Enable WebDAV and set up Basic Authentication

Procedure
  1. Determine if the WebDAV module is enabled.

    sudo httpd -M | grep fs

    If WebDAV is already enabled, you will see the following output:

    dav_fs_module (shared)
    By default, the WebDAV module is included and enabled with the Apache installations.
  2. Create a WebDAV directory under the Apache web root directory.

    sudo mkdir /var/www/html/webdav

  3. Change the ownership and permission of the WebDAV directory.

    sudo chown -R apache:apache /var/www/html/webdav

    sudo chmod -R 755 /var/www/html/webdav

  4. Optional. To set up password authentication for the WebDAV directory by creating an .htpasswd file, perform the following steps:
    1. Create an .htpasswd file.

      sudo htpasswd -c /etc/httpd/.htpasswd {User Name}

    2. Assign group ownership to the Apache user and lock down permissions for other users.

      sudo chown root:apache /etc/httpd/.htpasswd

      sudo chmod 640 /etc/httpd/.htpasswd

  5. Create a site configuration file called webdav.conf.

    vi /etc/httpd/conf.d/webdav.conf

  6. Add the following code to the /etc/httpd/conf.d/webdav.conf file. 
    DavLockDB /var/www/html/DavLock
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/webdav/
    ErrorLog /var/log/httpd/error.log
    CustomLog /var/log/httpd/access.log combined
        Alias /webdav /var/www/html/webdav
        <Directory /var/www/html/webdav>
            DAV On
            AuthType Basic
            AuthName "webdav"
            AuthUserFile /etc/httpd/.htpasswd
            Require valid-user
        </Directory>
</VirtualHost>
    NOTE:

    The AuthName must be same as the user name specified in step 4.

  7. Save the file and restart Apache.

    service httpd restart

    After restarting the web server, login details are requested.

    NOTE:

    Only Basic Authentication and OpenSSL certificates are supported for https in HPE OneView.

  8. Optional. Skip this step to add the web server to HPE OneView with the provided credentials and HTTP. HPE OneView will discover all the valid bundles. To add the web server as an external repository using HTTPS, perform the following steps:
    1. Navigate to /etc/httpd/conf, and edit the httpd.conf.
      vi httpd.conf
    2. Search for the following line of code in the httpd.conf file. 
      DocumentRoot "/var/www/html/" 
#
# Relax access to content within /var/www.
#
    3. Search for the directory path and change the path from <Directory "/var/www/html/> to <Directory "/var/www/html/webdav">.
    4. Add the following code in the <Directory> block. 
      DAV On
     AuthType Basic
     AuthName "webdav" 
     AuthUserFile /etc/httpd/.htpasswd
     Require valid-user

    # All access controls and authentication are disabled
    # in this directory
     #AuthType None
     #Satisfy all
     #Allow from all
     #AllowOverride None
     Header set MaxRepoSize 100G
     AllowOverride AuthConfig
     #Require all granted
      NOTE:

      The code line, Header set MaxRepoSize 100G configures the size of the web server.

    5. Save the file and restart Apache.

      service httpd restart

  9. Optional. To add the web server to HPE OneView without requiring a password, perform the following steps:
    1. Navigate to /etc/httpd/conf, and edit httpd.conf.

      vi httpd.conf

    2. Remove # from the following lines: 
      #AuthType None
     #Satisfy all
     #Allow from all
     #AllowOverride None
     #Require all granted
    3. Add # to the following code line:

      AllowOverride AuthConfig

    4. Save the file and restart Apache.

      service httpd restart

      Now that you have installed and configured the Linux Apache web server, you can add the web server to HPE OneView and copy the firmware bundles to the external repository.

      NOTE:

      Hewlett Packard Enterprise recommends downloading the new file to another folder in the Linux repository in the same mount point. This action prevents Linux from keeping a partial download in the repository path. You can then move the file to the folder that is registered in the Linux repository. For example, in this use case, move the file to /var/www/html/webdav.

  10. Optional. To update /etc/httpd/conf.d/webdav.conf to allow only https requests, perform the following steps:
    1. Add the following text to the webdav.conf.

      Make sure CN matches the SubjectAltName in /etc/pki/tls/openssl.cnf. 

      <VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/webdav/
        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt
        SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
        ErrorLog /var/log/httpd/error.log
        CustomLog /var/log/httpd/access.log combined
        Alias /webdav /var/www/html/webdav
        <Directory /var/www/html/webdav>
            DAV On
            AuthType Basic
            AuthName "webdav"
            AuthUserFile /etc/httpd/.htpasswd
            Require valid-user
        </Directory>
</VirtualHost>
    2. Update /etc/httpd/conf/httpd.conf to comment Listen 80 to disable port 80.
    3. Restart the server.
    More information