httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ajay Garg <ajaygargn...@gmail.com>
Subject [users@httpd] Problem in configuring "WebDAV" on Debian Squeeze
Date Wed, 05 Sep 2012 11:44:22 GMT
Hi all.

I have been able to setup WebDAV sharing on a server hosted on Fedora-14
and Fedora-17.
However, when I try to do the same on a Debian Squeeze, I am unsuccessful.


Here is the relevant info that I think is important ::


=== SETUP ===

*
Debian Squeeze is installed as a VM, on a Fedora-14 Virtualbox.

*
Thus, Debian is the "Guest", while Fedora-14 is the "Host".








=== CONFIG FILE ON DEBIAN VM ===

Following are the contents of "/etc/apache2/sites-available/default" ::


#########################################################################################################
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
        ServerName ceibal.uy:80
    DocumentRoot /var/www/apache2-default/
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/apache2-default/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        Allow from 192.168.4.0/22
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from 192.168.4.0/22
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
    Allow from 192.168.4.0/22
        Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>


LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so

<VirtualHost *:443>
        SSLEngine on

    DocumentRoot /var/www
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /var/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile    /root/ssl.crt
    SSLCertificateKeyFile /root/ssl.key

    #   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convinience.
    #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

    #   Certificate Authority (CA):
    #   Set the CA certificate verification path where to find CA
    #   certificates for client authentication or alternatively one
    #   huge file containing all of them (file must be PEM encoded)
    #   Note: Inside SSLCACertificatePath you need hash symlinks
    #         to point to the certificate files. Use the provided
    #         Makefile to update the hash symlinks after changes.
    #SSLCACertificatePath /etc/ssl/certs/
    #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

    #   Certificate Revocation Lists (CRL):
    #   Set the CA revocation path where to find CA CRLs for client
    #   authentication or alternatively one huge file containing all
    #   of them (file must be PEM encoded)
    #   Note: Inside SSLCARevocationPath you need hash symlinks
    #         to point to the certificate files. Use the provided
    #         Makefile to update the hash symlinks after changes.
    #SSLCARevocationPath /etc/apache2/ssl.crl/
    #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

    #   Client Authentication (Type):
    #   Client certificate verification type and depth.  Types are
    #   none, optional, require and optional_no_ca.  Depth is a
    #   number which specifies how deeply to verify the certificate
    #   issuer chain before deciding the certificate is not valid.
    #SSLVerifyClient require
    #SSLVerifyDepth  10

    #   Access Control:
    #   With SSLRequire you can do per-directory access control based
    #   on arbitrary complex boolean expressions containing server
    #   variable checks and other lookup directives.  The syntax is a
    #   mixture between C and Perl.  See the mod_ssl documentation
    #   for more details.
    #<Location />
    #SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
    #            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
    #            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
    #            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
    #            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
    #           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
    #</Location>

    #   SSL Engine Options:
    #   Set various options for the SSL engine.
    #   o FakeBasicAuth:
    #     Translate the client X.509 into a Basic Authorisation.  This
means that
    #     the standard Auth/DBMAuth methods can be used for access
control.  The
    #     user name is the `one line' version of the client's X.509
certificate.
    #     Note that no password is obtained from the user. Every entry in
the user
    #     file needs this password: `xxj31ZMTZzkVA'.
    #   o ExportCertData:
    #     This exports two additional environment variables:
SSL_CLIENT_CERT and
    #     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
    #     server (always existing) and the client (only existing when client
    #     authentication is used). This can be used to import the
certificates
    #     into CGI scripts.
    #   o StdEnvVars:
    #     This exports the standard SSL/TLS related `SSL_*' environment
variables.
    #     Per default this exportation is switched off for performance
reasons,
    #     because the extraction step is an expensive operation and is
usually
    #     useless for serving static content. So one usually enables the
    #     exportation for CGI and SSI requests only.
    #   o StrictRequire:
    #     This denies access when "SSLRequireSSL" or "SSLRequire" applied
even
    #     under a "Satisfy any" situation, i.e. when it applies access is
denied
    #     and no other module can change it.
    #   o OptRenegotiate:
    #     This enables optimized SSL connection renegotiation handling when
SSL
    #     directives are used in per-directory context.
    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    #   SSL Protocol Adjustments:
    #   The safe and default but still SSL/TLS standard compliant shutdown
    #   approach is that mod_ssl sends the close notify alert but doesn't
wait for
    #   the close notify alert from client. When you need a different
shutdown
    #   approach you can use one of the following variables:
    #   o ssl-unclean-shutdown:
    #     This forces an unclean shutdown when the connection is closed,
i.e. no
    #     SSL close notify alert is send or allowed to received.  This
violates
    #     the SSL/TLS standard but is needed for some brain-dead browsers.
Use
    #     this when you receive I/O errors because of the standard approach
where
    #     mod_ssl sends the close notify alert.
    #   o ssl-accurate-shutdown:
    #     This forces an accurate shutdown when the connection is closed,
i.e. a
    #     SSL close notify alert is send and mod_ssl waits for the close
notify
    #     alert of the client. This is 100% SSL/TLS standard compliant, but
in
    #     practice often causes hanging connections with brain-dead
browsers. Use
    #     this only for browsers where you know that their SSL
implementation
    #     works correctly.
    #   Notice: Most problems of broken clients are also related to the HTTP
    #   keep-alive facility, so you usually additionally want to disable
    #   keep-alive for those clients, too. Use variable "nokeepalive" for
this.
    #   Similarly, one has to force some clients to use HTTP/1.0 to
workaround
    #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0"
and
    #   "force-response-1.0" for this.
    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    # MSIE 7 and newer should be able to use keepalive
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown



#        DocumentRoot /var/www/web1/web
        <Directory /var/www/web1/web/>
                Options Indexes MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        Alias /webdav /var/www/web1/web

        <Location /webdav>
            DAV On
            AuthType Basic
            AuthName "webdav"
            AuthUserFile /var/www/web1/passwd.dav
            Require valid-user
        </Location>

</VirtualHost>
#########################################################################################################







=== OUTPUT, WHEN I RESTART APACHE2 ON DEBIAN VM ===

Command Run ==>  "/etc/init.d/apache2 restart"


#########################################################################################################
Restarting web server: apache2[Wed Sep 05 08:29:09 2012] [warn] module
dav_module is already loaded, skipping
[Wed Sep 05 08:29:09 2012] [warn] module wsgi_module is already loaded,
skipping
apache2: Could not reliably determine the server's fully qualified domain
name, using 127.0.1.1 for ServerName
 ... waiting [Wed Sep 05 08:29:10 2012] [warn] module dav_module is already
loaded, skipping
[Wed Sep 05 08:29:10 2012] [warn] module wsgi_module is already loaded,
skipping
apache2: Could not reliably determine the server's fully qualified domain
name, using 127.0.1.1 for ServerName.
#########################################################################################################






=== OUTPUT OF NETSTAT, TO SEE WHAT PORTS ARE BEING LISTENED ON ===

Command Run ==> "netstat -plunt | fgrep 443"



#########################################################################################################
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
EMPTY
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#########################################################################################################






=== TELNET OBSERVATIONS ===

On the VM,

*
telnet open 127.0.0.1 80    ==> successful  (although I later get the
"Permission Denied" message, due to only specific IPs being allowed).


*
telnet open 127.0.0.1 443  ==> Connection Refused (right away).



=====================================================================================



Please let me know if any other info is required, that may help isolate the
issue.

Looking forward to a reply.



Thanks and Regards,
Ajay

Mime
View raw message