WebDAV server with nginx

and how to connect GNOME and Windows 10 client.

WebDAV is a protocol for remote file-system access. It is widely supported across operating systems, for example it works out of the box on Windows 10 as well on Gnome.

Configure nginx

The protocol is based on HTTP and is supported by nginx. The configuration is not simple however.

Make a directory where the shared file system would reside. Make it writable by nginx user, so the users can upload files.

$ sudo mkdir /var/www/webdav.mashnp.sk
$ sudo chown www-data:www-data /var/www/webdav.mashnp.sk

Add some user for authentication. htpasswd would prompt for the password.

$ sudo touch /etc/nginx/webdav.mashnp.sk.passwd 
$ sudo htpasswd /etc/nginx/webdav.mashnp.sk.passwd "username"

Create a virtual server configuration in file /etc/nginx/sites-enabled/webdav.mashnp.sk:

dav_ext_lock_zone zone=a:10m;

server { 
  server_name webdav.mashnp.sk; 
  set $webdav_root "/var/www/webdav.mashnp.sk";
  auth_basic "Úložisko MASHNP";
  auth_basic_user_file /etc/nginx/webdav.mashnp.sk.passwd;
  dav_ext_lock zone=a;

  location / {

	root			$webdav_root;
	error_page		599 = @propfind_handler;
	error_page		598 = @delete_handler;
	error_page		597 = @copy_move_handler;
	open_file_cache		off;
   send_timeout 3600;
   client_body_timeout 3600;
   keepalive_timeout 3600;
   lingering_timeout 3600;
	client_max_body_size	10G;

	if ($request_method = PROPFIND) {
		return 599;
	}
	if ($request_method = PROPPATCH) { # Unsupported, allways return OK.
		add_header	Content-Type 'text/xml';
		return		207 '<?xml version="1.0"?><a:multistatus xmlns:a="DAV:"><a:response><a:propstat><a:status>HTTP/1.1 200 OK</a:status></a:propstat></a:response></a:multistatus>';
	}
	if ($request_method = MKCOL) { # Microsoft specific handle: add trailing slash.
		rewrite ^(.*[^/])$ $1/ break;
	}
	if ($request_method = DELETE) {
		return 598;
	}
	if ($request_method = COPY) {
		return 597;
	}
	if ($request_method = MOVE) {
		return 597;
	}

	dav_methods		PUT MKCOL;
	dav_ext_methods		OPTIONS LOCK UNLOCK;
	create_full_put_path	on;
	min_delete_depth	0;
	dav_access		user:rw group:rw all:rw;

	autoindex		on;
	autoindex_exact_size	on;
	autoindex_localtime	on;
	if ($request_method = OPTIONS) {
		add_header	Allow 'OPTIONS, GET, HEAD, POST, PUT, MKCOL, MOVE, COPY, DELETE, PROPFIND, PROPPATCH, LOCK, UNLOCK';
		add_header	DAV '1, 2';
		return 200;
	}
}
location @propfind_handler {
	internal;

	open_file_cache	off;
	if (!-e $webdav_root/$uri) { # Microsoft specific handle.
		return 404;
	}
	root			$webdav_root;
	dav_ext_methods		PROPFIND;
}
location @delete_handler {
	internal;

	open_file_cache	off;
	if (-d $webdav_root/$uri) { # Microsoft specific handle: Add trailing slash to dirs.
		rewrite ^(.*[^/])$ $1/ break;
	}
	root			$webdav_root;
	dav_methods		DELETE;
}
location @copy_move_handler {
	internal;

	open_file_cache	off;
	if (-d $webdav_root/$uri) { # Microsoft specific handle: Add trailing slash to dirs.
		more_set_input_headers 'Destination: $http_destination/';
		rewrite ^(.*[^/])$ $1/ break;
	}
	root			$webdav_root;
	dav_methods		COPY MOVE;
}

Restart nginx and obtain the certificate.

$ sudo nginx -t
$ sudo systemctl restart nginx
$ sudo certbot --nginx --redirect -d webdav.mashnp.sk

Note that you will not be able to connect with windows 10 client if you use plain http with basic authentication.

Now you should have a running webdav server. You can test with creating a text file in the webdav directory and then visiting https://webdav.mashnp.sk with your browser.

Connect with GNOME

  • Open ‘Files’.
  • Click ‘Other Locations’.
  • In the field labeled ‘Connect to Server’, type address davs://webdav.mashnp.sk.
    Note address with https protocol does not work.
  • Click connect
  • Type in authentication, choose to ‘Remember forever’.
  • Right click the connection label in the side panel, select ‘Add bookmark’.

Connect with Windows

Map a drive

Persistent mapping of a network drive is broken, the drive would not reconnect at startup. This is a known windows limitation for webdav drives with basic or digest authorization, see the explanation.

To work-around, we can create a startup script that would reconnect the drive at startup.

  • Open file explorer, type shell:startup to the address bar.
  • Create a new text document, enter the text:
net use M: https://webdav.mashnp.sk /savecred /persistent:no
  • Save the file as map-network-drive.bat in the startup folder.
  • Execute the file by double clicking on it. Enter the credentials.
    Possibly the credentials would not be required if you have connected the drive before.
  • It is necessary to mount the drive for every user on the system individually.

Fix the security warning

When you drag and drop a file from the shared drive to your local computer,
a warning is displayed saying the files may be harmful.

  • Open control panel, network and internet, internet options.
  • Select security tab, click local intranet icon, click sites button.
  • Click advanced button.
  • Type file:///M:/, click Add.
  • Type https://webdav.mashnp.sk/, click Add.
  • Click close button, ok button.

Fix the maximum file size

By default, the maximum file size to copy is about 50M. When you attempt to copy a larger file you get an error:

0x80070DF: The file size exceeds the limit allowed and cannot be saved.

To fix it:

  • Open registry editor.
  • Locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters
  • Set the parameter FileSizeLimitInBytes to 4294967295 in decimal.
  • Reboot.

Open points

  • The progress is not displayed when copying a big file.
  • Free disk space displayed is incorrect. Disk space of C: drive is shown instead.

1 comment

Leave a comment

Your email address will not be published. Required fields are marked *