缘由
WebDAV 使用 HTTP[S] 协议作为通信媒介,相较 sftp、ftp、samba、nfs 等通用性强,无需实现特定协议,搭配 SSL 使用时还可确保远程传输数据安全。主流 Web 服务如 Nginx 与 Apache 均已支持该协议,但配置较为复杂,且没有完善的 ACL,本文将使用另外的 WebDAV 程序作为实现。
准备
本文中的 WebDAV 服务器程序将作为容器部署,并启用SSL。所以在开始前,你需要安装 Docker,并获取你的域名证书和对应私钥。
- Docker
- SSL 证书
注意,在国内环境,你可能需要为 Docker 设定代理或使用第三方 registry。
拉取镜像
本文使用的 WebDAV 程序仓库地址为 https://github.com/hacdias/webdav,拉取最新镜像。
docker pull hacdias/webdav:latest确定数据、证书、配置文件路径
本文使用以下数据作为示例。
| 宿主路径 | 容器路径 | 用途 |
| /mnt | /data | 数据根目录 |
| /etc/letsencrypt/live/example.com | /ssl | 证书目录 |
| /opt/webdav/config.yml | /config.yml | 配置文件 |
创建配置文件
原始配置文件可从代码仓库中的 README 获取。
address: 0.0.0.0
port: 6065
# TLS-related settings if you want to enable TLS directly.
tls: true
cert: /ssl/fullchain.pem
key: /ssl/privkey.pem
# Prefix to apply to the WebDAV path-ing. Default is '/'.
prefix: /
# Enable or disable debug logging. Default is 'false'.
debug: false
# Disable sniffing the files to detect their content type. Default is 'false'.
noSniff: false
# Whether the server runs behind a trusted proxy or not. When this is true,
# the header X-Forwarded-For will be used for logging the remote addresses
# of logging attempts (if available).
behindProxy: false
# The directory that will be able to be accessed by the users when connecting.
# This directory will be used by users unless they have their own 'directory' defined.
# Default is '.' (current directory).
directory: /data
# The default permissions for users. This is a case insensitive option. Possible
# permissions: C (Create), R (Read), U (Update), D (Delete). You can combine multiple
# permissions. For example, to allow to read and create, set "RC". Default is "R".
permissions: R
# The default permissions rules for users. Default is none. Rules are applied
# from last to first, that is, the first rule that matches the request, starting
# from the end, will be applied to the request. Rule paths are always relative to
# the user's directory.
rules: []
# The behavior of redefining the rules for users. It can be:
# - overwrite: when a user has rules defined, these will overwrite any global
# rules already defined. That is, the global rules are not applicable to the
# user.
# - append: when a user has rules defined, these will be appended to the global
# rules already defined. That is, for this user, their own specific rules will
# be checked first, and then the global rules.
# Default is 'overwrite'.
rulesBehavior: overwrite
# Logging configuration
log:
# Logging format ('console', 'json'). Default is 'console'.
format: console
# Enable or disable colors. Default is 'true'. Only applied if format is 'console'.
colors: true
# Logging outputs. You can have more than one output. Default is only 'stderr'.
outputs:
- stderr
# CORS configuration
cors:
# Whether or not CORS configuration should be applied. Default is 'false'.
enabled: true
credentials: true
allowed_headers:
- Depth
allowed_hosts:
- https://webdav.example.com:6065
allowed_methods:
- GET
exposed_headers:
- Content-Length
- Content-Range
# The list of users. If the list is empty, then there will be no authentication.
# Otherwise, basic authentication will automatically be configured.
#
# If you're delegating the authentication to a different service, you can proxy
# the username using basic authentication, and then disable webdav's password
# check using the option:
#
# noPassword: true
users:
# Example 'admin' user with plaintext password.
- username: admin
password: admin
# # Example 'john' user with bcrypt encrypted password, with custom directory.
# # You can generate a bcrypt-encrypted password by using the 'webdav bcrypt'
# # command lint utility.
# - username: john
# password: "{bcrypt}$2y$10$zEP6oofmXFeHaeMfBNLnP.DO8m.H.Mwhd24/TOX2MWLxAExXi4qgi"
# directory: /another/path
# # Example user whose details will be picked up from the environment.
# - username: "{env}ENV_USERNAME"
# password: "{env}ENV_PASSWORD"
# - username: basic
# password: basic
# # Override default permissions.
# permissions: CRUD
# rules:
# # With this rule, the user CANNOT access {user directory}/some/files.
# - path: /some/file
# permissions: none
# # With this rule, the user CAN create, read, update and delete within
# # {user directory}/public/access.
# - path: /public/access/
# permissions: CRUD
# # With this rule, the user CAN read and update all files ending with .js.
# # It uses a regular expression.
# - regex: "^.+.js$"
# permissions: RUCode language: PHP (php)以上配置文件使 WebDAV 服务端监听 6065 端口,并接受来自外部的访问,同时配置了只接受来自 https://webdav.example.com:6065 的跨站访问,和对应的 SSL 的证书和私钥,并只允许读取数据,创建了名为 admin 的用户。
注意,该 WebDAV 程序支持加密用户密码,在敏感服务器上,建议加密密码凭据。
创建容器
根据上述参数,构建容器启动命令。
sudo docker run \
-d \
-p 6065:6065 \
-v /opt/webdav/config.yml:/config.yml:ro \
-v /mnt:/data \
-v /etc/letsencrypt/live/example.com:/ssl \
--name webdav \
--restart unless-stopped \
hacdias/webdav -c /config.ymlCode language: JavaScript (javascript)大功告成
现在你可以使用 WebDAV 服务了。
了解 Starx's Home 的更多信息
订阅后即可通过电子邮件收到最新文章。