Merge pull request #1 from vaggeliskls/feat/prepare-repo

Feat/prepare repo

Author: vaggeliskls

.env

@@ -0,0 +1,22 @@
+# LDAP Configuration
+LDAP_ENABLED=false
+LDAP_URL=ldaps://ldap.example.com
+LDAP_ATTRIBUTE=uid
+LDAP_BASE_DN=ou=users,dc=example,dc=com
+LDAP_BIND_DN=uid=searchuser,ou=users,dc=example,dc=com
+LDAP_BIND_PASSWORD=securepassword
+
+# OAUTH Configuration
+OAUTH_ENABLED=false
+OAUTH_CLIENT_ID=1234567890-abcdefghijklm.apps.googleusercontent.com
+OAUTH_CLIENT_SECRET=ABC123def456GHI789jkl0mnopqrs
+OAUTH_SCOPE="openid email profile"
+OAUTH_REDIRECT_URI=http://localhost
+OAUTH_METADATA_URL="https://accounts.google.com/.well-known/openid-configuration"
+OAUTH_CRYPTO_PASSPHRASE=mysecurepassphrase
+OAUTH_FORWARDED_HEADER=X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
+
+# Basic Digest Authentication with users space separated
+BASIC_AUTH_ENABLED=false
+BASIC_AUTH_REALM=Webdev
+BASIC_USERS=alice:alice bob:bob

.github/pull_request_template.md

@@ -0,0 +1,3 @@
+# Current Behaviour
+
+# Expected Behaviour

.github/workflows/ci.yml

@@ -0,0 +1,53 @@
+name: Create WebDav Docker Image
+
+on:
+  release:
+    types: [published]
+
+env:
+  REGISTRY: ghcr.io
+  TAG_NAME: ${{ github.ref_name }}
+
+jobs:
+  webdav:
+    name: WebDav Server
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout current repository
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ env.REGISTRY }}/${{ github.repository }}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+
+      - name: Login to Github packages
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: 📦 Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64

.gitignore

@@ -0,0 +1,2 @@
+webdav-data
+test

Dockerfile

@@ -0,0 +1,52 @@
+FROM httpd:2.4
+
+# Metadata labels
+LABEL maintainer="vaggeliskls <https://github.com/vaggeliskls>"
+LABEL description="A WebDAV server running on Apache httpd, configured for non-root execution."
+LABEL build_date="$(date -u +'%Y-%m-%dT%H:%M:%SZ')"
+LABEL license="MIT"
+
+# Install gettext for envsubst
+RUN apt-get update && apt-get install -y gettext-base libapache2-mod-auth-openidc
+
+# Create a non-root user and group
+RUN groupadd -r webuser && useradd -r -g webuser webuser
+
+# Create necessary directories and adjust ownership
+RUN mkdir -p "/var/www/html" && \
+    mkdir -p "/var/lib/dav/data" && \
+    touch "/var/lib/dav/DavLock" && \
+    chown -R webuser:webuser "/var/www/html" "/var/lib/dav" "/usr/local/apache2"
+
+# Uncomment necessary LoadModule lines in httpd.conf
+RUN for i in \
+    authn_core authn_file authz_core authz_user auth_digest \
+    ldap authnz_ldap ssl auth_basic \
+    alias headers mime setenvif \
+    dav dav_fs; \
+    do \
+    sed -i -e "/^#LoadModule ${i}_module.*/s/^#//" /usr/local/apache2/conf/httpd.conf; \
+    done
+
+# Enable Icons    
+RUN sed -i '/httpd-autoindex.conf/s/^#//' conf/httpd.conf;
+
+# Copy the new configuration files into the container
+COPY ./webdav.conf /usr/local/apache2/conf/webdav.conf.template
+COPY ./virtualhost.conf /usr/local/apache2/conf/virtualhost.conf.template
+
+# Change ports in the Apache configuration to higher ports
+RUN sed -i 's/Listen 80/Listen 8080/' /usr/local/apache2/conf/httpd.conf && \
+    sed -i 's/Listen 443/Listen 8443/' /usr/local/apache2/conf/httpd.conf
+
+# Copy the entrypoint script into the container
+COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+# Make the entrypoint script executable
+RUN chmod +x /usr/local/bin/docker-entrypoint.sh
+
+# Expose the new higher ports
+EXPOSE 8080/tcp 8443/tcp
+# Switch to the non-root user
+USER webuser
+ENTRYPOINT [ "docker-entrypoint.sh" ]
+CMD [ "httpd-foreground" ]

README.md

@@ -1 +1,76 @@
-# webdav-server
+# 🌐 Simple & Powerful WebDAV Server
+
+The **WebDAV Server** is a lightweight, customizable solution built with Docker, designed for secure file sharing and remote access. It offers flexible configuration options and supports multiple authentication methods, including basic authentication, LDAP, and OAuth. With minimal setup, this server is ideal for both personal and enterprise use cases where easy deployment and secure access are key.
+
+
+> [!NOTE]
+> The pre-built Docker image is available at:  **`ghcr.io/vaggeliskls/webdav-server:latest`**
+
+## 📦 Prerequisites
+
+Before getting started, make sure you have the following:
+
+- **Docker** version **20.0** or higher
+- Basic knowledge of Docker and WebDAV
+
+## 🚀 Key Features
+
+- **Effortless Deployment**: Set up a fully operational WebDAV server quickly using Docker.
+- **Flexible Authentication**:
+  - Basic Authentication 🛡️
+  - LDAP Authentication 🛡️
+  - OAuth Authentication 🛡️
+- **Proxy-Ready**: Easily integrate with reverse proxies to add more authentication layers.
+- **Authentication is Optional**: The server runs without authentication by default, allowing flexibility for your setup.
+
+## 🔧 Authentication Setup
+
+You can enable various authentication mechanisms using environment variables in a `.env` file. Here’s how to configure each one:
+
+### 🔐 Basic Authentication
+
+To enable basic authentication with username and password protection:
+
+```bash
+BASIC_AUTH_ENABLED=true
+BASIC_AUTH_REALM=WebDAV
+BASIC_USERS=alice:alice123 bob:bob123
+```
+
+### 🔐 OAuth Authentication
+OAuth authentication (example with Google OAuth) configuration:
+```
+OAUTH_ENABLED=true
+OAUTH_CLIENT_ID=1234567890-abcdefghijklm.apps.googleusercontent.com
+OAUTH_CLIENT_SECRET=ABC123def456GHI789jkl0mnopqrs
+OAUTH_SCOPE="openid email profile"
+OAUTH_REDIRECT_URI=http://localhost
+OAUTH_METADATA_URL="https://accounts.google.com/.well-known/openid-configuration"
+OAUTH_CRYPTO_PASSPHRASE=mysecurepassphrase
+OAUTH_FORWARDED_HEADER=X-Forwarded-Host,X-Forwarded-Port,X-Forwarded-Proto
+```
+
+### 🔐 LDAP Authentication
+LDAP integration for centralized user management:
+```
+LDAP_ENABLED=true
+LDAP_URL=ldaps://ldap.example.com
+LDAP_ATTRIBUTE=uid
+LDAP_BASE_DN=ou=users,dc=example,dc=com
+LDAP_BIND_DN=uid=admin,ou=users,dc=example,dc=com
+LDAP_BIND_PASSWORD=securepassword
+```
+
+## 📖 Usage Guide
+
+1. Clone Repository
+
+2. Start the WebDAV Server: `docker compose up --build`
+
+3. Open http://localhost or your server's IP in a browser or WebDAV client to start using the service.
+
+
+## 📚 References
+
+- [Docker Apache WebDAV](https://github.com/mgutt/docker-apachewebdav)
+- [What is WebDAV?](https://www.jscape.com/blog/what-is-webdav)

docker-compose.yml

@@ -0,0 +1,47 @@
+version: "3.8"
+
+services:
+  webdav:
+    image: ghcr.io/vaggeliskls/webdav-server:latest
+    build:
+      context: .
+      dockerfile: Dockerfile
+    platform: linux/amd64
+    volumes:
+      - ./webdav-data:/var/lib/dav/data
+    networks:
+      - webdav-network
+    env_file:
+      - .env
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.webdav.service=webdav"
+      # Register Middleware ====================================================
+      - "traefik.http.routers.webdav.middlewares=compresstraefik"
+      # =================================================================================
+      - "traefik.http.middlewares.compresstraefik.compress=true"
+      - "traefik.http.services.webdav.loadbalancer.server.port=8080"
+      - "traefik.http.services.webdav.loadbalancer.passhostheader=true"
+      ## Use PathPrefix rule to catch all requests
+      - "traefik.http.routers.webdav.rule=PathPrefix(`/`)"
+      - "traefik.http.routers.webdav.entrypoints=web,websecure"
+
+  webdav-proxy:
+    image: traefik:v3.1
+    platform: linux/amd64
+    command:
+      - "--providers.docker=true"
+      - "--providers.docker.exposedbydefault=false"
+      - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - webdav-network
+
+networks:
+  webdav-network:
+    driver: bridge

docker-entrypoint.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+set -e
+
+# Function to uncomment a block in a file based on a dynamic block name
+uncomment_block() {
+    local block_name="$1"
+    sed -i "/# ${block_name}_START/,/# ${block_name}_END/ s/^# //" "/usr/local/apache2/conf/webdav.conf"
+}
+
+# Function to comment a block in a file based on a dynamic block name
+comment_block() {
+    local block_name="$1"
+    sed -i "/# ${block_name}_START/,/# ${block_name}_END/ s/^[^#]/# &/" "/usr/local/apache2/conf/webdav.conf"
+}
+
+envsubst < /usr/local/apache2/conf/webdav.conf.template > /usr/local/apache2/conf/webdav.conf
+envsubst < /usr/local/apache2/conf/virtualhost.conf.template > /usr/local/apache2/conf/virtualhost.conf
+
+comment_block "OAUTH_BLOCK"
+comment_block "LDAP_BLOCK"
+comment_block "BASIC_BLOCK"
+comment_block "PUBLIC_BLOCK"
+
+if [ "$LDAP_ENABLED" = "true" ]; then 
+    echo "--> LDAP is enabled"; 
+    uncomment_block "LDAP_BLOCK"
+elif [ "$OAUTH_ENABLED" = "true" ]; then
+    echo "--> OAUTH is enabled"; 
+    uncomment_block "OAUTH_BLOCK"
+elif [ "$BASIC_AUTH_ENABLED" = "true" ]; then
+    echo "--> Basic Auth is enabled"; 
+    uncomment_block "BASIC_BLOCK"
+    # Prepare the password file
+    touch "/var/lib/dav/user.passwd"
+    echo "$BASIC_USERS" | tr ' ' '\n' | while IFS=':' read -r USERNAME PASSWORD; do
+        # Output the username and password
+        echo "Username: $USERNAME, Password: $PASSWORD"
+        HASH="`printf '%s' "$USERNAME:$BASIC_AUTH_REALM:$PASSWORD" | md5sum | awk '{print $1}'`"
+        printf '%s\n' "$USERNAME:$BASIC_AUTH_REALM:$HASH" >> /var/lib/dav/user.passwd
+    done
+else
+    echo "--> No Authentication is enabled"; 
+    uncomment_block "PUBLIC_BLOCK"
+fi
+
+# mkdir -p /test
+# cp /usr/local/apache2/conf/webdav.conf /test/webdav.conf
+
+echo "Include conf/webdav.conf" >> /usr/local/apache2/conf/httpd.conf
+echo "Include conf/virtualhost.conf" >> /usr/local/apache2/conf/httpd.conf
+rm -rf /usr/local/apache2/conf/*.template
+
+exec "$@"

virtualhost.conf

@@ -0,0 +1,12 @@
+<VirtualHost *:80>
+  ServerName localhost
+  DocumentRoot "/var/www/html/"
+  <Directory "/var/www/html/">
+    Require all denied
+  </Directory>
+  CustomLog /proc/self/fd/1 combined
+  ErrorLog /proc/self/fd/2
+  # This lets certain DAV methods work behind an SSL reverse proxy.
+  RequestHeader edit Destination ^https http early
+  
+</VirtualHost>