(I couldn't find a forum post referring to this, took me a while to figure out, so posting here in case it might help someone else)
It took me a long while but I got WebDAV set up on Apache2 (I have the XAMPP install on Ubuntu - there's /opt/lampp/etc/extra/httpd-dav.conf that's a good starting point, need to Include it).
'litmus' is a WebDAV test tool (sudo apt install litmus)
All the relevant tests passed, but I still got a 401 error when trying to sync.
The cause? I'd set up the conf to use Digest Authentication, Joplin expects Basic. This needs changing in the Apache conf and a different file put in place.
A password file can be generated with :
htpasswd -c htpasswd [name]
I would like to add to this that those using WebDAV Basic Auth should always use a long and complex password as well as TLS (HTTPS) for all authentication.
Yeah, very good point.
Basic Auth on it's own is incredibly insecure.
I remember getting myself in a real mess over trying to secure some web service or other, hassle both ends of the wire. Coincidentally chatted with Hixie (of HTML4 fame). He suggested 'just use Basic Auth with TLS'. Excellent advice. Not totally bullet-proof but for minimal effort, good enough most of the time.
Yeah, it seems that using TLS with Basic Auth (as long as your TLS is setup properly) solves all of the problems that Digest Access Authentication was created for in the first place.
I have setup a hardened LAMP server with Let's Encrypt and WebDAV and tested it with SSL Labs. Good to go for synching Joplin.