first working version

config/htpasswd

@@ -0,0 +1,3 @@
+huisl:$apr1$MAJuAi0g$a7SemNwbg4o.UHI9C0n7q.
+spring:$apr1$cDPN3c8d$LPbUi6CYrldugDBk1x3sn0
+webdav:$apr1$6nFVCS/8$9tMoTvXEve7WpheY7dUUi/

config/lighttpd.conf

@@ -0,0 +1,57 @@
+
+server.port             = 3004
+# server.errorlog         = "/dev/stdout"
+# accesslog.filename      = "/dev/stdout"
+
+# debug.log-request-header-on-error = "enable"
+# debug.log-request-handling = "enable"
+# debug.log-request-header = "enable"
+
+server.modules = (
+    "mod_access",
+    "mod_accesslog",
+    "mod_webdav",
+    "mod_auth",
+    "mod_authn_file",
+    "mod_status",
+    "mod_alias",
+    "mod_setenv",
+    "mod_extforward",
+    "mod_proxy"
+)
+
+include "/etc/lighttpd/mime-types.conf"
+
+server.username       = "webdav"
+server.groupname      = "webdav"
+
+server.document-root  = "/webdav"
+
+server.pid-file       = "/run/lighttpd.pid"
+server.follow-symlink = "enable"
+url.access-deny         = ("~", ".inc")
+
+var.logdir            = "/var/log/lighttpd"
+accesslog.filename    = var.logdir + "/access.log"
+server.errorlog       = var.logdir  + "/error.log"
+
+# automatically render index.html if it exists
+index-file.names = ( "index.html" )
+url.rewrite-if-not-file = (
+    "^/(.*)/$ " => "$1/index.html"
+)
+
+# Automatische Zipfile-Erzeugung für jpgs in Galerien
+$HTTP["url"] =~ "^/(start_zip|status|download)" {
+    proxy.server  = ( "" => ( ( "host" => "flask_zipfile_creator", "port" => 5000 ) ) )
+}
+
+include "/config/webdav.conf"
+
+# compress.cache-dir      = "/var/lib/lighttpd/cache/compress"
+# compress.filetype       = (
+#                             "text/css",
+#                             "text/javascript",
+#                             "text/plain",
+#                             "text/xml"
+#                             )

config/mime-types.conf

@@ -0,0 +1,79 @@
+###############################################################################
+# Default mime-types.conf for Gentoo.
+# include'd from lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mime-types.conf,v 1.4 2010/03/14 21:45:18 bangert Exp $
+###############################################################################
+
+# {{{ mime types
+mimetype.assign             = (
+  ".svg"          =>      "image/svg+xml",
+  ".svgz"         =>      "image/svg+xml",
+  ".pdf"          =>      "application/pdf",
+  ".sig"          =>      "application/pgp-signature",
+  ".spl"          =>      "application/futuresplash",
+  ".class"        =>      "application/octet-stream",
+  ".ps"           =>      "application/postscript",
+  ".torrent"      =>      "application/x-bittorrent",
+  ".dvi"          =>      "application/x-dvi",
+  ".gz"           =>      "application/x-gzip",
+  ".pac"          =>      "application/x-ns-proxy-autoconfig",
+  ".swf"          =>      "application/x-shockwave-flash",
+  ".tar.gz"       =>      "application/x-tgz",
+  ".tgz"          =>      "application/x-tgz",
+  ".tar"          =>      "application/x-tar",
+  ".zip"          =>      "application/zip",
+  ".dmg"          =>      "application/x-apple-diskimage",
+  ".mp3"          =>      "audio/mpeg",
+  ".m3u"          =>      "audio/x-mpegurl",
+  ".wma"          =>      "audio/x-ms-wma",
+  ".wax"          =>      "audio/x-ms-wax",
+  ".ogg"          =>      "application/ogg",
+  ".wav"          =>      "audio/x-wav",
+  ".gif"          =>      "image/gif",
+  ".jpg"          =>      "image/jpeg",
+  ".jpeg"         =>      "image/jpeg",
+  ".png"          =>      "image/png",
+  ".xbm"          =>      "image/x-xbitmap",
+  ".xpm"          =>      "image/x-xpixmap",
+  ".xwd"          =>      "image/x-xwindowdump",
+  ".css"          =>      "text/css",
+  ".html"         =>      "text/html",
+  ".htm"          =>      "text/html",
+  ".js"           =>      "text/javascript",
+  ".asc"          =>      "text/plain",
+  ".c"            =>      "text/plain",
+  ".h"            =>      "text/plain",
+  ".cc"           =>      "text/plain",
+  ".cpp"          =>      "text/plain",
+  ".hh"           =>      "text/plain",
+  ".hpp"          =>      "text/plain",
+  ".conf"         =>      "text/plain",
+  ".log"          =>      "text/plain",
+  ".text"         =>      "text/plain",
+  ".txt"          =>      "text/plain",
+  ".diff"         =>      "text/plain",
+  ".patch"        =>      "text/plain",
+  ".ebuild"       =>      "text/plain",
+  ".eclass"       =>      "text/plain",
+  ".rtf"          =>      "application/rtf",
+  ".bmp"          =>      "image/bmp",
+  ".tif"          =>      "image/tiff",
+  ".tiff"         =>      "image/tiff",
+  ".ico"          =>      "image/x-icon",
+  ".dtd"          =>      "text/xml",
+  ".xml"          =>      "text/xml",
+  ".mpeg"         =>      "video/mpeg",
+  ".mpg"          =>      "video/mpeg",
+  ".mov"          =>      "video/quicktime",
+  ".qt"           =>      "video/quicktime",
+  ".avi"          =>      "video/x-msvideo",
+  ".asf"          =>      "video/x-ms-asf",
+  ".asx"          =>      "video/x-ms-asf",
+  ".wmv"          =>      "video/x-ms-wmv",
+  ".bz2"          =>      "application/x-bzip",
+  ".tbz"          =>      "application/x-bzip-compressed-tar",
+  ".tar.bz2"      =>      "application/x-bzip-compressed-tar"
+ )
+# }}}
+
+# vim: set ft=conf foldmethod=marker et :

config/webdav.conf

@@ -0,0 +1,70 @@
+# 	$Id: webdav.conf,v 1.6 2023/04/02 20:09:34 springm Exp springm $
+#       $Revision: 1.6 $
+#       $Date: 2023/04/02 20:09:34 $
+#
+#       $Log: webdav.conf,v $
+#       Revision 1.6  2023/04/02 20:09:34  springm
+#       Summary: funktioniert inkl. Whitelisting von 192.168.2.2[0-9]
+#
+#       Revision 1.5  2023/04/02 13:03:43  springm
+#       Summary: Working, aber webdav-Konfiguration fehlerhaft, besteht nicht
+#       den litmus-Test
+#
+#       Revision 1.4  2022/11/03 15:18:57  springm
+#       Summary: index in web und share enabled
+#
+#       Revision 1.3  2022/11/03 15:13:58  springm
+#       Summary: erweitert auf (web|share).hermes.markus-spring.info
+#
+#       Revision 1.2  2022/11/03 14:42:02  springm
+#       Summary: web.hermes.markus-spring.info eingefügt
+#
+
+webdav.activate      = "disable"
+extforward.headers   = ("X-Real-IP")
+extforward.forwarder = ( "all" => "trust" )
+
+$HTTP["remoteip"] !~ "192.168.2.2[0-9]" {
+
+  # Require authentication
+  $HTTP["host"] == "webdav.hermes.markus-spring.info" {
+    server.document-root = "/webdav"
+
+    webdav.activate = "enable"
+    webdav.is-readonly = "disable"
+
+    auth.backend = "htpasswd"
+    auth.backend.htpasswd.userfile = "/config/htpasswd"
+    auth.require = ( "" => ( "method"  => "basic",
+                             "realm"   => "webdav",
+                             "require" => "user=webdav" ) )
+  }
+  
+  $HTTP["host"] =~ "(web|share).hermes.markus-spring.info" {
+    server.document-root = "/webdav"
+    webdav.activate = "disable"
+    index-file.names     = ( "index.html",
+                             "index.htm",
+                             "default.htm" )
+    auth.backend = "htpasswd"
+    auth.backend.htpasswd.userfile = "/config/htpasswd"
+    # huisl / murnauer
+    auth.require =  ( "/vaters_dias"    => ( "method"  => "basic",
+                                             "realm"   => "vaters_dias",
+                                             "require" => "user=huisl" ) )
+    # spring / langenfeld
+    auth.require += ( "/familie_spring" => ( "method"  => "basic",
+                                             "realm"   => "familie_spring",
+                                             "require" => "user=spring" ) )
+    }
+}
+else {
+  # Whitelisted IP, do not require user authentication
+  $HTTP["host"] == "webdav.hermes.markus-spring.info" {
+    server.document-root = "/webdav"
+
+    webdav.activate = "enable"
+    webdav.is-readonly = "disable"
+  }
+
+}

docker-compose.yml

@@ -0,0 +1,46 @@
+#
+#
+services:
+  flask_zipfile_creator:
+    build: ./flask_zipfile_creator
+    container_name: flask_zipfile_creator
+    # CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:5000", "app:app"]
+    command: flask run -h 0.0.0.0
+    volumes:
+      - ./flask_zipfile_creator:/flask
+      - ./data/gallery:/var/www/gallery
+    ports:
+      - "5000:5000"
+    # dns:
+    #   - "9.9.9.9"
+#    restart: always
+
+  lighttpd:
+    image: springm/lighttpd-webdav:latest
+    build: ./springm_lighttpd
+    container_name: lighttp
+    ports:
+      - 3004:3004
+    environment:
+      - TZ=${TZ:-Europe/Berlin}
+      - READWRITE=true
+      - WHITELIST=192.168.2.24
+    volumes:
+      - ./config:/etc/lighttpd
+      - ./data:/webdav
+    depends_on:
+      - flask_zipfile_creator
+    restart: always
+    # networks:
+    #   - proxy
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.lighttpd_dav.rule=Host(`webdav.hermes.markus-spring.info`)||Host(`web.hermes.markus-spring.info`)||Host(`share.hermes.markus-spring.info`)" 
+      - "traefik.http.routers.lighttpd_dav.entrypoints=websecure"
+      - "traefik.http.routers.lighttpd_dav.tls=true"
+      - "traefik.http.routers.lighttpd_dav.tls.certresolver=standard"
+      - "traefik.http.services.lighttpd_dav.loadBalancer.server.port=3004"
+
+# networks:
+#   proxy:
+#     external: true

flask_zipfile_creator/Dockerfile

@@ -0,0 +1,12 @@
+FROM python:3.10-alpine
+COPY . /flask
+WORKDIR /flask
+RUN pip install -r requirements.txt
+EXPOSE 5000
+#CMD ["flask", "run", "-h", "0.0.0.0"]
+CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:5000", "app:app"]
+# WORKDIR /app
+# COPY requirements.txt .
+# RUN pip install -r requirements.txt
+# COPY . .
+# CMD ["python", "app.py"]

flask_zipfile_creator/app.py

@@ -0,0 +1,78 @@
+from flask import Flask, send_file, jsonify, request
+import zipfile
+import os
+import tempfile
+import threading
+from datetime import datetime
+
+app = Flask(__name__)
+
+class ZipCreator:
+    def __init__(self, source_path, temp_dir):
+        self.source_path = f"/var/www/{source_path}"
+        self.temp_dir = temp_dir
+        #self.zip_file_path = os.path.join(temp_dir, 'files.zip')
+        self.zip_file_name = os.path.basename(source_path) + '.zip'
+        self.zip_file_path = os.path.join(temp_dir, self.zip_file_name)
+        self.status = "pending"
+        self.error = None
+
+    def create_zip(self):
+        try:
+            with zipfile.ZipFile(self.zip_file_path, 'w') as zip_file:
+                for root, dirs, files in os.walk(self.source_path):
+                    # Clear the dirs list to prevent descending into subdirectories
+                    dirs.clear()
+                    for file in files:
+                        if file.lower().endswith(('.jpg', '.jpeg')): # Filter only JPEG files
+                            file_path = os.path.join(root, file)
+                            zip_file.write(file_path, os.path.relpath(file_path, self.source_path))
+            self.status = "completed"
+        except Exception as e:
+            self.status = "failed"
+            self.error = str(e)
+        finally:
+            # Ensure the temp directory is cleaned up after download
+            def cleanup_temp_dir():
+                import time
+                time.sleep(30)  # Wait 30 seconds to ensure download is complete
+                try:
+                    os.remove(self.zip_file_path)
+                    os.rmdir(self.temp_dir)
+                except Exception as e:
+                    print(f"Error cleaning up temp directory: {e}")
+
+            threading.Thread(target=cleanup_temp_dir).start()
+
+# Global variable to hold the current zip creation task
+current_task = None
+
+@app.route("/start_zip", methods=["POST"])
+def start_zip():
+    global current_task
+    source_path = request.json['source_path']
+    temp_dir = tempfile.mkdtemp()
+    current_task = ZipCreator(source_path, temp_dir)
+    threading.Thread(target=current_task.create_zip).start()
+    return jsonify({"message": "Zip creation started"})
+
+@app.route("/status", methods=["GET"])
+def status():
+    global current_task
+    if current_task:
+        return jsonify({"status": current_task.status, "error": current_task.error})
+    else:
+        return jsonify({"status": "no_task"})
+
+@app.route("/download", methods=["GET"])
+def download():
+    global current_task
+    if current_task and current_task.status == "completed":
+        return send_file(current_task.zip_file_path, as_attachment=True)
+    elif current_task and current_task.status == "failed":
+        return jsonify({"error": current_task.error}), 500
+    else:
+        return jsonify({"error": "Zip not ready"}), 400
+
+if __name__ == "__main__":
+    app.run(host='0.0.0.0', port=5000)

flask_zipfile_creator/requirements.txt

@@ -0,0 +1 @@
+Flask

springm_lighttpd/Dockerfile

@@ -0,0 +1,18 @@
+FROM alpine:latest
+MAINTAINER Markus Spring <me@markus-spring.de>
+
+ENV PACKAGE_LIST="lighttpd lighttpd-mod_webdav lighttpd-mod_auth" 
+    # REFRESHED_AT='2016-12-26'
+
+RUN apk add --no-cache ${PACKAGE_LIST}
+
+VOLUME [ "/config", "/webdav" ]
+
+ADD files/* /etc/lighttpd/
+ADD ./entrypoint.sh /entrypoint.sh
+
+EXPOSE 80
+
+RUN chmod u+x  /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

springm_lighttpd/build.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+docker build --network=host -t "springm/lighttpd-webdav" .

springm_lighttpd/entrypoint.sh

@@ -0,0 +1,42 @@
+#!/bin/sh
+set -x
+
+# Force user and group because lighttpd runs as webdav
+USERNAME=webdav
+GROUP=webdav
+
+# Only allow read access by default
+READWRITE=${READWRITE:=false}
+
+# Add user if it does not exist
+if ! id -u "${USERNAME}" >/dev/null 2>&1; then
+	addgroup -g ${USER_GID:=2222} ${GROUP}
+	adduser -G ${GROUP} -D -H -u ${USER_UID:=2222} ${USERNAME}
+fi
+
+chown webdav /var/log/lighttpd
+
+if [ -n "$WHITELIST" ]; then
+	sed -i "s/WHITELIST/${WHITELIST}/" /etc/lighttpd/webdav.conf
+fi
+
+if [ "$READWRITE" == "true" ]; then
+	sed -i "s/is-readonly = \"\\w*\"/is-readonly = \"disable\"/" /etc/lighttpd/webdav.conf
+else
+  sed -i "s/is-readonly = \"\\w*\"/is-readonly = \"enable\"/" /etc/lighttpd/webdav.conf
+fi
+
+if [ ! -f /config/htpasswd ]; then
+	cp /etc/lighttpd/htpasswd /config/htpasswd
+fi
+
+if [ ! -f /config/webdav.conf ]; then
+	cp /etc/lighttpd/webdav.conf /config/webdav.conf
+fi
+
+lighttpd -f /etc/lighttpd/lighttpd.conf
+
+# Hang on a bit while the server starts
+sleep 5
+
+tail -f /var/log/lighttpd/*.log

springm_lighttpd/files/htpasswd

@@ -0,0 +1 @@
+webdav:kK1eUy0t2agv6

springm_lighttpd/files/lighttpd.conf

@@ -0,0 +1,35 @@
+server.port             = 3004
+server.errorlog         = "/dev/stdout"
+accesslog.filename      = "/dev/stdout"
+
+server.modules = (
+    "mod_access",
+    "mod_accesslog",
+    "mod_webdav",
+    "mod_auth"
+)
+
+include "/etc/lighttpd/mime-types.conf"
+
+server.username       = "webdav"
+server.groupname      = "webdav"
+
+server.document-root  = "/webdav"
+
+server.pid-file       = "/run/lighttpd.pid"
+server.follow-symlink = "enable"
+
+var.logdir            = "/var/log/lighttpd"
+# accesslog.filename    = var.logdir + "/access.log"
+# server.errorlog       = var.logdir  + "/error.log"
+
+include "/config/webdav.conf"
+
+url.access-deny         = ("~", ".inc")
+compress.cache-dir      = "/var/lib/lighttpd/cache/compress"
+compress.filetype       = (
+                            "text/css",
+                            "text/javascript",
+                            "text/plain",
+                            "text/xml"
+                            )

springm_lighttpd/files/webdav.conf

@@ -0,0 +1,28 @@
+$HTTP["remoteip"] !~ "WHITELIST" {
+
+  # Require authentication
+  $HTTP["host"] =~ "." {
+    server.document-root = "/webdav"
+
+    webdav.activate = "enable"
+    webdav.is-readonly = "enable"
+
+    auth.backend = "htpasswd"
+    auth.backend.htpasswd.userfile = "/config/htpasswd"
+    auth.require = ( "" => ( "method" => "basic",
+                             "realm" => "webdav",
+                             "require" => "valid-user" ) )
+  }
+
+}
+else $HTTP["remoteip"] =~ "WHITELIST" {
+
+  # Whitelisted IP, do not require user authentication
+  $HTTP["host"] =~ "." {
+    server.document-root = "/webdav"
+
+    webdav.activate = "enable"
+    webdav.is-readonly = "enable"
+  }
+
+}