lighttpd"
 server.errorlog-use-syslog = "enable"
 #server.network-backend      = "writev"

 ### Use IPv6 if available
 #include_shell "/usr/share/lighttpd/use-ipv6.pl"

 dir-listing.encoding = "utf-8"
 server.dir-listing = "enable" include "/etc/lighttpd/mime.conf" include "/etc/lighttpd/conf.d/*.conf"

Comments in the lighttpd configuration file are implemented by adding "#" before the line.

Here are some modifications:

server.document-root = "/mnt" , that is, set the document root directory to /mnt I added two hard disks to the router, which are attached to/mnt/sda1 and/mnt/sdb1 respectively. The storage location is not fixed, and can be adjusted according to your own preferences.

server.port = 81 , that is, the port we use to access later. Port 80 has been occupied by the system's own uHTTPd. Here, another conflict prevention is set.

server.errorlog-use-syslog = "enable" , this option can output the error log to the syslog, so that we can view the errors on the web console.

server.dir-listing = "enable" , dir-listing.encoding = "utf-8" These two options enable the function of listing files and prevent file names from being garbled.

Configure WebDAV module

adopt vi /etc/lighttpd/conf.d/30-webdav.conf Open the main configuration file of lighttpd.

This is a configured configuration file:

 # ######################################################################
 # #
 # #  WebDAV Module
 # # ---------------
 # #
 # # See  https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModWebDAV
 # # server.modules += ( "mod_webdav" ) # $HTTP [ "url" ] =~ "^/dav($|/)" {
 # #
 # # enable webdav for this location
 # # webdav.activate = "enable" # #
 # # By default the webdav url is writable.
 # # Uncomment the following line if you want to make it readonly.
 # # webdav.is-readonly = "enable" # #
 # # Log the XML Request bodies for debugging
 # #
 # webdav.log-xml = "disable"
 # #
 # #
 # # webdav.sqlite-db-name = "/tmp/lighttpd-webdav.db" # }
 # #
 # ######################################################################

Here are some modifications:

Commented out $HTTP["url"] =~ "^/dav($|/)" { , } Two lines. Lighttpd is installed here for WebDAV. If you comment out these two lines, you can set the entire website as WebDAV.

webdav.activate = "enable" , WebDAV is enabled for the entire site.

webdav.is-readonly = "enable" , the operation mode is set as read-only mode, which is set here disable Read only (i.e. write read) can be disabled.

"/mnt/sda1/.lighttpd-webdav.db" Here, you need to set a database storage location for the WebDAV module. It is recommended to select the location on the hard disk. This database file needs to store some attributes in addition to locking. If it is stored in a place that is easy to lose (such as /tmp )It will lead to data loss, and the storage location other than the hard disk will shorten the life of the flash memory (the flash memory has an upper limit for erasure). Please note that Lighttpd needs to have write permission to the directory of the storage location chmod a+w xxx , to grant permissions.

Ref

Configure Auth module

This configuration is used to improve the security of your files, but it is not necessary. Moreover, this configuration can only improve a little security, and an attacker can still intercept passwords in the middle. If you want to improve the security better, please configure HTTPS.

adopt vi /etc/lighttpd/conf.d/20-auth.conf Open the main configuration file of lighttpd.

This is a configured configuration file:

 #######################################################################
 ##
 ##  Authentication Module
 ## -----------------------
 ##
 ## See  https://redmine.lighttpd.net/projects/lighttpd/wiki/docs_modauth
 ## for more info.
 ## server.modules += ( "mod_auth" ) auth.backend = "plain"
 auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user"
 #auth.backend.plain.groupfile = "/etc/lighttpd/lighttpd.group"

 #auth.backend.ldap.hostname = "localhost"
 #auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
 #auth.backend.ldap.filter   = "(uid=$)"

 auth.require = ( "/" => ( "method" => "basic" , "realm" => "Personal File Server" , "require" => "valid-user" ), ) ##
 #######################################################################

Here are some modifications:

It may be due to the negligence of the package packaging personnel. The original configuration file does not server.modules += ( "mod_auth" ) In order to enable this module, you must add it manually.

auth.backend = "plain" , set the authentication backend to plain

auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.user" , set the location where the authentication backend stores authentication information.

auth.require = ..... , cancelling the comment here means that the authentication is enabled.

"/" , represents the location of certification, and this is the whole station.

"method" => "basic" , authentication type, set here as basic For better client compatibility.

"realm" => "Personal File Server" , that is, the message prompted during authentication. You can set it randomly.

adopt touch /etc/lighttpd/lighttpd.user You can create the authentication information file we need.

adopt vi /etc/lighttpd/lighttpd.user Edit the authentication information file.

Here is an example:

 user1:password1
 user2:password2

User name and password : Separated, multiple users are separated by blank lines.

Ref

Maintenance of the website requires a certain amount of expense. If you agree with this article, please close the advertisement blocker and browse the advertisement. Thank you!
Loading

(∀) In other words, welcome to the small station of lookas!

This is the place where lookas records some things. From time to time, there may be some magical brain holes or unreliable ideas of lookas.

Anyway, let's have a look.

© lookas

The articles on this site are adopted by default Knowledge Sharing Attribution 4.0 International License Agreement Licensing. Please keep the author information and the link to this page when reprinting.