LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

@warpkwd(KAWADA Yukihiro)

Cygwin で SSL webdav を作って ローカル、グローバルからアクセスできるようにする

Posted at

背景

joplin のサーバーが欲しかったので、色々と検討した結果。
自宅 Windows マシンに ssl webdav を入れればいいか・・・と思い・・・やってみる
2023年レガシーメソッド

目的

簡単だろと思ったら・・・・、以外に手こずったのでレポートしておく。
ローカルセグメントからも SSL で webdav にアクセスできること。
携帯で外から SSL で webdav にアクセスできること。

必要なもの

  • Windows Cygwin64 , joplin
  • Global ip address 1個
  • DNS A レコード 2個

内容

  • 自宅の Global ip アドレスに DNS A レコードを2つホスト名を作る
  • 80, 443 をローカルセグメント内へポートフォワードしておく
  • Window firewall で 80, 443 を開ける (ssl が動いたら 80は閉じる)
  • apache2, ssl virtualhost , basic webdav を install
  • certbot で Let’s Encrypt SSL認証書を取得する
  • ホスト名のひとつをローカルアドレスで Windows hosts に登録する
  • 例:192.168.1.200 loc.foo.jp

apache 80

ssl を取るためにまず 80 httpd を上げて外からアクセスできるようにする必要がある

/etc/httpd/conf/httpd.conf
+LoadModule auth_digest_module modules/mod_auth_digest.so
+LoadModule cache_module modules/mod_cache.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule socache_dbm_module modules/mod_socache_dbm.so
+LoadModule ssl_module modules/mod_ssl.so
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule dav_lock_module modules/mod_dav_lock.so
+ServerName glb.foo.jp
+DocumentRoot "/cygdrive/k/www/html"
+<Directory "/cygdrive/k/www/html">
+    Options FollowSymLinks
+ErrorLog "/cygdrive/k/www/log/error_log"
+#LogLevel warn
+LogLevel debug
+    CustomLog "/cygdrive/k/www/log/access_log" common
+    ScriptAlias /cgi-bin/ "/cygdrive/k/www/cgi-bin/"
+<Directory "/cygdrive/k/www/cgi-bin">
+Include conf/extra/httpd-dav.conf
+Include conf/extra/httpd-ssl.conf
+Mutex posixsem    これ入れないとハマります

httpd が外からアクセス確認できたら、ssl を取得します

certbot

certbot やる前に 80 を開ける必要がある. ちゃんと届く mail address も必要
pip3 install --upgrade pip
pip install certbot

certbot certonly --webroot -w /cygdrive/k/www/html  -d glb.foo.jp -d loc.foo.jp
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/glb.foo.jp/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/glb.foo.jp/privkey.pem
This certificate expires on 2023-10-05.
These files will be updated when the certificate renews.

ssl virtual host 設定 global + local

/etc/httpd/conf/extra/httpd-ssl.conf
########################################################################
## SSL Virtual Host Context
## for global
<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/cygdrive/k/www/html"
ServerName glb.foo.jp

ServerAdmin you@example.com
ErrorLog "/cygdrive/k/www/log/ssl_error_log2"
TransferLog "/cygdrive/k/www/log/ssl_access_log2"

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/glb.foo.jp/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/glb.foo.jp/privkey.pem

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/cygdrive/k/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

</VirtualHost>

########################################################################
## for local
<VirtualHost *:443>
#   General setup for the virtual host
DocumentRoot "/cygdrive/k/www/html"
ServerName loc.foo.jp

ServerAdmin you@example.com
ErrorLog "/cygdrive/k/www/log/ssl_error_log2"
TransferLog "/cygdrive/k/www/log/ssl_access_log2"

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/loc.foo.jp/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/loc.foo.jp/privkey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/cygdrive/k/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

</VirtualHost>

webdav

/etc/httpd/conf/extra/httpd-dav.conf
DavLockDB "/cygdrive/k/var/DavLock"

Alias /uploads /cygdrive/k/data/uploads
Alias /webdav /cygdrive/k/data/webdav

<Location /webdav>
    Dav On
    AuthType Basic
#    AuthType Digest
    SSLRequireSSL
#    Options None
    AuthName WebDAV
    # You can use the htdigest program to create the password database:
    #   htdigest -c "/etc/httpd/user.passwd" DAV-upload admin
    AuthUserFile /etc/httpd/conf/.htpasswd
#    AuthDigestProvider file

    # Allow universal read-access, but writes are restricted
    # to the admin user.
#    Require valid-user
    <RequireAny>
        Require method GET POST OPTIONS
        Require valid-user
    </RequireAny>
    Options Indexes FollowSymLinks
</Location>

htpasswd /etc/httpd/conf/.htpasswd davuser
New password:
Re-type new password:
Adding password for user davuser
とか・・・

clients

オプション -> 同期 ->
WebDAV URL [glb.foo.jp] 携帯とか外から
WebDAV URL [loc.foo.jp] 家から
username, password

以上。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?