使用 docker 搭建 webdav 应用

前言

一直想搭建好 nas 的 webdav 服务,但网上大多数服务都不支持多用户,许多人推荐的 hacdias/webdav 项目也找不到详细的安装教程,也就一直搁置了。如今终于搭建成功,便把个人的搭建流程发出来,希望能帮到有需要的人。因为我也不大懂也就是刚跑起来,所以有问题的地方请大佬们轻喷 orz

更新历史

20250707 鉴于 hacdias/webdav 项目更新,完善修正了部分内容。

搭建教程

咱使用的是 hacdias 大佬的基于 Go 语言的 webdav,项目地址在这里。这里使用官方的 docker 镜像。

创建配置文件

在准备好的目录(本例为 /docker/webdav)创建配置文件 config.yaml,填入以下内容。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# 监听任意网卡,多网卡可指定对应ip
address: 0.0.0.0
port: 8081

# TLS-related settings if you want to enable TLS directly.
tls: false
cert: cert.pem
key: key.pem

# Prefix to apply to the WebDAV path-ing. Default is '/'.
prefix: /

# Enable or disable debug logging. Default is 'false'.
debug: false

# Disable sniffing the files to detect their content type. Default is 'false'.
noSniff: false

# Whether the server runs behind a trusted proxy or not. When this is true,
# the header X-Forwarded-For will be used for logging the remote addresses
# of logging attempts (if available).
behindProxy: true

# The directory that will be able to be accessed by the users when connecting.
# This directory will be used by users unless they have their own 'directory' defined.
# Default is '.' (current directory).
directory: /data

# The default permissions for users. This is a case insensitive option. Possible
# permissions: C (Create), R (Read), U (Update), D (Delete). You can combine multiple
# permissions. For example, to allow to read and create, set "RC". Default is "R".
permissions: R

# The default permissions rules for users. Default is none. Rules are applied
# from last to first, that is, the first rule that matches the request, starting
# from the end, will be applied to the request. Rule paths are always relative to
# the user's directory.
rules: []

# The behavior of redefining the rules for users. It can be:
# - overwrite: when a user has rules defined, these will overwrite any global
# rules already defined. That is, the global rules are not applicable to the
# user.
# - append: when a user has rules defined, these will be appended to the global
# rules already defined. That is, for this user, their own specific rules will
# be checked first, and then the global rules.
# Default is 'overwrite'.
rulesBehavior: overwrite

# Logging configuration
log:
# Logging format ('console', 'json'). Default is 'console'.
format: console
# Enable or disable colors. Default is 'true'. Only applied if format is 'console'.
colors: true
# Logging outputs. You can have more than one output. Default is only 'stderr'.
outputs:
- stderr

# CORS configuration
cors:
# Whether or not CORS configuration should be applied. Default is 'false'.
enabled: true
credentials: true
allowed_headers:
- Depth
allowed_hosts:
- http://localhost:8080
allowed_methods:
- GET
exposed_headers:
- Content-Length
- Content-Range

# The list of users. If the list is empty, then there will be no authentication.
# Otherwise, basic authentication will automatically be configured.
#
# If you're delegating the authentication to a different service, you can proxy
# the username using basic authentication, and then disable webdav's password
# check using the option:
#
# noPassword: true
users:
# Example 'admin' user with plaintext password.
- username: admin
password: admin
# Example 'john' user with bcrypt encrypted password, with custom directory.
# You can generate a bcrypt-encrypted password by using the 'webdav bcrypt'
# command lint utility.
- username: john
password: "{bcrypt}$2y$10$zEP6oofmXFeHaeMfBNLnP.DO8m.H.Mwhd24/TOX2MWLxAExXi4qgi"
directory: /another/path
# Example user whose details will be picked up from the environment.
- username: "{env}ENV_USERNAME"
password: "{env}ENV_PASSWORD"
- username: basic
password: basic
# Override default permissions.
permissions: CRUD
rules:
# With this rule, the user CANNOT access {user directory}/some/files.
- path: /some/file
permissions: none
# With this rule, the user CAN create, read, update and delete within
# {user directory}/public/access.
- path: /public/access/
permissions: CRUD
# With this rule, the user CAN read and update all files ending with .js.
# It uses a regular expression.
- regex: "^.+.js$"
permissions: RU

创建容器

与多数 docker 容器创建相同,值得注意的是要将 config.yaml 所在目录映射进容器,并在启动参数指定 c 为容器内 config.yaml

参考:

1
docker run -d --name webdav-go -v /media:/data/media -v /docker/webdav:/config -p 8081:8081 --restart unless-stopped hacdias/webdav:latest -c /config/config.yaml

目录与端口映射

将想要通过 webdav 访问的目录映射进容器内部 /data 目录,配置文件目录 /docker/webdav 映射到容器 /config 目录,端口 8081 映射到外部。

启动参数

添加启动参数 -c /config/config.yaml。portainer-ce 安装要在 Advanced container settings - Command & logging 设置,command 设置为 override 并填入参数。

可访问目录

我们要将配置文件中 directory 设置为 /data,这样才能直接访问到我们想要共享的目录。默认为 .,此时会直接将项目根目录共享出去,这不是我们需要的。

多用户

模板中支持对多个用户进行精细的权限控制(详见注释)。我只有一个人用,故只保留必要部分。
对配置文件中 users 项进行修改:

1
2
3
4
5
users:
- username: your_name # 访问 webdav 的用户名
password: your_password # 访问 webdav 的密码
directory: /data # 将 data 目录所有内容共享出来
permissions: CRUD # 对目录下文件拥有读写删改所有权限

反向代理

如果想要使用 SSL 反代来更安全地使用,可以在配置文件将 behindProxy 设置为 true,在日志里就可以清晰看到访问的真实地址,否则只会是反代服务器所在的地址。

挂载 webdav

推荐使用 RaiDrive 挂载 webdav 盘,2020.6.36 前的版本没有广告。有需求可自行反代。

参考资料

hacdias/webdav: Simple Go WebDAV server.
记录一次NAS系统崩溃


使用 docker 搭建 webdav 应用
https://sunjx97.github.io/posts/cb46f731/
作者
sunjx97
发布于
2022年2月19日
许可协议