You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Philip M. Gollucci" <pg...@p6m7g8.com> on 2005/12/02 04:39:23 UTC

[users@httpd] SVN and httpd w/ SSL

Hi, I'm trying to setup an svn repository that works with httpd2 over 
ssl.  I've gotten pretty far following the Subversion book.
So I can start the server.  I can make requests to it.
I can check out my repo via svn and ssl.

Then I try to do an svn add, svn ci
And I get this -- any great ideas ?

client stderr:
svn: Commit failed (details follow):
svn: Can't create directory '/home/svn/db/transactions/8-1.txn': 
Permission denied
svn: Your commit message was left in a temporary file:
svn:    '/y/svn-commit.5.tmp'

sever error_log:
[Thu Dec 01 22:24:13 2005] [error] [client 68.49.179.55] client denied 
by server configuration: /www/sites/svn.x.y


First some versions:
   FreeBSD 6.0-RELEASE
   Apache/2.0.55 DAV/2 SVN/1.3.0-rc2 mod_ssl/2.0.55 OpenSSL/0.9.7e

   If anyone cares, these are all from the ports tree

svnadmin create /home/svn/repos
chown -R nobody:svnadmin /home/svn/repos

htpasswd -cm /usr/local/etc/apache2/svn-users pgollucci

cat /usr/local/etc/apache2/svn-auth
[/]
* = rw

(I'll restrict this once I get it working)

cat /usr/local/etc/apache2/httpd.conf
ServerRoot "/usr/local"

Listen 443
LockFile /var/log/httpsd-accept.lock
PidFile /var/run/httpsd.pid

LogLevel info
ErrorLog /var/log/httpsd-error.log
User nobody
Group svnadmin

ServerAdmin w@x.y
ServerName x.y
ServerSignature EMail
UseCanonicalName Off

LoadModule ssl_module libexec/apache2/mod_ssl.so
LoadModule mime_module libexec/apache2/mod_mime.so

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

SSLMutex  file:/var/log/httpd-ssl_mutex
SSLSessionCache shm:/var/log/httpd-ssl_gcache_data(512000)

LoadModule setenvif_module libexec/apache2/mod_setenvif.so

SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0

LoadModule auth_module         libexec/apache2/mod_auth.so
LoadModule access_module       libexec/apache2/mod_access.so
LoadModule dav_module          libexec/apache2/mod_dav.so
LoadModule dav_fs_module       libexec/apache2/mod_dav_fs.so
LoadModule dav_svn_module      libexec/apache2/mod_dav_svn.so
LoadModule authz_svn_module    libexec/apache2/mod_authz_svn.so

<Location />
     Order allow,deny
     Allow from all
</Location>

NameVirtualHost *
<VirtualHost svn.x.y:443>
   ServerName svn.x.y:443

   SSLEngine  On
   SSLCertificateFile     /usr/local/etc/apache2/certs/svn.x.y.crt
   SSLCertificateKeyFile  /usr/local/etc/apache2/keys/svn.x.y.key

   DocumentRoot /www/sites/svn.x.y

   <Location /repos>
         DAV svn
         SVNPath /home/svn

         AuthzSVNAccessFile /usr/local/etc/apache2/svn-auth

         AuthName "Cluster"
         AuthType Basic
         AuthUserFile /usr/local/etc/apache2/svn-users
         Require valid-user

         <LimitExcept GET POST OPTIONS PROPFIND REPORT>
                 Order allow,deny
                 Deny from all
         </LimitExcept>
   </Location>
</VirtualHost>


-- 
------------------------------------------------------------------------
"Love is not the one you can picture yourself marrying,
but the one you can't picture the rest of your life without."

"It takes a minute to have a crush on someone, an hour to like someone,
and a day to love someone, but it takes a lifetime to forget someone..."

Philip M. Gollucci (pgollucci@p6m7g8.com) 301.254.5198
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] SVN and httpd w/ SSL

Posted by "Philip M. Gollucci" <pg...@p6m7g8.com>.

>         <LimitExcept GET POST OPTIONS PROPFIND REPORT>
>                 Order allow,deny
>                 Deny from all
>         </LimitExcept>
So this is what was causing the problem.

It was suppose to

explicitly deny anything other than read acces over a plain connection. 
  I had that in my SSL enabled vhost.  I need to move it to the plain 
(port 80) vhost.

*sigh*




-- 
------------------------------------------------------------------------
"Love is not the one you can picture yourself marrying,
but the one you can't picture the rest of your life without."

"It takes a minute to have a crush on someone, an hour to like someone,
and a day to love someone, but it takes a lifetime to forget someone..."

Philip M. Gollucci (pgollucci@p6m7g8.com) 301.254.5198
Consultant / http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - TicketMaster - http://ticketmaster.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org