This container provides a minimal Apache config for WebDAV file syncing.
- HTTPs is required, port 80 is disabled
- Serving webpages is disabled
- Automatically generates self-signed SSL certificates on startup
- Included
setup.shautomates most configuration, including WebDAV user credentials and iOS-compatible SSL certificates
I run this on a Raspberry Pi 4 to sync my Joplin note library. In my testing sync speeds are roughly 5x faster than a vanilla Nextcloud container.
- Docker
- Debian-based linux host
- Ports 443 and 8080 open (8080 can be closed after setup)
Clone the repo to a directory like ~/docker/webdav on your host - the location doesn't matter, but files cannot be moved after they are generated.
Run setup.sh and follow the prompts to create user credentials.
For iOS devices a root certificate must be manually added due to Apple's new security policies in iOS14. The setup script attempts to make this as easy as possible by spinning up a temporary apache container serving a setup page at <your-ip>:8080/. The script will print the exact IP as well as a scannable QR code link. Please follow the setup page instructions before proceeding.
The setup script ends by printing a full docker-compose.yaml config to console. This contains absolute paths to all files that were generated in setup.
After copy and pasting the config into your docker-compose.yaml, simply run docker compose up -d to start the container.
The setup script may be re-run at any time to add/change user credentials, or to transfer root certificates to new iOS devices.
- Settings -> Synchronization
- Synchronization target:
WebDAV - WebDAV URL:
https://<host.ip.address>/webdav - Enter one of the usernames and passwords that you created during setup
- Synchronization target:
- Settings -> Synchronization -> Advanced
- Check
Ignore TLS certificate errors
- Check
If you already have SSL certificates (perhaps from LetsEncrypt if hosting on a VPS) you may mount them into the container:
volumes:
- /path/to/cert.key:/usr/local/apache2/conf/server.key
- /path/to/cert.crt:/usr/local/apache2/conf/server.crt
This will prevent the container from generating it's own self-signed certificates
This container uses WebDAV Basic auth (NOT Digest) as this is the only mechanism supported by Joplin. This may not be secure enough for world-facing deployments..
A cursory Google search reveals many recommendations to avoid Basic and use the newer Digest mechanism. However, since I run this on my LAN behind a VPN with strong cryptographic authentication, I haven't looked in to the details and can not advise on how serious of a risk this poses.
Please DO NOT deploy this container on a world-facing IP unless you fully understand the security implications! I am in no way responsible for compromised services.