I am trying to configure Seedvault on GrapheneOS (pixel 9a) to back up directly to a self-hosted WebDAV server running on a Linux machine in my LAN (Docker-based setup).
My server environment:
- Linux host
- Docker
- WebDAV service container
- HTTPS enabled with a self-signed certificate
I have tested two approaches:
Seedvault “WebDAV (beta)” option. When I configure the WebDAV endpoint directly in Seedvault, the connection fails with an SSLHandshakeException. The certificate is self-signed. The server is reachable from the device, but Seedvault refuses the TLS handshake.
WebDAV via DAVx5
I configured DAVx5 with:
- The correct WebDAV URL
- Valid credentials
- The self-signed certificate installed and trusted on the device
From GrapheneOS I can browse the WebDAV storage successfully via the system file picker, so authentication and connectivity seem correct. However, when Seedvault tries to use that location for backup, it appears to have no write permissions and the backup fails.
My goal:
I do not want to back up to local device storage. I want Seedvault to back up directly to my LAN server over WebDAV.
Questions:
- Does Seedvault currently support self-signed certificates for WebDAV, or is a publicly trusted certificate required?
- Is there a known limitation with write permissions when accessing WebDAV through DAVx5 + Storage Access Framework?
- Is there a recommended setup for self-hosted LAN backups (e.g., specific WebDAV server configuration, reverse proxy requirements, TLS configuration, etc.)?
If needed, I can provide:
- WebDAV server software details
- Reverse proxy configuration (if relevant)
- TLS configuration details
- Exact error logs from Seedvault
Any guidance on a working configuration for local, self-hosted WebDAV backups with GrapheneOS would be appreciated. Thanks