Mount a webdav share with Rclone on FreeBSD
Introduction
We have an internal intranet Apache based web server, serving files using WebDav to different client types here at SoCruel.NU. The web server is configured with SSL/TLS using a certificate signed with a private Certifcate Authority.
And now I have the requirement to access a WebDav share from a FreeBSD system! And how this was done is described in this post!
The following technical prerequisites have to be in place to be able to implement what is described in this post:
- an up to date and supported FreeBSD system version 12.2 or higher
- the system must be able to access the internet using the DNS, HTTP and HTTPS protocols (i.e. to be able to fetch and install software).
- have a Apache based web server, serving files using WebDav with Basic authentication configured!
For this post we asume that the user account who mounts the remote WebDav share is mike.
Rclone
Not many tools are out there to be able to connect to, use or even mount a WebDav based share on FreeBSD. But luckily I found Rclone! And it is available in the FreeBSD ports as well. What more do you need!
Rclone is a command line program to manage files on cloud storage. And it also supports WebDav, besides loads of more cloud based storage platforms! The documentation is clear and very good, so go over to the Rclone website and read what it is capable of! It is a lot and amazing.
Prepare the system
Before we can implement Rclone, we have to prepare our system a bit. We will perform the following actions:
- create an empty directory to mount our WebDav share on
- make sure that users can mount a remote file syetem on our system
- load the
fusekernel module
So first we create the empty directory which mike mounts the WebDav share on and we make the mike user account the owner:
$ sudo mkdir /mnt/webdav $ sudo chown mike:mike /mnt/webdav
To make sure a normal user can mount a remote file syetem we have to set a system control:
$ sudo sysctl vfs.usermount=1 vfs.usermount: 0 -> 1 $ sudo tee -a /etc/sysctl.conf > /dev/null <<EOT ? vfs.usermount="1" ? EOT
Rclone is a program working in user space, so we have to load the File system in USErspace kernel module:
$ sudo sysrc kld_list+=fuse $ sudo kldload fuse
Install private CA certificate
The WebDav share is configured with SSL/TLS using a certificate signed with a private Certifcate Authority.
So we have to get this private Certifcate Authority certificate on our system, such that Rclone will not complain.
We assume here that the file name of this Certifcate Authority certificate is ca.cert.pem and that it is available on an internal web site http://ca.internal.domain.tld. We then can fetch the certificate and add it to the trusted store of our system:
$ cd /usr/local/share/certs $ sudo fetch http://ca.internal.domain.tld/ca.cert.pem . $ sudo chmod 0444 ca.cert.pem $ sudo certctl rehash
Implement Rclone
The first step for our Rclone implementation is install the Rclone package:
$ sudo pkg install -y rclone
In the second step we add a ‘remote’ configuration. For this Rclone configuration we assume the following:
- the URL for our WebDav share is:
https://webdav.intra.domain.tld/sharename - the Rclone name of this ‘remote’ is:
webdavshare
Te create a Rclone configuration we just issue the command rclone config and answer the questions we get. This will create a rclone.conf file in the .config/rclone directory in the home directory of the user:
$ rclone config
2021/03/18 11:19:45 NOTICE: Config file "/home/mike/.config/rclone/rclone.conf" not found - using defaults
No remotes found - make a new one
n) New remote
s) Set configuration password
q) Quit config
n/s/q> n
name> webdavshare
Type of storage to configure.
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / 1Fichier
\ "fichier"
2 / Alias for an existing remote
\ "alias"
3 / Amazon Drive
\ "amazon cloud drive"
4 / Amazon S3 Compliant Storage Provider (AWS, Alibaba, Ceph, Digital Ocean, Dreamhost, IBM COS, Minio, Tencent COS, etc)
\ "s3"
5 / Backblaze B2
\ "b2"
6 / Box
\ "box"
7 / Cache a remote
\ "cache"
8 / Citrix Sharefile
\ "sharefile"
9 / Dropbox
\ "dropbox"
10 / Encrypt/Decrypt a remote
\ "crypt"
11 / FTP Connection
\ "ftp"
12 / Google Cloud Storage (this is not Google Drive)
\ "google cloud storage"
13 / Google Drive
\ "drive"
14 / Google Photos
\ "google photos"
15 / Hubic
\ "hubic"
16 / In memory object storage system.
\ "memory"
17 / Jottacloud
\ "jottacloud"
18 / Koofr
\ "koofr"
19 / Local Disk
\ "local"
20 / Mail.ru Cloud
\ "mailru"
21 / Mega
\ "mega"
22 / Microsoft Azure Blob Storage
\ "azureblob"
23 / Microsoft OneDrive
\ "onedrive"
24 / OpenDrive
\ "opendrive"
25 / OpenStack Swift (Rackspace Cloud Files, Memset Memstore, OVH)
\ "swift"
26 / Pcloud
\ "pcloud"
27 / Put.io
\ "putio"
28 / QingCloud Object Storage
\ "qingstor"
29 / SSH/SFTP Connection
\ "sftp"
30 / Sugarsync
\ "sugarsync"
31 / Tardigrade Decentralized Cloud Storage
\ "tardigrade"
32 / Transparently chunk/split large files
\ "chunker"
33 / Union merges the contents of several upstream fs
\ "union"
34 / Webdav
\ "webdav"
35 / Yandex Disk
\ "yandex"
36 / http Connection
\ "http"
37 / premiumize.me
\ "premiumizeme"
38 / seafile
\ "seafile"
Storage> webdav
** See help for webdav backend at: https://rclone.org/webdav/ **
URL of http host to connect to
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Connect to example.com
\ "https://example.com"
url> https://webdav.intra.domain.tld/sharename
Name of the Webdav site/service/software you are using
Enter a string value. Press Enter for the default ("").
Choose a number from below, or type in your own value
1 / Nextcloud
\ "nextcloud"
2 / Owncloud
\ "owncloud"
3 / Sharepoint
\ "sharepoint"
4 / Other site/service or software
\ "other"
vendor> other
User name
Enter a string value. Press Enter for the default ("").
user> mike
Password.
y) Yes type in my own password
g) Generate random password
n) No leave this optional password blank (default)
y/g/n> y
Enter the password:
password:
Confirm the password:
password:
Bearer token instead of user/pass (eg a Macaroon)
Enter a string value. Press Enter for the default ("").
bearer_token>
Edit advanced config? (y/n)
y) Yes
n) No (default)
y/n> n
Remote config
--------------------
[webdavshare]
type = webdav
url = https://webdav.intra.domain.tld/sharename
vendor = other
user = mike
pass = *** ENCRYPTED ***
--------------------
y) Yes this is OK (default)
e) Edit this remote
d) Delete this remote
y/e/d> y
Current remotes:
Name Type
==== ====
webdavshare webdav
e) Edit existing remote
n) New remote
d) Delete remote
r) Rename remote
c) Copy remote
s) Set configuration password
q) Quit config
e/n/d/r/c/s/q> q
The Rclone config file ~/.config/rclone/rclone.conf looks like:
$ cat ~/.config/rclone/rclone/rclone.conf [webdavshare] type = webdav url = https://webdav.intra.domain.tld/webdavshare vendor = other user = mike pass = ENCRYPTED OBSCURED PASSWORD
The pass value, the password, in the configuration file is obscured using base64. For more information on this see rclone obscure.
Now we can test if our Rclone configuration is working. We do this by using the following command, which must provide a directory listing of the WebDav share:
$ rclone lsd webdavshare:/
The Rclone binary takes a lot more ‘commands’. You can i.e. copy a file, remove a file, or move a file with it. For more information on Rclone command options please use the rclone -help command!
Mount the WebDav share
What is described above is not the only thing Rclone can do looking at WebDav. You can also mount the WebDav share to a local empty directory. To do this we have to issue only 1 command:
$ rclone mount webdavshare:/ /mnt/webdav --vfs-cache-mode writes --daemon
And that is it. We can now access our files at /mnt/webdav!
Resources
Some (other) resources about this subject: