/
File Exchange Server Setup

File Exchange Server Setup

Apr 25, 2022

Apache HTTPD setup

Describes how to setup an Apache WebServer, used for file exchange, in a BitRepository system.

Apache2

Install Apache2, mod_ssl and mod_dav if not pre-installed.

Debian based systems
$ a2enmod dav dav_fs dav_lock # Enable DAV $ mkdir /path/to/www/dav # Create directory for DAV $ chown www-data:wwwdata /path/to/www/dav $ a2enmod ssl # Enable SSL $ a2ensite default-ssl # Enable SSL site
RHEL

  1. yum install httpd mod_ssl

  2. mkdir -p /path/to/www/dav/

  3. chown apache:apche /path/to/www/dav/

  4. vim /etc/httpd/conf/httpd.conf (and change ServerName and enable WebDAV)

  5. mkdir /etc/httpd/ssl/

  6. generate self-signed key to /etc/httpd/ssl (and make sure it's only accessible by apache: chown apache:apache /path/to/server.key && chmod 600 /path/to/server.key)

  7. vim /etc/httpd/conf.d/ssl.conf

  8. service httpd start

  9. chkconfig httpd on

SSL Setup

Setup the SSL site (on debian /etc/apache2/sites-available/default-ssl, redhat: /etc/httpd/conf.d/ssl.conf) to use the relevant keys and certificates (see Create self signed certificate):

SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile /path/to/server.key SSLCACertificateFile /path/to/trusted.crt SSLVerifyClient require SSLVerifyDepth 0

SSLCACertificateFile is a concatenation of client certificates in PEM format (i.e. cat trusted_certs/*.crt > trusted.crt).

DAV Setup

To enable DAV on a specific location (it's not enabled for any directory by default), edit either ssl.conf (or default-ssl for debian) and add the following:

Alias /dav/ /var/www/dav/ <Location /dav> Dav On </Location>

The alias is needed since the directory is outside of the document root.

If the DAV directory should be accessible over HTTP (NOT advisable) add a similar configuration fragment to httpd.conf (or sites-enabled/000-default for debian).

If the above doesn't work (or the DAV directory isn't placed in the document root, the following can be used instead:

Alias /dav/ /path/to/dav/ <Directory /path/to/dav> Dav On </Directory>
$ /etc/init.d/apache2 restart # Finally restart apache or $ service httpd restart
Testing

One can verify that files can be uploaded to the dav directory using curl:

curl -T <some_file_to_upload> <http://server/dav/>

One can verify that files can be uploading using HTTPS with client authentication (Note: it should only be possible to access the server using HTTPS if a valid key/certificate pair is presented):

curl --cacert <webserver.crt> --key <clientXX.key> --cert <clientXX.crt> -T <some_file_to_upload> <https://server/dav/>

References:
Apache default directory layuout
Apache SSL/TLS Encryption
Apache Module mod_dav