Multi User with own Folder

[EdenSpire]

Hello,

Is it possible to have multi user with their own folder?

For example,
User Samantha will have folder user1
User Josh will have folder user2

Each user has their own username and password.

If this is possible will be great as additional feature.

Rgds

[dgraziotin]

Hello,

This is not provided out of the box, but achievable.

The hard way: you modify configuration files to achieve multiuser support. This is supported in that the image supports various configuration files.

The "easy" way is a reason why we actually have containers and Docker: you run one container per user. Each container serves each user and mounts separate folders. Each instance is perfectly isolated to each other and does not even "know" that other instances exist. If you happen to have a reverse proxy in front of all containers, this will even be somehow transparent to each user as they will connect to either user1.server.com, user2.server.com or server.com/user1, server.com/user2, and so on. This could be handled by a single Docker Compose file.

[EdenSpire]

Hi,

Nice to see there are possibilities to achieve that but unfortunately I'm a noob at this.

Having different subdomain for each account is not applicable for my situation either.

Well, could you please guide me what files need to be modified (from the tutorial).
Will the modification stay after reboot?

[skironDotNet]

I need that too. The way I host right now I have custom locations in NPM and each custom location like
/userA
/userB
has it's own Apache based WebDav container, so for each user I need to spin up a new container, not mem efficient, despite alpine based takes only 1.4MB of RAM when idle.

The problem with this approach is that there is a bug in NPM (I need to report) that when one custom location is down, the NPM is in looping state and can't login to NPM so it's kind a killer setup, serious bug. Thus I would prever single container with multiple users.

The way I achieved folder per user in bare Nginx is that I also have location per user, but if I could delegate this to your container it would not affect NPM.
Here is the sample config

    root      /custom/www; #some web content to host in the root of the domain
    client_body_temp_path /custom/www/temp;
    dav_methods     PUT DELETE MKCOL COPY MOVE;
    dav_ext_methods   PROPFIND OPTIONS;
    create_full_put_path  on;
    client_max_body_size        20M;
    #dav_access    user:rw group:rw all:r;
    dav_access    user:rw group:r;
    autoindex     on;

    # this is important for keepass
    open_file_cache off;

location /usera/ {
    auth_basic "restricted";
    auth_basic_user_file /etc/nginx/webdav/usera.pwd;
  }

location /userb/ {
    auth_basic "restricted";
    auth_basic_user_file /etc/nginx/webdav/userb.pwd;
  }

# I think I could use same pwd file for all locations, because folder name is not tied to user name,
# but then technically anybody from pwd file list can access specified location that uses the pwd file

Ideally there should be just one pwd file, and somehow parsed user names can create a location per user name, and only allow that user name to access it's own folder. Right now I have pwd file per location to achieve that

[skironDotNet]

@EdenSpire if you want webdav container per user, you can do something like this, just keep in mind if once of the webdav containers go down, you won't be able to login to NPM (at least after NPM restart)

  www: #hosting static content from the root like https://domain.com/ https://sub.domain.com/
    image: 'bb-httpd' #build from https://github.com/stephenc/busybox-httpd-docker
    restart: unless-stopped
    volumes:
      - ./www:/var/www/html
    network_mode: my-net #I'm attaching NPM and containers to same custom network, but your setup may be different 

  user1:
    image: bytemark/webdav # https://hub.docker.com/r/bytemark/webdav/
    restart: always
    environment:
      LOCATION: /user1  #this is important to tell it to be under https://domain.com/user1/ otherwise webdav won't route properly 
    volumes:
      - ./users/user1:/var/lib/dav
      - ./users/user1/user.passwd:/user.passwd
    network_mode: my-net #I'm attaching NPM and containers to same custom network, but your setup may be different 

  user2:
    image: bytemark/webdav
    restart: always
    environment:
      LOCATION: /user2
    volumes:
      - ./users/user2:/var/lib/dav
      - ./users/user2/user.passwd:/user.passwd
    network_mode: my-net #I'm attaching NPM and containers to same custom network, but your setup may be different 


# this compose is being `some` folder has 'users' folder that keeps all the users, so structure looks like this:
#/some/docker-compose.yml
#/some/users/user1/user.passwd #password file
#/some/users/user1/data # data folder created by webdav container so pwd file is isolated from actual dara  

Then in NPM root www content container

and then location per user

[EdenSpire]

I need that too. The way I host right now I have custom locations in NPM and each custom location like /userA /userB has it's own Apache based WebDav container, so for each user I need to spin up a new container, not mem efficient, despite alpine based takes only 1.4MB of RAM when idle.

The problem with this approach is that there is a bug in NPM (I need to report) that when one custom location is down, the NPM is in looping state and can't login to NPM so it's kind a killer setup, serious bug. Thus I would prever single container with multiple users.

The way I achieved folder per user in bare Nginx is that I also have location per user, but if I could delegate this to your container it would not affect NPM. Here is the sample config

    root      /custom/www; #some web content to host in the root of the domain
    client_body_temp_path /custom/www/temp;
    dav_methods     PUT DELETE MKCOL COPY MOVE;
    dav_ext_methods   PROPFIND OPTIONS;
    create_full_put_path  on;
    client_max_body_size        20M;
    #dav_access    user:rw group:rw all:r;
    dav_access    user:rw group:r;
    autoindex     on;

    # this is important for keepass
    open_file_cache off;

location /usera/ {
    auth_basic "restricted";
    auth_basic_user_file /etc/nginx/webdav/usera.pwd;
  }

location /userb/ {
    auth_basic "restricted";
    auth_basic_user_file /etc/nginx/webdav/userb.pwd;
  }

# I think I could use same pwd file for all locations, because folder name is not tied to user name,
# but then technically anybody from pwd file list can access specified location that uses the pwd file

Ideally there should be just one pwd file, and somehow parsed user names can create a location per user name, and only allow that user name to access it's own folder. Right now I have pwd file per location to achieve that

Hi skironDorNet,

Where I must put the config?

[EdenSpire]

Hi All,

Today I tried to enable MultiUser support and it was so easy, only one container needed.

You only need to edit /config/nginx/server.conf and re-deployb/ restart the container.

This topic can be closed.

[FlorianEndel]

Multiuser support is indeed easy to setup with only one container.
Be sure that you have:

• a htpasswd file with your users and passwords
• a folder for each user (named exactly like the username)
• the right permissions (user/group of the nginx process) for these folders (as set with the env-variable)
• add a custom-cont-init.d script:
  • add a new volume in docker-compose: ./custom-cont-init.d:/custom-cont-init.d
  • add a custom script 40-user_dir in ./custom-cont-init.d with the following content:

#!/usr/bin/bash

echo "change root from /data to /data/\$remote_user"
sed -i 's%/data"%/data/$remote_user"%g' /etc/nginx/nginx.conf

• recreate the container: docker-compose up -d --force-recreate nginxwebdav

The log of the container should contain some information about the custom init-script:

cont-init: info: running /etc/cont-init.d/99-custom-files
[custom-init] Files found, executing
[custom-init] 40-user_dir: executing...
change root from /data to /data/$remote_user
[custom-init] 40-user_dir: exited 0
cont-init: info: /etc/cont-init.d/99-custom-files exited 0

WebDAV with basic login and custom folders per user works for me with the integrated web-client, Filestash.app, Dolphin (KDE file manager) and Linux mount (davfs).

edit: an entry in /config/nginx/location.conf did not work as expected...