Topic: WebDAV HowTo? and securing phpMyadmin

[chris_da_man]

Hi,

I have two questions concerning the SME and his contribs.

I searched and tried the whole day to set up a WebDAV directory on my SME. But the HowTo everyone links to seems to be gone.
Now I installed Subversion, but this is not 100% what i want, because I only can fill in content with an svn-client. I can connect to the directory the way i would connect a WebDAV directory (with Windows and link it as a internet folder), but only readable.

Is there an easy way to set up a WebDAV directory? Or can anyone repeat this lost HowTo?

And my second question is if I can secure the phpMyadmin console like the sme server-manager that I have only access to it from the local network. At the moment you can access it from the internet with https://adress/phpmyadmin, of course there comes a login-prompt, but when i try to reach the server-manager, it won't even let me to a login prompt.
Is the same behavior anyhow possible with the phpmyadmin console?

Thanks a lot for your answers!!!!!!

Oh, I'm using SME 7.1

[cactus]

I searched and tried the whole day to set up a WebDAV directory on my SME. But the HowTo everyone links to seems to be gone.
Now I installed Subversion, but this is not 100% what i want, because I only can fill in content with an svn-client. I can connect to the directory the way i would connect a WebDAV directory (with Windows and link it as a internet folder), but only readable.

Is there an easy way to set up a WebDAV directory? Or can anyone repeat this lost HowTo?

I believe soon the old wiki will be available as static HTML, otherwise maybe Google cache might hold something...

And my second question is if I can secure the phpMyadmin console like the sme server-manager that I have only access to it from the local network. At the moment you can access it from the internet with https://adress/phpmyadmin, of course there comes a login-prompt, but when i try to reach the server-manager, it won't even let me to a login prompt.
Is the same behavior anyhow possible with the phpmyadmin console?

Yes you can you will have to modify the template to autmoatically have it add the AllowFrom settings which the server can determine itself. Examples of this should be in the template section og the httpd.conf template.

Oh, I'm using SME 7.1

Consider upgrading as SME 7.1 had some bugs, which are fixed in SME 7.2. Read the upgrade instructions in the wiki first if you decide to do so.

[chris_da_man]

Cool, thanks!!!

The phpmyadmin-task is solved!!!!

Seems for WebDAV like I will have to wait until the old wiki becomes available, the google cache doesn't hold the page....

Thanks for helping!!!

[raem]

chris_da_man

Try the waybackmachine
http://www.archive.org/web/web.php

[cactus]

Try the waybackmachine

That won't work as the contribs.org site are not indexed by the Wayback machine, I already tried that...

[chris_da_man]

Yep, it doesn't
But thanks for your answers!!!

[StephenHodgman]

chris_da_man,

I have done this (setup WebDAV) successfully and have some internal documentation. 
So far it has not made it to the contribs.  Not enough hours in the day. I plan to get it there in a bit.
Meanwhile I have put it on one of our servers.  I hope it is useful. 
It allows any ibay to become a webDAV folder using HTTPS and user validation
http://correa.namsys.com.au/misc/files/sme/doco/WebDavWithHTTPS.pdf

If you have any feedback I would be interested.

[chris_da_man]

GREAT!!!!

Thanks a lot!

I'm looking forward to testing it! I will be able to do this at Wednesday or Thursday.

I'm gonna let you know if I can make it work on my server!

[raem]

StephenHodgman

http://correa.namsys.com.au/misc/files/sme/doco/WebDavWithHTTPS.pdf

Your HOWTO refers to mod_dav
see http://wiki.contribs.org/DAV
installed using
yum install smeserver-mod_dav --enablerepo=smedev

[StephenHodgman]

Ray,
Regarding the mod_dav, I understand.  When I wrote this pdf I was not aware of the specific contrib.
I will update it when I post it down the track.

[chris_da_man]

Reading your contribution Ray, I'm wondering what the '--enablerepo=smedev' does...

I installed the mod_dav contrib, for the svn-contrib needs this module, but without --enablerepo=smedev.

Do I have to install it again for using WebDAV?

[cactus]

Reading your contribution Ray, I'm wondering what the '--enablerepo=smedev' does...

It temporarily, for the course of this execution only, enables the smedev repository.

I installed the mod_dav contrib, for the svn-contrib needs this module, but without --enablerepo=smedev.

You probably configured this repository to be enbaled by default, which is not advised to do so.

Do I have to install it again for using WebDAV?

I do not see why, as long as you have mod_dav installed and enabled.

[StephenHodgman]

Chris,
Dav is a module that loads in the apache web server.  If it is there for svn then is is there for anything else as well.
The instructions I have allow it to be turned on and off with a config property for an iBay.

[chris_da_man]

Ahhhhhhh, now I understand

My mistake, I did a local-install...

But thanks for your answers!!!!

[chris_da_man]

K, today I tried to get WebDAV working according to your HowTo.
Seems like I can't make it. But I think it's because I have the SVN-contrib installed. At the moment i don't want to remove that, because I'm working with it
If I do erverything right according to your HowTo I don't have access to my server via browser at all. So I un-did all the steps an got it working again.
Then I only added the 75BrowserMatchMod_Dav and 95AddModDav2ibays with the same outcome that I couldn't access the server via browser.
Well, as I said, I think it's because I have SVN installed.

But thanks a lot!!!
When I've got some more time, I will try to make it work with an installed svn as well. (But as I'm a noob, this could take a little time )

[cactus]

K, today I tried to get WebDAV working according to your HowTo.
Seems like I can't make it. But I think it's because I have the SVN-contrib installed. At the moment i don't want to remove that, because I'm working with it
If I do erverything right according to your HowTo I don't have access to my server via browser at all. So I un-did all the steps an got it working again.
Then I only added the 75BrowserMatchMod_Dav and 95AddModDav2ibays with the same outcome that I couldn't access the server via browser.
Well, as I said, I think it's because I have SVN installed.

But thanks a lot!!!
When I've got some more time, I will try to make it work with an installed svn as well. (But as I'm a noob, this could take a little time )

I (the developer of the smeserver-subversion and the smeserver-subversion) have a hard time believing that the subversion and the mod_dav plugin are hampering you to implement Web DAV. Did you check your log files for errors and hints on what goes wrong?

Are there messages in the /var/log/messages indicating that the webserver is restarted succesfully after you have made your modifications? If so are there log messages in the /var/log/httpd/error_log or /var/log/httpd/access_log at the time you tried to access your configured Web DAV locations?

Keep in mind that the smeserver-mod_dav was written to only load mod_dav into Apache in a controlled and orderly fashion as this is a requirement for subversion to work with Apache, no further Web DAV functionality is implemented as I do not need it at the moment.

[chris_da_man]

Hi, thanks for your reply, and congratulations on your work on the svn-contrib, even I got it working in 5 minutes!!!!!!!

I didn't want to imply, that your contrib does something bad or even wrong, I'm completely aware that it's me who makes the mistakes in configuring the WebDav functionality.
I only thought that maybe the templates for the Webdav functionality override anything that SVN already configured and so it comes to an error. This is just a guess from a linux-noob, so don't pay too much attention;-)
This is the log from /var/log/httpd/error_log

-error_log-
[Thu Aug 23 16:59:32 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:32 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:32 2007] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Aug 23 16:59:32 2007] [crit] (17)File exists: unable to create scoreboard "/var/run/httpd.scoreboard" (name-based shared memory failure)
[Thu Aug 23 16:59:34 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:34 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:34 2007] [notice] Digest: generating secret for digest authentication ...
[Thu Aug 23 16:59:34 2007] [notice] Digest: done
[Thu Aug 23 16:59:35 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:35 2007] [warn] RSA server certificate CommonName (CN) `svr.wenig.zz' does NOT match server name!?
[Thu Aug 23 16:59:35 2007] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Aug 23 16:59:35 2007] [notice] Apache configured -- resuming normal operations

The access_log doesn't hold anything.

The same -unreachable via browser error- happened to me as i made a mistake configuring the secure phpmyadmin-console, so it's also very likely that I've made a mistake creating the WebDav-template-files (but i did only c&p).

Sorry if I annoyed you by my post, it wasn't meant to...

Thanks for your help

[cactus]

Hi, thanks for your reply, and congratulations on your work on the svn-contrib, even I got it working in 5 minutes!!!!!!!

You're welcome!

I didn't want to imply, that your contrib does something bad or even wrong, I'm completely aware that it's me who makes the mistakes in configuring the WebDav functionality.

Don't bother I am not offended.

This is the log from /var/log/httpd/error_log

[Thu Aug 23 16:59:32 2007] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
[Thu Aug 23 16:59:32 2007] [crit] (17)File exists: unable to create scoreboard "/var/run/httpd.scoreboard" (name-based shared memory failure)

This seems like an unclear shutdown of the httpd daemon. Did you use the correct command to restart the httpd daemon:

Code: [Select]

service httpd-e-smith restart

[Thu Aug 23 16:59:32 2007] [warn] pid file /var/run/httpd.pid overwritten -- Unclean shutdown of previous Apache run?
The access_log doesn't hold anything.

That would be correct as it seems that your webserver is not running, because of the unclear shutdown.

There once was posted a script for this but I am unable to find it in the bugtracker or on the forums, but my guess is that issuing this on the command line should also fix it

Code: [Select]

signal-event reboot

[chris_da_man]

You're right, my apache isn't running after the reconfig...
But even a reboot can't make it running.
I always need to remove my custom-templates and then apache starts.
I check the files again. There must be a mistake in one of them.

Thanks

[cactus]

You're right, my apache isn't running after the reconfig...
But even a reboot can't make it running.
I always need to remove my custom-templates and then apache starts.
I check the files again. There must be a mistake in one of them.

Thanks

Check the /var/log/messages file, it will probably say a bit more about the reason apache won't start.

[chris_da_man]

Hmmm.....
No there is no hint, apache wouldn't start. The file says, it starts.
But it doesn't react on requests. And doesn't write them down into the access-log.

Strange;-)

[cactus]

Hmmm.....
No there is no hint, apache wouldn't start. The file says, it starts.
But it doesn't react on requests. And doesn't write them down into the access-log.

Strange;-)

That is strange, please post your configuration templates, maybe I and others can helptrying to find the source of the error.

[chris_da_man]

I configured all as it is shown in the HowTo by Stephen:

http://correa.namsys.com.au/misc/files/sme/doco/WebDavWithHTTPS.pdf

Here my files:

Code: [Select]

-20LoadModule80mod_dav-

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so

Code: [Select]

-35DavLock-

DAVLockDB /var/run/davLocks/DAVLock

Code: [Select]

-75BrowserMatchMod_Dav-

#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully

Code: [Select]

-95AddModDav2ibays-

{
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
$OUT = "";
foreach my $ibay ($adb->ibays)
{
my %properties = $ibay->props;
my $key = $ibay->key;
if ($properties{'ModDav'})
{
if ($properties{'ModDav'} eq 'enabled')
{
$OUT .= "\n<Directory /home/e-smith/files/ibays/$key/html>\n";
$OUT .= " # Turn DAV on for this directory tree\n";
$OUT .= " DAV On\n";
$OUT .= " AllowOverride None\n";
$OUT .= " Options +Indexes \n";
$OUT .= " # Allow fancy indexing by columns and download by clicking icon\n";
$OUT .= " IndexOptions FancyIndexing IconsAreLinks\n";
if ($properties{'Group'})
{
$OUT .= " AuthType Basic\n";
$OUT .= " AuthExternal pwauth\n";
# Save grouname and find it in the group list
$iBayGroup = $properties{'Group'};
foreach my $group ($adb->groups)
{
my %groupprops = $group->props;
my $grpkey = $group->key;
if ($grpkey eq $iBayGroup)
{
# we have the group that owns the DAV iBay
# If there are members of the group validate on them,
# otherwise on the ibayname
if ($groupprops{'Members'})
{
# need to break user list on commas then output each one...
my @values = split(',',$groupprops{'Members'});
$OUT .= " # Replace ibay name with any valid group member to validate\n";
$OUT .= " Require user ";
foreach my $val (@values) {
$OUT .= $val . " ";
}
$OUT .= "\n";
}
else
{
# No group members so use ibay name for validation
$OUT .= " # use ibay name to validate\n";
$OUT .= " Require user " . $key . "\n";
}
}
}
}
# Ensure only valid users get to do stuff...
$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
MOVE LOCK UNLOCK>\n";
$OUT .= " allow from all\n";
$OUT .= " Require valid-user\n";
$OUT .= " </Limit>\n";
$OUT .= "</Directory>\n";
}
}
}
}
And in order to secure the phpMyAdmin-console:

Code: [Select]

-86PhpmyadminAlias-

# phpMyAdmin
Alias /phpmyadmin /opt/phpmyadmin
<Directory /opt/phpmyadmin>
{
use esmith::util;
my $release = esmith::util::determineRelease();
if ("$release" ge "7.0")
        {
        $OUT .= "    SSLRequireSSL";
        }
        else
        {
        $OUT .= "    RequireSSL on";
        }
}
    Options -Indexes
    AllowOverride None
    order deny,allow
    deny from all
    allow from { $localAccess; }
    AuthName "phpMyAdmin"
    AuthType Basic
    AuthExternal pwauth
    require user admin
    Satisfy all
    AddType application/x-httpd-php .php .php3
    php_flag  magic_quotes_gpc  on
    php_flag  track_vars        on
</Directory>
This is all I have.

This would be just great if you could take a quick look and see whats wrong.

Thanks a lot guys!!!!

[cactus]

This would be just great if you could take a quick look and see whats wrong.

Thanks a lot guys!!!!

I have loaded everything on a plain SME 7.2, without any other contribs and installed smeserver-subversion from smedev and then added the code fragments you copied in the forums to /etc/e-smith/templates-user/etc/httpd/conf/httpd.conf/ folder.
Regenerated the configuration file for httpd and restarted it:

Code: [Select]

expand-template /etc/httpd/conf/httpd.conf
service httpd-e-smith restartThe strange thing is that I can not reproduce your problem and the webserver starts properly and runs OK, after that. Just to verify, please answer these questions to see if I overlooked something:
What is your server version?
Do you have smeserver-subversion installed at the moment?
Do you have smeserver-mod_dav installed at the moment?
In which directory did you put your custom template fragments?
What is the output of

Code: [Select]

config show modDAV?
What is the output of

Code: [Select]

config show modDAVSVN?

[Jáder]

I think problem is on this line:

Code: [Select]

$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
MOVE LOCK UNLOCK>\n";
It should be just one line! Remove CR and it wil became:

Code: [Select]

$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\n";
So you´re be working. I had the same error when try to install!

BTW: Now it´s working... so how I can access those ibays ? http://server/ibay ??
(I´m a little LOST about webdav and his features!)

[cactus]

I think problem is on this line:

Code: [Select]

$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY
MOVE LOCK UNLOCK>\n";
It should be just one line! Remove CR and it wil became:

Code: [Select]

$OUT .= " <Limit GET PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>\n";

Aargh, that was stupid I should have seen that and tested with an ibay as well. Thanks for pointing this out Jader.
So you´re be working. I had the same error when try to install!

BTW: Now it´s working... so how I can access those ibays ? http://server/ibay ??
(I´m a little LOST about webdav and his features!)

If drag-and-drop does not work you perhaps need a WebDAV client, but as already stated I do not have any experience with the use of WebDAV other than using it to enable my subversion contrib to work:-)

[chris_da_man]

Woooooowwww,

you're great!!!! Thanks!!!! 

Now I got it working, what a wonderful feeling 

You got to stick completely to the HowTo to set up the iBay.

Then you can access it maybe from Windows XP or Vista.
I don't know the specific terms of an english XP since I use it in german.

I copied this one from mmccarn:

Windows XP:
  - "My Network Places"
  - select "Add a network place"
  - "Next"
  - "Choose another network location"
  - "http://server/data"

This worked fine for me!!!!

Thanks to erveryone who helped me in this thread!!!!
And of course special thanks to StephenHodgman, cactus and last but not least jader!!!!!

[cactus]

Thanks to erveryone who helped me in this thread!!!!
And of course special thanks to StephenHodgman, cactus and last but not least jader!!!!!

You're welcome, I learned a little bit as well! Enjoy the ride!

[Jáder]

You're welcome, I learned a little bit as well! Enjoy the ride!

So do I. And again... you´re welcome!

Jáder

[StephenHodgman]

You blokes are too fast for me. 
I only just caught up with the message traffic now.
Glad it is all working for you.
Have fun,

[CharlieBrady]

Meanwhile I have put it on one of our servers.  I hope it is useful. 
It allows any ibay to become a webDAV folder using HTTPS and user validation
http://correa.namsys.com.au/misc/files/sme/doco/WebDavWithHTTPS.pdf

Please make the howto available in HTML or plaintext format. Cut & paste from a PDF is rather difficult.

Perhaps you could add the HOWTO to the wiki.

Thanks.

[mmccarn]

I have combined:
* the PDF posted by StephenHodgman
* the other comments in this thread
* some other info

 into http://wiki.contribs.org/DAV_Enabled_Ibays.

And created a request to add this capability to the base: http://bugs.contribs.org/show_bug.cgi?id=3470