WebDAV Backup Destination
ZestSSH can back up encrypted .zest files to any standards-compliant WebDAV server. This provides a self-hosted backup option that you fully control.
Compatible Servers
Section titled “Compatible Servers”The WebDAV implementation uses a minimal subset of the protocol and is compatible with:
- Nextcloud (see also Nextcloud-specific setup)
- ownCloud
- Synology WebDAV Server
- Apache mod_dav
- Nginx with ngx_http_dav_module
- Any standards-compliant WebDAV endpoint
WebDAV Operations Used
Section titled “WebDAV Operations Used”ZestSSH uses five WebDAV/HTTP methods:
| Method | Purpose |
|---|---|
PUT | Upload a backup file |
GET | Download a backup file |
PROPFIND | List directory contents (Depth: 0 for auth check, Depth: 1 for file listing) |
DELETE | Remove a backup file |
MKCOL | Create the remote backup directory |
No other WebDAV extensions (LOCK, COPY, MOVE, PROPPATCH) are required.
Authentication
Section titled “Authentication”WebDAV uses HTTP Basic Authentication. Credentials are sent as a Base64-encoded username:password pair in the Authorization header with every request.
No OAuth flow is required — you provide your username and password during setup, and they are stored in the destination configuration.
Configuration
Section titled “Configuration”Required Fields
Section titled “Required Fields”| Field | Description | Example |
|---|---|---|
| Server URL | Base URL of the WebDAV server | https://cloud.example.com/remote.php/dav/files/username |
| Username | WebDAV username | john |
| Password | WebDAV password or app password | app-specific-password-here |
Optional Fields
Section titled “Optional Fields”| Field | Default | Description |
|---|---|---|
| Remote Path | /ZestSSH/backups/ | Directory on the server where backups are stored |
| Label | WebDAV | Display name in the backup destination list |
Path Normalization
Section titled “Path Normalization”The remote path is automatically normalized:
- A leading
/is added if missing. - A trailing
/is added if missing. - Example:
ZestSSH/backupsbecomes/ZestSSH/backups/.
Setup Flow
Section titled “Setup Flow”- Go to Settings > Backup & Restore > Backup Destinations.
- Tap Add Destination > WebDAV.
- Enter the server URL, username, and password.
- Optionally customize the remote path and label.
- ZestSSH tests the connection with a
PROPFIND(Depth: 0) request. - If the remote directory does not exist, it is created with
MKCOL.
Directory Creation
Section titled “Directory Creation”If the remote path does not exist, ZestSSH creates it recursively. For a path like /ZestSSH/backups/:
MKCOL /ZestSSH/MKCOL /ZestSSH/backups/
Status codes 201 (created) and 405 (already exists) are both treated as success.
Backup Operations
Section titled “Backup Operations”Upload
Section titled “Upload”- The directory is ensured to exist (
MKCOLif needed). - The
.zestfile is uploaded viaPUTwithContent-Type: application/octet-stream. - Status codes
201(created) or204(no content) indicate success.
List Backups
Section titled “List Backups”PROPFINDwithDepth: 1on the backup directory.- The XML response is parsed to extract
.zestfiles with their:- Filename (from
<d:href>) - File size (from
<d:getcontentlength>) - Last modified date (from
<d:getlastmodified>, RFC 2822 format)
- Filename (from
- Results are sorted newest-first.
The XML parsing uses regex-based extraction rather than a full XML parser, handling both lowercase (<d:response>) and uppercase (<D:response>) namespace prefixes that vary by server.
Download
Section titled “Download”GETrequest to the file URL.- The response body is written to a local file.
Delete
Section titled “Delete”DELETErequest to the file URL.- Status codes
200or204indicate success.
Survives Uninstall
Section titled “Survives Uninstall”WebDAV backups survive app uninstall because they are stored on an external server. This makes WebDAV a better long-term backup destination compared to local storage.
Connection Check
Section titled “Connection Check”The isAuthenticated() method sends a lightweight PROPFIND (Depth: 0) to verify that:
- The server is reachable.
- Credentials are valid.
- The remote path exists (or can be created).
A 207 (Multi-Status) or 200 response indicates success. This check runs before each backup operation.
Security Notes
Section titled “Security Notes”- Credentials are stored in the destination configuration JSON. Use app-specific passwords (not your main account password) when available.
- Always use HTTPS URLs to prevent credential interception.
- The backup files themselves are encrypted with AES-256-GCM regardless of the transport security — even if someone gains access to your WebDAV server, they cannot read the backup contents without the backup password.