#!/bin/sh /etc/rc.common START=90 NGINX="/usr/sbin/nginx" NGINX_CONF="/etc/nginx/uci.conf" NGINX_DAV_CONF="/etc/nginx/conf.d/webdav.conf" NGINX_DAV_PASSWORD="/etc/nginx/webdav.password" get_config() { config_load webdav config_get "enable" "config" "enable" "0" config_get "listen_port" "config" "listen_port" "5005" config_get "username" "config" "username" config_get "password" "config" "password" config_get "root_dir" "config" "root_dir" "/mnt" config_get "read_only" "config" "read_only" "0" config_get "firewall_accept" "config" "firewall_accept" "0" config_get "ssl" "config" "ssl" "0" config_get "cert_cer" "config" "cert_cer" "" config_get "cert_key" "config" "cert_key" "" } set_firewall() { if [ "$external_access" = "allow" ]; then uci -q delete firewall.webdav uci set firewall.webdav=rule uci set firewall.webdav.name="webdav" uci set firewall.webdav.target="ACCEPT" uci set firewall.webdav.src="wan" uci set firewall.webdav.proto="tcp" uci set firewall.webdav.dest_port="$listen_port" uci set firewall.webdav.enabled="1" uci commit firewall /etc/init.d/firewall reload >/dev/null 2>&1 elif [ "$external_access" = "deny" ]; then uci -q delete firewall.webdav uci commit firewall /etc/init.d/firewall reload >/dev/null 2>&1 fi } start() { get_config [ "$enable" -ne "1" ] && return 1 [ ! -d "$root_dir" ] && mkdir -p "${root_dir}/.webdav_temp" [ "$firewall_accept" -eq "1" ] && external_access="allow" || external_access="deny" set_firewall { printf "server {" if [ "$ssl" -eq "1" ]; then printf "\n\tlisten ${listen_port} ssl;" printf "\n\tlisten [::]:${listen_port} ssl;" printf "\n\thttp2 on;" else printf "\n\tlisten ${listen_port};" printf "\n\tlisten [::]:${listen_port};" fi printf "\n\tserver_name _;" printf "\n\tcharset utf-8,gbk;" printf "\n\troot ${root_dir};" printf "\n\taccess_log off;" printf "\n\terror_log off;" printf "\n\tclient_body_temp_path ${root_dir}/.webdav_temp;" if [ "$ssl" -eq "1" ]; then printf "\n\tssl_certificate ${cert_cer};" printf "\n\tssl_certificate_key ${cert_key};" printf "\n\tssl_session_timeout 1d;" printf "\n\tssl_session_tickets on;" printf "\n\tssl_session_cache shared:SSL:10m;" printf "\n\tssl_protocols TLSv1.2 TLSv1.3;" printf "\n\tssl_prefer_server_ciphers off;" printf "\n\tssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;" fi printf "\n\tlocation / {" printf "\n\t\tautoindex on;" printf "\n\t\tautoindex_exact_size off;" printf "\n\t\tautoindex_localtime on;" if [ -n "$username" ] && [ -n "$password" ]; then printf "$username:$(openssl passwd -apr1 $password)" > "$NGINX_DAV_PASSWORD" printf "\n\t\tauth_basic "Restricted";" printf "\n\t\tauth_basic_user_file ${NGINX_DAV_PASSWORD};" fi printf "\n\t\tclient_max_body_size 0;" printf "\n\t\tcreate_full_put_path on;" printf "\n\t\tdav_access user:rw group:rw all:r;" printf "\n\t\tdav_ext_methods PROPFIND OPTIONS;" [ "$read_only" -eq "1" ] && printf "\n\t\tdav_methods off;" || printf "\n\t\tdav_methods PUT DELETE MKCOL COPY MOVE;" printf "\n\t}" printf "\n}\n" } > "${NGINX_DAV_CONF}" local message message="$(${NGINX} -t -c "${NGINX_CONF}" 2>&1)" || { echo -e "${message}" | logger -t "nginx_dav" -p "daemon.err" logger -s -t "nginx_dav" -p "daemon.err" "configuration file ${NGINX_CONF} test failed!" echo "show config to be used by: nginx -T -c '${NGINX_CONF}'" >&2 exit 1 } /etc/init.d/nginx reload } stop() { rm -f "${NGINX_DAV_CONF}" "${NGINX_DAV_PASSWORD}" ${root_dir}/.webdav_temp /etc/init.d/nginx reload external_access="deny" set_firewall } restart() { stop start }