BytemarkHosting / docker-webdav

Docker image for running an Apache WebDAV server
MIT License
364 stars 174 forks source link

Supported tags

Quick reference

This image runs an easily configurable WebDAV server with Apache.

You can configure the authentication type, the authentication of multiple users, or to run with a self-signed SSL certificate. If you want a Let's Encrypt certificate, see an example of how to do that here.

Usage

Basic WebDAV server

This example starts a WebDAV server on port 80. It can only be accessed with a single username and password.

When using unencrypted HTTP, use Digest authentication (instead of Basic) to avoid sending plaintext passwords in the clear.

To make sure your data doesn't get deleted, you'll probably want to create a persistent storage volume (-v vol-webdav:/var/lib/dav) or bind mount a directory (-v /path/to/directory:/var/lib/dav):

docker run --restart always -v /srv/dav:/var/lib/dav \
    -e AUTH_TYPE=Digest -e USERNAME=alice -e PASSWORD=secret1234 \
    --publish 80:80 -d bytemark/webdav

Via Docker Compose:

version: '3'
services:
  webdav:
    image: bytemark/webdav
    restart: always
    ports:
      - "80:80"
    environment:
      AUTH_TYPE: Digest
      USERNAME: alice
      PASSWORD: secret1234
    volumes:
      - /srv/dav:/var/lib/dav

Secure WebDAV with SSL

We recommend you use a reverse proxy (eg, Traefik) to handle SSL certificates. You can see an example of how to do that here.

If you're happy with a self-signed SSL certificate, specify -e SSL_CERT=selfsigned and the container will generate one for you.

docker run --restart always -v /srv/dav:/var/lib/dav \
    -e AUTH_TYPE=Basic -e USERNAME=test -e PASSWORD=test \
    -e SSL_CERT=selfsigned --publish 443:443 -d bytemark/webdav

If you bind mount a certificate chain to /cert.pem and a private key to /privkey.pem, the container will use that instead!

Authenticate multiple clients

Specifying USERNAME and PASSWORD only supports a single user. If you want to have lots of different logins for various users, bind mount your own file to /user.passwd and the container will use that instead.

If using Basic authentication, run the following commands:

touch user.passwd
htpasswd -B user.passwd alice
htpasswd -B user.passwd bob

If using Digest authentication, run the following commands. (NB: The default REALM is WebDAV. If you specify your own REALM, you'll need to run htdigest again with the new name.)

touch user.passwd
htdigest user.passwd WebDAV alice
htdigest user.passwd WebDAV bob

Once you've created your own user.passwd, bind mount it into your container with -v /path/to/user.passwd:/user.passwd.

Environment variables

All environment variables are optional. You probably want to at least specify USERNAME and PASSWORD (or bind mount your own authentication file to /user.passwd) otherwise nobody will be able to access your WebDAV server!