rikmeijer/security.sql

## security.sql
CREATE TABLE users (
    username VARCHAR(255) NOT NULL,
    password VARCHART(255) NOT NULL, -- bcrypt, column width is not optimized
    realm VARCHAR(255) NOT NULL DEFAULT 'rikmeijer.nl',
    PRIMARY KEY (username),
    UNIQUE (username, realm)
);

## vhost.conf
<IfModule mod_ssl.c>
DavLockDB /path/to/somewhere/DavLock
<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        ServerName <SERVERNAME>

        DocumentRoot /path/to/somewhere/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/<SERVERNAME>.error.log
        CustomLog ${APACHE_LOG_DIR}/<SERVERNAME>.access.log combined

        <Directory /path/to/somewhere>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                Allow from all
        </Directory>


        Alias /webdav /path/to/somewhere/webdav

        DBDriver mysql
        DBDParams "dbname=<SQLDB>,user=<SQLUSER>,pass=<SQLPASS>"


        DBDMin  4
        DBDKeep 8
        DBDMax  20
        DBDExptime 300

        <Directory /path/to/somewhere/webdav>
                DAV On

                # mod_authn_core and mod_auth_basic configuration
                # for mod_authn_dbd
                AuthType Basic
                AuthName "<SERVERNAME>"

                # To cache credentials, put socache ahead of dbd here
                AuthBasicProvider socache dbd

                # Also required for caching: tell the cache to cache dbd lookups!
                AuthnCacheProvideFor dbd
                AuthnCacheContext <SERVERNAME>
                # mod_authz_core configuration
                Require valid-user

                # mod_authn_dbd SQL query to authenticate a user
                AuthDBDUserPWQuery "SELECT password FROM users WHERE username = %s"
        </Directory>

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>
</IfModule>
	CREATE TABLE users (
	username VARCHAR(255) NOT NULL,
	password VARCHART(255) NOT NULL, -- bcrypt, column width is not optimized
	realm VARCHAR(255) NOT NULL DEFAULT 'rikmeijer.nl',
	PRIMARY KEY (username),
	UNIQUE (username, realm)
	);
	<IfModule mod_ssl.c>
	DavLockDB /path/to/somewhere/DavLock
	<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	ServerName <SERVERNAME>

	DocumentRoot /path/to/somewhere/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/<SERVERNAME>.error.log
	CustomLog ${APACHE_LOG_DIR}/<SERVERNAME>.access.log combined

	<Directory /path/to/somewhere>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride All
	Order allow,deny
	Allow from all
	</Directory>


	Alias /webdav /path/to/somewhere/webdav

	DBDriver mysql
	DBDParams "dbname=<SQLDB>,user=<SQLUSER>,pass=<SQLPASS>"


	DBDMin 4
	DBDKeep 8
	DBDMax 20
	DBDExptime 300

	<Directory /path/to/somewhere/webdav>
	DAV On

	# mod_authn_core and mod_auth_basic configuration
	# for mod_authn_dbd
	AuthType Basic
	AuthName "<SERVERNAME>"

	# To cache credentials, put socache ahead of dbd here
	AuthBasicProvider socache dbd

	# Also required for caching: tell the cache to cache dbd lookups!
	AuthnCacheProvideFor dbd
	AuthnCacheContext <SERVERNAME>
	# mod_authz_core configuration
	Require valid-user

	# mod_authn_dbd SQL query to authenticate a user
	AuthDBDUserPWQuery "SELECT password FROM users WHERE username = %s"
	</Directory>

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
	</VirtualHost>
	</IfModule>