Install WebDAV on CentOS 5.4
参考にしたのはこちら
Webサーバー間通信内容暗号化(Apache+mod_SSL)
そのままの手順ですが、作業メモということで。
webdavフォルダ<->sambaで相互に読み書き可能です。
#文字コード処理は調査中
Apache+mod_SSL
# sed -i 's/365/3650/g' Makefile ← サーバー用証明書有効期限を1年から10年に変更
# make server.crt
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -x509 -days 3650 -out server.crt -set_serial 0
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:JP
State or Province Name (full name) [Berkshire]:県名
Locality Name (eg, city) [Newbury]:市名
Organization Name (eg, company) [My Company Ltd]:ドメイン
Organizational Unit Name (eg, section) :
Common Name (eg, your name or your server's hostname) :cent5.ドメイン
Email Address []:webmaster@localhost
# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
パスワードを削除するのは、Webサーバー起動時にパスワードを要求されないようにするため
# vi /etc/httpd/conf.d/ssl.conf
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/server.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
#DocumentRoot "/var/www/html"
DocumentRoot "/export/www/html"
# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
http:// でアクセス後 https:// に修正してアクセスが出来るかを確認
WebDAV
# vi /etc/fstab
LABEL=/ / ext3 defaults 1 1
↓
LABEL=/ / ext3 defaults,acl 1 1
# mount -o remount /
# adduser -g users -d /export/home/smbprint smbprint
# passwd smbprint
Changing password for user smbprint.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
# chmod 711 /export/home/smbprint
# mkdir /export/home/smbprint/webdav
# chown smbprint. /export/home/smbprint/webdav
# setfacl -m g:apache_group:rwx,g:apache_group:rwx /export/home/smbprint/webdav
# setfacl -m d:g:apache_group:rwx,g:apache_group:rwx /export/home/smbprint/webdav/
# setfacl -m g:users:rwx,g:users:rwx /export/home/smbprint/webdav/
# setfacl -m d:g:users:rwx,g:users:rwx /export/home/smbprint/webdav/
# ls -l /export/home/smbprint/
total 8
drwxrwxr-x+ 2 smbprint users 4096 Aug 3 13:14 webdav
# getfacl /export/home/smbprint/webdav/
getfacl: Removing leading '/' from absolute path names
# file: export/home/smbprint/webdav
# owner: smbprint
# group: users
user::rwx
group::r-x
group:users:rwx
group:apache_group:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:users:rwx
default:group:pache_group:rwx
default:mask::rwx
default:other::r-x
# setfacl -b /export/home/smbprint/webdav/ # ディレクトリのACL設定クリア
# vi /etc/httpd/conf.d/webdav.conf
Alias /webdav /export/home/smbprint/webdav
<Location "/webdav">
DAV On
SSLRequireSSL
# AllowOverride None
Options Indexes
AuthType Basic
AuthName WebDAV
AuthUserFile /etc/httpd/conf/.htpasswd
Require user smbprint
# Order deny,allow
# Deny from all
# Allow from 192.168.1 ← 内部(例:192.168.1.XXX)からのアクセスを許可
</Location>
/etc/httpd/conf/.htpasswdがない場合
# htpasswd -c /etc/httpd/conf/.htpasswd smbprint
New password:
Re-type new password:
Adding password for user smbprint
既に/etc/httpd/conf/.htpasswdがある場合
# htpasswd /etc/httpd/conf/.htpasswd smbprint
New password:
Re-type new password:
Updating password for user smbprint
注意:User,Groupを変更している場合は /var/lib/dav/ のowner.groupを
変更すること。
/var/log/httpd/ssl_error_log を参照
sambaのアカウントの追加
# pdbedit -a smbprint
new password:
retype new password:
Unix username: smbprint
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1735381148-2528900510-1358264319-1000
Primary Group SID: S-1-5-21-1735381148-2528900510-1358264319-513
Full Name:
Home Directory: \\cent\smbprint
HomeDir Drive:
Logon Script:
Profile Path: \\cent\smbprint\profile
Domain: CENT
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 日, 21 3月 2010 11:27:27 JST
Password can change: 日, 21 3月 2010 11:27:27 JST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
