Synology usage series 17: Install WebDav with Lighttpd


Update Note: WebDav is officially support since Firmware 3.0. This article is useful for user who still sticking with firmware 2.x.

The benefit of WebDAV is that you can securely mount a folder of your diskstation from any machine with http/https access to the internet, without the need of installing and downloading any client software. All the works were handled by the web server and the webdav plugin. It is good for simple and quick file exchange. I know that some NAS already support WebDAV by default, Syno really should add WebDAV support by default… asap…

  1. Bootstrap your diskstation
  2. Install all required packages below
    # ipkg install libxml2
    # ipkg install sqlite
    # ipkg install lighttpd
    # ipkg install e2fsprogs
    
  3. Edit the configuration of lighttpd.conf

    # vi /opt/etc/lighttpd/lighttpd.conf
    

    add the following line

        "mod_webdav",
    

    then make sure following lines were not commented:

    "mod_webdav",
    "mod_alias",
    "mod_access",
    'mod_auth",
    "mod_accesslog',
    

    change the web document root and port of web server, eg:

    server.document-root = “/opt/share/www”
    server.port = 81

    Append the lines below to end of the configuration file:

        #### webdav
        webdav.activate = "enable"
        webdav.is-readonly = "disable"
    
        auth.backend.activate = "enable"
        auth.backend = "htpasswd"
        auth.backend.htpasswd.userfile = "/opt/share/www/passwd/passwd.dav"
        auth.require = ( "" => ( "method" => "basic",
                                 "realm" => "WebDav",
                                 "require" => "valid-user" ) )
    
        #### SSL
        $SERVER["socket"] == "<internal IP of NAS>:91" {
        ssl.engine = "enable"
        ssl.pemfile = "/opt/etc/lighttpd/ssl/server.pem"
        server.document-root = "/opt/share/www/"
        server.errorlog = "/opt/var/log/lighttpd/serror.log"
        accesslog.filename = "/opt/var/log/lighttpd/saccess.log"
        }
    
    

    My reason to use port 91 instead of 443 is to avoid conflict with the apache in case you already enabled the https for your web station.

    If you prefer using 443 to ensure you can access the webdav share anywhere (some strict router do block uncommon ports, like company firewall), first disable the https for your web station and then change the value to 443 here.

    To disable the https for the web station (required ONLY if you want to use port 443 for WebDAV/Lighttpd) :

    Network Services > Web Services > HTTP Service Options

    Uncheck the Enable HTTPS connection.

    Synology : Disable HTTPS for web services

    Synology : Disable HTTPS for web services

  4. Generate SSL certificate
    # mkdir /opt/etc/lighttpd/ssl
    # cd /opt/etc/lighttpd/ssl
    # openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
    # chmod 0600 server.pem
    
  5. Create the password file
    # mkdir /opt/share/www/passwd
    # /usr/syno/apache/bin/htpasswd -c /opt/share/www/passwd/passwd.dav <user name>
    

    If htpasswd does not existed on your diskstation, use web based htpasswd generator instead. (My DS207+ do have the htpasswd utility, but my DS101j doesn’t)

  6. Start lighttpd
        # /volume1/opt/etc/init.d/S80lighttpd start
    
  7. For firmware 2.2 user, a firewall rule is required for external access of the webdav server.

    Network Services > Firewall > Click ‘Create’ button

    Ports > Check ‘Custom’ radio button > Click ‘Custom’ button

    Synology: Adding a new firewall rule with custom port

    To add a new custom port:

    Ports: Type: Destination Port
    Protocol: TCP
    Ports: 91 (or port 443 if you disabled HTTPS connection for web station)

    Synology: Adding new firewall rule for WebDAV server with https : Port 91 : TCP

    Synology: Adding new firewall rule for WebDAV server with https : Port 91 : TCP

    Source IP: ALL (or any other permitted IP address)

    DiskStation: Firewall: Assign 'ALL' for source IP

    Action : Access : Allow

    DiskStation: Firewall: Allow an firewall rule

  8. Configure your broadband router and create a port forwarding to allow incoming https traffic to the NAS. Below is an example from linksys WRT54G router illustrating both port 91 and 443. Change the port number for your setup.
    linksys port forwarding for port 91 and 443

    linksys port forwarding for port 91 and 443





9 thoughts


  1. Thanks for the guide, trying to install on my CS 407

    All well until I try to run lighttpd

    Using 80,91,443 ports i get the following message

    (network.c.296) can’t bind to port: 192.0.168.199 443 cannot assign requested address

    HELP!!

    Probably doing something really silly but your help would be greatly appreciated

    BW

    PF

  2. hello.

    It looks like the ports were being used by some other services. You can verify this using the command below

    # netstat -a

    This command allow you to know what services are currently listening to what port in your diskstation.

    You can try other port which is not listed in the result above.

    Hope this help

    P.S. If you dunno how to read the result, you can capture it and send to me using the contact me form.

  3. Thanks for your tutorial! It seems really useful!

    I’m on a DS209+II with the newest firmware.

    I tried to do step 6:
    “/volume1/opt/etc/init.d/S80lighttpd start”

    but on my machine “opt” is called “@optware” so I ran:

    “/volume1/@optware/etc/init.d/S80lighttpd start”

    instead. unfortunately I got an error:

    Host> /volume1/@optware/etc/init.d/S80lighttpd start
    Starting web server: lighttpd
    Duplicate config variable in conditional 0 global: server.port
    2010-02-17 12:19:50: (configfile.c.907) source: /opt/etc/lighttpd/lighttpd.conf line: 151 pos: 16 parser failed somehow near here: (EOL)

    Any ideas? it would be great to get WebDAV working.

  4. Hi,

    Trying to install webdav on a DS-109j. But when creating the ssl certificate I get the following error: Illegal instruction (core dumped). I also get this error when trying to start lighttpd.

    What could be wrong? Any help would be very nice!

  5. Done everything ok, only when starting up lighttpd I get this error (on DS 209):

    Starting web server: lighttpd
    2010-03-14 01:59:50: (network.c.529) SSL: error:00000000:lib(0):func(0):reason(0)

    Any help appreciated.

    • I don’t have a DS209 so I couldn’t help much. I googled a bit and thinks it is related to some known bugs of lighttpd.

      You should have better luck submit your question in synology official forum.

Leave a Reply

Your email address will not be published. Required fields are marked *