Methods and steps for Nginx to build Webdav service

1. Self-signed root certificate

1. Generate the root certificate key

openssl genrsa -out ./ 2048

2. Generate root certificate

openssl req -x509 -new -key ./ -out ./ -days 365

Interactive information
Country Name (2 letter code) []:CN
State or Province Name (full name) []:HeNan
Locality Name (eg, city) []:HZG
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:HZG
Common Name (eg, fully qualified host name) []:HZG
Email Address []:123456789@

2. Generate application certificates

1. Generate the application certificate key

openssl genrsa -out  2048

2. Generate application certificate request

openssl req -new -key  -out

3. Create certificate additional purpose file

Domain-based certificate
The problem solved here is the problem of browser accessing web pages to verify the certificate domain name. Save it as a file and use it when generating the certificate.

Domain-based certificate
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName=@SubjectAlternativeName

[ SubjectAlternativeName ]
DNS.1=
DNS.2=*.

based onIPCertificate of
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName=@SubjectAlternativeName

[ SubjectAlternativeName ]
IP.1=192.168.0.1
IP.2=192.168.0.2

4. Issuing a certificate

openssl x509 -req -in  -CA  -CAkey  -CAcreateserial -out  -days 365 -sha256 -extfile

3. Nginx deploys Webdav services

1. Generate Webdav user password file

echo hzg:$(openssl passwd -crypt 12345678)>/path/certs/webdav/webdavpasswd

2. Nginx WebDav Configuration

Note Nginx requires the following modules to be installed

nginx-dav-ext-module
ngx_http_headers_module

dav_ext_lock_zone zone=davlock:10m;
# Http Configurationserver {
    listen 8080;
    server_name  *.;

    location / {
        root /path/webdav;
        autoindex_localtime on;

        set $dest $http_destination;
        if (-d $request_filename) {                   # Automatically add "/" to directory requests and URIs            rewrite ^(.*[^/])$ $1/;
            set $dest $dest/;
        }

        if ($request_method ~ (MOVE|COPY)) { # Forced add Destination request header to the MOVE|COPY method           more_set_input_headers 'Destination: $dest';
        }

        if ($request_method ~ MKCOL) {
            rewrite ^(.*[^/])$ $1/ break;
        }

        client_body_temp_path /tmp;

        dav_methods PUT DELETE MKCOL COPY MOVE;       # DAV supported request method        dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK; # DAV extension support request method        dav_ext_lock zone=davlock;                    # DAV extension lock bound memory area        create_full_put_path  on;                     # Enable directory creation support        dav_access user:rw group:r all:r;             # Set the access permissions for created files and directories
        auth_basic "Authorized Users WebDAV";
        auth_basic_user_file /path/certs/webdav/webdavpasswd;
    }
}

# Https Configurationserver {
    listen 443 ssl;
    server_name  *.;

    autoindex on;

    ssl_certificate "/path/certs/webdav/";
    ssl_certificate_key "/path/certs/webdav/";

    ssl_protocols           SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 ;
    ssl_prefer_server_ciphers on;
    ssl_ciphers               ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_cache         shared:SSL:10m;
    ssl_session_tickets       off;
    ssl_stapling              off;

    location / {
        root /path/webdav;
        autoindex_localtime on;

        set $dest $http_destination;
        if (-d $request_filename) {                   # Automatically add "/" to directory requests and URIs            rewrite ^(.*[^/])$ $1/;
            set $dest $dest/;
        }

        if ($request_method ~ (MOVE|COPY)) { # Forced add Destination request header to the MOVE|COPY method           more_set_input_headers 'Destination: $dest';
        }

        if ($request_method ~ MKCOL) {
            rewrite ^(.*[^/])$ $1/ break;
        }

        client_body_temp_path /tmp;

        dav_methods PUT DELETE MKCOL COPY MOVE;       # DAV supported request method        dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK; # DAV extension support request method        dav_ext_lock zone=davlock;                    # DAV extension lock bound memory area        create_full_put_path  on;                     # Enable directory creation support        dav_access user:rw group:r all:r;             # Set the access permissions for created files and directories
        auth_basic "Authorized Users WebDAV";
        auth_basic_user_file /path/certs/webdav/webdavpasswd;
    }
}

This is the article about the methods and steps of Nginx to build Webdav services. For more information about Nginx to build Webdav services, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!