大部分参考了这篇文章:https://blog.acesheep.com/index.php/archives/834/
本文对其中的关键点进行记录,并调整了部分配置,解决mac os finder连接上之后,无法新建和修改文件的问题
1、安装编译环境
yum install epel-release expat-devel httpd-tools unzip wget centos-release-scl git libxslt-devel libxml2-devel -y
yum install devtoolset-9-gcc* -y
yum groupinstall "Development tools" -y
yum -y install ghostscript
增加了ghostscript,后面zlib会依赖到
2、创建非特权账户
groupadd nginx
useradd -g nginx -c "nginx user" -d /var/cache/nginx -s /sbin/nologin nginx
这里和原文的区别是第一条命令移除了-g 994参数,第二条命令移除了-g 994 -u 996参数,换成了-g nginx,这么做的原因是因为:-g和-u是指定用户id和组id为994和996,但是实际情况下这两个id可能被占用了,导致创建失败。
3、下载源代码
# 创建目录
mkdir nginx-webdav
cd nginx-webdav
# 下载nginx 1.20.2
wget wget https://nginx.org/download/nginx-1.20.2.tar.gz
# download pcre 8.45 / zlib 1.2.11 / openssl 1.1.1m dependency
wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz
wget http://zlib.net/zlib-1.2.11.tar.gz
git clone https://github.com/madler/zlib.git && cd $(basename https://github.com/madler/zlib.git .git) && git checkout v1.2.11 && cd .. && mv zlib zlib-1.2.11
wget http://www.openssl.org/source/openssl-1.1.1m.tar.gz
# download nginx-dav-ext-module git.r112.f5e3088
git clone https://github.com/arut/nginx-dav-ext-module.git
# download headers-more-nginx-module git.r259.a4a0686
git clone https://github.com/openresty/headers-more-nginx-module.git
# Extract source file
tar -zxf pcre-8.45.tar.gz
tar -zxf openssl-1.1.1m.tar.gz
tar -zxf nginx-1.20.2.tar.gz
调整了下zlib的下载方式,因为1.2.11版本在官网已经下载不到了。
文件列表
➜ nginx-webdav tree -L 1
.
├── headers-more-nginx-module
├── nginx-1.20.2
├── nginx-1.20.2.tar.gz
├── nginx-dav-ext-module
├── openssl-1.1.1m
├── openssl-1.1.1m.tar.gz
├── pcre-8.45
├── pcre-8.45.tar.gz
└── zlib-1.2.11
7 directories, 3 files
4、修改源码
sed -i 's/NGX_HTTP_AUTOINDEX_PREALLOCATE 50/NGX_HTTP_AUTOINDEX_PREALLOCATE 110/g' nginx-1.20.2/src/http/modules/ngx_http_autoindex_module.c
sed -i 's/NGX_HTTP_AUTOINDEX_NAME_LEN 50/NGX_HTTP_AUTOINDEX_NAME_LEN 110/g' nginx-1.20.2/src/http/modules/ngx_http_autoindex_module.c
5、编译
cd nginx-1.20.2
scl enable devtoolset-9 "./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-zlib=../zlib-1.2.11 --with-zlib-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-pcre=../pcre-8.45 --with-pcre-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-pcre-jit --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --add-module=../nginx-dav-ext-module --add-module=../headers-more-nginx-module --with-openssl=../openssl-1.1.1m --with-http_xslt_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'"
scl enable devtoolset-9 "make -j"
./objs/nginx -V
make install
安装完成后,可以使用 nginx -V
检查安装的nginx版本
6、创建系统服务
cat << 'EOF' > /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target
[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"
[Install]
WantedBy=multi-user.target
EOF
systemctl enable nginx
systemctl start nginx
7、配置nginx
# 创建配置目录
mkdir /etc/nginx/conf.d
修改nginx配置:vim /etc/nginx/nginx.conf
这里与原文的区别是,增加了dav_ext_lock_zone zone=foo:10m;配置。
用于解决mac finder无法新增和修改文件的问题
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
# Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
# PCRE JIT can speed up processing of regular expressions significantly.
pcre_jit on;
events {
use epoll;
worker_connections 51200;
multi_accept on;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 128;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 50m;
charset utf-8;
sendfile on;
server_tokens off;
tcp_nodelay on;
tcp_nopush on;
real_ip_header X-Forwarded-For;
types_hash_max_size 2048;
keepalive_timeout 60;
access_log /var/log/nginx/access.log main;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
dav_ext_lock_zone zone=foo:10m;
server {
listen 80 default_server;
listen [::]:80 default_server;
if ($host ~ "\d+\.\d+\.\d+\.\d+") {
return 404;
}
return 301 https://$host$request_uri;
}
include /etc/nginx/conf.d/*.conf;
}
修改文件 vim /etc/nginx/conf.d/webdav.conf
这里与原文的区别是,增加了dav_ext_lock zone=foo;配置,并调整了dav_ext_methods配置为PROPFIND OPTIONS LOCK UNLOCK 这四个参数,原文只有前两个,导致mac无法修改文件。这些配置也是为了解决mac无法新增和修改文件的问题。
注意修改下ssl的证书和key,替换成自己的
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate "/home/SSL/example.com.crt";
ssl_certificate_key "/home/SSL/example.com.key";
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 30m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access-example.com.log main;
error_log /var/log/nginx/error-example.com.log error;
location / {
# 设置webdav目录,注意Nginx worker用户对该目录需有读/写/执行权限
root /home/nginx;
auth_basic "closed site";
auth_basic_user_file /etc/nginx/conf.d/webdav.htpasswd;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK;
dav_ext_lock zone=foo;
# 启用完整的创建目录支持
create_full_put_path on;
dav_access user:rw group:rw;
autoindex on;
autoindex_localtime on;
autoindex_exact_size off;
# 不限制文件大小
client_max_body_size 0;
# 为各种方法的URI后加上斜杠,解决各平台webdav客户端的兼容性问题
set $dest $http_destination;
if (-d $request_filename) {
rewrite ^(.*[^/])$ $1/;
set $dest $dest/;
}
if ($request_method ~ (MOVE|COPY)) {
more_set_input_headers 'Destination: $dest';
}
if ($request_method ~ MKCOL) {
rewrite ^(.*[^/])$ $1/ break;
}
}
# Mac挂载webdav后会自动写入很多文件,可以通过nginx配置屏蔽掉,保持webdav目录的干净
location ~ \.(_.*|DS_Store|Spotlight-V100|TemporaryItems|Trashes|hidden|localized)$ {
access_log off;
error_log off;
if ($request_method = PUT) {
return 403;
}
return 404;
}
location ~ \.metadata_never_index$ {
return 200 "Don't index this drive, Finder!";
}
}
创建完配置之后,执行下nginx -s reload
重新加载下配置
8、配置账户
yum install httpd-tools -y
# 其中nginx是用户名,可以自行修改htpasswd执行完之后,会要求输入密码。
htpasswd -c /etc/nginx/conf.d/webdav.htpasswd 'nginx'
9、创建目录添加权限
mkdir /home/nginx
chown nginx:nginx /home/nginx
chmod -R 774 /home/nginx
此时应该就可以用finder进行连接了。
注意,如果域名没有备案,是连不上的,换成ip进行连接即可。
参考:
大部分内容参考自:https://blog.acesheep.com/index.php/archives/834/
https链接不上的问题:https://blog.csdn.net/weixin_42290927/article/details/124346467
mac os finder无法修改的问题:
https://macosx-admin.omnigroup.narkive.com/Kd9g8jKF/finder-mounts-my-webdav-share-always-readonly
mac os finder无法修改的问题:
http://netlab.dhis.org/wiki/ru:software:nginx:webdav
mac os finder无法修改的问题:
https://hev.cc/posts/2020/nginx-webdav-service/