This content originally appeared on DEV Community and was authored by vaggeliskls
Deploy a secure, lightweight WebDAV server with Docker in minutes. This containerised solution supports Basic, LDAP, and OAuth authentication, making it ideal for self-hosted file sharing, backups, and enterprise remote access with minimal setup.
Check it out on GitHub: vaggeliskls/webdav-server
What is WebDAV?
WebDAV (Web Distributed Authoring and Versioning) is an extension of HTTP that lets you manage files on a server upload, download, edit, move, and share as if it were local storage. It’s widely supported across operating systems, backup tools, and mobile apps.
This project provides a modern, containerised WebDAV server that’s:
- Easy to deploy with Docker
- Flexible in authentication
- Ideal for self-hosting and enterprise use
Prerequisites
Before starting, ensure you have:
- Docker version 20.0 or higher
- Basic understanding of containers and WebDAV
Key Features
- Effortless Deployment: Set up a fully operational WebDAV server quickly using Docker.
-
Flexible Authentication:
- Basic Authentication
- LDAP Authentication
- OAuth Authentication
- Basic Authentication
- Proxy-Ready: Easily integrate with reverse proxies to add more authentication layers.
- Authentication is Optional: The server runs without authentication by default, allowing flexibility for your setup.
Authentication Setup
You can enable various authentication mechanisms using environment variables in a .env file. Here’s how to configure each one:
Basic Authentication
Authentication is controlled via environment variables in a .env file.
BASIC_AUTH_ENABLED=true
BASIC_AUTH_REALM=WebDAV
BASIC_USERS=alice:alice123 bob:bob123
OAuth Authentication
OAuth authentication (example with Keycloak) configuration:
OAUTH_ENABLED=true
OIDCProviderMetadataURL="http://keycloak/keycloak-auth/realms/master/.well-known/openid-configuration"
OIDCRedirectURI="http://my-domain.local/redirect_uri"
OIDCCryptoPassphrase="randomly_generated_secure_passphrase"
OIDCClientID="webdav-client"
OIDCClientSecret="ABC123def456GHI789jkl0mnopqrs"
OIDCProviderTokenEndpointAuth="client_secret_basic"
OIDCRemoteUserClaim="preferred_username"
OIDCScope="openid email profile"
OIDCXForwardedHeaders="X-Forwarded-Host"
More examples with different identity providers can be found on the mod_auth_openidc GitHub page.
LDAP Authentication
LDAP integration for centralized user management:
LDAP_ENABLED=true
LDAP_URL=ldaps://ldap.example.com
LDAP_ATTRIBUTE=uid
LDAP_BASE_DN=ou=users,dc=example,dc=com
LDAP_BIND_DN=uid=admin,ou=users,dc=example,dc=com
LDAP_BIND_PASSWORD=securepassword
WebDAV Methods and Access Control
Control allowed methods with the WEBDAV_OPERATIONS variable.
| Method | Purpose |
|---|---|
| GET | Download a file or resource |
| OPTIONS | Discover server-supported methods |
| PROPFIND | List directory contents, get resource metadata |
| PUT | Upload a file |
| DELETE | Delete a file or resource |
| MKCOL | Create a new collection (folder) |
| COPY | Copy a resource |
| MOVE | Move or rename a resource |
| LOCK | Lock a resource |
| UNLOCK | Unlock a resource |
| PROPPATCH | Set or remove resource properties |
| REPORT | Query for information (advanced WebDAV clients) |
| PATCH | Partial update of a resource |
| HEAD | Retrieve headers only (no body) |
| POST | Submit data (rarely used in WebDAV, sometimes for locking) |
Usage Example
1) Create a .env
WEBDAV_OPERATIONS="GET OPTIONS PROPFIND"
LDAP_ENABLED=false
OAUTH_ENABLED=false
BASIC_AUTH_ENABLED=false
2) Create a docker-compose.yaml file
services:
webdav:
image: ghcr.io/vaggeliskls/webdav-server:latest
ports:
- 8080:8080
volumes:
- ./webdav-data:/var/lib/dav/data
env_file:
- .env
3) Run the server
docker compose up -d
4) Access it Open: http://localhost:8080
This example runs an unauthenticated server. For production, enable HTTPS and authentication.
References
This content originally appeared on DEV Community and was authored by vaggeliskls