You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@subversion.apache.org by ds...@apache.org on 2023/07/10 07:32:51 UTC
svn commit: r1910908 - in /subversion/site/publish: ./ docs/community-guide/releasing.part.html faq.html
Author: dsahlberg
Date: Mon Jul 10 07:32:51 2023
New Revision: 1910908
URL: http://svn.apache.org/viewvc?rev=1910908&view=rev
Log:
In site/publish: Merge 1902723,1910824-1910900 from site/staging
* docs/community-guide/releasing.part.html
(#before-release-pristine-tools): Remove one release process variation that
doesn't work anymore
* faq.html
(#reverseproxy): New section
(many different sections): Removed or updated dead links
Modified:
subversion/site/publish/ (props changed)
subversion/site/publish/docs/community-guide/releasing.part.html
subversion/site/publish/faq.html
Propchange: subversion/site/publish/
------------------------------------------------------------------------------
Merged /subversion/site/staging:r1902723,1910824-1910900
Modified: subversion/site/publish/docs/community-guide/releasing.part.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/docs/community-guide/releasing.part.html?rev=1910908&r1=1910907&r2=1910908&view=diff
==============================================================================
--- subversion/site/publish/docs/community-guide/releasing.part.html (original)
+++ subversion/site/publish/docs/community-guide/releasing.part.html Mon Jul 10 07:32:51 2023
@@ -827,8 +827,7 @@ time pass.</p>
the release. The details of the rolling process are automated by the
<a href="https://svn.apache.org/repos/asf/subversion/trunk/tools/dist/release.py">release.py</a>
helper script. To run this script, you'll need a Subversion trunk working
-copy (or a shallow trunk working copy containing the <tt>tools/dist</tt> and
-<tt>build/generator</tt> directories). Run <tt>release.py -h</tt> to get a
+copy. Run <tt>release.py -h</tt> to get a
list of available subcommands.</p>
<p>Before you can actually roll the archives, you need to
Modified: subversion/site/publish/faq.html
URL: http://svn.apache.org/viewvc/subversion/site/publish/faq.html?rev=1910908&r1=1910907&r2=1910908&view=diff
==============================================================================
--- subversion/site/publish/faq.html (original)
+++ subversion/site/publish/faq.html Mon Jul 10 07:32:51 2023
@@ -77,6 +77,7 @@ For older questions, see <a href="#depre
<li><a href="#cvs2svn">How do I convert an existing CVS repository
into a Subversion repository?</a></li>
<li><a href="#proxy">What if I'm behind a proxy?</a></li>
+<li><a href="#reverseproxy">I need to put Subversion behind a reverse proxy</a></li>
<li><a href="#paranoid">My admins don't want me to have a HTTP server for
Subversion. What can I do if I still want remote usage?</a></li>
<li><a href="#multi-proj">How do I manage several different projects
@@ -938,6 +939,142 @@ running <tt>svn --version</tt>.</p>
</div>
+<div class="h3" id="reverseproxy">
+<h3>I need to put Subversion behind a reverse proxy
+ <a class="sectionlink" href="#proxy"
+ title="Link to this section">¶</a>
+</h3>
+
+<p>A reverse proxy can be used if the Subversion server is not directly
+connected to the internet. It will forward HTTP/HTTPS traffic from a public
+facing server to the Subversion server, potentially removing HTTPS
+encryption. It can also be useful if several different HTTP servers must
+be served on the same port.</p>
+
+<p>Subversion uses a subset of the WebDAV/DeltaV protocol; see <a
+href="#http-methods">this FAQ item</a> for the details.
+As far as the proxy server is concerned, Subversion uses plain WebDAV
+protocol. For the <tt>svn copy</tt> and <tt>svn move</tt> commands, an extra
+HTTP_DESTINATION header is used; this must be rewritten separately.</p>
+
+<p>Detailed instructions are provided for a few different proxy servers. It
+should be fairly easy to copy the ideas from these examples.</p>
+
+<h4>Detailed instructions for Apache HTTPD</h4>
+
+<p>The information below is based on an article written by Konrad Rosenbaum,
+originally found on <a href="http://silmor.de/proxysvn.php"
+>http://silmor.de/proxysvn.php</a>. Copied with permission.</p>
+
+<p>The proxy side of Apache requires mod_proxy to work. In many Linux
+distributions there are ready-made configuration files that can be activated,
+otherwise insert this configuration in httpd.conf:</p>
+
+<pre>
+#load the module
+LoadModule proxy_module modules/mod_proxy.so
+#per default disallow all requests (for security)
+ProxyRequests Off
+<Proxy *>
+ Order deny,allow
+ Deny from all
+</Proxy>
+ProxyVia On
+</pre>
+
+<p>In the VirtualHost directive for the proxying virtual host, configure
+requests for your subversion directory (we'll assume it is called svn) to be
+relayed to the real subversion server:</p>
+
+<pre>
+ProxyPass /svn/ http://realsvnserver/svn/
+<Location /svn/>
+ ProxyPassReverse /svn/ http://realsvnserver/svn/
+ <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT
+ MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
+ Order Deny,Allow
+ Allow from all
+ Satisfy Any
+ </Limit>
+
+ RewriteCond %{HTTP:Destination} .+/(svn/.*$)
+ RewriteRule ^/svn/.* - [E=MyDestination:http://realsvnserver/%1,PT]
+ RequestHeader set Destination %{MyDestination}e env=MyDestination
+</Location>
+</pre>
+
+<p>The ProxyPass directive tells Apache to redirect requests below /svn to
+the subversion-Apache (http://realsvnserver/svn). The ProxyPassReverse
+directive tells it to alter the request headers (Location, Content-Location,
+and URI) to match the target server — depending on your version of Apache and
+its configuration you may need to leave out either /svn/ or
+http://realsvnserver/svn/. If possible the same path should be used on both
+servers (otherwise DAV might make trouble). The Limit directive tells Apache
+to let all DAV requests from all clients (Allow) through and let the real
+subversion server handle authentication (Satisfy). The Rewrite rules
+update the HTTP_DESTINATION header to the correct server/protocol.</p>
+
+<h4>Detailed instructions for Microsoft IIS</h4>
+
+<p>First download and install the URL Rewrite module from <a
+href="https://www.iis.net/downloads/microsoft/url-rewrite">iis.net</a>. The
+example below has been tested with IIS 10 and URL Rewrite 2.1.<br/>
+Next configure URL Rewrite to allow the HTTP_DESTINATION server variable: In
+IIS Manager under URL Rewrite, in the right hand pane click View Server
+Variables and add HTTP_DESTINATION.<br/>
+Finally create a few rewrite rules:
+<ul>
+<li>"ToHttps", if you would like to ensure all Subversion traffic is
+encrypted, this sends an HTTP redirect to the client if the request is sent
+unencrypted.</li>
+<li>"ProxyWithDestination", capturing all requests with the HTTP_DESTINATION
+server variable (ie. all <tt>svn copy</tt> and <tt>svn move</tt> requests).
+The HTTP_DESTINATION header is rewritten and the traffic is forwarded to the
+Subversion server.
+</li>
+<li>"ProxyRest", forwarding all other traffic to the Subversion server.</li>
+</ul>
+The example below can be copied into web.config. It assumes the Subversion
+server is running on port 81 on the same computer as IIS.</p>
+
+<pre>
+<system.webServer>
+ <rewrite>
+ <rules>
+ <clear />
+ <rule name="ToHttps" stopProcessing="true">
+ <match url="(.*)" />
+ <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
+ <add input="{HTTPS}" pattern="^OFF$" />
+ </conditions>
+ <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"/>
+ </rule>
+ <rule name="ProxyWithDestination" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
+ <match url="(.*)" />
+ <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
+ <add input="{HTTP_DESTINATION}" pattern="https://(.*)"/>
+ </conditions>
+ <serverVariables>
+ <set name="HTTP_DESTINATION" value="http://{C:1}" />
+ </serverVariables>
+ <action type="Rewrite" url="http://127.0.0.1:81/{R:0}" logRewrittenUrl="true" />
+ </rule>
+ <rule name="ProxyRest" patternSyntax="ECMAScript" stopProcessing="true">
+ <match url="(.*)" negate="false" />
+ <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
+ <action type="Rewrite" url="http://127.0.0.1:81/{R:0}" logRewrittenUrl="true" />
+ </rule>
+ </rules>
+ </rewrite>
+ <security>
+ <requestFiltering allowDoubleEscaping="true" />
+ </security>
+</system.webServer>
+</pre>
+
+</div>
+
+
<div class="h3" id="paranoid">
<h3>My admins don't want me to have a HTTP server for
Subversion. What can I do if I still want remote usage?
@@ -2062,13 +2199,7 @@ OpenSSH keys and <b><tt>pageant</tt></b>
<p>Setting up <tt>ssh-agent</tt> is outside the scope of this
document, but a <a
href="https://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22ssh-agent%22"
->Google search for "ssh-agent"</a> will quickly get you answers. Or
-if you're <i>really</i> impatient, try this one:</p>
-
-<pre>
- <a href="http://mah.everybody.org/docs/ssh"
- >http://mah.everybody.org/docs/ssh</a>
-</pre>
+>Google search for "ssh-agent"</a> will quickly get you answers.</p>
</div>
@@ -2642,23 +2773,13 @@ divergent branch, while still incorporat
upstream source. This is commonly called a <em>vendor branch</em>
(the term long predates Subversion), and the techniques for
maintaining one in Subversion are <a
-href="https://svnbook.red-bean.com/en/1.4/svn-book.html#svn.advanced.vendorbr"
+href="https://svnbook.red-bean.com/en/1.7/svn-book.html#svn.advanced.vendorbr"
>described here</a>.</p>
<p>If the vendor code is hosted in a remote Subversion repository,
then you can use <a href="https://github.com/francois/piston">Piston</a> to
manage your copy of the vendor's code.</p>
-<p>As a last resort, if using <tt>svn_load_dirs.pl</tt> is taking too
-much time or you're looking for the lazy solution, see also Jon
-Stevens' step-by-step explanation at <a
-href="https://lookfirst.com/2007/11/subversion-vendor-branches-howto.html"
->Subversion Vendor Branches Howto</a>. This solution does not make
-use of the space saving features in the Subversion backend when you
-copy new code over old code; in this solution, each import of a vendor
-code gets an entire new copy and there is no space savings for
-identical files.</p>
-
</div>
<div class="h3" id="undo">
@@ -4379,7 +4500,7 @@ to 1.9+ servers.</p>
title="Link to this section">¶</a>
</h3>
-<p>See Poul-Henning Kamp's post to freebsd-hackers: <a href="https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/misc.html#BIKESHED-PAINTING">https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/misc.html#BIKESHED-PAINTING</a>.
+<p>See Poul-Henning Kamp's post to freebsd-hackers: <a href="https://docs.freebsd.org/en/books/faq/#bikeshed-painting">https://docs.freebsd.org/en/books/faq/#bikeshed-painting</a>.
</p>
</div>
@@ -4471,12 +4592,12 @@ scoring lower and more risky vunerabilit
calculated by determining the metrics of the vunerability and then calculating
the score based on those metrics. If you want to understand how a score was
determined you would need the vector and an understanding of the
-<a href="https://www.first.org/cvss/specification-document#8-CVSS-v3-0-Equations"
+<a href="https://www.first.org/cvss/specification-document#CVSS-v3-1-Equations"
>formula as specified by the standard</a>.
</p>
<p>The vector is an
-<a href="https://www.first.org/cvss/specification-document#6-Vector-String"
+<a href="https://www.first.org/cvss/specification-document#Vector-String"
>abbreviated description</a> of the metrics that apply to the vulnerability.
</p>