Hacker News

WebDAV isn't dead yet

2025-10-2419:09247128blog.feld.me

I should have titled this post

I should have titled this post "I hate S3".

📢 What is the status quo?

FTP is dead (yay), SFTP is too dependent on SSH and unix authentication. AWS made S3 pervasive and now every webapp that needs to store files assumes you'll be able to connect it S3. This is good for Amazon, but painful for everyone else.

📢 But who is WebDAV useful for?

Most people working on personal projects, self-hosting, or just need filesystem-over-HTTP-ish capabilities do not need S3, they just need a place for their files behind some form of authentication. I stopped reaching for S3 and started running from S3 a while ago and I think you should consider doing the same.

Here are my core requirements:

  • authentication
  • write files
  • efficiently sync files
  • ensure those files aren't publicly accessible by default
  • relatively easy to make those files public

Here's what I don't need:

  • advanced ACLs and roles
  • signed URLs
  • versioning (the V in WebDAV is actually versioning, but still...)
  • tiered storage
  • lifecycle rules
  • quotas, but could be done at the filesystem level (e.g., ZFS)
  • many things I can't think of right now

This list probably resonates with you as well. I just don't think we should be encouraging people to run Openstack Swift, CEPH, Minio, or unfinished projects like Garage just to achieve file-storage-over-HTTP.

And with Minio recently killing off most of their admin UI and making people suffer through crafting JSON policy files and uploading them with the mc tool... just let it go. It's not worth your time.

How would you access WebDAV to manage files if you've never tried before? Lots of tools support it:

  • MacOS Finder (Go->Connect to Server... enter https://...) and iOS Files
  • Windows Explorer (Map Network Drive, Connect to a Web site...)
  • rclone
  • curl
  • Popular things like CyberDuck, WinSCP, Filezilla...

It's broadly available as you can see even though it's considered by many to be archaic or obsolete. Your webserver that you're running probably already supports it and you just need to integrate auth and setup a vhost / domain for it: Apache, Nginx, Caddy, Lighttpd, IIS ... You'll even find support in OwnCloud/NextCloud too.

In fact, you're already using WebDAV and you just don't realize it. This is how your contacts and calendars are synced on your devices. The CardDAV and CalDAV protocols are somewhat like extensions to WebDAV so it suits those purposes more efficiently, and they are not likely to go away any time soon.

So here's how I'm using it with Apache. I already have a few things that work optimally in Apache so I didn't choose another webserver, but I will note that Caddy probably has the simplest configuration for ensuring individual users get dropped into a private directory. A lot of out-of-the-box WebDAV solutions will be exposing all of the files to anyone who can authenticate which is silly, but it's solvable. I'll admit that Apache's config is probably the most convoluted and verbose to achieve a multi-user setup with some semblance of privacy, but it's not impossible.

My setup is using LDAP auth, but you can plug in your own obviously.

Behold:

# DAV specific modules you want
LoadModule dav_module libexec/apache24/mod_dav.so
LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so
LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so # Ancient fixes Apache includes in example config, kept just because...
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch " Konqueror/4" redirect-carefully <VirtualHost *:443>
 ServerName webdav.example.com
 DocumentRoot /usr/local/www/webdav
 SSLEngine on
 # other SSL settings left to you  # This is really important when serving WebDAV
 # or some operations fail due to an index attempting to be served
 DirectoryIndex disabled  DavLockDB "/tmp/DavLock"
 DavMinTimeout 600
 DavDepthInfinity On  <Directory /usr/local/www/webdav/>
 DAV On
 AllowOverride None  AuthType Basic
 AuthName WebDAV
 AuthBasicProvider ldap
 AuthLDAPURL ldaps://ldapserver:636/ou=users,dc=example,dc=com?uid
 AuthLDAPRemoteUserAttribute uid
 <Limit GET HEAD POST PUT OPTIONS MOVE DELETE COPY LOCK UNLOCK PROPFIND PROPPATCH MKCOL DUPLICATE>
 Require ldap-group cn=webdav,ou=groups,dc=example,dc=com
 Require valid-user
 </Limit>
 </Directory>  # Force users to only be able to see files in the subdirectory matching their username
 RewriteEngine On
 # Only rewrite if NOT already in user's directory
 RewriteCond %{REQUEST_URI} !^/%{LA-U:REMOTE_USER}/
 RewriteCond %{LA-U:REMOTE_USER} ^(.+)$
 RewriteRule ^(.*)$ /%1$1 [L]
</VirtualHost>

And now if there's a subdirectory under /usr/local/www/webdav matching the user's name and writable by the webserver, they'll be able to authenticate and use the storage space.

So what am I using this with?

  • Joplin, a self hosted notes app that syncs to my own server
  • Keepassium, Keepass app well integrated into iOS/MacOS
  • VLC
  • Infuse
  • Publishing this static blog with rclone (it's faster than rsync over NFS/SMB, and I won't need a VPN when I'm roaming!)

While writing this article I came across an interesting project under development, Altmount. This would allow you to "mount" published content on Usenet and access it directly without downloading it... super interesting considering I can get multi-gigabit access to Usenet pretty easily.

Don't sleep on WebDAV, give it a chance. It's not dead yet.


Read the original article

toomuchtodo

Karma: 107195
...
 @Hacker__News
@hacker._news

Comments

  • By nickcw 2025-10-2522:452 reply

    I wrote both the WebDAV client (backend) for rclone and the WebDAV server. This means you can sync to and from WebDAV servers or mount them just fine. You can also expose your filesystem as a WebDAV server (or your S3 bucket or Google Drive etc).

    The RFCs for WebDAV are better than those for FTP but there is still an awful lot of not fully specified stuff which servers and clients choose to do differently which leads to lots of workarounds.

    The protocol doesn't let you set modification times by default which is important for a sync tool, but popular implementations like owncloud and nextcloud do. Likewise with hashes.

    However the protocol is very fast, much faster than SFTP with it's homebrew packetisation as it's based on well optimised web tech, HTTP, TLS etc.

    • By apitman 2025-10-2620:09

      Thank you for rclone.

      In your opinion, is WebDAV good enough to be the protocol for exposing file systems over HTTP, or is there room for something better? I was bullish on Solid but they don't seem to be making much progress.

    • By m463 2025-10-265:093 reply

      I wonder how you would compare it to nfs (which I believe can be TCP based, and probably encrypted)

      Not that it is a good comparison. NFS isn't super popular, macos can do it, I don't think windows can. But both windows and macos can do webdav.

      • By devttyeu 2025-10-267:20

        NFS is much slower, maybe unless you deploy it which RDMA. I believe even 4.2 doesn’t really support asynchronous calls or has some significant limitations around them - I’ve commonly seen a single large write of a few gigs starve all other operations including lstat for minutes.

        Also it’s borderline impossible to tune nfs to go above 30gbps or so consistently, with WebDAV it’s a matter of adding a bunch more streams and you’re past 200gbps pretty easily.

      • By Saris 2025-10-2615:02

        My experience with NFS is its not very fast, compared to SMB or WebDAV

  • By ctippett 2025-10-2522:261 reply

    > In fact, you're already using WebDAV and you just don't realize it.

    Tailscale's drive share feature is implemented as a WebDAV share (connect to http://100.100.100.100:8080). You can also connect to Fastmail's file storage over WebDAV.

    WebDAV is neat.

    • By rpdillon 2025-10-2522:291 reply

      I use it all the time to mount my CopyParty instance. Works great!

      • By geek_at 2025-10-2619:13

        Copy party is really great. Using it to share files with my clients as well as for my remote media gallery

  • By rapnie 2025-10-269:562 reply

    > I should have titled this post "I hate S3".

    Use it where it makes sense. And S3 does not necessarily equate to using Amazon. I like the Garage S3 project that is interesting for smaller scale uses and self-hosted systems. The project is funded with EU Horizon grants via NLnet.

    https://garagehq.deuxfleurs.fr/

    • By donatj 2025-10-2610:011 reply

      I should write a related article "I hate that the AWS S3 SDK has become a defacto web protocol"

      • By OJFord 2025-10-2611:321 reply

        You hate that there is a standard, or aspects of this one? (Or that it's a de facto standard, not clearly specified for example what's required and what just happens to be in AWS' implementation?)

        • By paulddraper 2025-10-2620:01

          The S3 protocol (particularly the authentication) is unnecessarily complex and could have used existing simpler choices.

    • By bcye 2025-10-2620:36

      off-topic but it really is awesome on how many OSS projects Horizon/NLnet/NextGen Europe pops up.

HackerNews

About