New multi-server setup, WebDav question?

Discussion in 'ISPConfig 3 Priority Support' started by ledoktre, Apr 28, 2014.

  1. ledoktre

    ledoktre Member

    Greetings all,

    First off, a fine job on ISPConfig3. It amazes me how smoothly it seems to tie everything together. Took me a bit at first to get the hang of it, but now I can roll out another member server in no time.

    I VERY (can't stress this point enough) MUCH appreciate the support included for Nginx. It is working out SO WELL!

    I have a few customers who are still on old CentOS boxes running legacy versions of Apache and FPSE, and I set out over this past weekend to roll out a box that had Apache on it to use Web Dav support (with newer versions of Front Page / Expression Web).

    I was able to get the web dav to work nearly out of the starting gate (just had to realize / figure out the URL to use in the client), but there is one thing that I am a loss at to try and figure out. Here goes :

    Q: How do I use ISPConfig to setup a webdav user that is able to access their website files? I've tried sym links, tried adding a custom directive to site options, and Im just not getting it. How do you, oh infallible ones, or how would you recommend, I appease these customers?



    EDIT: System is based off of Debian Testing, it is up to date both with Debian and with ISPConfig (stable).

    EDIT2: I did buy 6 months support, so I'm not sure why it doesn't list that on my account?
    Last edited: Apr 28, 2014
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    The webdav function is mainly to share documents and not to access website files.
    I think this would not work either, as the webdav user would have wrong permissions for this.
    Files reside in /webdav of the website and not in /web where the website itself resides.
  3. ledoktre

    ledoktre Member

    Thanks for the reply.

    You are right, I can see where the webdav runs under a different user.

    I am wondering what the best method to achieve this. Other hosts (and control panels) offer this as a way to let people using Expression Web or Dreamweaver connect and edit their site.

    What are the options as you see it? Bear in mind these users are coming off of FPSE, so they are used to inplace editing (i.e. not changing stuff then uploading via ftp).


  4. till

    till Super Moderator Staff Member ISPConfig Developer

    you mean the optional yellow stars at the username? You can activate them in you user controlpanel.

    There is no easy way to achive what you are looking for regarding webdav. Some other controlpanels dont have a security concept like ispconfig that islates websites from each other by running them under differentusers. Instead they run all websites under the same linux user (apache/www-data/wwwrun) as the main apache webserver which makes hacking these servers easier and client sites are not isolated from each other.

    The apache webserver is able to run scripts with suexec under different users and ftp is able to run under different users as well. But the apache webdav module has no support to switch user context on vhost basis, so apache simply is not supporting webdav for secure websites.

    One option that you can try is to use apache mpm-itk, this apache processing module runs a apache worker for each website under a different user, maybe this alows webdav to use a different user as well. But this will not remove the path restrictions that ispconfig applies to webdav as webdav is not meant as technology to access the web dir on a ispconfig server, so you might have to alter the ispconfig code for that.
  5. ledoktre

    ledoktre Member


    Greetings. I just wanted to report back how I finally ended up settling this in hopes that it might help someone else who may sometime try to resolve this. I think it was not a bad craft. You let me know a few things that I'd be faced up against.

    I checked out MPM-ITK, read some stuff on it and I ended up using the fileserver.php that is included with sabredav. Runs under PHP-FPM, so I actually opted to throw it back on one of my nginx boxes. Since running under PHP, it has the right UID/GID- security should not be an issue I'd expect.

    I setup a subdomain vhost (in my case, and I set it up to be a protected folder. I configured the fileserver.php to use passthrough authentication, and set its tmp folder to the tmp folder and set the data directory to the main website directory.

    Aside from that, the ONLY things left to do was to add the data directory path to the open_basedir directive and pass a custom nginx config in ISPConfig :

    location / {
    index index.php;
    dav_ext_methods PROPFIND OPTIONS;
    rewrite ^(.*)$ /index.php last;

    I am not the best at nginx configuration, so please feel free to embellish, but its what I have come up with and so far seems to be working well.

    Do you think its worth trying to submit a tutorial?


  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats a interesting approach. It would be great if you could submit this as tutorials as I'ams sure that it will helpothers with a similar problem.

Share This Page