2007-08-09

Howto setup Apache 2.2.4 + WebDAV under Windows XP in 5 minutes

Posted by Pascal Thivent at 23:06
I like to use WebDAV for maven deployments : it's simple, go through most firewalls, can be secured... it's really a nice protocol. For testing purposes (and because WebDAV is currenlty broken in Proximity), I'm running Apache 2 + WebDAV under Ubuntu on my laptop and honestly, it was a piece of cake to get it working. But today, because one of my customer who is using a Win 2K server was facing really strange issues with his setup, I decided to install Apache 2 + WebDAV under Windows XP. My goal is to configure a DAV access to a remote directory with universal read-access but restricted writes. Here are the steps :

1. Download and install the latests Apache 2.2 release for Windows. In my case, I downloaded apache_2.2.4-win32-x86-no_ssl.msi and installed it for "All Users, on port 80, as a Service", in C:\Program Files\Apache Software Foundation\Apache2.2\.

2. Create a C:/Program Files/Apache Software Foundation/Apache2.2/var directory, right click on it, select the Security tab, go to the Advanced Parameters, select the Owner tab and select Administrator as owner.

Note: According to this article in the Microsoft Knowledge Base:
If the Security tab is not available, and if you cannot configure permissions for users and groups, either the file or folder that you want to apply permissions to is not an NTFS drive, or simple file sharing is enabled. To troubleshoot, follow these steps
  1. Verify that the file or folder that you want to apply permissions to is an NTFS drive. You can set permissions only on drives that are formatted to use NTFS.
  2. By default, simplified sharing is enabled in Windows XP unless you are on a domain. To work around this behavior, disable Simplified Sharing.


Disabling Simplified Sharing can be done as explained in the same article

3. Repeat the operation for C:/Program Files/Apache Software Foundation/Apache2.2/uploads.

4. Then execute the following command from apache bin directory: htdigest -c "C:/Program Files/Apache Software Foundation/Apache2.2/user.passwd" DAV-upload admin.

5. Edit C:/Program Files/Apache Software Foundation/Apache2.2/httpd.conf, activate the following modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias, mod_auth_digest, mod_authn_file. Uncomment the line: #Include conf/extra/httpd-dav.conf.

6. Restart Apache

7. Download and install Cadaver, a command-line WebDAV client for unix. Wait, it's a Unix tool... The good news is that it has been ported under Cygwin. Download Cygwin and install the cadaver package!

8. Open cygwin and launch: cadaver http://localhost/uploads

pthivent@pthivent-laptop ~ $ echo "bar" > foo.txt
pthivent@pthivent-laptop ~ $ cadaver http://localhost/uploads
Authentication required for DAV-upload on server `localhost':
Username: admin
Password:
dav:/uploads/> put foo.txt
Uploading foo.txt to `/uploads/foo.txt':
Progress: [=============================>] 100.0% of 401 bytes succeeded.
dav:/uploads/> ls
Listing collection `/uploads/': succeeded.
*foo.txt 4 Aug 10 00:16
dav:/uploads/>

Ok, dav and authentication are working, authentication a bit too much actually. I should be able to browse without authentication. Let's have a look at apache access.log. When executing cadaver http://localhost/uploads, the following entries are logged in the access file:

127.0.0.1 - - [10/Aug/2007:02:22:37 +0200] "OPTIONS /uploads/ HTTP/1.1" 200 -
127.0.0.1 - - [10/Aug/2007:02:22:37 +0200] "PROPFIND /uploads/ HTTP/1.1" 401 401

But in C:/Program Files/Apache Software Foundation/Apache2.2/extra/httpd-dav.conf, only GET and OPTIONS don't require authentication.

9. I decide to add PROPFIND to the LimitExcept list, restart Apache and execute cadaver again:

pthivent@pthivent-laptop ~ $ echo "foo" > bar.txt
pthivent@pthivent-laptop ~ $ cadaver http://localhost/uploads
dav:/uploads/> put bar.txt
Uploading bar.txt to `/uploads/bar.txt':
Progress: [=============================>] 100.0% of 401 bytes
Authentication required for DAV-upload on server `localhost':
Username: admin
Password:
succeeded.
dav:/uploads/>

Sweet, it's now working.

10. Let's try a Windows "Web Folder" now, just for the fun. Go to your "Windows network places" and "Add a network place" pointing on http://localhost/uploads... Open the location, browse it. Try to create a file/directory. Provide the required credentials :)

11. Finally, open http://localhost/uploads in IE.

Forbidden

You don't have permission to access /uploads/ on this server.

Strange, this is not what I was expecting... Let's check the error.log :

[Fri Aug 10 02:36:35 2007] [error] [client 127.0.0.1] Directory index forbidden by Options directive: C:/Program Files/Apache Software Foundation/Apache2.2/uploads/

12. Well, that's perfectly clear. Let me authorize this in the httpd-dav.conf with an Options Indexes in the uploads Directory directive.

13. Restart Apache... open IE, check again and... browse your directory this time!

Just to summarize, below a diff between the original httpd.conf and the modified one:

pthivent@pthivent-laptop /cygdrive/c/Program Files/Apache Software Foundation/Apache2.2/conf $ diff httpd.conf default/httpd.conf
71c71
< LoadModule auth_digest_module modules/mod_auth_digest.so
---
> #LoadModule auth_digest_module modules/mod_auth_digest.so
84,85c84,85
< LoadModule dav_module modules/mod_dav.so
< LoadModule dav_fs_module modules/mod_dav_fs.so
---
> #LoadModule dav_module modules/mod_dav.so
> #LoadModule dav_fs_module modules/mod_dav_fs.so
469c469
< Include conf/extra/httpd-dav.conf
---
> #Include conf/extra/httpd-dav.conf

pthivent@pthivent-laptop /cygdrive/c/Program Files/Apache Software Foundation/Apache2.2/conf $

And this is a diff between the original httpd-dav.conf and the mofified one:

pthivent@pthivent-laptop /cygdrive/c/Program Files/Apache Software Foundation/Apache2.2/conf $ diff extra/httpd-dav.conf default/httpd-dav.conf
20d19
< Options Indexes
34c33
< <LimitExcept GET OPTIONS PROPFIND>
---
> <LimitExcept GET OPTIONS>

pthivent@pthivent-laptop /cygdrive/c/Program Files/Apache Software Foundation/Apache2.2/conf $

Now, let's see how this works under Windows 2K.
Labels: , , , ,

8 comments:

  1. Thanks for posting this. It is very clear and worked for me.

    One small thing is the reference to setting the folder ownership. As one who is not familiar with Windows, my Properties dialog did not include the tabs you describe. It did not keep me from succeeding though.

    Nice write up!
    ReplyDelete
  2. You're welcome. Happy to know it has been helpful for you.

    About the folder ownership, you're right, a reference to activate the Security Tab is missing. I'll update the post.

    Thanks for pointing this out.
    ReplyDelete
  3. Thanks for this little how-to, it has been helpful. One small thing im sure, being new to apache/webDAV, im still trying to fin my way around and i'm it is self explanatory to most but when i do the \put hello.txt i get the following error

    dav:/uploads/> put hello.txt
    Uploading hello.txt to `/uploads/hello.txt': Could not open file: No such file o
    r directory
    dav:/uploads/>

    I assume i was suppose to create this file somewhere, but i cant seem to find where it is grabbing it from... thanks in advance.
    ReplyDelete
  4. I didn't mention I created this hello.txt file on the fly, just for testing purposes, before to launch cadaver. This file was in my user home (~) directory under cygwin. This is indeed not obvious and your assumption is right. Sorry if this wasn't clear. I've slightly modified the post to fix this.

    And BTW, when using cadaver, you can use the "local" lls, lcd, lpwd commands to manipulate the local or source folder. Check the interactive help for exhaustive informations.
    ReplyDelete
  5. Hi there ! Another "THANKS mate" for posting this : it probably saved me a whole bunch of painful hours.

    My "Apache WebDAV under XP" is operational right now, but i have to stress out that :
    - i didn't succeed in using cadaver to test WebDAV. The command "cadaver http://localhost/uploads" just... did nothing. It might be some not-installed Cygwin package, though, since this is this first time i use Cygwin, there's a *lot* i don't know about it. FWIW, Apache's "access.log" didn't trace any connexion attempt during this phase.
    - Nor did i succeed to use the Windows "Web Folders". First, it was painfully *slow*. Specifying the port number during the "web folder assistant" (ie. http://localhost:80/uploads) helped a lot to speed up the process of accessing the WebDAV folder (see http://en.wikipedia.org/wiki/WebDAV, "Microsoft Windows clients" chapter). But even at "full" speed, i never passed the passwords check, just like the password i entered was wrong. Since it worked perfectly publishing a Sunbird calendar, i assume there's something wrong with WebDAV folders on my Explorer.

    Thanks again for this brilliant how-to !
    ReplyDelete
  6. in addition to specifying the port, adding the user name to the url supposedly forces old skool auth method. like: http://user@server:port/folder
    ReplyDelete
  7. in addition to specifying the port, adding the user name to the url supposedly forces old skool auth method. like: http://user@server:port/folder
    ReplyDelete
  8. Thank you - very helpful
    ReplyDelete

Subscribe to: Post Comments (Atom)