John Aman's picture

Just got Portainer up on my homelab.  Can't wait to install (https://) but I have a problem.  Like Highlander, there can be only one (service on port 80).

But my Turnkey Linux File Server is already serving up WebDAV there.  I don't need it - I'm an old school SSH guy.

This is what I did:

Log in over SSH (as normal user)

$ sudo mv /etc/apache2/sites-enabled/webdavcgi.conf .

( don't forget the "." )

Go back to Webmin  / System / Bootup and Shutdown

Select apache2 (click on the word apache2) then click Restart Now

The webDAV will be disabled ( even though it still appears on the Turnkey Console (confconsole)

To re-enable the WebDAV,

$ sudo ln -s /etc/apache2/sites-available/webdavcgi.conf /etc/apache2/sites-enabled/webdavcgi.conf

and restart apache2 as before

Jeremy Davis's picture

Thanks for sharing this. I'm sure others will find it useful.

Having said that, just in case you're not aware, so long as port 80 of your server is publicly available (via reverse proxy is fine too), TurnKey servers can get their own Let's Encrypt cert (via HTTP-01 challenges - via port 80). It can be configured and triggered via Confconsole >> Advanced >> Let's Encrypt.

The challenges are served via port 80 by our custom mini-server; "add water" (which leverages the Dehydrated tool - we chose that because it's smaller, faster and leaks less info than "certbot"). Our wrapper script stops and restarts the webserver (where relevant) so that there is no port conflict and webserver config doesn't need to be changed or even considered (e.g. redirecting port 80 to 443 doesn't need to be disabled). Our tool works with any webserver (although only tested with Apache, Nginx, LigHTTPd and Tomcat - as they're the only servers we ship using port 80) or even on servers which don't have a webserver.

In newer releases, Confconsole also supports DNS-01 challenges too. No external port 80 access is required, making it ideal for locally hosted servers that aren't publicly available. It also supports wildcard domains (e.g. * so if you're using a reverse proxy, you could get a single cert to use for all your current and future sites. (As an aside, I have plans to provide a TurnKey Reverse Proxy appliance at some point, but higher priority keeps getting added to my todo list above it). Although the version of Confconsole included in v18.0 appliance is buggy. (Gross oversight on my behalf - I thoroughly tested on v17.x but only lightly tested on v18.0 assuming that v17.x and v18.x envs would be "near enough" - I was wrong...).

I have a beta build which I've attached to a post there which hopefully resolves most (if not all) of the issues. Although I note that there is still room for improvement. If it's of any value to you, I'd love an extra tester and some more feedback.

Also re Apache config, whilst what you are doing isn't wrong (clearly it works), the symlinks in /etc/apache2/sites-enabled can be managed via the a2ensite/a2dissite cli tools. They simply create/remove the symlinks in /etc/apache2/sites-enabled (which when enabled point to the relevant config file in /etc/apache2/sites-available - as you appear to be aware)).

E.g. to disable webdavcgi:

a2dismod webdavcgi
systemctl restart apache2

And to re-enable:

a2enmod webdavcgi
systemctl restart apache2

Also you mentioned that even when disabled, WebDAV-CGI is still noted in Confconsole. That is because the Confconsole UI is actually pretty dumb. The services listed there are simply read from a text file found at /etc/confconsole/services.txt. To update what is displayed, simply remove the relevant lines from that file and it should "just work" (although if you have Confconsole running already, you'll need to restart it).

John Aman's picture

As per the TurnKey Linux philosophy, you took something a little bit useful and pumped it up 10 X!

You guys are doing great work.  So appreciated!

Add new comment