Hello to everyone!
Very new to WebDEV and I’m pulling my hair out trying to set up it on Windows 11 for local network use only (no internet access needed). I’ve hit two major roadblocks, and I’m hoping someone here can save me from this nightmare.
The problems:
-
HTTPS connection fails:
I can only get WebDAV to work over HTTP, not HTTPS. I’ve created a self-signed certificate, but it’s still not working. Am I missing something obvious? -
Sync issues with Android apps and another computer:
I’ve tried syncing with apps like Joplin, EasySync, DataBackup, and Diarium. While they can push data to the WebDAV server, they can’t pull data back. It’s like thePUT
method works, butGET
doesn’t. Is this a certificate issue, a permissions problem, or something else entirely?
What I’ve done so far:
Here’s my setup process in case it helps diagnose the issue:
1. Windows Features:
- Enabled Internet Information Services (IIS) (which auto-enabled Web Management Tools and World Wide Web Services).
- Enabled WebDAV Publishing under World Wide Web Services > Common HTTP Features.
- Enabled Basic Authentication under World Wide Web Services > Security.
2. IIS Manager:
- In Default Web Site > WebDAV Authoring Rules, I enabled WebDAV and added an authoring rule for All users with Read, Source, and Write permissions.
- Enabled Basic Authentication and disabled Anonymous Authentication and ASP .NET Impersonation.
- Created a self-signed certificate under Server Certificates and bound it to the Default Web Site for HTTPS.
3. Folder Setup:
- Created a folder (e.g.
C:\WebDAVShare
) and added it as a Virtual Directory in IIS with an alias (e.g.webdav
). - Set permissions for a local user (
DESKTOP-PC\webdavuser
) with Full Control.
4. Directory Browsing:
- Enabled Directory Browsing in IIS.
5. Accessing WebDAV:
- Accessed the server via
https://192.168.1.10/webdav
in my browser. - Entered credentials (
DESKTOP-PC\webdavuser
+ password) and could see the files, but the connection was HTTP, not HTTPS.
Additional info:
- I’ve exported and installed the self-signed certificate on both my Android devices (Android 13 & 15) as VPN and app user certificates. I couldn’t install them as CA certificates - not sure if that’s the issue.
What am I missing?
- Why isn’t HTTPS working despite the self-signed certificate?
- Why can’t my Android apps pull data from the WebDAV server (nor another computer on same network)?
- Is there a specific Windows feature, permission, or setting I’ve overlooked?
I’m at my wit’s end here, so any help would be hugely appreciated. If you’ve dealt with WebDAV on Windows 11 or have any insights, please chime in!
Thanks in advance and I’m sorry if this is not the right place to ask this :(
Are you set on using windows IIS for this? IIS is a ridiculous pile of absolutely ancient stuff that’s a pain to use, and I wonder if the issues on the mobile apps are from IIS not supporting WebDAV properly.
There are other great WebDAV servers out there, like https://sftpgo.com/ which does support Windows.
I would also recommend getting an SSL cert using letsencrypt if you have your own domain name, makes things much easier. Or if this is local only traffic (or over a VPN), just run HTTP if that’s easier.
Like others have mentioned, I wouldn’t trust the iis WebDAV server any further than I can throw it. And moreover, the WebDAV client that’s built into windows is also good for nothing – it has a filesize limit because it reads the whole file into ram, instead of using http206 like any sane server/client. And it also has a chance of crashing explorer.exe after reading a couple thousand files…
That’s why I’ve been making my own WebDAV server, but I’m also keeping track of other alternatives. And for connecting to it from windows I’m using rclone. Regardless which server you choose (just please do not use iis lol) you can borrow these examples for connecting to it :-)
Windows will not connect to a WebDAV server with a self signed cert without making a lot of registry changes.
It also will not connect to a WebDAV server with https using an IP address. It must be a hostname.
Not that it’s my first recommendation for security reasons, and I would never do this in prod, but you can just add the self-signed cert to the local trusted root CA store and it should work fine. No reg changes needed.
If you do this, put it in the store of the user running the client, not LocalMachine. Then you just need to make sure you connect as something in the cert’s SAN list. An IP might work (don’t know since I never try to put IPs in the SAN list), but just use a hosts entry if you can’t modify local DNS.
Edit: after reading the full OP post (sorry), I don’t think it’s necessarily the self-signed cert. If the browser is connecting with https:// and presenting a basic auth prompt, then https is working. It almost sounds like there is a 301/302 redirect back to http after login. Check the Network tab of the browser’s dev pane (F12) to see what is going on.
Windows is the greatest and best operating system that the Windows team at Microsoft has ever made.