重新配置 Apache 以通過 HTTPS(而不是 HTTP)為 Subversion 儲存庫提供服務
我有 Apache、Redmine (3.3.2.stable) 和 Subversion (1.6.17) 的工作設置;伺服器是 Mac OS X 10.6.8 Snow Leopard。安全問題促使我們將伺服器協議更改為 HTTPS,因此我們使用我們的證書頒發機構進行了簽名。這一切都在執行,現在所有網頁都通過 HTTPS 提供,除了 SVN 儲存庫。
嘗試從原始 HTTTP SVN 中籤出會產生以下結果:
svn co http://my.domain/svn/repos . svn: E175011: Unable to connect to a repository at URL 'http://my.domain/svn/repos' svn: E175011: Repository moved temporarily to 'https://my.domain/svn/repos'; please relocate所以我想這很公平,因為從技術上講,它確實被重新安置了。但是,使用 HTTPS 選項嘗試相同的命令給了我這個:
svn co https://my.domain/svn/repos . Error validating server certificate for 'https://my.domain:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: my.domain - Valid: from Apr 26 13:22:21 2017 GMT until Jul 9 23:59:00 2019 GMT - Issuer: CA, DE(ca@my-ca-auth.de) - Fingerprint: ... (R)eject, accept (t)emporarily or accept (p)ermanently? t Authentication realm: <https://my.domain:443> Redmine SVN Repository Password for 'admin':這也很好,除了它不接受任何 Redmine 使用者帳戶(或本地系統帳戶,就此而言)。對於它的價值,我給你伺服器日誌的相關部分:
[Tue May 09 14:38:12 2017] [error] "DAV Off" cannot be used to turn off a subtree of a DAV-enabled location. [Tue May 09 14:38:12 2017] [error] [client IP] mod_auth_apple: User admin: authentication failure for "/svn": User not found by checkpw [Tue May 09 14:38:12 2017] [error] [client IP] mod_auth_apple: User admin: authentication failure for "/svn": User not found in htaccess file希望有人曾經嘗試過在 Mac 伺服器上做這樣的事情。理想情況下,我想要關於如何將 SVN 伺服器設置從 HTTP 更改為 HTTPS 的分步說明;這至少必須在某個地方(到目前為止我還沒有找到任何東西)。感謝您的任何指示。
編輯:我從下面的 httpd.conf 粘貼相關程式碼:
#this handles SVN authentication through Redmine DB # /svn location for users PerlLoadModule Apache::Redmine <Location "/svn"> DAV Off SVNParentPath "/usr/local/svn" Order deny,allow Deny from all Satisfy any # If a client tries to svn update which involves updating many files, # the update request might result in an error Server sent unexpected # return value (413 Request Entity Too Large) in response to REPORT # request,because the size of the update request exceeds the limit # allowed by the server. You can avoid this error by disabling the # request size limit by adding the line LimitXMLRequestBody 0 # between the <Location...> and </Location> lines. LimitXMLRequestBody 0 # Only check Authentication for root path, nor again for recursive # folder. # Redmine core does only permit access on repository level, so this # doesn't hurt security. On the other hand it does boost performance # a lot! SVNPathAuthz off PerlAccessHandler Apache::Authn::Redmine::access_handler PerlAuthenHandler Apache::Authn::Redmine::authen_handler AuthType Basic AuthName "Redmine SVN Repository" AuthUserFile /dev/null #read-only access <Limit GET PROPFIND OPTIONS REPORT> Require valid-user Satisfy any </Limit> # write access <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> ## for mysql RedmineDSN "DBI:mysql:database=redmine;host=localhost" RedmineDbUser 'user' RedmineDbPass 'password'
現在正在工作。事實證明,Apache 配置已更改為
DAV Off在<Location "/svn">指令中包含該行。這應該是真的DAV svn(見http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl)。在此更改之後,簽出儲存庫再次工作(在接受伺服器證書之後)。從 Redmine 中瀏覽儲存庫仍然不起作用,因為 Redmine 安裝仍然指向舊的 (http) 儲存庫地址。這是發出 MySQL 命令的問題,如下所示:http ://www.redmine.org/boards/1/topics/14577 (在我的情況下,我可以使用 phpMyAdmin)。