...
Apache HTTPD setup
Describes how to setup an Apache WebServer, used for file exchange, in a Bit Repository BitRepository system.
Lighttpd
Enabling upload (WebDAV):
Add "mod_webdav" to server.modules, and configure it:
Code Block |
---|
webdav.activate = "enable"
webdav.is-readonly = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
|
Enabling SSL (HTTPS) on port 443:
Code Block |
---|
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/path/to/server.pem"
ssl.ca-file = "/path/to/ca.crt"
}
|
To enable client authentication add the following to the configuration:
Code Block |
---|
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "enable"
#ssl.verifyclient.depth = "1" # Should possibly be enabled in the future
ssl.verifyclient.username = "SSL_CLIENT_S_DN_CN"
|
...
Apache2
Install Apache2, mod_ssl and mod_dav if not pre-installed.
Debian based systems
Code Block |
---|
$ a2enmod dav dav_fs dav_lock # Enable DAV
$ mkdir /path/to/www/dav # Create directory for DAV
$ chown www-data:wwwdata /path/to/www/dav
$ a2enmod ssl # Enable SSL
$ a2ensite default-ssl # Enable SSL site
|
RHEL
- yum install httpd mod_ssl
- mkdir -p /path/to/www/dav/
- chown apache:apche /path/to/www/dav/
- vim /etc/httpd/conf/httpd.conf (and change ServerName and enable WebDAV)
- mkdir /etc/httpd/ssl/
- generate self-signed key to /etc/httpd/ssl (and make sure it's only accessible by apache:
chown apache:apache /path/to/server.key && chmod 600 /path/to/server.key
) - vim /etc/httpd/conf.d/ssl.conf
- service httpd start
- chkconfig httpd on
SSL Setup
Setup the SSL site (on debian /etc/apache2/sites-available/default-ssl, redhat: /etc/httpd/conf.d/ssl.conf) to use the relevant keys and certificates (see Create self signed certificate):
Code Block |
---|
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
SSLCACertificateFile /path/to/trusted.crt
SSLVerifyClient require
SSLVerifyDepth 0
|
SSLCACertificateFile is a concatenation of client certificates in PEM format (i.e. cat trusted_certs/*.crt > trusted.crt
).
DAV Setup
To enable DAV on a specific location (it's not enabled for any directory by default), edit either ssl.conf
(or default-ssl
for debian) and add the following:
Code Block |
---|
Alias /dav/ /var/www/dav/
<Location /dav>
Dav On
</Location>
|
The alias is needed since the directory is outside of the document root.
If the DAV directory should be accessible over HTTP (NOT advisable) add a similar configuration fragment to httpd.conf
(or sites-enabled/000-default
for debian).
If the above doesn't work (or the DAV directory isn't placed in the document root, the following can be used instead:
Code Block |
---|
Alias /dav/ /path/to/dav/
<Directory /path/to/dav>
Dav On
</Directory>
|
Code Block |
---|
$ /etc/init.d/apache2 restart # Finally restart apache
or
$ service httpd restart
|
Testing
One can verify that files can be uploaded to the dav directory using curl:
Code Block |
---|
curl -T <some_file_to_upload> <http://server/dav/>
|
One can verify that files can be uploading using HTTPS with client authentication (Note: it should only be possible to access the server using HTTPS if a valid key/certificate pair is presented):
Code Block |
---|
curl --cacert <webserver.crt> --key <clientXX.key> --cert <clientXX.crt> -T <some_file_to_upload> <https://server/dav/>
|
References:
Apache default directory layuout
Apache SSL/TLS Encryption
Apache Module mod_dav