Simple LAN filesharing with WebDAV: Difference between revisions
(15 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
'''WebDAV''' is both | '''WebDAV''' is both a quite popular and yet overlooked way to access and edit files remotely across a wide range of operating systems. Yes it's web stuff, again, but surprisingly fast, lightweight, and that can recover quite well on unstable networks or when the server has to be restarted, or has gone for lunch. A reason why it may be overlooked is possibly because it's often associated with sausage factories like own/nextcloud, or standalone implementations that are not particularly exciting. What is less known is that many web servers come with their own '''WebDAV''' implementation. Out of the usual suspects, '''nginx''', '''Apache''', and '''lighttpd''', the latter has both the most lightweight and most complete implementation. No need for anything else! | ||
In these notes we only cover a simple LAN setup, you can build upon it for more complex use case of course. | In these notes we only cover a simple LAN setup, you can build upon it for more complex use case of course. | ||
Line 5: | Line 5: | ||
== Server side == | == Server side == | ||
=== Installation === | === Installation === | ||
* This is for Debian, but you're smart | * This is for Debian, but I know you're smart, you will figure it out for <code>${FLAVOUR_OF_THE_MONTH_DISTRO}</code> | ||
sudo apt install lighttpd lighttpd-mod-webdav | sudo apt install lighttpd lighttpd-mod-webdav | ||
=== Example Configuration === | === Example Configuration === | ||
Basically the configuration are in <code>/etc/lighttpd/conf-available</code> and with symlinks in <code>/etc/lighttpd/conf-enabled</code>. '''In our simple example we have three shared folders, one that can be mounted read-only by anyone, and two that are read-write but | Basically the configuration that matters for now are in <code>/etc/lighttpd/conf-available</code> and with symlinks in <code>/etc/lighttpd/conf-enabled</code>. '''In our simple example we will have three shared folders, one that can be mounted read-only by anyone, and two that are read-write but require a username and password'''. | ||
* By default a temp config file called <code>99-unconfigured.conf</code> provides a generic landing page. We don't need it and we just have to enable the authentication config. | * By default a temp config file called <code>99-unconfigured.conf</code> provides a generic landing page. We don't need it and we just have to enable the authentication config. | ||
Line 61: | Line 61: | ||
</pre> | </pre> | ||
Now if you wonder what kind of magic will happen so that the lighttpd process, local and remote users can happily edit the same files, well, none. It won't work and you will be sad. Then you will start binge drinking to forget about server administration | Now if you wonder what kind of magic will happen so that the lighttpd process, local and remote users can happily live together ever after, and edit the same files, well, none. It won't happen just like this, it does not work and you will be sad. Then you will start binge drinking to forget about server administration. You will go in the streets, pick up fights with strangers who are in a much better physical condition because they don't spend hours configuring neovim plugins that ''you haven't even used once''. It will be painful. So to avoid this unfortunate situation you need to do two things: | ||
* First, the folder needs to be group-owned by the lighttpd process owner, in | |||
* First, the folder needs to be group-owned by the lighttpd process owner, in our case, on Debian, it's <code>www-data</code>. You also need to set the group ID bit on the folder you intend to use as WedDAV share, so that all newly created files will inherit the group ownership of this folder. | |||
sudo chown regular_user:www-data /local/path/to/readwrite1 | sudo chown regular_user:www-data /local/path/to/readwrite1 | ||
sudo chmod g+ws /local/path/to/readwrite1 | sudo chmod g+ws /local/path/to/readwrite1 | ||
* Second, you need to change the way lighttpd is started so that its umask is set in a way that any permission may be set for user and group (default is just user). On a systemd based system you need to edit <code>/etc/systemd/system/lighttpd.service</code> | * Second, you need to change the way lighttpd is started so that its umask is set in a way that any permission may be set for user and group (default is just user). On a systemd based system (haters gonna hate) you need to edit <code>/etc/systemd/system/lighttpd.service</code> like this: | ||
ExecStart=/bin/sh -c 'umask 002;/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf' | ExecStart=/bin/sh -c 'umask 002;/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf' | ||
That's it, you have a working simple LAN filesharing with WebDAV check the documentation for more options, and more fun config time. | That's it, you have a working simple LAN filesharing with WebDAV check the documentation for more options, and more fun config time, at home, where it's much safer for you. | ||
== Client side == | == Client side == | ||
Line 75: | Line 76: | ||
=== Linux filesystem === | === Linux filesystem === | ||
Mounting a WebDAV on Linux is straightforward with <code>davfs2</code> and requires minimal configuration. <code>davfs2</code> is also able to recover quite well from disconnections and potential read/write fuckery (there is a daemon and a local cache, but you don't need to worry about this). If the server is dead, that you need to poweroff your machine, and you still have something mounted, it's a good idea to unmount things first to speed up shutdown. No it won't lock like a shit | Mounting a WebDAV on Linux is straightforward with <code>davfs2</code> and requires minimal configuration. <code>davfs2</code> is also able to recover quite well from disconnections and potential read/write fuckery (there is a daemon and a local cache, but you don't need to worry about this). If the server is dead, that you need to poweroff your machine, and you still have something mounted, it's a good idea to unmount things first to speed up shutdown. No it won't lock like a little NFS shit but there is a timeout and you're a busy person. | ||
* To mount manually the read-only folder from above: | * To mount manually the read-only folder from above: | ||
sudo apt install davfs2 | sudo apt install davfs2 | ||
Line 92: | Line 93: | ||
=== FreeBSD filesystem === | === FreeBSD filesystem === | ||
At time of writing, davfs2 is being ported to FreeBSD by its author. Don't hold your breath, but hopefully this will | On FreeBSD it's basically the same as on Linux. lol. Of course not! What did you think? That would be too easy. You need to work hard to earn your condescending smug BSD coolness. At time of writing, <code>davfs2</code> is being [https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267518 ported to FreeBSD by its author]. Don't hold your breath, but hopefully this will happen because the FreeBSD usual way to mount WebDAV stuff with <code>mount.webdavfs</code> just sucks ("Device not configured" on certain reading operations, not able to recover when the server disconnects). As a workaround, the all-you-can-eat-software-buffet <code>rclone</code> is the only reliable way to have WebDAV mounted in a FreeBSD filesystem. | ||
* installation | |||
pkg install rclone # yeah yeah you can use portmaster and disable stuff you will regret later | |||
* load fuse | |||
sudo kldload fusefs | |||
* to make it permanent add the following to <code>/boot/loader.conf</code> | |||
# Filesystems in Userspace | |||
fusefs_load="YES | |||
* create a <code>~/.config/rclone/rclone.conf</code> config file with: | |||
<pre> | |||
[192.168.100.100] | |||
type = webdav | |||
url = http://192.168.100.100/ | |||
vendor = other | |||
user = turtleprincess | |||
pass = SEE_BELOW | |||
</pre> | |||
* generate the password with this: | |||
echo "heygirl" | rclone obscure - | |||
* test if it works | |||
sudo mkdir /mnt/readwrite2 | |||
sudo chown user:user /mnt/readwrite2 | |||
rclone mount 192.168.100.100:readwrite2 /mnt/readwrite2/ --vfs-cache-mode writes --daemon | |||
You can also make entries in your <code>/etc/fstab</code> | |||
* rclone can't really be used directly, so we will trick fuse | |||
sudo ln -s /usr/local/bin/rclone /usr/local/bin/mount.rclone | |||
* in <code>/etc/fstab</code> | |||
<pre> | |||
# My cool LAN WebDAV thing | |||
192.168.100.100:readonly /mnt/readonly fuse noauto,ro,mountprog=/usr/local/bin/mount.rclone | |||
192.168.100.100:readwrite1 /mnt/readwrite1 fuse noauto,rw,mountprog=/usr/local/bin/mount.rclone | |||
192.168.100.100:readwrite1 /mnt/readwrite1 fuse noauto,rw,mountprog=/usr/local/bin/mount.rclone | |||
</pre> | |||
=== Nautilus === | === Nautilus === | ||
For those into GUI, WebDAV is really to access thanks to the | For those into GUI (not judging, it's a free country) WebDAV is really easy to access thanks to the GVfs daemon. It's also a solid option in terms of recovery and making sure little to no fuckery is possible when writing on an unstable network. In practice, click on the "other" location button on the left pane, choose WedDAV and enter the URL in the form of <code>dav://192.168.100.100/readwrite1</code> and give your credentials. The only caveat is that the mounted folder name will be the server name, only the server name (IP in this case), so you may want to add your share to the bookmarks, and rename the bookmark to something more meaningful. | ||
=== Android === | === Android === | ||
Several commercial, closed source options. | Several commercial, closed source options. We don't talk to these people. There are however three interesting FLOSS options: | ||
* https://github.com/newhinton/Round-Sync - super complete, multiple network file storage supported (based on rclone) | * https://github.com/newhinton/Round-Sync - super complete, multiple network file storage supported (based on rclone) | ||
* https://github.com/phpbg/easysync - minimal automated WebDAV sync for the usual Android user data folders | * https://github.com/phpbg/easysync - minimal automated WebDAV sync for the usual Android user data folders | ||
Line 107: | Line 142: | ||
* https://github.com/cy33hc/switch-ezremote-client - simple file browser/editor | * https://github.com/cy33hc/switch-ezremote-client - simple file browser/editor | ||
* https://github.com/J-D-K/JKSV - popular save file manager, a WebDAV folder can be the default folder to export save backups | * https://github.com/J-D-K/JKSV - popular save file manager, a WebDAV folder can be the default folder to export save backups | ||
== Pro Tips == | |||
* IPs are used above but you can use a local DNS or make use of your local <code>/etc/hosts</code> files to give a nice name to your WedDAV server, look into RFC 8375 for pointers. | |||
* To debug things if things are not behaving as nice things: | |||
lighttpd-enable-mod accesslog | |||
systemctl restart lighttpd | |||
tail -f /var/log/lighttpd/access.log | |||
# 17.4 hours later | |||
# Problem solved at last | |||
lighttpd-disable-mod accesslog | |||
systemctl restart lighttpd | |||
[[Category: WebDAV]] |
Latest revision as of 23:16, 18 March 2024
WebDAV is both a quite popular and yet overlooked way to access and edit files remotely across a wide range of operating systems. Yes it's web stuff, again, but surprisingly fast, lightweight, and that can recover quite well on unstable networks or when the server has to be restarted, or has gone for lunch. A reason why it may be overlooked is possibly because it's often associated with sausage factories like own/nextcloud, or standalone implementations that are not particularly exciting. What is less known is that many web servers come with their own WebDAV implementation. Out of the usual suspects, nginx, Apache, and lighttpd, the latter has both the most lightweight and most complete implementation. No need for anything else!
In these notes we only cover a simple LAN setup, you can build upon it for more complex use case of course.
Server side
Installation
- This is for Debian, but I know you're smart, you will figure it out for
${FLAVOUR_OF_THE_MONTH_DISTRO}
sudo apt install lighttpd lighttpd-mod-webdav
Example Configuration
Basically the configuration that matters for now are in /etc/lighttpd/conf-available
and with symlinks in /etc/lighttpd/conf-enabled
. In our simple example we will have three shared folders, one that can be mounted read-only by anyone, and two that are read-write but require a username and password.
- By default a temp config file called
99-unconfigured.conf
provides a generic landing page. We don't need it and we just have to enable the authentication config.
sudo lighttpd-disable-mod unconfigured sudo lighttpd-enable-mod auth
- Create a user and password for the read-write share
sudo apt install apache2-utils sudo htpasswd -c /etc/lighttpd/user.htpasswd turtleprincess heygirl
- create a new configuration file
/etc/lighttpd/conf-available/66-webdav.conf
with the following:
server.modules += ( "mod_webdav" ) dir-listing.encoding = "utf-8" # This is needed for keepings tracks of locks and props which # are needed for shares that can be edited webdav.sqlite-db-name = "/var/cache/lighttpd/lighttpd.webdav.db" # auth server.modules += ("mod_authn_file") auth.backend = "htpasswd" auth.backend.htpasswd.userfile = "/etc/lighttpd/user.htpasswd" auth.require = ( "/readwrite1" => ( "method" => "basic", "realm" => "YOU WOT MATE", "require" => "valid-user" ), "/readwrite2" => ( "method" => "basic", "realm" => "YOU WOT MATE", "require" => "valid-user" )) # read-only stuff $HTTP["url"] =~ "^/readonly(?:/|$)" { alias.url = ( "/readonly" => "/local/path/to/readonly" ) dir-listing.activate = "enable" webdav.activate = "enable" webdav.is-readonly = "enable" } # shared pit of madness # for users listed in /etc/lighttpd/user.htpasswd $HTTP["url"] =~ "^/readwrite1(?:/|$)" { alias.url = ( "/readwrite1" => "/local/path/to/readwrite1" ) dir-listing.activate = "enable" webdav.activate = "enable" webdav.is-readonly = "disable" } $HTTP["url"] =~ "^/readwrite2(?:/|$)" { alias.url = ( "/readwrite2" => "/local/path/to/readwrite2" ) dir-listing.activate = "enable" webdav.activate = "enable" webdav.is-readonly = "disable" }
Now if you wonder what kind of magic will happen so that the lighttpd process, local and remote users can happily live together ever after, and edit the same files, well, none. It won't happen just like this, it does not work and you will be sad. Then you will start binge drinking to forget about server administration. You will go in the streets, pick up fights with strangers who are in a much better physical condition because they don't spend hours configuring neovim plugins that you haven't even used once. It will be painful. So to avoid this unfortunate situation you need to do two things:
- First, the folder needs to be group-owned by the lighttpd process owner, in our case, on Debian, it's
www-data
. You also need to set the group ID bit on the folder you intend to use as WedDAV share, so that all newly created files will inherit the group ownership of this folder.
sudo chown regular_user:www-data /local/path/to/readwrite1 sudo chmod g+ws /local/path/to/readwrite1
- Second, you need to change the way lighttpd is started so that its umask is set in a way that any permission may be set for user and group (default is just user). On a systemd based system (haters gonna hate) you need to edit
/etc/systemd/system/lighttpd.service
like this:
ExecStart=/bin/sh -c 'umask 002;/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf'
That's it, you have a working simple LAN filesharing with WebDAV check the documentation for more options, and more fun config time, at home, where it's much safer for you.
Client side
Web browser
The nice advantage of the setup above is that all the files can be readily browsed at the local IP of the machine running lighttpd, for instance http://192.168.100.100/readonly. If you're into web stuff have a look at https://github.com/dom111/webdav-js, it would be really trivial to serve this js file with the lighttpd server and provide more functionality than just browsing and downloading.
Linux filesystem
Mounting a WebDAV on Linux is straightforward with davfs2
and requires minimal configuration. davfs2
is also able to recover quite well from disconnections and potential read/write fuckery (there is a daemon and a local cache, but you don't need to worry about this). If the server is dead, that you need to poweroff your machine, and you still have something mounted, it's a good idea to unmount things first to speed up shutdown. No it won't lock like a little NFS shit but there is a timeout and you're a busy person.
- To mount manually the read-only folder from above:
sudo apt install davfs2 sudo mount -t davfs http://192.168.100.100/readonly /mnt/readonly
- To remember username passwords you can create a personal
~/davfs2/secrets
file with:
http://192.168.100.100/readwrite1 turtleprincess heygirl http://192.168.100.100/readwrite2 turtleprincess heygirl etc
- You can also have everything configured in your
/etc/fstab
and then mount everything as a regular user:
# My cool LAN WebDAV thing http://192.168.100.100/readonly /mnt/readonly/ davfs user,uid=username,noauto 0 0 http://192.168.100.100/readwrite1 /mnt/readonly/ davfs user,uid=username,noauto 0 0 http://192.168.100.100/readwrite2 /mnt/readonly/ davfs user,uid=username,noauto 0 0
FreeBSD filesystem
On FreeBSD it's basically the same as on Linux. lol. Of course not! What did you think? That would be too easy. You need to work hard to earn your condescending smug BSD coolness. At time of writing, davfs2
is being ported to FreeBSD by its author. Don't hold your breath, but hopefully this will happen because the FreeBSD usual way to mount WebDAV stuff with mount.webdavfs
just sucks ("Device not configured" on certain reading operations, not able to recover when the server disconnects). As a workaround, the all-you-can-eat-software-buffet rclone
is the only reliable way to have WebDAV mounted in a FreeBSD filesystem.
- installation
pkg install rclone # yeah yeah you can use portmaster and disable stuff you will regret later
- load fuse
sudo kldload fusefs
- to make it permanent add the following to
/boot/loader.conf
# Filesystems in Userspace fusefs_load="YES
- create a
~/.config/rclone/rclone.conf
config file with:
[192.168.100.100] type = webdav url = http://192.168.100.100/ vendor = other user = turtleprincess pass = SEE_BELOW
- generate the password with this:
echo "heygirl" | rclone obscure -
- test if it works
sudo mkdir /mnt/readwrite2 sudo chown user:user /mnt/readwrite2 rclone mount 192.168.100.100:readwrite2 /mnt/readwrite2/ --vfs-cache-mode writes --daemon
You can also make entries in your /etc/fstab
- rclone can't really be used directly, so we will trick fuse
sudo ln -s /usr/local/bin/rclone /usr/local/bin/mount.rclone
- in
/etc/fstab
# My cool LAN WebDAV thing 192.168.100.100:readonly /mnt/readonly fuse noauto,ro,mountprog=/usr/local/bin/mount.rclone 192.168.100.100:readwrite1 /mnt/readwrite1 fuse noauto,rw,mountprog=/usr/local/bin/mount.rclone 192.168.100.100:readwrite1 /mnt/readwrite1 fuse noauto,rw,mountprog=/usr/local/bin/mount.rclone
Nautilus
For those into GUI (not judging, it's a free country) WebDAV is really easy to access thanks to the GVfs daemon. It's also a solid option in terms of recovery and making sure little to no fuckery is possible when writing on an unstable network. In practice, click on the "other" location button on the left pane, choose WedDAV and enter the URL in the form of dav://192.168.100.100/readwrite1
and give your credentials. The only caveat is that the mounted folder name will be the server name, only the server name (IP in this case), so you may want to add your share to the bookmarks, and rename the bookmark to something more meaningful.
Android
Several commercial, closed source options. We don't talk to these people. There are however three interesting FLOSS options:
- https://github.com/newhinton/Round-Sync - super complete, multiple network file storage supported (based on rclone)
- https://github.com/phpbg/easysync - minimal automated WebDAV sync for the usual Android user data folders
- https://github.com/bitfireAT/davx5-ose - focused on CalDAV/CardDAV but hidden in one menu there is a mini browsing option for WebDAV
Nintendo Switch
Because you know, reasons:
- https://github.com/cy33hc/switch-ezremote-client - simple file browser/editor
- https://github.com/J-D-K/JKSV - popular save file manager, a WebDAV folder can be the default folder to export save backups
Pro Tips
- IPs are used above but you can use a local DNS or make use of your local
/etc/hosts
files to give a nice name to your WedDAV server, look into RFC 8375 for pointers. - To debug things if things are not behaving as nice things:
lighttpd-enable-mod accesslog systemctl restart lighttpd tail -f /var/log/lighttpd/access.log # 17.4 hours later # Problem solved at last lighttpd-disable-mod accesslog systemctl restart lighttpd