efrecon / docker-webdav-client Goto Github PK

WebDAV client for Docker with easy access to all davfs2 options!

License: BSD 2-Clause "Simplified" License

Dockerfile 39.66% Shell 60.34%

docker-webdav-client's Introduction

Dockerised WebDAV Client

This Docker image (also at the GHCR) and associated project facilitate mounting of remote WebDAV resources into containers. Mounting is implemented using davfs2 and the image makes it possible to set all supported davfs configuration options for the share. The image basically implements a docker volume on the cheap: Used with the proper creation options (see below) , you should be able to bind-mount back the remote bucket onto a host directory. This directory will make the content of the bucket available to processes, but also all other containers on the host. The image automatically unmounts the remote bucket on container termination.

Example

Provided the existence of a directory called /mnt/tmp on the host, the following command would mount a remote WebDAV resource, ensure that authentication details are never requested from the command-line and bind-mount the remote resource onto the host's /mnt/tmp in a way that makes the remote files accessible to processes and/or other containers running on the same host.

docker run -it --rm \
    --device /dev/fuse \
    --cap-add SYS_ADMIN \
    --security-opt "apparmor=unconfined" \
    --env "WEBDRIVE_USERNAME=<YourUserName>" \
    --env "WEBDRIVE_PASSWORD=<SuperSecretPassword>" \
    --env "WEBDRIVE_URL=https://dav.box.com/dav" \
    --env "DAVFS2_ASK_AUTH=0" \
    -v /mnt/tmp:/mnt/webdrive:rshared \
    efrecon/webdav-client

The --device, --cap-add and --security-opt options and their values are to make sure that the container will be able to make available the WebDAV resource using FUSE. rshared is what ensures that bind mounting makes the files and directories available back to the host and recursively to other containers.

Container Options

A series of environment variables, most led by WEBDRIVE_ can be used to parametrise the container:

WEBDRIVE_URL is the URL at which to find the WebDAV resource.
WEBDRIVE_USERNAME is the user to use for accessing the resource.
WEBDRIVE_PASSWORD is the password for that user.
WEBDRIVE_PASSWORD_FILE points instead to a file that will contain the password for the user. When this is present, the password will be taken from the file instead of from the WEBDRIVE_PASSWORD variable. If that variable existed, it will be disregarded. This makes it easy to pass passwords using Docker secrets.
WEBDRIVE_MOUNT is the location within the container where to mount the WebDAV resource. This defaults to /mnt/webdrive and is not really meant to be changed.
OWNER is the user ID for the owner of the share inside the container.

davFS Options

All configuration options recognised by davFS can be given for that particular share. Environment variables should be created out of the name of the configuration option for this to work. Any existing option should be translated to uppercase and led by the keyword DAVFS2_ to be recognised. So to set the davfs2 option called ask_auth to 0, you would set the environment variable DAVFS2_ASK_AUTH to 0.

Commands

By default, containers based on this image will keep listing the content of the mounted directory at regular intervals. This is implemented by the command that it is designed to execute once the remote WebDAV resource has been mounted. If you did not wish this behaviour, pass empty.sh as the command instead.

Note that both of these commands ensure that the remote WebDAV resource is unmounted from the mountpoint at termination, so you should really pick one or the other to allow for proper operation. If the mountpoint was not unmounted, your mount system will be unstable as it will contain an unknown entry.

Automatic unmounting is achieved through a combination of a trap in the command being executed and tini. tini is made available directly in this image to make it possible to run in Swarm environments.

docker-webdav-client's People

Contributors

Stargazers

Watchers

docker-webdav-client's Issues

LICENSE?

Care to add a license to your project? Would be nice to know how this can be used.

Unmount

Properly unmount when the container is terminated, as done with the s3fs docker image.

Directory permissions

Hello,

I like the idea of your container. I put it inside a composer file to use with Duplicati but when the directory is mounted the permissions revert to root. Any idea how to fix this? I tried using the PUID and GUID but it did not help. Thank you and regards.

cannot open 'XXX' for reading: Input/output error

Docker compose file:

version: "3.0"
services:
  davfs:
    image: efrecon/webdav-client:latest
    container_name: davfs
    cap_add:
      - SYS_ADMIN
    security_opt:
      - apparmor=unconfined
    environment:
      - WEBDRIVE_USERNAME=XXX
      - WEBDRIVE_PASSWORD=XXXX
      - WEBDRIVE_URL=https://XXXXX
      - DAVFS2_ASK_AUTH=0
    devices:
      - "/dev/fuse:/dev/fuse"
    volumes:
      - /srv/davfs:/mnt/webdrive:rshared

Sucessfully mounted and could ls the files and directories. However, files can't be read. It show Input/output error when cp or cat.

Additional information: the webdav returns HTTP 302 for files to redirect to other location.

Encountered mounting errors when using rshared option

Hi, so I've been trying to run the docker-webdav client in my homelab running Ubuntu 21.04 with Docker (Docker version 19.03.13, build cd8016b6bc) running in a snap process. I'm getting the following error when I start the app. Any ideas what the issue could be?

ERROR: for wilson_webdav  Cannot start service wilson_webdav: path /home/perdomwx/web-stack/data/wilson_webdav is mounted on /home but it is not a shared mount
ERROR: Encountered errors while bringing up the project.

Here's the docker-compose config I've been using.

 wilson_webdav:
    image: efrecon/webdav-client
    devices:
      - /dev/fuse
    cap_add:
      - SYS_ADMIN
    security_opt:
      - apparmor:unconfined
    environment:
      WEBDRIVE_USERNAME: [email protected]
      WEBDRIVE_PASSWORD: example
      WEBDRIVE_URL: seafile/seafdav
      DAVFS2_ASK_AUTH: 0
    volumes:
      - $PWD/data/wilson_webdav:/mnt/webdrive:rshared

I've seen that the following command could help resolve the issue but it doesn't make any difference.

sudo mount --make-shared /home

Any help is appreciated.

Stopping or restarting the container leads to persistent PID file

I have a weird problem: After stopping or restarting the container the PID file /var/run/mount.davfs/mnt-webdrive.pid is not getting removed and prevents any further starts of the container (requires to destroy or delete the .pid file from the container's file system).

adduser: uid '33' in use
chown: unknown user webdrive
Mounted https://dav-url-was-here onto /mnt/webdrive

Terminated
Caught TERM! Unmounting /mnt/webdrive...
Forwarding TERM to 14
adduser: uid '33' in use
chown: unknown user webdrive
found PID file /var/run/mount.davfs/mnt-webdrive.pid.
Either /mnt/webdrive is used by another process,
or another mount process ended irregular
mount: mounting https://dav-url-was-here on /mnt/webdrive failed: No such device
Nothing found in /mnt/webdrive, giving up!

If I exec into the container and unmount the dav file system the .pid disappears. I'm not sure where to look, because I see the trap working but it always seems to forward the TERM signal to the devfs2 process, which means that unmount didn't stop the process (it does so if I unmount by hand). Any ideas?

BTW no special config:

services:
  storage:
    image: efrecon/webdav-client
    restart: unless-stopped
    command: empty.sh
    environment:
      - WEBDRIVE_URL=https://{{ lookup('env','DAV_USERNAME') }}.dav-url-was-here
      - WEBDRIVE_USERNAME={{ lookup('env','DAV_USERNAME') }}
      - WEBDRIVE_PASSWORD={{ lookup('env','DAV_PASSWORD') }}
      - OWNER=33
    devices:
      - /dev/fuse
    cap_add:
      - SYS_ADMIN
    security_opt:
      - apparmor=unconfined
    volumes:
      - /mnt/app/data:/mnt/webdrive:rshared

`useradd` missing in container

Running:

docker run -it --rm \
    --device /dev/fuse \
    --cap-add SYS_ADMIN \
    --security-opt "apparmor=unconfined" \
    --env "WEBDRIVE_USERNAME=..." \
    --env "WEBDRIVE_PASSWORD=..." \
    --env "WEBDRIVE_URL=..." \
    --env "DAVFS2_ASK_AUTH=0" \
    --env "OWNER=1000" \
    -v /tmp/webdav:/mnt/webdrive:rshared \
    efrecon/webdav-client

yields: /usr/local/bin/docker-entrypoint.sh: line 51: useradd: not found.

Failing to create webdrive user

Failing to create "webdrive" as UID 0 being allocated in adduser is already in use causing the cmd to fail.

Lines in files causing issue;

##Dockerfile
Ln#20
# User ID of share owner ENV OWNER=0

##docker-entrypoint.sh
Ln#48 & 49
if [ $OWNER -gt 0 ]; then adduser webdrive -u $OWNER -D -G users

Suggest changing the Dockerfile ENV OWNER=1000
Tested adding --env "OWNER=1000" \ to docker run and resolved /mnt/webdrive ownership issues mention
#16 #12

Mount doesn't show files while uploads work

I have mounted a WebDAV source using this project. Unfortunately all I see inside of the mount directory is the lost+found directory while none of the actual files that should be there show up. I also tried mounting natively without this project using mount -t davfs ... with the same outcome. I used this project to test as well as an Ubuntu and an Alpine docker image using the following options:

--device /dev/fuse
--cap-add SYS_ADMIN
--privileged

The connection seems to be working to some degree though because I am able to upload files from within the mount directory. As soon as the file is uploaded it vanishes from the directory though.

I am pretty sure the WebDAV server isn't the problem as well because accessing it from macOS works like a charm.

I am pretty sure this is not a direct problem of this project but some weird WebDAV behaviour. Has anybody ever experienced such a problem?

Docker Shared Folder issue

docker: Error response from daemon: path /mnt/tmp is mounted on / but it is not a shared mount.

Does anyone know what is going on here? this is docker running on an LXC in proxmox

empty password webdav

Some webdavs do not require a password but can still write, causing
/etc/davfs2/secrets:69: malformed line

if [ -n "${WEBDRIVE_USERNAME}" ] && [ -n "${WEBDRIVE_PASSWORD}" ]; then
    echo "$DEST $WEBDRIVE_USERNAME $WEBDRIVE_PASSWORD" >> /etc/davfs2/secrets
    unset WEBDRIVE_PASSWORD
fi

Passing the server certificate

Is there a way to pass the expected certificate for the server ?

Server certificate verification failed: issuer is not trusted