Apache SSL WebDav Server

by koff1979 in Circuits > Linux

34096 Views, 18 Favorites, 0 Comments

Apache SSL WebDav Server

tux.jpg
Ubuntu 10-11.png
webdac.jpeg
apache.jpeg
dnsflow.jpeg
While DropBox and other online storage solotuoin are good I find I'm always running out of space and not wanting to choose what files I deiced to build a DropBox like Cloud storage server.


The solution that have come up with uses two network protocols Webdav. I have used WebDav used for the external network access as it design to work over HTTP & HTTPS. While you can use SMB over the internet the performance can be slow over a link that has a high latency which most home internet connection likely have.

WebDav can run over HTTPS so that information accessed over the internet is enycpted.

I've used Unison is a file-synchronization to sync the Files

All of this is running on ubuntu Linux using the Apache WebServer.

A few points to notice before you start

You may need to check what your ISP terms are and id you are allowed to run a web server on your connection also you need to check your up load speed as if you want to stream movies you'll need at least 256 KB

You also need to understand that when ever you allow access to a computer on your network from the internet you are opening it up to attack to protect remember to choose secure passwords.

What You Need

Ubuntu 10-11.png
A Computer to use for the server (you could run the server on a virtual machine meaning you wouldn't need a 2nd machine)

A copy of Ubuntu Server 10.4 ready to install

An active network internet connection

Install Ubuntu

download.jpeg
If you haven't already download Ubuntu 10.04 from here

The instruction for booting the computer from CD or USB are on the ubuntu website

Installing the software is straight forward. You can go ahead and just select the default install parameters


A few things to notices during the install

When you are asked portioning the disk its best to select guided and use the whole disk.

An optional step is to install Openssh server this will enable you to access the CLI of you server from another computer using an SSH client

Once the install is finished reboot the machine and logon as we need to change the ip address for DHCP to Static one

$ sudo nano /etc/network/interfaces

If you are using DHCP for your primary network card which is usually eth0, you will see the following lines

auto eth0
iface eth0 inet dhcp

We are going to change dhcp to static, here is an example you need to change these settings according to your network settings.

auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1

Restart the neworking service using the following command

$ sudo /etc/init.d/networking restart


Install Apache SSL

apache.jpeg
WebDAV run on a web server we are going to install Apache which is a widely used open source web server.

To install Apache and SSL (SSL enables us to use HTTPS)

$ sudo apt-get install apache2 libapache2-mod-auth-mysql

You'll be asked to confirm that you wish to install the programs

Now we need setup and generate a cerfitecart for the web server

$ sudo openssl genrsa -des3 -out server.key 1024

You'll be asked to enter a pass phrase. This pass phrase can be anything

$ sudo openssl rsa -in server.key -out server.key.insecure

You'll be asked for the pass parse you used in the privours step.

This command generates the certificate you will be asked to fill in some details

$ sudo openssl req -new -key server.key -out server.csr

$ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

The certificate now need coping in to the SSL directory

$ sudo cp server.crt /etc/ssl/certs
$ sudo cp server.key /etc/ssl/private

I won't go in to much detail about SSL & certificates here but if you'd like to know more then read more about certificates here

https://help.ubuntu.com/10.04/serverguide/C/certificates-and-security.html

Now wee need to enable to SSL site

$ sudo a2enmod ssl

$ sudo a2ensite default-ssl

The web server needs to be restarted for the change to take place

$ sudo /etc/init.d/apache2 restart

you should now be able to access the server by typing https://IPADDRESS in to your internet browser

You'll get a certificate warning about it not being from a trust source you need to click on more details to check that it is the right computer you are connecting to.

Install WebDAV

webdac.jpeg
So far we have installed Apache with SSL support now we need to install and configure WebDav.

First the WebDAV modules need enabling

$ sudo a2enmod dav_fs
$ sudo a2enmod dav

Now we need to create a directory to share.

$ mkdir webdav

If you are a different username replace it in the above command and the following ones

We need to give the web server and the user access to the webdav folder

$sudo chown www-data:user /home/user/webdav

Next we have to setup a password

$ sudo a2enmod auth_digest

This is where we are going to sort the password file

$ sudo mkdir /etc/password

This command creates the password

$ sudo htdigest -c /etc/password/digest-password cloudspace cloud

You will be asked to type in a password you really need to select a strong password as this page will be external accessibly.

Now we need to edit the default-ssl config files

$ sudo nano /etc/apache2/sites-enabled/default-ssl

You need to find the part of the file that says

CustomLog /var/log/apache2/ssl_access.log combined

under that you need to place the following in to the file

Alias /webdav /home/user/webdav
#
<Directory /home/user/webdav/>
   Options Indexes MultiViews
   AllowOverride None
   Order allow,deny
   allow from all
</Directory>
#
<Location /webdav>
  DAV On
  AuthType Digest
  AuthName "cloudspace"
  AuthUserFile /etc/password/digest-password
  Require valid-user
</Location>

Now all we need to do is restart the webserver

$ sudo /etc/init.d/apache2 restart

You should now be able to access the WebDAV folder by going to https://IPADDRESS/webdav

External Access & Syncing

dnsflow.jpeg
To Enable external Access you will need to configure your router to forward incoming connection to port 443 to your server:443. If you read the manual for you router it should tell you how to do it.

Once this done you'll be able to access your server using your external ipaddress. You can get a free domain name that will redirect  domain name to your server, I've used the dyndns service.

To keep you files synced i've used the program Unison synchronisation there is a client available for Windows Mac and Linux.