Deploying WebDAV on Debian 10 using WsgiDAV

• Introduction
• Prerequisites
• Installation
• Further reading

Introduction

Web Distributed Authoring and Versioning (WebDAV) is a HTTP extension that provides a framework for remotely creating and modifying files on a server. WsgiDAV is a WebDAV server written in python. This guide will help you through the installation of WsgiDAV version 3.0 on a Vultr server running Debian 10. We will also obtain an SSL certificate to provide a secure connection as well as PAM authentication.

Prerequisites

• A Debian 10 system to which you have privileged access (via the root user or any sudo user.)
• The $EDITOR environment variable must be set to a text editor of your choice.
• A registered domain name is required. Its nameservers must be configured with an A record pointing to your server's IPv4 address, and optionally an AAAA record pointing to the IPv6 address.
• Familiarity with the YAML syntax is recommended.

The placeholder dav.example.com will be used for your server's domain name.

Installation

SSL certificate

We will start by updating the system and obtaining a free SSL certificate from Let's Encrypt. To do so, first update your system and install the certbot utility:

 sudo apt update
 sudo apt upgrade -y
 sudo apt install -y certbot

In the command below, replace dav.example.com and email@domain.tld with your domain name and email address respectively before executing it:

sudo certbot certonly --standalone --agree-tos -m email@domain.tld -d dav.example.com

Your server will be sent a challenge to verify that you control the domain name specified. If it succeeds, the certificate will be issued and saved, along with other files such as the private key, under /etc/letsencrypt/live/dav.example.com/.

Installing WsgiDAV

First, install the python package manager pip:

sudo apt update
sudo apt install -y python3-pip

WsgiDAV requires a HTTP server that supports WSGI. We will install the default option, which is Cheroot. We will also install the lxml python library, which tends to perform better than the XML library installed by default. The PAM (Pluggable Authentication Module) python3 library is needed as well. Install the required packages using the pip tool:

sudo pip3 install wsgidav cheroot lxml python-pam

Configuring WsgiDAV

The WsgiDAV executable is stored in /usr/local/bin, so we will place the configuration file in the /usr/local/etc directory. Download the sample configuration file with the following commands:

sudo mkdir -p /usr/local/etc
sudo wget https://github.com/mar10/wsgidav/raw/master/sample_wsgidav.yaml -O /usr/local/etc/wsgidav.yaml

Open it with your editor:

sudo $EDITOR /usr/local/etc/wsgidav.yaml

Find the following lines in the "SSL Support" section:

# ssl_certificate: "wsgidav/server/sample_bogo_server.crt"
# ssl_private_key: "wsgidav/server/sample_bogo_server.key"
# ssl_certificate_chain: null

Replace them with the following:

ssl_certificate: "/etc/letsencrypt/live/dav.example.com/cert.pem"
ssl_private_key: "/etc/letsencrypt/live/dav.example.com/privkey.pem"
ssl_certificate_chain: "/etc/letsencrypt/live/dav.example.com/chain.pem"

Next, we will configure the share paths by mapping HTTP paths (such as /) to corresponding locations on the filesystem (such as /var/www/dir1). For demonstration purposes, we will share two directories, one of which will be read-only. Find the provider_mapping block in the "SHARES" section:

provider_mapping:
    "/": "/path/to/share1"
    "/pub":
        root: "/path/to/share2"
        readonly: true
    "/share3":
        provider: path.to.CustomDAVProviderClass
        args: ["/path/to/share3", "second_arg"]
        kwargs: {"another_arg": 42}

Replace it:

provider_mapping:
    "/":
    root: "/var/www/html/documents"
    readonly: false
"/reports":
    root: "/var/www/html/reports"
    readonly: true

With these mappings, https://dav.example.com:8080/ will correspond to the /var/www/html/documents directory on the server, while https://dav.example.com:8080/reports will map to /var/www/html/reports with no write access.

For authentication, we will use the PAM driver. This removes the need for separate WebDAV user accounts and allows system users to login using their usual credentials.

In the "AUTHENTICATION" section, find these lines:

accept_basic: true
accept_digest: true
default_to_digest: true
domain_controller: null

Replace them with the following:

accept_basic: true
accept_digest: false
default_to_digest: false
domain_controller: wsgidav.dc.pam_dc.PAMDomainController

You can now test your server:

sudo wsgidav -c /usr/local/etc/wsgidav.yaml

Open https://dav.example.com:8080/ in your web browser. Since we configured PAM authentication, you will need to login with your Linux user account. Use CTRL + C to stop the server before proceeding.

Installing as a service

In order to run your WebDAV server as a system service managed by systemd, create a unit file:

sudo $EDITOR /etc/systemd/system/wsgidav.service

Enter the following:

[Unit]
Description=WsgiDAV WebDAV server
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/wsgidav -c /usr/local/etc/wsgidav.yaml
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=wsgidav_service

[Install]
WantedBy=multi-user.target

Then create a configuration file for the system logging service:

sudo $EDITOR /etc/rsyslog.d/wsgidav_service.conf

Populate the file with the following:

 if $programname == 'wsgidav_service' then /var/log/wsgidav.log
 & stop

Save and exit, then use the commands below to create the log file:

sudo touch /var/log/wsgidav.log
sudo chown root:adm /var/log/wsgidav.log

Finally, load the new systemd unit file and restart the logging service before starting WsgiDAV:

sudo systemctl daemon-reload
sudo systemctl restart rsyslog.service
sudo systemctl start wsgidav.service

You can now use systemctl to start, stop and restart your WebDAV server. WsgiDAV's standard output and error will be logged to /var/log/wsgidav.log, and can also be accessed using sudo journalctl -u wsgidav.service.

If you want the WebDAV server to start automatically at system boot time, execute:

 sudo systemctl enable wsgidav.service

Further reading

• How to Setup a WebDAV Server using Apache on CentOS 7
• WsgiDAV Documentation