Apache SSL WebDav Server
While DropBox and other online storage solotuoin are good I find I'm always running out of space and not wanting to choose what files I deiced to build a DropBox like Cloud storage server.
The solution that have come up with uses two network protocols Webdav. I have used WebDav used for the external network access as it design to work over HTTP & HTTPS. While you can use SMB over the internet the performance can be slow over a link that has a high latency which most home internet connection likely have.
WebDav can run over HTTPS so that information accessed over the internet is enycpted.
I've used Unison is a file-synchronization to sync the Files
All of this is running on ubuntu Linux using the Apache WebServer.
A few points to notice before you start
You may need to check what your ISP terms are and id you are allowed to run a web server on your connection also you need to check your up load speed as if you want to stream movies you'll need at least 256 KB
You also need to understand that when ever you allow access to a computer on your network from the internet you are opening it up to attack to protect remember to choose secure passwords.
The solution that have come up with uses two network protocols Webdav. I have used WebDav used for the external network access as it design to work over HTTP & HTTPS. While you can use SMB over the internet the performance can be slow over a link that has a high latency which most home internet connection likely have.
WebDav can run over HTTPS so that information accessed over the internet is enycpted.
I've used Unison is a file-synchronization to sync the Files
All of this is running on ubuntu Linux using the Apache WebServer.
A few points to notice before you start
You may need to check what your ISP terms are and id you are allowed to run a web server on your connection also you need to check your up load speed as if you want to stream movies you'll need at least 256 KB
You also need to understand that when ever you allow access to a computer on your network from the internet you are opening it up to attack to protect remember to choose secure passwords.
What You Need
A Computer to use for the server (you could run the server on a virtual machine meaning you wouldn't need a 2nd machine)
A copy of Ubuntu Server 10.4 ready to install
An active network internet connection
A copy of Ubuntu Server 10.4 ready to install
An active network internet connection
Install Ubuntu
If you haven't already download Ubuntu 10.04 from here
The instruction for booting the computer from CD or USB are on the ubuntu website
Installing the software is straight forward. You can go ahead and just select the default install parameters
A few things to notices during the install
When you are asked portioning the disk its best to select guided and use the whole disk.
An optional step is to install Openssh server this will enable you to access the CLI of you server from another computer using an SSH client
Once the install is finished reboot the machine and logon as we need to change the ip address for DHCP to Static one
$ sudo nano /etc/network/interfaces
If you are using DHCP for your primary network card which is usually eth0, you will see the following lines
auto eth0
iface eth0 inet dhcp
We are going to change dhcp to static, here is an example you need to change these settings according to your network settings.
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
Restart the neworking service using the following command
$ sudo /etc/init.d/networking restart
The instruction for booting the computer from CD or USB are on the ubuntu website
Installing the software is straight forward. You can go ahead and just select the default install parameters
A few things to notices during the install
When you are asked portioning the disk its best to select guided and use the whole disk.
An optional step is to install Openssh server this will enable you to access the CLI of you server from another computer using an SSH client
Once the install is finished reboot the machine and logon as we need to change the ip address for DHCP to Static one
$ sudo nano /etc/network/interfaces
If you are using DHCP for your primary network card which is usually eth0, you will see the following lines
auto eth0
iface eth0 inet dhcp
We are going to change dhcp to static, here is an example you need to change these settings according to your network settings.
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.1
Restart the neworking service using the following command
$ sudo /etc/init.d/networking restart
Install Apache SSL
WebDAV run on a web server we are going to install Apache which is a widely used open source web server.
To install Apache and SSL (SSL enables us to use HTTPS)
$ sudo apt-get install apache2 libapache2-mod-auth-mysql
You'll be asked to confirm that you wish to install the programs
Now we need setup and generate a cerfitecart for the web server
$ sudo openssl genrsa -des3 -out server.key 1024
You'll be asked to enter a pass phrase. This pass phrase can be anything
$ sudo openssl rsa -in server.key -out server.key.insecure
You'll be asked for the pass parse you used in the privours step.
This command generates the certificate you will be asked to fill in some details
$ sudo openssl req -new -key server.key -out server.csr
$ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The certificate now need coping in to the SSL directory
$ sudo cp server.crt /etc/ssl/certs
$ sudo cp server.key /etc/ssl/private
I won't go in to much detail about SSL & certificates here but if you'd like to know more then read more about certificates here
https://help.ubuntu.com/10.04/serverguide/C/certificates-and-security.html
Now wee need to enable to SSL site
$ sudo a2enmod ssl
$ sudo a2ensite default-ssl
The web server needs to be restarted for the change to take place
$ sudo /etc/init.d/apache2 restart
you should now be able to access the server by typing https://IPADDRESS in to your internet browser
You'll get a certificate warning about it not being from a trust source you need to click on more details to check that it is the right computer you are connecting to.
To install Apache and SSL (SSL enables us to use HTTPS)
$ sudo apt-get install apache2 libapache2-mod-auth-mysql
You'll be asked to confirm that you wish to install the programs
Now we need setup and generate a cerfitecart for the web server
$ sudo openssl genrsa -des3 -out server.key 1024
You'll be asked to enter a pass phrase. This pass phrase can be anything
$ sudo openssl rsa -in server.key -out server.key.insecure
You'll be asked for the pass parse you used in the privours step.
This command generates the certificate you will be asked to fill in some details
$ sudo openssl req -new -key server.key -out server.csr
$ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The certificate now need coping in to the SSL directory
$ sudo cp server.crt /etc/ssl/certs
$ sudo cp server.key /etc/ssl/private
I won't go in to much detail about SSL & certificates here but if you'd like to know more then read more about certificates here
https://help.ubuntu.com/10.04/serverguide/C/certificates-and-security.html
Now wee need to enable to SSL site
$ sudo a2enmod ssl
$ sudo a2ensite default-ssl
The web server needs to be restarted for the change to take place
$ sudo /etc/init.d/apache2 restart
you should now be able to access the server by typing https://IPADDRESS in to your internet browser
You'll get a certificate warning about it not being from a trust source you need to click on more details to check that it is the right computer you are connecting to.
Install WebDAV
So far we have installed Apache with SSL support now we need to install and configure WebDav.
First the WebDAV modules need enabling
$ sudo a2enmod dav_fs
$ sudo a2enmod dav
Now we need to create a directory to share.
$ mkdir webdav
If you are a different username replace it in the above command and the following ones
We need to give the web server and the user access to the webdav folder
$sudo chown www-data:user /home/user/webdav
Next we have to setup a password
$ sudo a2enmod auth_digest
This is where we are going to sort the password file
$ sudo mkdir /etc/password
This command creates the password
$ sudo htdigest -c /etc/password/digest-password cloudspace cloud
You will be asked to type in a password you really need to select a strong password as this page will be external accessibly.
Now we need to edit the default-ssl config files
$ sudo nano /etc/apache2/sites-enabled/default-ssl
You need to find the part of the file that says
CustomLog /var/log/apache2/ssl_access.log combined
under that you need to place the following in to the file
Alias /webdav /home/user/webdav
#
<Directory /home/user/webdav/>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
#
<Location /webdav>
DAV On
AuthType Digest
AuthName "cloudspace"
AuthUserFile /etc/password/digest-password
Require valid-user
</Location>
Now all we need to do is restart the webserver
$ sudo /etc/init.d/apache2 restart
You should now be able to access the WebDAV folder by going to https://IPADDRESS/webdav
First the WebDAV modules need enabling
$ sudo a2enmod dav_fs
$ sudo a2enmod dav
Now we need to create a directory to share.
$ mkdir webdav
If you are a different username replace it in the above command and the following ones
We need to give the web server and the user access to the webdav folder
$sudo chown www-data:user /home/user/webdav
Next we have to setup a password
$ sudo a2enmod auth_digest
This is where we are going to sort the password file
$ sudo mkdir /etc/password
This command creates the password
$ sudo htdigest -c /etc/password/digest-password cloudspace cloud
You will be asked to type in a password you really need to select a strong password as this page will be external accessibly.
Now we need to edit the default-ssl config files
$ sudo nano /etc/apache2/sites-enabled/default-ssl
You need to find the part of the file that says
CustomLog /var/log/apache2/ssl_access.log combined
under that you need to place the following in to the file
Alias /webdav /home/user/webdav
#
<Directory /home/user/webdav/>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
#
<Location /webdav>
DAV On
AuthType Digest
AuthName "cloudspace"
AuthUserFile /etc/password/digest-password
Require valid-user
</Location>
Now all we need to do is restart the webserver
$ sudo /etc/init.d/apache2 restart
You should now be able to access the WebDAV folder by going to https://IPADDRESS/webdav
External Access & Syncing
To Enable external Access you will need to configure your router to forward incoming connection to port 443 to your server:443. If you read the manual for you router it should tell you how to do it.
Once this done you'll be able to access your server using your external ipaddress. You can get a free domain name that will redirect domain name to your server, I've used the dyndns service.
To keep you files synced i've used the program Unison synchronisation there is a client available for Windows Mac and Linux.
Once this done you'll be able to access your server using your external ipaddress. You can get a free domain name that will redirect domain name to your server, I've used the dyndns service.
To keep you files synced i've used the program Unison synchronisation there is a client available for Windows Mac and Linux.