我要评论一、 自签名根证书
1. 生成根证书密钥
openssl genrsa -out ./root.key 2048
2. 生成根证书
openssl req -x509 -new -key ./root.key -out ./root.pem -days 365 交互信息 country name (2 letter code) []:cn state or province name (full name) []:henan locality name (eg, city) []:hzg organization name (eg, company) []:www.hzg.com organizational unit name (eg, section) []:hzg common name (eg, fully qualified host name) []:hzg email address []:123456789@qq.com
二、生成应用证书
1. 生成应用证书密钥
openssl genrsa -out webdav.key 2048
2. 生成应用证书请求
openssl req -new -key webdav.key -out webdav.csr
3. 创建证书附加用途文件
基于域名的证书
这里解决的问题是浏览器访问网页验证证书域名的问题,保存为 webdav.ext 文件,生成证书的时候使用
基于域名的证书 keyusage = nonrepudiation, digitalsignature, keyencipherment extendedkeyusage = serverauth, clientauth subjectaltname=@subjectalternativename [ subjectalternativename ] dns.1=hzgwebdav.com dns.2=*.hzgwebdav.com 基于ip的证书 keyusage = nonrepudiation, digitalsignature, keyencipherment extendedkeyusage = serverauth, clientauth subjectaltname=@subjectalternativename [ subjectalternativename ] ip.1=192.168.0.1 ip.2=192.168.0.2
4. 签发证书
openssl x509 -req -in webdav.csr -ca root.pem -cakey root.key -cacreateserial -out webdav.crt -days 365 -sha256 -extfile webdav.ext
三、nginx 部署 webdav 服务
1. 生成 webdav 用户密码文件
echo hzg:$(openssl passwd -crypt 12345678)>/path/certs/webdav/webdavpasswd
2. nginx webdav 配置
注意 nginx 需要安装以下模块
nginx-dav-ext-module
ngx_http_headers_module
dav_ext_lock_zone zone=davlock:10m;
# http 配置
server {
listen 8080;
server_name hzgwebdav.com *.hzgwebdav.com;
location / {
root /path/webdav;
autoindex_localtime on;
set $dest $http_destination;
if (-d $request_filename) { # 对目录请求、对uri自动添加"/"
rewrite ^(.*[^/])$ $1/;
set $dest $dest/;
}
if ($request_method ~ (move|copy)) { # 对move|copy方法强制添加destination请求头
more_set_input_headers 'destination: $dest';
}
if ($request_method ~ mkcol) {
rewrite ^(.*[^/])$ $1/ break;
}
client_body_temp_path /tmp;
dav_methods put delete mkcol copy move; # dav支持的请求方法
dav_ext_methods propfind options lock unlock; # dav扩展支持的请求方法
dav_ext_lock zone=davlock; # dav扩展锁绑定的内存区域
create_full_put_path on; # 启用创建目录支持
dav_access user:rw group:r all:r; # 设置创建的文件及目录的访问权限
auth_basic "authorized users webdav";
auth_basic_user_file /path/certs/webdav/webdavpasswd;
}
}
# https 配置
server {
listen 443 ssl;
server_name hzgwebdav.com *.hzgwebdav.com;
autoindex on;
ssl_certificate "/path/certs/webdav/webdav.crt";
ssl_certificate_key "/path/certs/webdav/webdav.key";
ssl_protocols sslv2 sslv3 tlsv1 tlsv1.1 tlsv1.2 tlsv1.3 ;
ssl_prefer_server_ciphers on;
ssl_ciphers ecdhe-ecdsa-aes128-gcm-sha256:ecdhe-rsa-aes128-gcm-sha256:ecdhe-ecdsa-aes256-gcm-sha384:ecdhe-rsa-aes256-gcm-sha384:ecdhe-ecdsa-chacha20-poly1305:ecdhe-rsa-chacha20-poly1305:dhe-rsa-aes128-gcm-sha256:dhe-rsa-aes256-gcm-sha384;
ssl_session_cache shared:ssl:10m;
ssl_session_tickets off;
ssl_stapling off;
location / {
root /path/webdav;
autoindex_localtime on;
set $dest $http_destination;
if (-d $request_filename) { # 对目录请求、对uri自动添加"/"
rewrite ^(.*[^/])$ $1/;
set $dest $dest/;
}
if ($request_method ~ (move|copy)) { # 对move|copy方法强制添加destination请求头
more_set_input_headers 'destination: $dest';
}
if ($request_method ~ mkcol) {
rewrite ^(.*[^/])$ $1/ break;
}
client_body_temp_path /tmp;
dav_methods put delete mkcol copy move; # dav支持的请求方法
dav_ext_methods propfind options lock unlock; # dav扩展支持的请求方法
dav_ext_lock zone=davlock; # dav扩展锁绑定的内存区域
create_full_put_path on; # 启用创建目录支持
dav_access user:rw group:r all:r; # 设置创建的文件及目录的访问权限
auth_basic "authorized users webdav";
auth_basic_user_file /path/certs/webdav/webdavpasswd;
}
}
到此这篇关于nginx搭建webdav服务的方法步骤的文章就介绍到这了,更多相关nginx搭建webdav服务内容请搜索代码网以前的文章或继续浏览下面的相关文章希望大家以后多多支持代码网!
发表评论