CentOS 7 搭建 WebDav 服务器

青耕寐鱼 2024-07-05 08:33:01 阅读 95

大部分参考了这篇文章:https://blog.acesheep.com/index.php/archives/834/

本文对其中的关键点进行记录,并调整了部分配置,解决mac os finder连接上之后,无法新建和修改文件的问题

1、安装编译环境

<code>yum install epel-release expat-devel httpd-tools unzip wget centos-release-scl git libxslt-devel libxml2-devel -y

yum install devtoolset-9-gcc* -y

yum groupinstall "Development tools" -y

yum -y install ghostscript

增加了ghostscript,后面zlib会依赖到

2、创建非特权账户

groupadd nginx

useradd -g nginx -c "nginx user" -d /var/cache/nginx -s /sbin/nologin nginx

这里和原文的区别是第一条命令移除了-g 994参数,第二条命令移除了-g 994 -u 996参数,换成了-g nginx,这么做的原因是因为:-g和-u是指定用户id和组id为994和996,但是实际情况下这两个id可能被占用了,导致创建失败。

3、下载源代码

# 创建目录

mkdir nginx-webdav

cd nginx-webdav

# 下载nginx 1.20.2

wget wget https://nginx.org/download/nginx-1.20.2.tar.gz

# download pcre 8.45 / zlib 1.2.11 / openssl 1.1.1m dependency

wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz

wget http://zlib.net/zlib-1.2.11.tar.gz

git clone https://github.com/madler/zlib.git && cd $(basename https://github.com/madler/zlib.git .git) && git checkout v1.2.11 && cd .. && mv zlib zlib-1.2.11

wget http://www.openssl.org/source/openssl-1.1.1m.tar.gz

# download nginx-dav-ext-module git.r112.f5e3088

git clone https://github.com/arut/nginx-dav-ext-module.git

# download headers-more-nginx-module git.r259.a4a0686

git clone https://github.com/openresty/headers-more-nginx-module.git

# Extract source file

tar -zxf pcre-8.45.tar.gz

tar -zxf openssl-1.1.1m.tar.gz

tar -zxf nginx-1.20.2.tar.gz

调整了下zlib的下载方式,因为1.2.11版本在官网已经下载不到了。

文件列表

➜ nginx-webdav tree -L 1

.

├── headers-more-nginx-module

├── nginx-1.20.2

├── nginx-1.20.2.tar.gz

├── nginx-dav-ext-module

├── openssl-1.1.1m

├── openssl-1.1.1m.tar.gz

├── pcre-8.45

├── pcre-8.45.tar.gz

└── zlib-1.2.11

7 directories, 3 files

4、修改源码

sed -i 's/NGX_HTTP_AUTOINDEX_PREALLOCATE 50/NGX_HTTP_AUTOINDEX_PREALLOCATE 110/g' nginx-1.20.2/src/http/modules/ngx_http_autoindex_module.c

sed -i 's/NGX_HTTP_AUTOINDEX_NAME_LEN 50/NGX_HTTP_AUTOINDEX_NAME_LEN 110/g' nginx-1.20.2/src/http/modules/ngx_http_autoindex_module.c

5、编译

cd nginx-1.20.2

scl enable devtoolset-9 "./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-zlib=../zlib-1.2.11 --with-zlib-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-pcre=../pcre-8.45 --with-pcre-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-pcre-jit --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --add-module=../nginx-dav-ext-module --add-module=../headers-more-nginx-module --with-openssl=../openssl-1.1.1m --with-http_xslt_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'"code>

scl enable devtoolset-9 "make -j"

./objs/nginx -V

make install

安装完成后,可以使用 nginx -V 检查安装的nginx版本

6、创建系统服务

cat << 'EOF' > /usr/lib/systemd/system/nginx.service

[Unit]

Description=nginx - high performance web server

Documentation=http://nginx.org/en/docs/

After=network-online.target remote-fs.target nss-lookup.target

Wants=network-online.target

[Service]

Type=forking

PIDFile=/var/run/nginx.pid

ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf

ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)"

ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"

[Install]

WantedBy=multi-user.target

EOF

systemctl enable nginx

systemctl start nginx

7、配置nginx

# 创建配置目录

mkdir /etc/nginx/conf.d

修改nginx配置:vim /etc/nginx/nginx.conf

这里与原文的区别是,增加了dav_ext_lock_zone zone=foo:10m;配置。

用于解决mac finder无法新增和修改文件的问题

user nginx;

worker_processes auto;

error_log /var/log/nginx/error.log warn;

pid /var/run/nginx.pid;

# Specifies the value for maximum file descriptors that can be opened by this process.

worker_rlimit_nofile 51200;

# PCRE JIT can speed up processing of regular expressions significantly.

pcre_jit on;

events {

use epoll;

worker_connections 51200;

multi_accept on;

}

http {

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

include /etc/nginx/mime.types;

default_type application/octet-stream;

server_names_hash_bucket_size 128;

client_header_buffer_size 32k;

large_client_header_buffers 4 32k;

client_max_body_size 50m;

charset utf-8;

sendfile on;

server_tokens off;

tcp_nodelay on;

tcp_nopush on;

real_ip_header X-Forwarded-For;

types_hash_max_size 2048;

keepalive_timeout 60;

access_log /var/log/nginx/access.log main;

fastcgi_connect_timeout 300;

fastcgi_send_timeout 300;

fastcgi_read_timeout 300;

fastcgi_buffer_size 64k;

fastcgi_buffers 4 64k;

fastcgi_busy_buffers_size 128k;

fastcgi_temp_file_write_size 256k;

gzip on;

gzip_min_length 1k;

gzip_buffers 4 16k;

gzip_http_version 1.1;

gzip_comp_level 2;

gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;

gzip_vary on;

gzip_proxied expired no-cache no-store private auth;

gzip_disable "MSIE [1-6]\.";

dav_ext_lock_zone zone=foo:10m;

server {

listen 80 default_server;

listen [::]:80 default_server;

if ($host ~ "\d+\.\d+\.\d+\.\d+") {

return 404;

}

return 301 https://$host$request_uri;

}

include /etc/nginx/conf.d/*.conf;

}

修改文件 vim /etc/nginx/conf.d/webdav.conf

这里与原文的区别是,增加了dav_ext_lock zone=foo;配置,并调整了dav_ext_methods配置为PROPFIND OPTIONS LOCK UNLOCK 这四个参数,原文只有前两个,导致mac无法修改文件。这些配置也是为了解决mac无法新增和修改文件的问题。

注意修改下ssl的证书和key,替换成自己的

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name example.com;

ssl_certificate "/home/SSL/example.com.crt";

ssl_certificate_key "/home/SSL/example.com.key";

ssl_session_cache shared:SSL:20m;

ssl_session_timeout 30m;

ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;

ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;

ssl_prefer_server_ciphers on;

access_log /var/log/nginx/access-example.com.log main;

error_log /var/log/nginx/error-example.com.log error;

location / {

# 设置webdav目录,注意Nginx worker用户对该目录需有读/写/执行权限

root /home/nginx;

auth_basic "closed site";

auth_basic_user_file /etc/nginx/conf.d/webdav.htpasswd;

dav_methods PUT DELETE MKCOL COPY MOVE;

dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK;

dav_ext_lock zone=foo;

# 启用完整的创建目录支持

create_full_put_path on;

dav_access user:rw group:rw;

autoindex on;

autoindex_localtime on;

autoindex_exact_size off;

# 不限制文件大小

client_max_body_size 0;

# 为各种方法的URI后加上斜杠,解决各平台webdav客户端的兼容性问题

set $dest $http_destination;

if (-d $request_filename) {

rewrite ^(.*[^/])$ $1/;

set $dest $dest/;

}

if ($request_method ~ (MOVE|COPY)) {

more_set_input_headers 'Destination: $dest';

}

if ($request_method ~ MKCOL) {

rewrite ^(.*[^/])$ $1/ break;

}

}

# Mac挂载webdav后会自动写入很多文件,可以通过nginx配置屏蔽掉,保持webdav目录的干净

location ~ \.(_.*|DS_Store|Spotlight-V100|TemporaryItems|Trashes|hidden|localized)$ {

access_log off;

error_log off;

if ($request_method = PUT) {

return 403;

}

return 404;

}

location ~ \.metadata_never_index$ {

return 200 "Don't index this drive, Finder!";

}

}

创建完配置之后,执行下nginx -s reload重新加载下配置

8、配置账户

yum install httpd-tools -y

# 其中nginx是用户名,可以自行修改htpasswd执行完之后,会要求输入密码。

htpasswd -c /etc/nginx/conf.d/webdav.htpasswd 'nginx'

9、创建目录添加权限

mkdir /home/nginx

chown nginx:nginx /home/nginx

chmod -R 774 /home/nginx

此时应该就可以用finder进行连接了。

注意,如果域名没有备案,是连不上的,换成ip进行连接即可。

参考:

大部分内容参考自:https://blog.acesheep.com/index.php/archives/834/

https链接不上的问题:https://blog.csdn.net/weixin_42290927/article/details/124346467

mac os finder无法修改的问题:

https://macosx-admin.omnigroup.narkive.com/Kd9g8jKF/finder-mounts-my-webdav-share-always-readonly

mac os finder无法修改的问题:

http://netlab.dhis.org/wiki/ru:software:nginx:webdav

mac os finder无法修改的问题:

https://hev.cc/posts/2020/nginx-webdav-service/



声明

本文内容仅代表作者观点,或转载于其他网站,本站不以此文作为商业用途
如有涉及侵权,请联系本站进行删除
转载本站原创文章,请注明来源及作者。