[github仓库：https://github.com/hacdias/webdav.git](https://github.com/hacdias/webdav.git;webdav;) **说明：**A simple and standalone[ ]()WebDAV server. # 一、编译安装 ``` # git clone https://github.com/hacdias/webdav.git # cd webdav # go build -ldflags "-w -s" -trimpath ``` 之后在webdav目录下就会生成webdav文件，这个就是执行文件，然后需要配置文件，文件可以是YAML, JSON或者TOML，config.yml如下： ```yaml address: 0.0.0.0 port: 6065 # TLS-related settings if you want to enable TLS directly. tls: false cert: cert.pem key: key.pem # Prefix to apply to the WebDAV path-ing. Default is '/'. prefix: / # Enable or disable debug logging. Default is 'false'. debug: false # Disable sniffing the files to detect their content type. Default is 'false'. noSniff: false # The directory that will be able to be accessed by the users when connecting. # This directory will be used by users unless they have their own 'directory' defined. # Default is '.' (current directory). directory: . # The default permissions for users. This is a case insensitive option. Possible # permissions: C (Create), R (Read), U (Update), D (Delete). You can combine multiple # permissions. For example, to allow to read and create, set "RC". Default is "R". permissions: R # The default permissions rules for users. Default is none. rules: [] # Logging configuration log: # Logging format ('console', 'json'). Default is 'console'. format: console # Enable or disable colors. Default is 'true'. Only applied if format is 'console'. colors: true # Logging outputs. You can have more than one output. Default is only 'stderr'. outputs: - stderr # CORS configuration cors: # Whether or not CORS configuration should be applied. Default is 'false'. enabled: true credentials: true allowed_headers: - Depth allowed_hosts: - http://localhost:8080 allowed_methods: - GET exposed_headers: - Content-Length - Content-Range # The list of users. If the list is empty, then there will be no authentication. # Otherwise, basic authentication will automatically be configured. # # If you're delegating the authentication to a different service, you can proxy # the username using basic authentication, and then disable webdav's password # check using the option: # # noPassword: true users: # Example 'admin' user with plaintext password. - username: admin password: admin # Example 'john' user with bcrypt encrypted password, with custom directory. - username: john password: "{bcrypt}$2y$10$zEP6oofmXFeHaeMfBNLnP.DO8m.H.Mwhd24/TOX2MWLxAExXi4qgi" directory: /another/path # Example user whose details will be picked up from the environment. - username: "{env}ENV_USERNAME" password: "{env}ENV_PASSWORD" - username: basic password: basic # Override default permissions. permissions: CRUD rules: # With this rule, the user CANNOT access /some/files. - path: /some/file permissions: none # With this rule, the user CAN create, read, update and delete within /public/access. - path: /public/access/ permissions: CRUD # With this rule, the user CAN read and update all files ending with .js. It uses # a regular expression. - regex: "^.+.js$" permissions: RU ``` 贴一个最简单的config.yml ``` port: 6065 tls: false auth: true prefix: /webdav/ directory: "/path/to/dir/" users: - username: admin password: "{sha256}c6ddfc9dfe3ad14ebac016951c537619fc0041db47e9ef67f307a33bb6ab785d" permissions: CRUD ``` 之后就是运行： ``` # ./webdav -c /path/to/config.yml ``` 这个是最简单的运行方式，也可以用systemd的方式，编辑/lib/systemd/system/webdav.service ``` [Unit] Description=WebDAV After=network.target [Service] Type=simple User=你的用户 ExecStart=/path/to/webdav --config /path/to/config.yml Restart=on-failure [Install] WantedBy=multi-user.target ``` # 二、修改源码，使其支持sha256 修改/lib/user.go ``` //import中添加"webdav/function" func (u User) checkPassword(input string) bool { if strings.HasPrefix(u.Password, "{bcrypt}") { savedPassword := strings.TrimPrefix(u.Password, "{bcrypt}") return bcrypt.CompareHashAndPassword([]byte(savedPassword), []byte(input)) == nil } else if strings.HasPrefix(u.Password, "{sha256}") { uPWD := strings.TrimPrefix(u.Password, "{sha256}") inputPWD := function.GetSha256(input) return uPWD == inputPWD } return u.Password == input } ``` 这个时候在配置文件中设置用户密码的时候就可以使用{sha256}+加密密码的方式设置了。（这里没有+） 虽然添加了sha256加密的密码，但是配置文件里的加密密码没有生成命令，下面就说怎么添加。 # 三、添加生成bcrypt和sha256密码的命令参数（程序已经自带这个功能了） 新建目录function，添加文件function.go，内容如下： ``` package function import ( "crypto/sha256" "encoding/hex" ) func GetSha256(input string) string { sum256 := sha256.Sum256([]byte(input)) return hex.EncodeToString(sum256[:]) } ``` 修改cmd下的root.go文件： ``` // 在import中添加 "webdav/function" "golang.org/x/crypto/bcrypt" 在func init()中添加： flags.StringP("sha256", "s", "", "sha256 password") flags.StringP("bcrypt", "b", "", "bcrypt password") ``` 在RunE: func(cmd *cobra.Command, args []string) error中添加： ``` //生成sha256密码 passwords, err := flags.GetString("sha256") if passwords != "" { fmt.Println("{sha256}" + function.GetSha256(passwords)) return err } //生成bcrypt密码 passwordb, err := flags.GetString("bcrypt") if passwordb != "" { hash, _ := bcrypt.GenerateFromPassword([]byte(passwordb), bcrypt.DefaultCost) fmt.Println("{bcrypt}" + string(hash)) return err } ``` 之后重新build，生成执行文件，查看帮助文件： ``` ./webdav Flags: -a, --address string address to listen on (default "0.0.0.0") -b, --bcrypt string bcrypt password --cert string path to TLS certificate (default "cert.pem") -c, --config string config file path -h, --help help for webdav --key string path to TLS key (default "key.pem") -p, --port int port to listen on (default 6065) -P, --prefix string URL path prefix (default "/") -s, --sha256 string sha256 password -t, --tls enable TLS ``` 生成加密密码： ``` ./webdav -s 123456 {sha256}c6ddfc9dfe3ad14ebac016951c537619fc0041db47e9ef67f307a33bb6ab785d ./webdav -b 123456 {bcrypt}$2a$10$qaR4Zo4NPPF3Ps1zeUam2uOWwUdlivV6nbvGlrwud5H9IaTPmm.UG ``` 把下面这串字母粘贴到password：后面就可以了。 # 四、tls证书验证 **建议使用方法2中的第2个** ### 方法1：跳过证书验证（不推荐用于生产环境） 在rclone配置中添加跳过证书验证的选项： ``` rclone mount remote: /mnt/point --vfs-cache-mode full --daemon --no-check-certificate ``` 或者在配置文件中设置： ``` rclone config ``` 编辑对应的remote，设置： ``` skip_verify = true ``` ### 方法2：将证书添加到系统信任库（推荐） * Linux系统： 将证书复制到系统CA目录： ``` sudo cp cert.pem /usr/local/share/ca-certificates/ sudo update-ca-certificates ``` 或者指定rclone使用自定义CA包： ``` rclone mount remote: /mnt/point --ca-cert /path/to/cert.pem ``` * Windows系统： 将证书导入到受信任的根证书颁发机构： ``` certlm.msc # 打开证书管理器 # 然后导入cert.pem到"受信任的根证书颁发机构" ``` ### 方法3：在rclone配置中指定CA证书 编辑rclone配置文件（通常位于 `~/.config/rclone/rclone.conf`）： ``` [your_remote_name] type = webdav url = https://your-ip:port vendor = other user = your_username pass = your_password ca_cert = /path/to/cert.pem # 添加这一行 ``` ### 方法4：重新生成包含正确信息的证书 确保证书包含正确的IP地址或域名： ``` # 生成包含IP地址的证书（使用之前的方法） openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes \ -out cert.pem -keyout key.pem \ -addext "subjectAltName = IP:192.168.1.100" \ -subj "/CN=your-server-ip" ``` **验证证书配置** 检查证书信息： ``` openssl x509 -in cert.pem -text -noout ``` 测试连接： ``` rclone ls remote: --ca-cert /path/to/cert.pem ```