CentOS 7 搭建 WebDav 服务器

大部分参考了这篇文章：https://blog.acesheep.com/index.php/archives/834/
本文对其中的关键点进行记录，并调整了部分配置，解决mac os finder连接上之后，无法新建和修改文件的问题

1、安装编译环境

yum install epel-release expat-devel httpd-tools unzip wget centos-release-scl git libxslt-devel libxml2-devel -y yum install devtoolset-9-gcc* -y yum groupinstall "Development tools" -y yum -y install ghostscript 

增加了ghostscript，后面zlib会依赖到

2、创建非特权账户

groupadd nginx useradd -g nginx -c "nginx user" -d /var/cache/nginx -s /sbin/nologin nginx 

这里和原文的区别是第一条命令移除了-g 994参数，第二条命令移除了-g 994 -u 996参数，换成了-g nginx，这么做的原因是因为：-g和-u是指定用户id和组id为994和996，但是实际情况下这两个id可能被占用了，导致创建失败。

3、下载源代码

# 创建目录 mkdir nginx-webdav cd nginx-webdav  # 下载nginx 1.20.2 wget wget https://nginx.org/download/nginx-1.20.2.tar.gz   # download pcre 8.45 / zlib 1.2.11 / openssl 1.1.1m dependency wget https://sourceforge.net/projects/pcre/files/pcre/8.45/pcre-8.45.tar.gz wget http://zlib.net/zlib-1.2.11.tar.gz git clone https://github.com/madler/zlib.git && cd $(basename https://github.com/madler/zlib.git .git) && git checkout v1.2.11 && cd .. && mv zlib zlib-1.2.11 wget http://www.openssl.org/source/openssl-1.1.1m.tar.gz  # download nginx-dav-ext-module git.r112.f5e3088 git clone https://github.com/arut/nginx-dav-ext-module.git  # download headers-more-nginx-module git.r259.a4a0686 git clone https://github.com/openresty/headers-more-nginx-module.git   # Extract source file tar -zxf pcre-8.45.tar.gz tar -zxf openssl-1.1.1m.tar.gz tar -zxf nginx-1.20.2.tar.gz 

调整了下zlib的下载方式，因为1.2.11版本在官网已经下载不到了。

文件列表

➜  nginx-webdav tree -L 1   . ├── headers-more-nginx-module ├── nginx-1.20.2 ├── nginx-1.20.2.tar.gz ├── nginx-dav-ext-module ├── openssl-1.1.1m ├── openssl-1.1.1m.tar.gz ├── pcre-8.45 ├── pcre-8.45.tar.gz └── zlib-1.2.11  7 directories, 3 files 

4、修改源码

sed -i 's/NGX_HTTP_AUTOINDEX_PREALLOCATE  50/NGX_HTTP_AUTOINDEX_PREALLOCATE  110/g' nginx-1.20.2/src/http/modules/ngx_http_autoindex_module.c sed -i 's/NGX_HTTP_AUTOINDEX_NAME_LEN     50/NGX_HTTP_AUTOINDEX_NAME_LEN     110/g' nginx-1.20.2/src/http/modules/ngx_http_autoindex_module.c 

5、编译

cd nginx-1.20.2  scl enable devtoolset-9 "./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-zlib=../zlib-1.2.11 --with-zlib-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-pcre=../pcre-8.45 --with-pcre-opt='-g -Ofast -fPIC -m64 -march=native -fstack-protector-strong -D_FORTIFY_SOURCE=2' --with-pcre-jit --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --add-module=../nginx-dav-ext-module --add-module=../headers-more-nginx-module --with-openssl=../openssl-1.1.1m --with-http_xslt_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'"  scl enable devtoolset-9 "make -j"  ./objs/nginx -V  make install 

安装完成后，可以使用 nginx -V 检查安装的nginx版本

6、创建系统服务

cat << 'EOF' > /usr/lib/systemd/system/nginx.service [Unit] Description=nginx - high performance web server Documentation=http://nginx.org/en/docs/ After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target  [Service] Type=forking PIDFile=/var/run/nginx.pid ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)" ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)"  [Install] WantedBy=multi-user.target EOF  systemctl enable nginx systemctl start nginx 

7、配置nginx

# 创建配置目录 mkdir /etc/nginx/conf.d 

修改nginx配置：vim /etc/nginx/nginx.conf

这里与原文的区别是，增加了dav_ext_lock_zone zone=foo:10m;配置。
用于解决mac finder无法新增和修改文件的问题

user nginx;  worker_processes auto;  error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid;  # Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 51200; # PCRE JIT can speed up processing of regular expressions significantly. pcre_jit on;  events {     use epoll;     worker_connections 51200;     multi_accept on; }  http {     log_format main '$remote_addr - $remote_user [$time_local] "$request" '     '$status $body_bytes_sent "$http_referer" '     '"$http_user_agent" "$http_x_forwarded_for"';      include /etc/nginx/mime.types;     default_type application/octet-stream;      server_names_hash_bucket_size 128;     client_header_buffer_size 32k;     large_client_header_buffers 4 32k;     client_max_body_size 50m;      charset utf-8;     sendfile on;     server_tokens off;     tcp_nodelay on;     tcp_nopush on;     real_ip_header X-Forwarded-For;     types_hash_max_size 2048;     keepalive_timeout 60;     access_log /var/log/nginx/access.log main;       fastcgi_connect_timeout 300;     fastcgi_send_timeout 300;     fastcgi_read_timeout 300;     fastcgi_buffer_size 64k;     fastcgi_buffers 4 64k;     fastcgi_busy_buffers_size 128k;     fastcgi_temp_file_write_size 256k;      gzip on;     gzip_min_length 1k;     gzip_buffers 4 16k;     gzip_http_version 1.1;     gzip_comp_level 2;     gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;     gzip_vary on;     gzip_proxied expired no-cache no-store private auth;     gzip_disable "MSIE [1-6]\.";          dav_ext_lock_zone zone=foo:10m;      server {         listen 80 default_server;         listen [::]:80 default_server;          if ($host ~ "\d+\.\d+\.\d+\.\d+") {             return 404;         }         return 301 https://$host$request_uri;     }      include /etc/nginx/conf.d/*.conf; } 

修改文件 vim /etc/nginx/conf.d/webdav.conf

这里与原文的区别是，增加了dav_ext_lock zone=foo;配置，并调整了dav_ext_methods配置为PROPFIND OPTIONS LOCK UNLOCK 这四个参数，原文只有前两个，导致mac无法修改文件。这些配置也是为了解决mac无法新增和修改文件的问题。
注意修改下ssl的证书和key，替换成自己的

server {     listen 443 ssl http2;     listen [::]:443 ssl http2;     server_name example.com;      ssl_certificate "/home/SSL/example.com.crt";     ssl_certificate_key "/home/SSL/example.com.key";     ssl_session_cache shared:SSL:20m;     ssl_session_timeout 30m;     ssl_session_tickets off;     ssl_protocols TLSv1.2 TLSv1.3;     ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;     ssl_prefer_server_ciphers on;      access_log /var/log/nginx/access-example.com.log main;     error_log /var/log/nginx/error-example.com.log error;      location / {         # 设置webdav目录，注意Nginx worker用户对该目录需有读/写/执行权限         root /home/nginx;          auth_basic "closed site";         auth_basic_user_file /etc/nginx/conf.d/webdav.htpasswd;          dav_methods PUT DELETE MKCOL COPY MOVE;         dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK;         dav_ext_lock zone=foo;          # 启用完整的创建目录支持         create_full_put_path on;         dav_access user:rw group:rw;          autoindex on;         autoindex_localtime on;         autoindex_exact_size off;         # 不限制文件大小         client_max_body_size 0;          # 为各种方法的URI后加上斜杠，解决各平台webdav客户端的兼容性问题         set $dest $http_destination;         if (-d $request_filename) {             rewrite ^(.*[^/])$ $1/;             set $dest $dest/;         }          if ($request_method ~ (MOVE|COPY)) {             more_set_input_headers 'Destination: $dest';         }          if ($request_method ~ MKCOL) {             rewrite ^(.*[^/])$ $1/ break;         }     }      # Mac挂载webdav后会自动写入很多文件，可以通过nginx配置屏蔽掉，保持webdav目录的干净     location ~ \.(_.*|DS_Store|Spotlight-V100|TemporaryItems|Trashes|hidden|localized)$ {         access_log off;         error_log off;          if ($request_method = PUT) {             return 403;         }         return 404;     }      location ~ \.metadata_never_index$ {         return 200 "Don't index this drive, Finder!";     } }  

创建完配置之后，执行下nginx -s reload重新加载下配置

8、配置账户

yum install httpd-tools -y # 其中nginx是用户名，可以自行修改htpasswd执行完之后，会要求输入密码。 htpasswd -c /etc/nginx/conf.d/webdav.htpasswd 'nginx' 

9、创建目录添加权限

mkdir /home/nginx chown nginx:nginx /home/nginx chmod -R 774 /home/nginx 

此时应该就可以用finder进行连接了。
注意，如果域名没有备案，是连不上的，换成ip进行连接即可。

参考：
大部分内容参考自：https://blog.acesheep.com/index.php/archives/834/

https链接不上的问题：https://blog.csdn.net/weixin_42290927/article/details/124346467

mac os finder无法修改的问题：
https://macosx-admin.omnigroup.narkive.com/Kd9g8jKF/finder-mounts-my-webdav-share-always-readonly
mac os finder无法修改的问题：
http://netlab.dhis.org/wiki/ru:software:nginx:webdav
mac os finder无法修改的问题：
https://hev.cc/posts/2020/nginx-webdav-service/