CentOS 7 搭建 WebDav 服务器

时间:2024-04-12 09:37:46

大部分参考了这篇文章:https://blog.acesheep.com/index.php/archives/834/
本文对其中的关键点进行记录,并调整了部分配置,解决mac os finder连接上之后,无法新建和修改文件的问题

1、安装编译环境

yum install epel-release expat-devel httpd-tools unzip wget centos-release-scl git libxslt-devel libxml2-devel -y
yum install devtoolset-9-gcc* -y
yum groupinstall "Development tools" -y
yum -y install ghostscript

增加了ghostscript,后面zlib会依赖到

2、创建非特权账户

groupadd nginx
useradd -g nginx -c "nginx user" -d /var/cache/nginx -s /sbin/nologin nginx

这里和原文的区别是第一条命令移除了-g 994参数,第二条命令移除了-g 994 -u 996参数,换成了-g nginx,这么做的原因是因为:-g和-u是指定用户id和组id为994和996,但是实际情况下这两个id可能被占用了,导致创建失败。

3、下载源代码

# 创建目录
mkdir nginx-webdav
cd nginx-webdav

# 下载nginx 1.20.2
wget wget https://nginx.org/download/nginx-1.20.2.tar.gz


# download pcre 8.45 / zlib 1.2.11 / openssl 1.1.1m dependency
wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz
wget http://zlib.net/zlib-1.2.11.tar.gz
git clone https://github.com/madler/zlib.git && cd $(basename https://github.com/madler/zlib.git .git) && git checkout v1.2.11 && cd .. && mv zlib zlib-1.2.11
wget http://www.openssl.org/source/openssl-1.1.1m.tar.gz

# download nginx-dav-ext-module git.r112.f5e3088
git clone https://github.com/arut/nginx-dav-ext-module.git

# download headers-more-nginx-module git.r259.a4a0686
git clone https://github.com/openresty/headers-more-nginx-module.git


# Extract source file
tar -zxf pcre-8.45.tar.gz
tar -zxf openssl-1.1.1m.tar.gz
tar -zxf nginx-1.20.2.tar.gz

调整了下zlib的下载方式,因为1.2.11版本在官网已经下载不到了。

文件列表

➜  nginx-webdav tree -L 1  
.
├── headers-more-nginx-module
├── nginx-1.20.2
├── nginx-1.20.2.tar.gz
├── nginx-dav-ext-module
├── openssl-1.1.1m
├── openssl-1.1.1m.tar.gz
├── pcre-8.45
├── pcre-8.45.tar.gz
└── zlib-1.2.11

7 directories, 3 files

4、修改源码

sed -i 's/NGX_HTTP_AUTOINDEX_PREALLOCATE  50/NGX_HTTP_AUTOINDEX_PREALLOCATE  110/g' nginx-1.20.2/src/http/modules/ngx_http_autoindex_module.c
sed -i 's/NGX_HTTP_AUTOINDEX_NAME_LEN     50/NGX_HTTP_AUTOINDEX_NAME_LEN     110/g' nginx-1.20.2/src/http/modules/ngx_http_autoindex_module.c

5、编译

cd nginx-1.20.2

scl enable devtoolset-9 "./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-zlib=../zlib-1.2.11 --with-zlib-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-pcre=../pcre-8.45 --with-pcre-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-pcre-jit --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --add-module=../nginx-dav-ext-module --add-module=../headers-more-nginx-module --with-openssl=../openssl-1.1.1m --with-http_xslt_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'"

scl enable devtoolset-9 "make -j"

./objs/nginx -V

make install

安装完成后,可以使用 nginx -V 检查安装的nginx版本

6、创建系统服务

cat << 'EOF' > /usr/lib/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
Documentation=http://nginx.org/en/docs/
After=network-online.target remote-fs.target nss-lookup.target
Wants=network-online.target

[Service]
Type=forking
PIDFile=/var/run/nginx.pid
ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"
ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"

[Install]
WantedBy=multi-user.target
EOF

systemctl enable nginx
systemctl start nginx

7、配置nginx

# 创建配置目录
mkdir /etc/nginx/conf.d

修改nginx配置:vim /etc/nginx/nginx.conf

这里与原文的区别是,增加了dav_ext_lock_zone zone=foo:10m;配置。
用于解决mac finder无法新增和修改文件的问题

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

# Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;
# PCRE JIT can speed up processing of regular expressions significantly.
pcre_jit on;

events {
    use epoll;
    worker_connections 51200;
    multi_accept on;
}

http {
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    server_names_hash_bucket_size 128;
    client_header_buffer_size 32k;
    large_client_header_buffers 4 32k;
    client_max_body_size 50m;

    charset utf-8;
    sendfile on;
    server_tokens off;
    tcp_nodelay on;
    tcp_nopush on;
    real_ip_header X-Forwarded-For;
    types_hash_max_size 2048;
    keepalive_timeout 60;
    access_log /var/log/nginx/access.log main;


    fastcgi_connect_timeout 300;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_buffer_size 64k;
    fastcgi_buffers 4 64k;
    fastcgi_busy_buffers_size 128k;
    fastcgi_temp_file_write_size 256k;

    gzip on;
    gzip_min_length 1k;
    gzip_buffers 4 16k;
    gzip_http_version 1.1;
    gzip_comp_level 2;
    gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_vary on;
    gzip_proxied expired no-cache no-store private auth;
    gzip_disable "MSIE [1-6]\.";
    
    dav_ext_lock_zone zone=foo:10m;

    server {
        listen 80 default_server;
        listen [::]:80 default_server;

        if ($host ~ "\d+\.\d+\.\d+\.\d+") {
            return 404;
        }
        return 301 https://$host$request_uri;
    }

    include /etc/nginx/conf.d/*.conf;
}

修改文件 vim /etc/nginx/conf.d/webdav.conf

这里与原文的区别是,增加了dav_ext_lock zone=foo;配置,并调整了dav_ext_methods配置为PROPFIND OPTIONS LOCK UNLOCK 这四个参数,原文只有前两个,导致mac无法修改文件。这些配置也是为了解决mac无法新增和修改文件的问题。
注意修改下ssl的证书和key,替换成自己的

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;

    ssl_certificate "/home/SSL/example.com.crt";
    ssl_certificate_key "/home/SSL/example.com.key";
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 30m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
    ssl_prefer_server_ciphers on;

    access_log /var/log/nginx/access-example.com.log main;
    error_log /var/log/nginx/error-example.com.log error;

    location / {
        # 设置webdav目录,注意Nginx worker用户对该目录需有读/写/执行权限
        root /home/nginx;

        auth_basic "closed site";
        auth_basic_user_file /etc/nginx/conf.d/webdav.htpasswd;

        dav_methods PUT DELETE MKCOL COPY MOVE;
        dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK;
        dav_ext_lock zone=foo;

        # 启用完整的创建目录支持
        create_full_put_path on;
        dav_access user:rw group:rw;

        autoindex on;
        autoindex_localtime on;
        autoindex_exact_size off;
        # 不限制文件大小
        client_max_body_size 0;

        # 为各种方法的URI后加上斜杠,解决各平台webdav客户端的兼容性问题
        set $dest $http_destination;
        if (-d $request_filename) {
            rewrite ^(.*[^/])$ $1/;
            set $dest $dest/;
        }

        if ($request_method ~ (MOVE|COPY)) {
            more_set_input_headers 'Destination: $dest';
        }

        if ($request_method ~ MKCOL) {
            rewrite ^(.*[^/])$ $1/ break;
        }
    }

    # Mac挂载webdav后会自动写入很多文件,可以通过nginx配置屏蔽掉,保持webdav目录的干净
    location ~ \.(_.*|DS_Store|Spotlight-V100|TemporaryItems|Trashes|hidden|localized)$ {
        access_log off;
        error_log off;

        if ($request_method = PUT) {
            return 403;
        }
        return 404;
    }

    location ~ \.metadata_never_index$ {
        return 200 "Don't index this drive, Finder!";
    }
}

创建完配置之后,执行下nginx -s reload重新加载下配置

8、配置账户

yum install httpd-tools -y
# 其中nginx是用户名,可以自行修改htpasswd执行完之后,会要求输入密码。
htpasswd -c /etc/nginx/conf.d/webdav.htpasswd 'nginx'

9、创建目录添加权限

mkdir /home/nginx
chown nginx:nginx /home/nginx
chmod -R 774 /home/nginx

此时应该就可以用finder进行连接了。
注意,如果域名没有备案,是连不上的,换成ip进行连接即可。

参考:
大部分内容参考自:https://blog.acesheep.com/index.php/archives/834/

https链接不上的问题:https://blog.csdn.net/weixin_42290927/article/details/124346467

mac os finder无法修改的问题:
https://macosx-admin.omnigroup.narkive.com/Kd9g8jKF/finder-mounts-my-webdav-share-always-readonly
mac os finder无法修改的问题:
http://netlab.dhis.org/wiki/ru:software:nginx:webdav
mac os finder无法修改的问题:
https://hev.cc/posts/2020/nginx-webdav-service/