You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by mg...@mail.vernet.pl on 2004/03/10 08:40:46 UTC
https connection without http
Hi!
I've got slight problem with svn configuration. I've configured
https connection for the repository. Now I want it to exclude
normal http connection. As for now both are working.
What can I do to limit repository access to https only?
Regards,
--
Marcin Gil
mgil (at) vernet pl
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: https connection without http
Posted by Marcin Gil <mg...@vernet.pl>.
Michal Goralczyk wrote:
>> I've got slight problem with svn configuration. I've configured
>> https connection for the repository. Now I want it to exclude
>> normal http connection. As for now both are working.
>> What can I do to limit repository access to https only?
>
>
> Add to your apache config:
> SSLRequireSSL
>
Won't this require ssl access for *every* virtual server?
--
Marcin Gil
email# mgil : vernet pl | GaduGadu ID# 185057
JID# dentharg : chrome pl | http://marcin.gilusiowy.net
Re: Support for HTTP Redirects? was: Re: https connection without
http
Posted by Marcin Gil <mg...@vernet.pl>.
Sander Striker wrote:
>
>>I don't know -- can I put a <Location> inside <VirtualHost>, so that
>>this locations is obeyed only at specified virtual host?
>
>
> Sure.
And that solved my problem. I ain't apache guru -- didn't try that on my
production server until 100% sure. Now it works perfectly. No
redirections, no http access - pure https.
Thanks to all for support. Regards!
--
Marcin Gil
email# mgil : vernet pl | GaduGadu ID# 185057
JID# dentharg : chrome pl | http://marcin.gilusiowy.net
Re: Support for HTTP Redirects? was: Re: https connection without
http
Posted by Sander Striker <st...@apache.org>.
On Sat, 2004-03-13 at 15:53, Marcin Gil wrote:
> Chris Croome wrote:
> >
> > You will need to create a VirtualHost for each domain name, eg:
> >
> > <VirtualHost *:80>
> > ServerName one.example.com
> > Redirect /repo https://one.example.com/repo
> > </VirtualHost *:80>
> >
> > <VirtualHost *:80>
> > ServerName two.example.com
> > Redirect /repo https://two.example.com/repo
> > </VirtualHost *:80>
> >
> This is not a solution, since I have 100+ virtual hosts deployed on my
> server.
You could try some mod_rewrite voodoo (completely untested):
RewriteRule ^/repo(/.*)? https://%{SERVER_NAME}/repo$1 [R=permanent]
Or something to that effect.
> I don't know -- can I put a <Location> inside <VirtualHost>, so that
> this locations is obeyed only at specified virtual host?
Sure.
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Support for HTTP Redirects? was: Re: https connection without
http
Posted by Marcin Gil <mg...@vernet.pl>.
Chris Croome wrote:
>
> You will need to create a VirtualHost for each domain name, eg:
>
> <VirtualHost *:80>
> ServerName one.example.com
> Redirect /repo https://one.example.com/repo
> </VirtualHost *:80>
>
> <VirtualHost *:80>
> ServerName two.example.com
> Redirect /repo https://two.example.com/repo
> </VirtualHost *:80>
>
This is not a solution, since I have 100+ virtual hosts deployed on my
server.
I don't know -- can I put a <Location> inside <VirtualHost>, so that
this locations is obeyed only at specified virtual host?
--
Marcin Gil
email# mgil : vernet pl | GaduGadu ID# 185057
JID# dentharg : chrome pl | http://marcin.gilusiowy.net
Re: Support for HTTP Redirects? was: Re: https connection without http
Posted by Chris Croome <ch...@webarchitects.co.uk>.
Hi
On Sat 13-Mar-2004 at 01:10:24AM +0100, Marcin Gil wrote:
>
> If I have virtual defined as svn.example.com and the location is repo:
> - I access repo https://svn.example.com/repo
> - I've got several virtual hosts eg sum.funky.shit.com
> If I do redirects for VirtualHost svn.example.com will this work for
> sum.funky.shit.com too? Or do I have to put it in every single
> VirtualHost directive?
You will need to create a VirtualHost for each domain name, eg:
<VirtualHost *:80>
ServerName one.example.com
Redirect /repo https://one.example.com/repo
</VirtualHost *:80>
<VirtualHost *:80>
ServerName two.example.com
Redirect /repo https://two.example.com/repo
</VirtualHost *:80>
Chris
--
Chris Croome <ch...@webarchitects.co.uk>
web design http://www.webarchitects.co.uk/
web content management http://mkdoc.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Support for HTTP Redirects? was: Re: https connection without
http
Posted by Marcin Gil <mg...@vernet.pl>.
Chris Croome wrote:
>
> Redirect /foo https://svn.example.com/foo
>
> You can make them 301's like this:
>
> Redirect permanent /foo https://svn.example.com/foo
>
Thanks!!
Next quick question:
If I have virtual defined as svn.example.com and the location is repo:
- I access repo https://svn.example.com/repo
- I've got several virtual hosts eg sum.funky.shit.com
If I do redirects for VirtualHost svn.example.com will this work for
sum.funky.shit.com too? Or do I have to put it in every single
VirtualHost directive?
--
Marcin Gil
email# mgil : vernet pl | GaduGadu ID# 185057
JID# dentharg : chrome pl | http://marcin.gilusiowy.net
Re: Support for HTTP Redirects? was: Re: https connection without http
Posted by Chris Croome <ch...@webarchitects.co.uk>.
Hi
On Sat 13-Mar-2004 at 12:35:06AM +0100, Marcin Gil wrote:
>
> So, how do you create those redirections? By a index.html file
> with meta refresh, index.php with header(location) or with
> mod_rewrite?
None of those, just a simple Redirect statments in a VirtualHost,
like:
Redirect /foo https://svn.example.com/foo
You can make them 301's like this:
Redirect permanent /foo https://svn.example.com/foo
The key think to remember is that the destination has to be a fully
qualified URI.
More info here:
http://httpd.apache.org/docs-2.0/mod/mod_alias.html#redirect
Also RedirectMatch is nice, it's new in Apache 2:
http://httpd.apache.org/docs-2.0/mod/mod_alias.html#redirectmatch
It's simpler to get your head around that mod_rewrite and is quite
powerful.
Chris
--
Chris Croome <ch...@webarchitects.co.uk>
web design http://www.webarchitects.co.uk/
web content management http://mkdoc.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Support for HTTP Redirects? was: Re: https connection without
http
Posted by Marcin Gil <mg...@vernet.pl>.
Chris Croome wrote:
>>
>>>I aslo create a Redirect from the http URI to the https one.
>>>
>>
>>Will this work as 'svn co http://url/repo'?
>
>
> Well it works to the extent that stuff can't be checked out
> non-encrypted, you get this:
>
> $ svn co http://svn.example.com/foo.jpg
> svn: RA layer request failed
> svn: PROPFIND request failed on '/foo.jpg'
> svn: PROPFIND of '/foo.jpg': 302 Found (http://svn.example.com)
>
> The same thing happens if there is a 301 rather than a 302.
>
> I don't know if this is intentional or if svn has yet to have
> support for 301 and 302 response codes added?
>
So, how do you create those redirections? By a index.html file with meta
refresh, index.php with header(location) or with mod_rewrite?
--
Marcin Gil
email# mgil : vernet pl | GaduGadu ID# 185057
JID# dentharg : chrome pl | http://marcin.gilusiowy.net
Support for HTTP Redirects? was: Re: https connection without http
Posted by Chris Croome <ch...@webarchitects.co.uk>.
Hi
On Fri 12-Mar-2004 at 09:21:08PM +0100, Marcin Gil wrote:
> Chris Croome wrote:
> >
> > I aslo create a Redirect from the http URI to the https one.
> >
> Will this work as 'svn co http://url/repo'?
Well it works to the extent that stuff can't be checked out
non-encrypted, you get this:
$ svn co http://svn.example.com/foo.jpg
svn: RA layer request failed
svn: PROPFIND request failed on '/foo.jpg'
svn: PROPFIND of '/foo.jpg': 302 Found (http://svn.example.com)
The same thing happens if there is a 301 rather than a 302.
I don't know if this is intentional or if svn has yet to have
support for 301 and 302 response codes added?
Chris
--
Chris Croome <ch...@webarchitects.co.uk>
web design http://www.webarchitects.co.uk/
web content management http://mkdoc.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: https connection without http
Posted by Marcin Gil <mg...@vernet.pl>.
Chris Croome wrote:
>
> I aslo create a Redirect from the http URI to the https one.
>
Will this work as 'svn co http://url/repo'?
--
Marcin Gil
email# mgil : vernet pl | GaduGadu ID# 185057
JID# dentharg : chrome pl | http://marcin.gilusiowy.net
Re: https connection without http
Posted by Chris Croome <ch...@webarchitects.co.uk>.
Hi
On Thu 11-Mar-2004 at 10:02:35AM +0100, Michal Goralczyk wrote:
> >I've got slight problem with svn configuration. I've configured
> >https connection for the repository. Now I want it to exclude
> >normal http connection. As for now both are working.
> >What can I do to limit repository access to https only?
>
> Add to your apache config:
> SSLRequireSSL
I aslo create a Redirect from the http URI to the https one.
Chris
--
Chris Croome <ch...@webarchitects.co.uk>
web design http://www.webarchitects.co.uk/
web content management http://mkdoc.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: https connection without http
Posted by Michal Goralczyk <mo...@o2.pl>.
> I've got slight problem with svn configuration. I've configured
> https connection for the repository. Now I want it to exclude
> normal http connection. As for now both are working.
> What can I do to limit repository access to https only?
Add to your apache config:
SSLRequireSSL
--
Michal Goralczyk
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: https connection without http
Posted by Marcin Gil <mg...@vernet.pl>.
Brian Mathis wrote:
>
> If you put your <Location> sections in the ssl.conf file, they should
> only be available through https.
>
Does it matter to apache whether it reads <Location> from mod_svn.conf
or mod_ssl.conf? But I'll try this today.
--
Marcin Gil
email# mgil : vernet pl | GaduGadu ID# 185057
JID# dentharg : chrome pl | http://marcin.gilusiowy.net
Re: https connection without http
Posted by Brian Mathis <bm...@directedge.com>.
Marcin Gil wrote:
>Christophe Labouisse wrote:
>
>
>>You have to put the svn configuration lines in the <VirtualHost
>>_default_:443> define in the ssl.conf file.
>>
>>
>So I did but this doesn't solve problem. http://url/repo still works
>and that's what I'm trying to do: no http access to repository.
>
>
If you put your <Location> sections in the ssl.conf file, they should
only be available through https.
--
Brian Mathis
http://directedge.com/b/
Re: https connection without http
Posted by Seth Daniel <su...@sethdaniel.org>.
On Fri, Mar 12, 2004 at 09:18:14PM +0100, Marcin Gil wrote:
> Christophe Labouisse wrote:
> >
> > You have to put the svn configuration lines in the <VirtualHost
> > _default_:443> define in the ssl.conf file.
> >
> So I did but this doesn't solve problem. http://url/repo still works
> and that's what I'm trying to do: no http access to repository.
Well, you can do what I did...redirect them elsewhere when they hit your
secure site with http.
Using the following rules I can allow https access to dev.mysite.org but
http access gets redirected to www.mysite.org.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^dev.mysite.org$
RewriteCond %{SERVER_PROTOCOL} ^HTTP[^S].*$
RewriteRule ^/.*$ http://www.mysite.org/ [R=permanent]
--
seth / @sethdaniel.org
This post is encrypted twice with ROT-13. Documenting or attempting to
crack this encryption is illegal.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: https connection without http
Posted by Marcin Gil <mg...@vernet.pl>.
Christophe Labouisse wrote:
>
> You have to put the svn configuration lines in the <VirtualHost
> _default_:443> define in the ssl.conf file.
>
So I did but this doesn't solve problem. http://url/repo still works
and that's what I'm trying to do: no http access to repository.
--
Marcin Gil
email# mgil : vernet pl | GaduGadu ID# 185057
JID# dentharg : chrome pl | http://marcin.gilusiowy.net
Re: https connection without http
Posted by Christophe Labouisse <ga...@tigris.org>.
On Wed, 10 Mar 2004 09:40:46 +0100 (CET)
mgil@mail.vernet.pl wrote:
> I've got slight problem with svn configuration. I've configured
> https connection for the repository. Now I want it to exclude
> normal http connection. As for now both are working.
> What can I do to limit repository access to https only?
You have to put the svn configuration lines in the <VirtualHost
_default_:443> define in the ssl.conf file.
--
Le cinéma en Lumière : http://www.lumiere.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org