Skip to content

feat: add webdav-proxy just task for SSH-forwarded WebDAV mount#29

Open
utiberious wants to merge 1 commit intoutensil:mainfrom
utiberious:feat/webdav-tunnel
Open

feat: add webdav-proxy just task for SSH-forwarded WebDAV mount#29
utiberious wants to merge 1 commit intoutensil:mainfrom
utiberious:feat/webdav-tunnel

Conversation

@utiberious
Copy link
Copy Markdown
Contributor

@utiberious utiberious commented Mar 25, 2026

Summary

Adds a generic webdav-tunnel task to dotfiles/term.just that tunnels any remote WebDAV server to localhost via SSH.

Why

Some services bind their WebDAV server to 127.0.0.1 only (e.g. kopia mount --webdav). When the service runs in a VM or remote host, you need a way to access it from the host — but exposing it on a network interface (via socat, reverse proxy, etc.) adds attack surface.

An SSH tunnel is the cleanest solution: encrypted, authenticated, no extra software, binds local side to loopback only.

Design

Same pattern as pod-proxy:

  • SSH tunnel with -o ControlMaster=no -o ControlPath=none (bypass SSH mux)
  • ServerAliveInterval=30 for keepalive
  • PID file for lifecycle management (start/stop/status)
  • Local side binds to 127.0.0.1 only

Usage

# Start: tunnel remote WebDAV port to localhost:9876
just webdav-tunnel start user@host 55206

# Custom local port
just webdav-tunnel start user@host 55206 8080

# Mount in Finder: ⌘K → http://localhost:9876
# or CLI:
mount_webdav http://localhost:9876 /tmp/webdav-mnt

# Stop
just webdav-tunnel stop

# Check status
just webdav-tunnel status

Files

dotfiles/term.just   +90 lines (new task at end of SSH section)

@utiberious utiberious changed the title feat: add webdav-tunnel just task for SSH-tunneled WebDAV mount feat: add webdav-proxy just task for SSH-forwarded WebDAV mount Mar 25, 2026
feat: add webdav-proxy just task for SSH-forwarded WebDAV mount
c06f31f 
Adds a generic webdav-proxy task to the justfile (Backup section, near
prep-kopia) that forwards any remote WebDAV server to localhost via SSH.

Useful for services that bind their WebDAV endpoint to 127.0.0.1 only
(e.g. kopia mount --webdav). The SSH forward makes it accessible locally
without exposing it on any network interface.

Features:
- start/stop/status lifecycle with PID file
- SSH port forwarding with ControlPath=none (same pattern as pod-proxy)
- ServerAliveInterval for keepalive
- Binds local side to 127.0.0.1 only (not exposed to LAN)
- Configurable local and remote ports

Usage:
  just webdav-proxy start user@host 55206
  Finder ⌘K → http://localhost:9876

[AGENT]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@utiberious