{"id":25796629,"url":"https://github.com/graelo/webdav-nginx","last_synced_at":"2026-05-01T02:33:59.615Z","repository":{"id":277718173,"uuid":"933285226","full_name":"graelo/webdav-nginx","owner":"graelo","description":"How to build a rootless nginx webdav server with buildah","archived":false,"fork":false,"pushed_at":"2025-02-15T16:02:07.000Z","size":2,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-05-01T02:33:57.183Z","etag":null,"topics":["buildah","devonthink","nginx","omnifocus","rootless","webdav"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/graelo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-15T15:44:18.000Z","updated_at":"2025-07-16T17:59:30.000Z","dependencies_parsed_at":"2025-02-15T17:18:36.948Z","dependency_job_id":"dde62e29-62ea-4400-84ef-4e4b4a43bc8a","html_url":"https://github.com/graelo/webdav-nginx","commit_stats":null,"previous_names":["graelo/webdav-nginx"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/graelo/webdav-nginx","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graelo%2Fwebdav-nginx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graelo%2Fwebdav-nginx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graelo%2Fwebdav-nginx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graelo%2Fwebdav-nginx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/graelo","download_url":"https://codeload.github.com/graelo/webdav-nginx/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/graelo%2Fwebdav-nginx/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32483406,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"online","status_checked_at":"2026-05-01T02:00:05.856Z","response_time":64,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["buildah","devonthink","nginx","omnifocus","rootless","webdav"],"created_at":"2025-02-27T14:40:12.766Z","updated_at":"2026-05-01T02:33:59.594Z","avatar_url":"https://github.com/graelo.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Rootless Multi-User WebDAV Sync Store Container\n\n## Build the image\n\n```sh\nbuildah unshare -- bash -c './build-container-webdav.sh 2\u003e\u00261 | tee build_log.txt'\n```\n\nYou can optionally embed your `webdav.conf`: corresponding lines are commented\nout in the config, but I prefer mounting my config when running the container.\n\n## Configuration\n\nThe nginx process is run by www-data, which is modified to be UID/GID=1000.\n\n- Bind-mount sync store data in `/media/data`\n- For multi-users setup, credentials for each user should be htpasswd files in\n  a folder, and bind-mount that folder in `/etc/nginx/htpasswords/`\n- Finally, bind-mount the following `webdav.conf` (adjusted to your needs!)\n  into `/etc/nginx/conf.d/default.conf`\n\n## Run the image\n\nExtract from a Systemd Unit:\n\n```systemd\nExecStart=/usr/bin/podman container run \\\n  --conmon-pidfile=%t/%N.pid \\\n  --cidfile=%t/%N.ctr-id \\\n  --cgroups=no-conmon \\\n  --userns=keep-id \\\n  --sdnotify=conmon \\\n  --replace \\\n  --rm \\\n  --detach \\\n  --volume=/etc/localtime:/etc/localtime:ro \\\n  --volume=/tank/containers/webdav/config/htpasswords:/etc/nginx/htpasswords:Z,U \\\n  --volume=/tank/containers/webdav/config/webdav.conf:/etc/nginx/conf.d/default.conf:Z,U \\\n  --volume=/tank/containers/webdav/data:/media/data:Z,U \\\n  --dns=your-host-ip \\\n  --publish=127.0.0.1:9008:8080 \\\n  --label=\"io.containers.autoupdate=registry\" \\\n  --name=webdav \\\n  docker.io/graelo/webdav-nginx:rootless\n```\n\n## Example files for DevonThink and OmniFocus\n\nI'm providing the example config for Omni products, because it is not trivial.\n\nExample `webdav.conf`\n\n```nginx\nserver {\n    listen 8080;\n\n    access_log /dev/stdout;\n    error_log /dev/stdout info;\n\n    client_max_body_size 0;\n\n    location /devonthink {\n        alias /media/data/devonthink;\n\n        create_full_put_path on;\n        autoindex on;\n        autoindex_exact_size off;\n        autoindex_localtime on;\n        charset utf-8;\n\n        dav_methods PUT DELETE MKCOL COPY MOVE;\n        dav_ext_methods PROPFIND OPTIONS;\n        dav_access user:rw group:rw all:r;\n\n        auth_basic \"Restricted DevonThink\";\n        auth_basic_user_file /etc/nginx/htpasswords/devonthink.htpasswd;\n    }\n\n    location /omnifocus {\n        alias /media/data/omnifocus;\n\n        create_full_put_path on;\n        autoindex on;\n        autoindex_exact_size off;\n        autoindex_localtime on;\n        charset utf-8;\n\n        dav_methods PUT DELETE MKCOL COPY MOVE;\n        dav_ext_methods PROPFIND OPTIONS;\n        dav_access user:rw group:rw all:r;\n\n        auth_basic \"Restricted OmniFocus\";\n        auth_basic_user_file /etc/nginx/htpasswords/omnifocus.htpasswd;\n    }\n}\n```\n\nHere's the corresponding nginx reverse proxy:\n\n```nginx\nserver {\n  server_name webdav.graelo.cc;\n  listen 80;\n\n  location / {\n    return 301 https://$host$request_uri;\n  }\n\n  access_log /var/log/nginx/webdav.graelo.cc-access.log;\n  error_log /var/log/nginx/webdav.graelo.cc-error.log;\n}\n\nserver {\n  server_name webdav.graelo.cc;\n  listen 443 ssl;\n\n  ssl_certificate   /etc/ssl/localcerts/webdav.graelo.cc/chained.crt;\n  ssl_certificate_key /etc/ssl/localcerts/webdav.graelo.cc/service.key;\n\n  add_header    Strict-Transport-Security \"max-age=31536000\" always;\n  add_header    X-Frame-Options SAMEORIGIN;\n  add_header    X-Content-Type-Options nosniff;\n\n  client_max_body_size 0;\n\n  location /devonthink {\n    set $target http://127.0.0.1:9005;\n\n    proxy_pass $target;\n\n    proxy_buffering off;\n\n    proxy_http_version 1.1;\n    proxy_set_header Host $http_host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n    proxy_set_header X-Forwarded-Host $host;\n    proxy_set_header X-Forwarded-User $remote_user;\n\n    # Add these lines for authentication handling\n    proxy_set_header Authorization $http_authorization;\n    proxy_pass_header Authorization;\n\n    # WebDAV specific settings\n    proxy_set_header Destination $http_destination;\n    proxy_set_header Overwrite $http_overwrite;\n\n    # Optional: enable gzip compression\n    gzip on;\n    gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript;\n  }\n\n  location /omnifocus {\n    set $target http://127.0.0.1:9005;\n\n    set $fixed_destination $http_destination;\n    set $destination_check \"\";\n\n    # Remove the scheme and host from the Destination header\n    if ($http_destination ~ ^https?://[^/]+(.*)$) {\n      set $fixed_destination $1;\n    }\n\n    # Check if request_uri ends with a slash\n    if ($request_uri ~ ^.+/$) {\n      set $destination_check \"${destination_check}A\";\n    }\n\n    # Check if fixed_destination ends with a slash\n    if ($fixed_destination ~ ^.+/$) {\n      set $destination_check \"${destination_check}B\";\n    }\n\n    # Adjust fixed_destination based on checks\n    if ($destination_check = \"A\") {\n      set $fixed_destination \"${fixed_destination}/\";\n    }\n    if ($destination_check = \"B\") {\n      set $fixed_destination \"${fixed_destination}\";\n    }\n    if ($destination_check = \"\") {\n      set $fixed_destination \"${fixed_destination}\";\n    }\n    if ($destination_check = \"AB\") {\n      set $fixed_destination \"${fixed_destination}\";\n    }\n\n    proxy_pass $target;\n\n    proxy_buffering off;\n\n    proxy_http_version 1.1;\n    proxy_set_header Host $http_host;\n    proxy_set_header X-Real-IP $remote_addr;\n    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n    proxy_set_header X-Forwarded-Proto $scheme;\n    proxy_set_header X-Forwarded-Host $host;\n    proxy_set_header X-Forwarded-User $remote_user;\n\n    # Add these lines for authentication handling\n    proxy_set_header Authorization $http_authorization;\n    proxy_pass_header Authorization;\n\n    # WebDAV specific settings\n    proxy_set_header Destination $fixed_destination;\n    proxy_set_header Overwrite $http_overwrite;\n\n    # Optional: enable gzip compression\n    gzip on;\n    gzip_types text/plain text/css application/json application/javascript text/xml application/xml text/javascript;\n  }\n\n  access_log /var/log/nginx/webdav.graelo.cc-access.log;\n  error_log /var/log/nginx/webdav.graelo.cc-error.log;\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraelo%2Fwebdav-nginx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgraelo%2Fwebdav-nginx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgraelo%2Fwebdav-nginx/lists"}