WEBDAV publically accessible despite enviroment settings about docker-webdav-nginx HOT 10 CLOSED

What path are you visiting?

/public - No authentication
/restricted - Authentication if specified

from docker-webdav-nginx.

Neither. The only path being used is as per your example compose which is /var/www/webdav. Based on the Explanation section in the readme I honestly assumed it would dynamically assign accessibility if authentication variables were defined. Would I just need to update the volume to /var/www/webdav/restricted?

from docker-webdav-nginx.

I meant which path in the browser. You should be going to http://localhost/public or /restricted.

You're correct in that if the user and pass are set, it writes those creds to a file, which is then used by the nginx.conf file.

https://github.com/loganmarchione/docker-webdav-nginx/blob/master/entrypoint.sh#L9

If they're not set, it deletes those creds and /restricted becomes completely open (like /public).

from docker-webdav-nginx.

I was simply putting in https://exampledav.domain.com or equivelent to localhost:8617. Using either ./public or ./restricted in the browser path result in a 404.

from docker-webdav-nginx.

Saying that, I updated the container path to /var/www/webdav/restricted and spun the container back up and now I see the two options.

Additionally, localhost:8617/restricted works with authentication now. So by having ${hostpath}:/var/www/webdav, it is seems to be acting like the public and restricted entry points were overwritten and therefore public as it takes their place?

Example of the working docker-compose

version: '3'
services:
  webdav:
    container_name: docker-webdav-nginx
    restart: unless-stopped
    environment:
      - WEBDAV_USER=${USER}
      - WEBDAV_PASS=${PASSWORD}
      - NGINX_CLIENT_MAX_BODY_SIZE=${MAX_FILE_SIZE} #ex 500M or 0 for no limit
    networks:
      - webdav
    ports:
      - '8617:80'
    volumes:
      #- '/e/userfiles/users/exampleuser:/var/www/webdav' #public for some reason
      - '/e/userfiles/users/exampleuser:/var/www/webdav/restricted' #working with authentication
    image: loganmarchione/docker-webdav-nginx:latest

networks:
  webdav:

#volumes:
#  webdav:
#    driver: local

from docker-webdav-nginx.

Hmmm you shouldn't have to mount restricted into the container.

My setup is here with just /var/www/webdav.

https://github.com/loganmarchione/k8s_homelab/blob/master/cluster/apps/webdav/webdav.yaml#L51

from docker-webdav-nginx.

On your setup, does your webdav: volume begin with the /public and /restricted folders already? With my setup, exampleuser is equivalent to ones 'User' folder which wouldn't normally contain those paths at the start of the directory.

from docker-webdav-nginx.

I'm AFK right now but it should be created by the container.

https://github.com/loganmarchione/docker-webdav-nginx/blob/master/Dockerfile#L19

So mounting /var/www/webdav should allow you to access the public and restricted directories.

Note that I'm using Docker volumes and not bind-mounting a directory from the host, so it could also be a permissions issue.

from docker-webdav-nginx.

It might be related to the bind mounting as you said. Is it possible that when it "creates" the directories, it is happening BEFORE the volume is defined and mapped like in Line 26? Once it is mapped to the host perhaps it is mirroring the host now instead of using the folders already created.

I'm not familiar with docker file creation, but maybe the mkdir's need to be after the volume is mapped? This might then CREATE the folders after being mapped to the host. Like this instead?

RUN apt-get update && apt-get -y install --no-install-recommends \
    apache2-utils \
    netcat-openbsd \
    nginx-extras && \
    rm -rf /var/lib/apt/lists/* && \
    # mkdir -p "/var/www/webdav/restricted" && \ # moved under VOLUME
    # mkdir -p "/var/www/webdav/public" && \ # moved under VOLUME
    # chown -R www-data:www-data "/var/www" # moved under VOLUME
    # below is a new line
    mkdir  "/var/www/webdav" &&\ 
    rm /etc/nginx/sites-enabled/default

EXPOSE 80

VOLUME [ "/var/www/webdav" ]

# create and own folders in mapped volume
RUN mkdir -p "/var/www/webdav/restricted" && \
    mkdir -p "/var/www/webdav/public" && \
    chown -R www-data:www-data "/var/www"

That being said, if their file structure is like mine they would still need to then move the contents into /restricted after the container is live in order to utilize authentication. At that point it seems easier to just set it up the way I did if you want authentication.

Regardless my specific issue is solved. I appreciate your input and assistance! I don't think i would have understood the issue if you didn't ask about which directory I was entering.

from docker-webdav-nginx.

Just spun up an instance using my existing development compose file with a new volume (not a host bind mount) and it works ok for me (no need to mount /restricted or change the Dockerfile). I think any issues you had were due to the host mount.

It created the correct directories in the volume.

/var/lib/docker/volumes/docker-webdav-nginx_webdav2/_data/
├── public
└── restricted

Accessing the main page (without /public or /restricted) gives you access to both of those subpages (as it's intended to).

That being said, I tried to update the README to be more clear. Thanks for the feedback!

from docker-webdav-nginx.