Newb: Is this WebDav setup going to work?

Hi,

I have an ISPc3 setup working well and I'm petrified of breaking anything so just wanted someone to sanity-check the following... I really have no idea what I'm doing.

I notice there is a lot of interest in webdav as related to ISP3 so perhaps this can become a howto in the end...

I'm assuming the following:

I'm running ISP3 on Ubuntu 8.04 LTS server.
My site is called 'www.mysite.com'. It's already created using ISPc3.
I want to create a dav folder for the client 'Mike' within my website.

Does the following make sense...?

Become root:

Code:

sudo su

Enable the WebDav modules:

Code:

a2enmod
dav (enter)
a2enmod
dav_fs (enter)

Reload apache

Code:

/etc/init.d/apache2 force-reload

Create a dav folder for 'Mike': (The exact location may be different for you)

Code:

mkdir /var/www/clients/client4/www.mysite.com/web/clients/dav/mike

Only allow root and www-data group members to access. Then set permissions:

Code:

chgrp root:www-data /var/www/clients/client4/www.mysite.com/web/clients/dav/mike
chmod 640 /var/www/clients/client4/www.mysite.com/web/clients/dav/mike

Create the htpasswd file and add the user 'mike'. The -c flag creates the file if it doesn't already exist. *Only* use it the first time. You will be asked for the password you wish 'mike' to use.

Code:

htpasswd -c /var/www/clients/client4/www.mysite.com/web/clients/dav/mike/.DAVlogin mike

I then go to my ISPc3 control panel and log in.
I go to the 'Sites' tab
Click on 'www.mysite.com'
Go to 'Options'

In the 'Apache Directives' field I paste in:

Code:

DAVLockDB /tmp/DAVLock
#DAVMinTimeout 600

<Location /clients/client4/www.mysite.com/web/clients/dav/mike/>
        Dav On

        AuthType Basic
        AuthName mike
        AuthUserFile /var/www/clients/client4/www.mysite.com/web/clients/dav/mike/.DAVlogin

        <LimitExcept OPTIONS>
                Require user mike
        </LimitExcept>
</Location>

Save and log out of ISPc3

Restart apache

Code:

/etc/init.d/apache2 restart

I more or less have to repeat this whole thing for each WebDav user I want to create.

Is this going to work?

Is there a more elegant way, especially given that I will need to create further password protected Dav folders for other users?

Thanks guys!

S

 

Hi,

Sadly have to report that this *will not* work...

Things that are tripping me up:

I thought the command to add a directory to several groups (root and www.data in this case) was

Code:

chgrp root:www.data directoryname

But I get:
chgrp: invalid group: `root:www-data'

I have given the dav folder permissions of 640 775 and 777 but nothing works.

When I try to access the folder through a browser I get 'Access forbidden'

My log is saying:
[Thu Jan 14 12:43:42 2010] [error] [client 192.168.0.6] Directory index forbidden by Options directive: /var/www/www.mytestsite.co.uk/web/davtest/

Does anyone have any ideas to get me past this?

I'd really appreciate it

S

 

The correct group name is www-data, not www.data.

 

Falko,

I was hoping you'd show up... ;-)

That must be a typo in my post here. Sorry. The error message from Terminal had it correct as www-data not www.data so I must have got it right in my command originally.

Any other ideas as to why things aren't working?

The message from my error log makes me think the issue is in the code I pasted into the options field in ISPc3...? I just don't know enough to spot the issue.

Code:

DAVLockDB /tmp/DAVLock
#DAVMinTimeout 600

<Location /clients/client4/www.mysite.com/web/clients/dav/mike/>
        Dav On

        AuthType Basic
        AuthName mike
        AuthUserFile /var/www/clients/client4/www.mysite.com/web/clients/dav/mike/.DAVlogin

        <LimitExcept OPTIONS>
                Require user mike
        </LimitExcept>
</Location>

What are your thoughts?

S

 

Are you sure that the path in <Location /clients/client4/www.mysite.com/web/clients/dav/mike/>
is correct?

 

Falko,

It seems the path wasn't correct (thanks but I *still* can't get things right...

This is what I just did...

Code:

root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# locate davtest
/var/www/clients/client1/web1/web/davtest
/var/www/clients/client1/web1/web/davtest.DAVlogin
root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# htpasswd -c /var/www/clients/client1/web1/web/davtest/.Davlogin davtest
New password: 
Re-type new password: 
Adding password for user davtest
root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# /etc/init.d/apache2 restart
 * Restarting web server apache2
   ...done.
root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# chgrp root:www-data /var/www/clients/client1/web1/web/davtest
chgrp: invalid group: `root:www-data'
root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# chmod 640 /var/www/clients/client1/web1/web/davtest
root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# /etc/init.d/apache2 restart
 * Restarting web server apache2
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
   ...fail!
root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# /etc/init.d/apache2 restart
 * Restarting web server apache2
httpd (no pid file) not running
   ...done.
root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# /etc/init.d/apache2 restart
 * Restarting web server apache2
   ...done.
root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# 

I created the directory 'davtest' using my ftp client first, then searched for it... I still get the error:

Code:

ERROR 403 - Forbidden!
The following error occurred:

You are not permitted to access the requested URL.

Please contact the webmaster with any queries.

My error log says:

Code:

[Tue Jan 19 09:14:34 2010] [crit] [client 192.168.0.6] (13)Permission denied: /var/www/www.myothersite.co.uk/web/davtest/.htaccess pcfg_openfile: unable to check htaccess$

These are the permissions:

Code:

root@mybox:/var/www/clients/client1/web1/web# ls -a -l
total 36
drwxr-xr-x 5 web1     client1 4096 2010-01-14 13:50 .
drwxr-xr-x 6 root     root    4096 2009-06-09 11:38 ..
drw-r----- 2 www-data client1 4096 2010-01-19 09:06 davtest
-rw-r--r-- 1 root     root      22 2010-01-14 14:08 davtest.DAVlogin
drwxr-xr-x 2 web1     client1 4096 2009-06-09 10:48 error
-rwxr-xr-- 1 web1     client1 1406 2009-06-09 10:48 favicon.ico
-rwxr-xr-- 1 web1     client1    0 2009-06-09 10:48 .htaccess
-rwxr-xr-- 1 web1     client1 1861 2009-06-09 10:48 index.html
-rwxr-xr-- 1 web1     client1   34 2009-06-09 10:48 robots.txt
drwxr-xr-x 2 web1     client1 4096 2010-01-15 00:30 stats
lrwxrwxrwx 1 root     root      16 2009-06-09 12:12 webmail -> /var/www/webmail

Make any sense?

Thanks for your help as always...

(Why do I get those apache errors on restart btw...? They go away on the third attempt...)

S

 

Directories must always be executable, so oyu should try a

Code:

chmod 751 davtest

 

Falko,

Really sorry but after

Code:

root@mybox:/var/www/clients/client1/web1/web# ls -a -l
total 36
drwxr-xr-x 5 web1     client1 4096 2010-01-14 13:50 .
drwxr-xr-x 6 root     root    4096 2009-06-09 11:38 ..
drw-r----- 2 www-data client1 4096 2010-01-19 09:06 davtest
-rw-r--r-- 1 root     root      22 2010-01-14 14:08 davtest.DAVlogin
drwxr-xr-x 2 web1     client1 4096 2009-06-09 10:48 error
-rwxr-xr-- 1 web1     client1 1406 2009-06-09 10:48 favicon.ico
-rwxr-xr-- 1 web1     client1    0 2009-06-09 10:48 .htaccess
-rwxr-xr-- 1 web1     client1 1861 2009-06-09 10:48 index.html
-rwxr-xr-- 1 web1     client1   34 2009-06-09 10:48 robots.txt
drwxr-xr-x 2 web1     client1 4096 2010-01-15 00:30 stats
lrwxrwxrwx 1 root     root      16 2009-06-09 12:12 webmail -> /var/www/webmail
root@mybox:/var/www/clients/client1/web1/web# chmod 751 davtest
root@mybox:/var/www/clients/client1/web1/web# /etc/init.d/apache2 restart
 * Restarting web server apache2
   ...done.
root@mybox:/var/www/clients/client1/web1/web# 

I still get the 403 error above.

Log:

Code:

[Wed Jan 20 13:26:19 2010] [error] [client 192.168.0.6] Directory index forbidden by Options directive: /var/www/www.myothersite.co.uk/web/davtest/

I notice above that the directory davtest is in the group www-data and the davtest.DAVlogin file is in the group root.

I'm guessing this is significant (?) but I get the error here:

Code:

root@mybox:/var/www/clients/client1/www.myothersite.co.uk/log# chgrp root:www-data /var/www/clients/client1/web1/web/davtest
chgrp: invalid group: `root:www-data'

This is what's in the 'Options' field in the relevant site in ISPc3:

Code:

DAVLockDB /var/lock/apache2/DAVLock
#DAVMinTimeout 600

<Location /var/www/clients/client1/web1/web/davtest>
        Dav On

        AuthType Basic
        AuthName davtest
        AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin

        <LimitExcept OPTIONS>
                Require user davtest
        </LimitExcept>
</Location>

Should the web address be in there somewhere?

Thanks for your time with this! I'm sure it's a newb mistake I'm making but I have done this many times on a non-ISPc3 server so it's something specific to this server...

S

 

The chgrp command jujst takes the group name as argument, not a user and a group. What you want is chown instead:

Code:

chown root:www-data /var/www/clients/client1/web1/web/davtest

 

Falko,

I'm so sorry but I get the same error as before.

I did restart apache with "/etc/init.d/apache2 restart". Do I need another command?

The log says:

Code:

[Thu Jan 21 14:36:58 2010] [error] [client 192.168.0.6] Directory index forbidden by Options directive: /var/www/www.myothersite.co.uk/web/davtest/

Any other thoughts? This ought to be possible to do? Yes?

S

 

Can you post the vhost configuration of that vhost?

 

Falko,

In the Options tab for that site within ISPc3 I have:

Code:

DAVLockDB /var/lock/apache2/DAVLock
#DAVMinTimeout 600

<Location /var/www/clients/client1/web1/web/davtest>
        Dav On

        AuthType Basic
        AuthName davtest
        AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin

        <LimitExcept OPTIONS>
                Require user davtest
        </LimitExcept>
</Location>

The actual vhost file seems to be:

Code:

<Directory /var/www/www.myothersite.co.uk>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/www.myothersite.co.uk/web

    ServerName www.myothersite.co.uk
    ServerAlias *.www.myothersite.co.uk
    ServerAdmin [email protected]

    ErrorLog /var/log/ispconfig/httpd/www.myothersite.co.uk/error.log

    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 503 /error/503.html

    <Directory /var/www/www.myothersite.co.uk/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web1/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]"
    php_admin_value upload_tmp_dir /var/www/clients/client1/web1/tmp
    php_admin_value session.save_path /var/www/clients/client1/web1/tmp

Hope this helps

S

 

That's not the full vhost - the end is missing...

 

Falko,

Sorry, I'm not familiar with things like nano text editor...

This is the end of the file:

Code:

DAVLockDB /var/lock/apache2/DAVLock
#DAVMinTimeout 600

<Location /var/www/clients/client1/web1/web/davtest>
        Dav On

        AuthType Basic
        AuthName davtest
        AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin

        <LimitExcept OPTIONS>
                Require user davtest
        </LimitExcept>
</Location>

</VirtualHost>

Helpful? At least it looks the same as what I pasted in to ISPc3

S

 

Unfortunately not. I need the full configuration. You can use cat to output the contents of the file.

 

Falko,

Sorry, I'm not doing very well here am I...

This is what I got:

Code:

me@sierra:/var/www/clients/client5/web5$ sudo cat /etc/apache2/sites-enabled/www.myothersite.co.uk.vhost
[sudo] password for me: 
<Directory /var/www/www.myothersite.co.uk>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/www.myothersite.co.uk/web
  
    ServerName www.myothersite.co.uk
    ServerAlias *.www.myothersite.co.uk
    ServerAdmin [email protected]

    ErrorLog /var/log/ispconfig/httpd/www.myothersite.co.uk/error.log

    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 503 /error/503.html

    <Directory /var/www/www.myothersite.co.uk/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web1/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]"
    php_admin_value upload_tmp_dir /var/www/clients/client1/web1/tmp
    php_admin_value session.save_path /var/www/clients/client1/web1/tmp

DAVLockDB /var/lock/apache2/DAVLock
#DAVMinTimeout 600

<Location /var/www/clients/client1/web1/web/davtest>
        Dav On

        AuthType Basic
        AuthName davtest
        AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin

        <LimitExcept OPTIONS>
                Require user davtest
        </LimitExcept>
</Location>

</VirtualHost>

Better?

S

 

Better.

Can you change

Code:

<Directory /var/www/www.myothersite.co.uk/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web1/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

to

Code:

<Directory /var/www/www.myothersite.co.uk/web>
        Options FollowSymLinks [B][COLOR="Red"]+Indexes[/COLOR][/B]
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web1/web>
        Options FollowSymLinks [B][COLOR="Red"]+Indexes[/COLOR][/B]
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

and restart Apache?

 

Falko,

I think we are nearly there Don't go!

My .vhost now looks like this:

Code:

<Directory /var/www/www.myothersite.co.uk>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/www.myothersite.co.uk/web
  
    ServerName www.myothersite.co.uk
    ServerAlias *.www.myothersite.co.uk
    ServerAdmin [email protected]

    ErrorLog /var/log/ispconfig/httpd/www.myothersite.co.uk/error.log

    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 503 /error/503.html

    <Directory /var/www/www.myothersite.co.uk/web>
        Options FollowSymLinks +Indexes
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web1/web>
        Options FollowSymLinks +Indexes       
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]"
    php_admin_value upload_tmp_dir /var/www/clients/client1/web1/tmp
    php_admin_value session.save_path /var/www/clients/client1/web1/tmp

DAVLockDB /var/lock/apache2/DAVLock
#DAVMinTimeout 600

<Location /var/www/clients/client1/web1/web/davtest>
        Dav On

        AuthType Basic
        AuthName davtest
        AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin

        <LimitExcept OPTIONS>
                Require user davtest
        </LimitExcept>
</Location>

</VirtualHost>

Using my browser, I seem to be able to get to the davtest folder but I don't get a username/password challenge, which is important to me.

Using the OSX finder I get an error that the "Server cannot be found on the network".

There are no errors in my log.

Some tweak is required somewhere.

EDIT:
I thought there wasn't a .Davlogin file inside davtest and so logged in to my ISPc3 panel > Sites > Options and changed the line

Code:

AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin

to

Code:

AuthUserFile /var/www/clients/client1/web1/web/davtest.DAVlogin

as I could see the web/davtest.DAVlogin file.

This made no difference but when I changed it back, I suddenly can't get to the davtest folder any more, using my browser. I get a 403 Forbidden! error.

I restarted apache.

There *is* in fact a .Davlogin file inside the davtest directory. I thought my ftp client was showing invisible files but it didn't show that one. I can see it in the terminal.

*Now* my log says:

Code:

[Thu Jan 28 10:10:33 2010] [error] [client my.ip] Directory index forbidden by Options directive: /var/www/www.myothersite.co.uk/web/davtest/

I'll write all this up when we are done, I promise!

S

 

I guess the previous change was overwritten by ISPConfig because you changed something in the web interface. Please add this to your Apache Directives field in ISPConfig (ISPc3 panel > Sites > Options) so that the change becomes persistent:

Code:

<Directory /var/www/www.myothersite.co.uk/web>
        Options +Indexes
</Directory>
<Directory /var/www/clients/client1/web1/web>
        Options +Indexes
</Directory>

What's the output of

Code:

ls -la /var/www/clients/client1/web1/web/davtest.DAVlogin

?

 

Falko,

Well, I can get to the /davtest directory again but still no username/password challenge.

The output of -la /var/www/clients/client1/web1/web/davtest.DAVlogin is:

Code:

-rw-r--r-- 1 root root 22 2010-01-14 14:08 /var/www/clients/client1/web1/web/davtest.DAVlogin

In my Options field within ISPc3 I now have:

Code:

<Directory /var/www/www.myothersite.co.uk/web>
        Options +Indexes
</Directory>
<Directory /var/www/clients/client1/web1/web>
        Options +Indexes
</Directory>
DAVLockDB /var/lock/apache2/DAVLock
#DAVMinTimeout 600

<Location /var/www/clients/client1/web1/web/davtest>
        Dav On

        AuthType Basic
        AuthName davtest
        AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin

        <LimitExcept OPTIONS>
                Require user davtest
        </LimitExcept>
</Location>

The vhost file of www.myothersite.co.uk is:

Code:

<Directory /var/www/www.myothersite.co.uk>
    AllowOverride None
    Order Deny,Allow
    Deny from all
</Directory>

<VirtualHost *:80>
      DocumentRoot /var/www/www.myothersite.co.uk/web
  
    ServerName www.myothersite.co.uk
    ServerAlias *.www.myothersite.co.uk
    ServerAdmin [email protected]

    ErrorLog /var/log/ispconfig/httpd/www.myothersite.co.uk/error.log

    ErrorDocument 400 /error/400.html
    ErrorDocument 401 /error/401.html
    ErrorDocument 403 /error/403.html
    ErrorDocument 404 /error/404.html
    ErrorDocument 405 /error/405.html
    ErrorDocument 500 /error/500.html
    ErrorDocument 503 /error/503.html

    <Directory /var/www/www.myothersite.co.uk/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>
    <Directory /var/www/clients/client1/web1/web>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    # mod_php enabled
    AddType application/x-httpd-php .php .php3 .php4 .php5
    php_admin_value sendmail_path "/usr/sbin/sendmail -t -i [email protected]"
    php_admin_value upload_tmp_dir /var/www/clients/client1/web1/tmp
    php_admin_value session.save_path /var/www/clients/client1/web1/tmp

<Directory /var/www/www.myothersite.co.uk/web>
        Options +Indexes
</Directory>
<Directory /var/www/clients/client1/web1/web>
        Options +Indexes
</Directory>
DAVLockDB /var/lock/apache2/DAVLock
#DAVMinTimeout 600

<Location /var/www/clients/client1/web1/web/davtest>
        Dav On

        AuthType Basic
        AuthName davtest
        AuthUserFile /var/www/clients/client1/web1/web/davtest/.DAVlogin

        <LimitExcept OPTIONS>
                Require user davtest
        </LimitExcept>
</Location>

</VirtualHost>

Apache has been restarted.

Sorry this is such hard work!

Any ideas?

S