How to Set Up a Secure WebDAV Server with Nginx: A Comprehensive Guide
In a world of cloud storage, having direct control over your own files is more important than ever. A personal file server gives you privacy, flexibility, and complete ownership of your data. One of the most robust and widely supported methods for this is WebDAV (Web Distributed Authoring and Versioning), and when paired with the high-performance Nginx web server, it creates a powerful solution for remote file management.
This guide will walk you through the entire process of configuring a secure and efficient WebDAV server using Nginx on a Linux system.
What is WebDAV?
Think of WebDAV as a powerful extension of the HTTP protocol—the same protocol your browser uses to view websites. It transforms a standard web server into a fully-featured file server, allowing you to create, edit, move, and delete files and folders remotely. It’s like having a network drive that you can access from anywhere over the internet, using a wide range of clients built directly into operating systems like Windows and macOS.
Prerequisites
Before we begin, ensure you have the following in place:
- A Linux server (e.g., Ubuntu, Debian, CentOS).
- Nginx installed and running.
- Root or sudo access to the server.
- A domain or subdomain pointed to your server’s IP address (recommended for SSL).
Step 1: Install the Nginx WebDAV Module
The core of our setup relies on the ngx_http_dav_module. The good news is that this module is included in most standard Nginx packages available from official repositories. You likely won’t need to install anything extra, but it’s the essential component that makes this all possible.
Step 2: Create a Directory and Set Permissions
First, you need a dedicated directory on your server where your WebDAV files will be stored. It’s crucial to set the correct ownership so that Nginx can read and write to it.
Create the directory:
sudo mkdir -p /var/www/webdav
Next, change the ownership of this directory to the user that Nginx runs as. On most Debian-based systems like Ubuntu, this is www-data.
sudo chown -R www-data:www-data /var/www/webdav
This command ensures that the Nginx process has the necessary permissions to manage files within this folder.
Step 3: Configure Nginx for WebDAV
Now, we’ll create an Nginx server block configuration. You can either add this to an existing configuration file or create a new one in /etc/nginx/sites-available/.
Here is a complete configuration block. Open your chosen configuration file and add the following:
server {
listen 80;
server_name your-domain.com;
root /var/www/webdav;
location / {
# Allow all WebDAV methods
dav_methods PUT DELETE MKCOL COPY MOVE;
# Automatically create parent directories when needed
create_full_put_path on;
# Set file and directory access permissions for newly created items
dav_access user:rw group:r all:r;
# Optional: Set a max upload size (e.g., 1GB)
client_max_body_size 1G;
# This enables the WebDAV functionality
autoindex on;
}
}
Let’s break down the key directives:
dav_methods: This is the most important directive. It explicitly tells Nginx which WebDAV methods to allow. ThePUT,DELETE,MKCOL(make collection/directory),COPY, andMOVEmethods provide full file management capabilities. Without this, your server would be read-only.create_full_put_path on;: A highly useful directive that allows clients to create files in directories that don’t yet exist. Nginx will automatically create the necessary parent directories.dav_access: This defines the file system permissions for newly created files and directories. In this example, the owner (user) has read/write access, the group has read access, and everyone else (all) has read access. Adjust this based on your security needs.client_max_body_size: By default, Nginx has a very small upload limit (often 1MB). You must increase this to allow for larger file uploads.
After saving your configuration, test it for syntax errors and reload Nginx:
sudo nginx -t
sudo systemctl reload nginx
Step 4: Secure Your Server with Authentication
Leaving a WebDAV server open to the public is a major security risk. We will secure it using HTTP Basic Authentication, which prompts users for a username and password.
First, you’ll need the htpasswd utility, which is part of the apache2-utils (on Debian/Ubuntu) or httpd-tools (on CentOS/RHEL) package.
# For Debian/Ubuntu
sudo apt-get update
sudo apt-get install apache2-utils
# For CentOS/RHEL
sudo yum install httpd-tools
Next, create a password file. For the first user, use the -c flag to create the file. For all subsequent users, omit the -c flag.
sudo htpasswd -c /etc/nginx/.htpasswd your_username
You will be prompted to enter and confirm a password for your_username.
Now, modify your Nginx configuration to enable authentication:
server {
# ... (other settings from before)
location / {
# ... (dav directives from before)
# --- Add these two lines for authentication ---
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
autoindex on;
}
}
auth_basic: This sets the message that will appear in the login prompt.auth_basic_user_file: This points to the password file you just created. This directive is critical for enforcing the login requirement.
Test and reload Nginx one more time:
sudo nginx -t
sudo systemctl reload nginx
Step 5: Encrypt Everything with HTTPS (Highly Recommended)
Basic Authentication sends usernames and passwords in plain text, which can be intercepted. To truly secure your server, you must encrypt all traffic with an SSL/TLS certificate. The easiest way to do this is with Let’s Encrypt.
- Install Certbot: Follow the official instructions at certbot.eff.org to install the client for your specific OS and Nginx.
- Run Certbot: The command is typically as simple as:
bash
sudo certbot --nginx -d your-domain.com
Certbot will automatically obtain a certificate, update your Nginx configuration to use it, and set up a renewal process. This is the most important step for securing your data in transit.
Your final, secure configuration will be listening on port 443 (HTTPS) and should include SSL directives added by Certbot.
Connecting to Your WebDAV Server
You can now connect to your server using a variety of clients:
- Windows: In File Explorer, right-click “This PC” and select “Add a network location.” Use the address
https://your-domain.com. - macOS: In Finder, go to “Go” > “Connect to Server” and enter
https://your-domain.com. - Linux: Use clients like Dolphin, Nautilus, or command-line tools like
cadaver. - Third-Party Apps: Cross-platform clients like Cyberduck or WinSCP also offer excellent WebDAV support.
You now have a private, secure, and efficient file server under your complete control, leveraging the power and stability of Nginx.
Source: https://www.linuxlinks.com/nginx-webdav/
