summaryrefslogtreecommitdiffstats
path: root/README.md
blob: 7ad80909599722f28aa34d5eb4f11b9d27d6cad1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
## Supported tags

* [`2.4`, `latest` (*stretch/Dockerfile*)](https://github.com/BytemarkHosting/docker-webdav/blob/master/2.4/Dockerfile)

## Quick reference

This image runs an easily configurable WebDAV server with Apache.

* **Code repository:**
  https://github.com/BytemarkHosting/docker-webdav
* **Where to file issues:**
  https://github.com/BytemarkHosting/docker-webdav/issues
* **Maintained by:**
  [Bytemark Hosting](https://www.bytemark.co.uk)
* **Supported architectures:**
  [Any architecture that the `httpd` image supports](https://hub.docker.com/_/httpd/)

## Usage

### Basic WebDAV server

This example starts a WebDAV server.

When using unencrypted HTTP, use `Digest` authentication (instead of `Basic`)
to avoid sending plaintext passwords in the clear.

To make sure your data doesn't get deleted, you'll probably want to create a
persistent storage volume (`-v vol-webdav:/var/lib/dav`) or bind mount a
directory (`-v /path/to/directory:/var/lib/dav`):

```
docker run --restart always -v /srv/dav:/var/lib/dav \
    -e AUTH_TYPE=Digest -e USERNAME=alice -e PASSWORD=secret1234 \
    --publish 80:80 -d bytemark/webdav

```

#### Via Docker Compose:

```
version: '3'
services:
  mail:
    image: bytemark/webdav
    restart: always
    ports:
      - "80:80"
    environment:
      AUTH_TYPE: Digest
      USERNAME: alice
      PASSWORD: secret1234
    volumes:
      - /srv/dav:/var/lib/dav

```
### Secure WebDAV with SSL

We recommend you use a reverse proxy (eg, Traefik) to handle SSL certificates.

If you're happy with a self-signed certificate, you can specify `-e
SSL_CERT=selfsigned` and the container will generate one for you.

```
docker run --restart always -v /srv/dav:/var/lib/dav \
    -e AUTH_TYPE=Basic -e USERNAME=test -e PASSWORD=test \
    -e SSL_CERT=selfsigned --publish 443:443 -d bytemark/webdav

```

### Authenticate multiple clients

Specifying `USERNAME` and `PASSWORD` only supports a single user. Bind mount
your own file to `/user.passwd` and the container will use that instead.

If using `Basic` authentication, run the following commands:

```
touch user.passwd
htpasswd -B user.passwd alice
htpasswd -B user.passwd bob

```

If using `Digest` authentication, run the following commands. (NB: The default
`REALM` is `WebDAV`. If you specify your own `REALM`, you'll need to run
`htdigest` again with the new name.)


```
touch user.passwd
htdigest user.passwd WebDAV alice
htdigest user.passwd WebDAV bob

```

Once you've created your own `user.passwd`, bind mount it into your container
with `-v /path/to/user.passwd:/user.passwd`.

### Environment variables

All environment variables are optional. You probably want to at least specify
`USERNAME` and `PASSWORD` (or bind mount your own authentication file to
`/user.passwd`) otherwise nobody will be able to access your WebDAV server!

* **`SERVER_NAMES`**: Comma-separated list of domains (eg,
  `example.com,www.example.com`). The first is set as the
  [ServerName](https://httpd.apache.org/docs/current/mod/core.html#servername),
  and the rest (if any) are set as
  [ServerAlias](https://httpd.apache.org/docs/current/mod/core.html#serveralias).
  The default is `localhost`.
* **`LOCATION`**: The URL path for WebDAV (eg, if set to `/webdav` then clients
  should connect to `example.com/webdav`). The default is `/`.
* **`AUTH_TYPE`**: Apache authentication type to use. This can be `Basic` (best
  choice for HTTPS) or `Digest` (best choice for HTTP). The default is `Basic`.
* **`REALM`**: Sets
  [AuthName](https://httpd.apache.org/docs/current/mod/mod_authn_core.html#authname),
  an identifier that is displayed to clients when they connect. The default is
  `WebDAV`.
* **`USERNAME`**: Authenticate with this username (and the password below).
  This is ignored if you bind mount your own authentication file to
  `/user.passwd`.
* **`PASSWORD`**: Authenticate with this password (and the username above).
  This is ignored if you bind mount your own authentication file to
  `/user.passwd`.
* **`ANONYMOUS_METHODS`**: Comma-separated list of HTTP request methods (eg,
  `GET,POST,OPTIONS,PROPFIND`). Clients can use any method you specify here
  without authentication. Set to `ALL` to disable authentication. The default
  is to disallow any anonymous access.
* **`SSL_CERT`**: Set to `selfsigned` to generate a self-signed certificate and
  enable Apache's SSL module. If you specify `SERVER_NAMES`, the first domain
  is set as the Common Name.