说明
默认情况下,bytemark/webdav 的所有用户共享同一个 /var/lib/dav 目录。如果需要为每个用户分配独立目录,可以使用 mcardielo/webdav 镜像(基于 bytemark/webdav 的改进版本,支持多用户独立目录)。
docker-compose
version: '3'
services:
webdav:
image: mcardielo/webdav # 推荐使用此镜像支持多用户独立目录
restart: always
expose:
- "80" # 仅暴露 80 端口给 Nginx 代理
environment:
AUTH_TYPE: Basic # HTTPS 下推荐使用 Basic 认证,http则使用Digest
SERVER_NAMES: webdav.example.com # 替换为你的域名
LOCATION: /webdav # WebDAV 访问路径
volumes:
- /srv/dav:/var/lib/dav # 数据存储目录
- ./user.passwd:/user.passwd # 绑定挂载认证文件用户名密码
- htpasswd:Apache 的工具,用于创建或更新包含用户名和加密密码的认证文件。
- -B:指定使用 bcrypt 算法加密密码(更安全,推荐)。
- -c:表示创建新文件,第一个帐号时加这个参数,后续追加帐号不需要
- user.passwd:为mcardielo webdav的用户密码存储文件
- 添加帐号alice:htpasswd -B -c user.passwd alice
- 添加帐号bob:htpasswd -B user.passwd bob
nginx配置
events {}
http {
# HTTP server (redirect to HTTPS)
server {
listen 80;
server_name webdav.atibm.com;
# Serve ads.txt
location /ads.txt {
alias /usr/share/nginx/html/webdav/ads.txt;
}
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
# HTTPS server
server {
listen 443 ssl;
server_name webdav.atibm.com;
# SSL certificate configuration
ssl_certificate /etc/letsencrypt/live/ghost.atibm.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ghost.atibm.com/privkey.pem;
# Logging
access_log /var/log/nginx/webdav-access.log;
error_log /var/log/nginx/webdav-error.log;
# Serve ads.txt
location /ads.txt {
alias /usr/share/nginx/html/webdav/ads.txt;
}
# WebDAV location
location /webdav {
proxy_pass http://webdav:80/webdav;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
dav_methods PUT DELETE MKCOL COPY MOVE;
client_max_body_size 0; # Allow large file uploads
client_body_buffer_size 8m; # Buffer for client uploads
proxy_buffers 8 64k; # Buffer for proxy responses
proxy_connect_timeout 300;
proxy_send_timeout 600;
proxy_read_timeout 600;
}
}
}