ISP-In-A-Box: Remotely Managing Mac Web Sites Using WebDAV

Got DAV?If you’re using a Mac mini or any other Mac running OS X Tiger or Panther to host your web site, then you’ve probably wondered how you can update the content on your web site without sitting in front of your Mac. Today we’ll show you how to build and use your Mac’s WebDAV server to remotely manage your web site from just about anywhere. And you can use just about any computer to do it, even one of those Win thingies. All we need to do is tweak the Apache software that’s already installed with Mac OS X Tiger or Panther. When we are finished, we want a web site on your Mac that can be accessed by anyone using a garden-variety web browser without requiring a password. But we also want to be able to update the content of that web site by connecting over the Internet to the appropriate folder on the Mac using WebDAV with a username and password to keep the bad guys out. If you haven’t already read our previous article on how to use WebDAV clients and Web Folders, then start there to learn all about how to connect to a WebDAV server from another Mac, or a Windows PC, or even a Linux or UNIX computer.

As you probably know, WebDAV stands for Web-based Distributed Authoring and Versioning. Simply put, it is an HTTP protocol extension that allows people anywhere on the Internet to collaboratively edit and manage documents and other files using the same protocol and port used for surfing the web. In the Mac world, WebDAV provides a Disk Volume on your Desktop that “looks and feels” like any other networked hard disk. In the Windows world, WebDAV is called Web Folders. They can be used like any other mapped drive in Network Neighborhood. If you’re still a little fuzzy about the WebDAV concept, think of how you link to another drive on your local area network. WebDAV gives you the same functionality across the entire Internet with virtually the same ease of use. Depending upon user privileges, of course, you can copy files to and from a WebDAV volume, and the protocol imposes versioning control through file locking to assure that multiple people with access rights don’t change the same file at the same time. Tiger and Panther versions of Mac OS X provide both a WebDAV client and server. So let’s get started.

In a nutshell, the WebDAV server setup goes like this. We’ll assume that your main web site was built in the default location on your Mac: /Library/WebServer/Documents. First, we’ll change the group owner of this folder so that we can get read and write access to it using WebDAV. Then we’ll set up a username and password system to support WebDAV access for you and whoever else you provide usernames and passwords to. Next we’ll activate the WebDAV mods in Apache which already are installed on your Mac. We’ll then reconfigure Apache a bit to support WebDAV access and formatting. And finally we’ll restart your web server and presto, WebDAV.

You don’t need to be a Rocket Scientist to do this, but you do have to get your hands dirty with our favorite command-line editor, Pico. For those that care about such things, Tiger actually replaces Pico with Nano, but you still can access it by typing Pico … and it works the same way. If you’ve followed other Nerd Vittles tutorials, then this one will be a breeze. Just be sure you edit carefully and, if something does go wrong, copy your backup Apache config file back over the edited one and try again. Apache errors don’t get reported in System Preferences->Sharing when you activate your personal web server. If you have problems and want to see what’s going on, activate and then run WebMin (which we previously covered on Nerd Vittles and upgraded here a few weeks ago for Tiger). Using your browser, access WebMin and choose Servers->Apache Webserver. Then start and stop the web server from there. Errors will be reported with the line number in the config file that’s causing the problem. Ctrl-C in Pico will tell you what line number you’re on in the config file. If this sounds like I’ve had recent experience, you’d be correct. That’s part of the price you pay for being a pioneer.

Changing Group Owner of Your Web Site. Open a Terminal window, and switch to root access: sudo su. Then navigate to the following folder: cd /Library/WebServer. Change the Documents folder to the Apache group: chgrp -R www Documents. Provide write access to authorized users who connect to this WebDAV folder: chmod 775 Documents.

Security Warning: Be aware that we are opening a security hole in your web site by giving Apache write (and delete) access to your main web folder and any subdirectories. We’ve had two levels of protection for your web site: Mac OS X and Apache. Now we just have one: Apache. So you would not want to put up any type of web page, CGI script, or PHP code which allows someone using a web browser to manipulate, delete, rename, or copy files into or on your web site because of the very real risk of compromising your web site files. In short, the only things now standing between your web site and the bad guys are your web pages and Apache’s internal security mechanisms. While Apache has a rock-solid track record insofar as bugs and security are concerned, there’s still always a risk. And we wanted you know about it up front. Did we mention the importance of frequent backups? Here’s an article that will tell you how to do that as well. If you ever decide you want to stop using WebDAV, here’s how to provide the double-layer of security protection once again. Open a Terminal window, and switch to root access: sudo su. Then navigate to the following folder: cd /Library/WebServer. Change the Documents folder back to the admin group: chgrp -R admin Documents. Even with the admin group enabled for Documents, you still can access your web sites with WebDAV. You just won’t be able to upload new documents or delete existing ones.

Building a Password File. We already built a password file in the Web Sites 101 tutorial on Nerd Vittles. We used that password file to manage web site access to various web directories. You probably don’t want to use the same password file for this WebDAV application unless you are building this for same set of users with the same privileges. The only trick to password files is you want to put the file where Apache can read it but your web visitors cannot. And you want to be careful not to insert blank lines in the file with just a colon. That basically lets everyone in. The format for the file is username:password, each on a separate line. And the passwords are encrypted. Here’s how to do it. Open a Terminal window and switch to root access: sudo su. Now move to the directory where we’ll put the password file: cd /usr/local. We’re going to name this password file website.pw so we can remember what it’s for. To create the file and erase any existing file without warning type: htpasswd -c website.pw admin. Think up a password you can remember, and you’ll be prompted to type it twice. Now let’s verify that the file was created: cat website.pw. You should see the word admin, then a colon, and then your encrypted password. To add additional users to the file, just type: htpasswd -m website.pw username where username is your next user. You’ll be prompted for the password. Remember, if you accidentally use the htpasswd -c syntax a second time, you will overwrite your existing file and all of its entries. So be careful. Finally, remember to make duplicate entries using email syntax for the username to assure that Windows clients can access your DAV resources: htpasswd -m website.pw joe@schmo.com.

Reconfiguring Apache to Support WebDAV. Open a Terminal window, and switch to root access: sudo su. Then navigate to the folder with Apache’s configuration file: cd /etc/httpd. First, let’s make a backup copy of the config file in case something goes wrong: cp httpd.conf httpd.conf.dav.save. Now let’s carefully edit the config file: pico httpd.conf. If you previously built the WebDAV server backup application which we covered on Tiger Vittles, then skip to the next paragraph. Otherwise, uncomment the headers_module line by searching for headers (Ctrl-W, headers, enter) and then pressing Ctrl-D while positioned over the # sign at the beginning of the line. Now search for mod_headers (Ctrl-W, mod_headers, enter) and uncomment that line (Ctrl-D while positioned over beginning # sign). Now search for dav_module (Ctrl-W, dav_module, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now search for mod_dav (Ctrl-W, mod_dav, enter) and uncomment the line (Ctrl-D while positioned over beginning # sign). Now press Ctrl-V repeatedly until you get to the bottom of the file. Switch to your web browser and download WebDAV snippet #1. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Now switch back to Pico, click at the bottom of the config file, and paste code snippet #1 into the config file by pressing Command-V. Use the cursor keys to move to the BrowserMatch section of the code we just pasted and be sure “redirect-carefully” didn’t end up on a line by itself. If it did, position the cursor over the first letter “r” and press the backspace key to move it back up to the end of the previous line of code. Don’t worry if a dollar sign displays at the end of the line after you move it. This just indicates that additional text is off the screen.

We’ve got one more code snippet to cut and paste, and we’ll be all set. We want to search for the second occurrence of /Directory in the Apache config file: Ctrl-W,/Directory,enter,Ctrl-W,enter. Move the cursor to the beginning of the line and press Enter to open up a blank line. Now move up to the blank line by pressing the Up Arrow. Switch to your web browser and download WebDAV snippet #2. When the code snippet displays in your web browser, press Command-A then Command-C to copy all of the code to your clipboard. Now switch back to Pico, click on the blank line we inserted, and paste code snippet #2 into the config file by pressing Command-V.

That should do it. Save your Apache config file: Ctrl-X, Y, enter. And restart Apache by deselecting and then reselecting Personal Web Sharing from System Preferences->Sharing. Close the Terminal window by typing exit, pressing enter, and then pressing Command-Q.

Testing Your WebDAV Server. To test whether WebDAV is working, switch to your Desktop and, using Finder, press Command-K. When prompted for the server address, type http://localhost and then click the Connect button. Enter your username and password that you created in the website.pw password file, and your main web site folder should appear on your Desktop. Drag a file from your Desktop to the folder to be sure everything is working as it should. If you’ve enabled web access through your Mac and router firewalls (which we have previously covered here), then you should be able to access your WebDAV server from the Internet with your IP address or domain name. Just press Command-K from Finder and use the following syntax for your WebDAV resource: http://mydomain.com. For more details on using WebDAV clients or to use a Windows machine to access your WebDAV share, read our previous article on the subject here. Now you can enjoy remotely managing your web sites with WebDAV. So put on your travelling shoes!


Some Recent Nerd Vittles Articles of Interest…

Be Sociable, Share!

9 Responses to “ISP-In-A-Box: Remotely Managing Mac Web Sites Using WebDAV”

  1. zahadum says:

    more coverage of practical, how-to webdav stuff, please!

    readers can also check out these for more background:

    news: http://www.webdav.org/
    technology: http://greenbytes.de/tech/webdav/
    tutorials: http://www.ht04.org/ht04tutorialDAV2.php

  2. Perhaps code snippet 1 should include Tiger WebDAVFS/1.13 support: BrowserMatch “^WebDAVFS/1.[0123]” redirect-carefully.

    [WM: Good suggestion. Thanks. I've added it; however, all of our systems (Linux of several varieties, Windows XP, and Macs running Tiger and Panther) all seem to do fine without it).]

  3. ISP-in-a-Box part 2
    I’ve already linked to the first part of this useful posting. Someday I’ll come back and try it all out….

  4. Nathan says:

    Nevermind that last comment. I missed a step :-) And I really thought I took it nice and slow! Regardless, I do wonder if the second /Documents will ever be different (I realized it should probably be the directory you are attempting to make WebDAVable – I’m pretty bright, huh?)under any circumstances. I do not know, I am just trying to throw it out there.

    Thanks for a great tutorial!

  5. davidm says:

    Is it possible to set up multiple webdav enabled folders, each with unique permissions, /Library/WebServer/webdav/…webdav1, webdav2,…etc. If so can you give a proceedure for accomplishing this?
    Also does Webmin have a webdav module?

  6. chriscj says:

    Hi there!
    It appears that you have broken links – I can’t get http://mundy.org/blog/wp-content/webdav1.txt to work, and cannot get any info from a whois on mundy.org. Do oyu perchance have this code elsewhere?

    Thanks

    [WM: My apologies. We switched providers several months ago, and all the content now is on nerdvittles.com rather than mundy.org/blog. I've fixed both links in the article. Thanks.]

  7. John Korchok says:

    To add multiple folders with separate passwords, add the following to your httpd.conf file (for Apache 1) or httpd-dav.conf file (for Apache 2)

    DavLockDB /Library/WebServer/davlocks/DavLock

    #For each user, add a section as follows. There are two user names. myid is your id and appears in each section for each user, so you have access to all folders. The second id appears only in this section, so the user only has access to it.


    Dav On
    AllowOverride None
    Options None
    AuthType Digest
    AuthName FileShare
    AuthUserFile /Library/WebServer/Passwords/.htpwdigest

    require user myid ctmr00

    #Then end with a section like this, to allow only you access to the parent folder of all the folders. This must follow all the other sections or it will not work.


    Dav On
    AllowOverride None
    Options None
    AuthType Digest
    AuthName FileShare
    AuthUserFile /Library/WebServer/Passwords/.htpwdigest

    require user myid

    #We use digest authentication for its greater security

  8. Stephen Downs says:

    I’ve upgraded my development box to Apache 2, and thanks to hints in this tutorial I have WebDAV up and running, but with the following problem.

    I’m doing some development in Flash wherein Flash talks to the webserver through various means, POST & AMFPHP. POST from Flash is failing whenever I have WebDAV turned on. Is there a simple way to exclude the WebDAV authorization from kicking in when the user agent is “Macromedia Flash Player 8″ (or anything Flash)?

  9. Michael says:

    I have setup WebDAV following your instructions without a hitch. I do, however, run into a problem once it is running. I can mount the WebDAV folder, write to it, and read from it. But I can’t modify anything on it. I would like to edit files on the DAV folder instead of copying it to my machine modifying it, and uploading back to the DAV. Any suggestions?

Leave a Reply

Ringbinder theme by Themocracy