A simple e-mail client and WebDAV

Last week I explored two fabulous products which has made one of my clients very happy. This client has two separate offices with separate broadband connections. Now we’re talking about a three person operation so a micro business really. Can’t really afford a dedicated leased line between the two offices. ADSL broadband will have to do.

I began looking at the services which are needed. Currently e-mail and files access. I had two options really. VPN and or web services. VPN is dead simple to implement and maintaining passwords will be simpler with a domain. But over a slow connection VPN really drags. So I implemented that on either end and it is working using ipSec on Vista. I followed the instructions here.

I decided then also to implement web services for those times when a user simply wants to come in and check their e-mail or grab a file off the server. Turns out there are two simple products to do this, SquirrelMail and WebDAV.

WebDAV is more or less “builtin” to every Linux distribution out there. If you have lighttpd or apache on your machine you can turn on WebDAV and bingo you’re set. WebDAV is defined as

Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows computer-users to edit and manage files collaboratively on remote World Wide Web servers. RFC 4918 defines the extensions

This can be bolted on to almost every webserver – even IIS!. I used lighttpd and all it takes is to follow the following steps:

apt-get install lighttpd lighttpd-mod-webdav apache2-utils

Then enable the webdav and authentication modules in lighttpd

lighty-enable-mod auth
lighty-enable-mod webdav

Then edit your /etc/lighttpd/lighttpd.conf file and uncomment the mod_auth and mod_webdav lines from the file. It should look similar to this:

server.modules              = (
# "mod_rewrite",
# "mod_redirect",
# "mod_evhost",
# "mod_usertrack",
# "mod_rrdtool",
# "mod_expire",
# "mod_flv_streaming",
# "mod_evasive"

Then add something similar into the file to setup the WebDAV location:

alias.url = ( "/webdav" => "/var/www/webee" )
$HTTP["url"] =~ "^/webdav($|/)" {
webdav.activate = "enable" = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/webee/passwd.dav"
auth.require = ( "" => ( "method" => "basic",
"realm" => "webdav",
"require" => "valid-user" ) )

Then restart lighty

sudo service lighttpd restart

You can use Windows to setup a WebDAV connection, the process differs from XP to Vista and Windows 7. You can find some instructions here – just ignore the top bit. I find that on XP certain files (typically .pdf files) cannot be opened. And in Vista you don’t double-click to open a folder or a file. You have to use the right-mouse context menu and select open.

Now that gets you an unencrypted WebDAV connection. For some this maybe okay, but for professional installations you won’t want important client files flying over public wires unencrypted. For this we’ll need to turn on lighttpd’s SSL capabilities. This is fairly simple, First we need to get lighty to listen on the appropriate port and select the proper certificate. Let’s start with the certificate first.

sudo openssl req -new -x509 -keyout /etc/ssl/certs/webdav.pem -out /etc/ssl/certs/webdav.pem -days 3650 -nodes

Fill in the questions as appropriate. Make sure to put in your external web address – the one you are using either from your website host or from DynDNS (or similar) – when it asks for YOUR name. Note that the private and public key are in the same file.

Open lighttpd.conf again and add this into it.

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/certs/webdav.pem"

This gets lighty listening on port 443, the standard one for SSL connections. You can change this port  whatever you like. I like to use something else to help prevent hacking into my network.

Now to get this enables on the WebDAV piece we add these changes to the original setup.

alias.url = ( "/webdav" => "/var/www/webee" )
$HTTP["scheme"] == "https" {
server.document-root = "/var/www/webee"
webdav.activate = "enable" = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/var/www/web1/passwd.dav"
auth.require = ( "" => ( "method" => "basic",
"realm" => "webdav",
"require" => "valid-user" ) )

This is slighty different to the previous setup as lighty is setup to switch into HTTPS and WebDAV when the user connects to the webdav folder. To connect using a client you’ll need to change the address to https:///.

Now restart lighty

sudo service lighttpd restart

One issue you will run into is that the webserver is running under the www-data account and group and all your files will need to be accessible by this account. You have a couple of options here:

  • Change the running account of lightty to a user with the same group privileges as your other users. A decent option if the server will only be handling WebDAV.
  • Add each of your users’ into the www-data group. Not as nice as the above option and can give users abilities to delete or over write files in other parts of your web server.
  • Use ACL’s to allow additional write privileges for the sets of users in www-data and other groups. Probably tricky to manage the privileges and ensure they are inherited properly.

Being a bit lazy I am trying the last option.

There you have it. very simple really. I’ve run out of room and will have to discuss squirrelmail in a further post. The guys here at Chameeya are very chuffed at this setup. Wow wee!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.