WebDAV: Three ways to run a simple test server

I needed a simple WebDAV file server for testing and want to share what I found.

1. Variants

1.1. rclone

docker run --rm -p 8080:8080 -v ./data:/data -e RCLONE_USER=username -e RCLONE_PASS=password rclone/rclone:1.71.2 serve webdav /data --addr :8080 --baseurl '/webdav'

1.2. bytemark

Caution: This image is 7 years old.

docker run --rm -v ./data:/var/lib/dav -e AUTH_TYPE=Digest -e USERNAME=username -e PASSWORD=password --publish 8080:80 -d bytemark/webdav:2.4

1.3. Caddy

An example in Caddy, which requires some more configuration, but might give you some more flexibility in exchange.

1.3.1. Build docker image

FROM caddy:2.10.2-builder AS builder

RUN xcaddy build --with github.com/mholt/caddy-webdav@7a5c90d

FROM busybox:1.37.0

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

RUN mkdir /data

ENTRYPOINT ["/usr/bin/caddy", "run", "--config=/etc/Caddyfile"]

docker build -t caddy-webdav .

1.3.2. Run WebDAV server

{
	admin off
	order webdav before file_server
}

http://localhost

basicauth /webdav/* bcrypt {
  # Password is 'password'
	username $2y$10$3ZFVo6i8sdDXRGHC1c7LuuaprKz/L9jCMvjr9UszLgZGlTxAOmqPK
}

webdav /webdav/* {
	root /data
	prefix /webdav
}

docker run --rm -p 8080:80 -v ./Caddyfile:/etc/Caddyfile:ro -v ./data:/data caddy-webdav

1.3.3. Generate bcrypt password hash

The password is saved in form of a bcrypt hash. openssl doesn't support generating bcrypt hashes, unfortunately.

I found bcrypt-tool, which does not accept the password from stdin. :/

And there is htpasswd from the apache package. But this will also install the whole apache server. :/

However, you can run this docker image to just generate the bcrypt password:

docker run -it --rm --network=none --entrypoint=htpasswd sineverba/htpasswd:1.5.0 -nBC 10 username

• -n: Display the results on standard output rather than updating a file.
• -B: Force the use of BCrypt encryption for passwords.
• -C: Set the computing cost factor for BCrypt (logarithmic scale, typical values 5-12). Higher values increase security but require more CPU time for hashing.

2. Connect to WebDAV via cadaver

2.1. Quick test with curl

curl -v --user user:password http://localhost:8080/webdav

This should return some XML.

2.2. Real WebDAV

cadaver http://localhost:8080/webdav

Run commands like ls, put file.txt and so on to test functionality.

3. Use rsync with our server

3.1. Obscure password

cat /dev/stdin | rclone obscure -

3.2. Test connection by listing files

rclone ls ":webdav,user='user',pass='VZTiy804LCdIyjE_VLCvuczpeaMnsHQR',url='http://localhost:8080/webdav':"

3.3. Sync a local folder

rclone sync . ":webdav,user='user',pass='VZTiy804LCdIyjE_VLCvuczpeaMnsHQR',url='http://localhost:8080/webdav':"

4. Security

Please note this is just an example. In the real world, you should never use BasicAuth over plain HTTP. BasicAuth is only secure over an encrypted connection like HTTPS.

For Caddy: it runs as the root user inside the docker container. This is not so good, but not part of this test. Best solution would be if the official image would change that.

See here: Run as unprivileged user

5. Suggestion

I suggest to use the rclone variant if you just want to quickly spin up a WebDAV server. rclone itself is well maintained, and the docker run command doesn't require any further configuration files.

If you want to go into more details, or have a running infrastructure already, Caddy might be worth a look.