HOWTO remotely yet securely mount a folder on Windows

overview

  1. install apache, mod_ssl and mod_dav
  2. configure apache
  3. mount the folder from Windows
This was tested only with:
  • Ubuntu 5.04
  • openssl 0.9.7e-3ubuntu0.2
  • apache 1.3.33-4ubuntu1
  • mod_ssl 2.8.22-1ubuntu1
  • mod_dav 1.0.3-10
  • Windows XP SP2

installation

$ sudo apt-get install apache libapache-mod-ssl libapache-mod-dav

configuration

SSL certificate for apache

The following instructions were copied from here. 

$ mkdir /tmp/apache
$ cd /tmp/apache

# create the private key for your own CA
$ openssl genrsa -des3 -out ca.key 1024

# create a self-signed certificate for your CA
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

# create the private key for your apache server
$ openssl genrsa -des3 -out server.key 1024

# create a CSR (certificate signing request)
# do NOT use the same details you used for the CA
$ openssl req -new -key server.key -out server.csr

# sign the CSR using your CA
$ /usr/share/doc/libapache-mod-ssl/examples/sign.sh server.csr

# give the files to apache
$ sudo cp server.crt /etc/apache/ssl.crt/
$ sudo cp server.key /etc/apache/ssl.key/

apache configuration files

Edit /etc/apache/httpd.conf and change:

Port 80

..to:

Listen 80

Create a credentials file for WebDAV access: 

$ cd /etc/apache
$ sudo htpasswd -c dav-passwd firstuser
$ sudo htpasswd dav-passwd subsequentuser
$ sudo chmod 640 dav-passwd
$ sudo chgrp www-data dav-passwd

Edit /etc/apache/conf.d/libapache-mod-dav to look like:

<IfModule mod_dav.c>

    DAVLockDB /var/lock/DAV/apache

    <IfModule mod_ssl.c>

        Listen 443

        <VirtualHost *:443>

            ServerName callisto
            SSLEngine On
            SSLCertificateFile /etc/apache/ssl.crt/server.crt
            SSLCertificateKeyFile /etc/apache/ssl.key/server.key

            DocumentRoot /1/DAV
            <Directory /1/DAV>

                DAV On

                <LimitExcept GET OPTIONS>
                    Require user firstuser subsequentuser
                    AuthType Basic
                    AuthName "WebDAV Users"
                    AuthUserFile /etc/apache/dav-passwd
                </LimitExcept>

            </Directory>

        </VirtualHost>

    </IfModule>

</IfModule>

(thanks for this, Dale).

(note that the ServerName must be the same as the CN in the server certificate)

The DAV directory (/1/DAV in the example above) must be readable and writeable by apache (the www-data user). All files and folders created via DAV are owned by the www-data user.

windows

Windows XP SP2 will need Basic Auth to be enabled: 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\UseBasicAuth:REG_DWORD=1
(and restart)

mounting

Windows Explorer confused me with its different modes of operation. Not all menu items are available in all modes.

  1. open Windows Explorer with [windows]+[e]
  2. use the address bar (where it says Address[My Computer]) to go to a web site (any web site will do). Explorer is now in "web" mode and new menu items are available
  3. on the File menu, choose Open...
  4. in the Open box, type https://yourhost.yourdomain/yourpath
  5. check the Open as Web Folder box

Dale also says that you must authenticate with your proxy before opening the web folder if you're using IE.

$Revision: 1.2 $, $Date: 2006/03/07 08:37:16 $

Valid HTML 4.01 Transitional