Https

重新配置 Apache 以通過 HTTPS(而不是 HTTP)為 Subversion 儲存庫提供服務

  • May 16, 2017

我有 Apache、Redmine (3.3.2.stable) 和 Subversion (1.6.17) 的工作設置;伺服器是 Mac OS X 10.6.8 Snow Leopard。安全問題促使我們將伺服器協議更改為 HTTPS,因此我們使用我們的證書頒發機構進行了簽名。這一切都在執行,現在所有網頁都通過 HTTPS 提供,除了 SVN 儲存庫。

嘗試從原始 HTTTP SVN 中籤出會產生以下結果:

svn co http://my.domain/svn/repos .
svn: E175011: Unable to connect to a repository at URL 'http://my.domain/svn/repos'
svn: E175011: Repository moved temporarily to 'https://my.domain/svn/repos'; please relocate

所以我想這很公平,因為從技術上講,它確實被重新安置了。但是,使用 HTTPS 選項嘗試相同的命令給了我這個:

svn co https://my.domain/svn/repos .
Error validating server certificate for 'https://my.domain:443':
- The certificate is not issued by a trusted authority. 
Use the fingerprint to validate the certificate manually!
Certificate information:
- Hostname: my.domain
- Valid: from Apr 26 13:22:21 2017 GMT until Jul  9 23:59:00 2019 GMT
- Issuer: CA, DE(ca@my-ca-auth.de)
- Fingerprint: ...
(R)eject, accept (t)emporarily or accept (p)ermanently? t
Authentication realm: <https://my.domain:443> Redmine SVN Repository
Password for 'admin':

這也很好,除了它不接受任何 Redmine 使用者帳戶(或本地系統帳戶,就此而言)。對於它的價值,我給你伺服器日誌的相關部分:

[Tue May 09 14:38:12 2017] [error] "DAV Off" cannot be used to turn off a subtree of a DAV-enabled location.
[Tue May 09 14:38:12 2017] [error] [client IP] mod_auth_apple: User admin: authentication failure for "/svn": User not found by checkpw
[Tue May 09 14:38:12 2017] [error] [client IP] mod_auth_apple: User admin: authentication failure for "/svn": User not found in htaccess file

希望有人曾經嘗試過在 Mac 伺服器上做這樣的事情。理想情況下,我想要關於如何將 SVN 伺服器設置從 HTTP 更改為 HTTPS 的分步說明;這至少必須在某個地方(到目前為止我還沒有找到任何東西)。感謝您的任何指示。

編輯:我從下面的 httpd.conf 粘貼相關程式碼:

#this handles SVN authentication through Redmine DB
# /svn location for users
PerlLoadModule Apache::Redmine
&lt;Location "/svn"&gt;
DAV Off
SVNParentPath "/usr/local/svn"
Order deny,allow
Deny from all
Satisfy any
# If a client tries to svn update which involves updating many files,
# the update request might result in an error Server sent unexpected
# return value (413 Request  Entity Too Large) in response to REPORT
# request,because the size of the update request exceeds the limit
# allowed by the server. You can avoid this error by disabling the
# request size limit by adding the line LimitXMLRequestBody 0
# between the &lt;Location...&gt; and &lt;/Location&gt; lines. 
LimitXMLRequestBody 0
# Only check Authentication for root path, nor again for recursive
# folder.
# Redmine core does only permit access on repository level, so this
# doesn't hurt security. On the other hand it does boost performance
# a lot!
SVNPathAuthz off
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
AuthType Basic
AuthName "Redmine SVN Repository"
AuthUserFile /dev/null
#read-only access    
&lt;Limit GET PROPFIND OPTIONS REPORT&gt;
   Require valid-user
   Satisfy any
&lt;/Limit&gt;
# write access
&lt;LimitExcept GET PROPFIND OPTIONS REPORT&gt;
   Require valid-user
&lt;/LimitExcept&gt;
## for mysql
RedmineDSN "DBI:mysql:database=redmine;host=localhost"
RedmineDbUser 'user'
RedmineDbPass 'password'

現在正在工作。事實證明,Apache 配置已更改為DAV Off&lt;Location "/svn"&gt;指令中包含該行。這應該是真的DAV svn(見http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl)。在此更改之後,簽出儲存庫再次工作(在接受伺服器證書之後)。從 Redmine 中瀏覽儲存庫仍然不起作用,因為 Redmine 安裝仍然指向舊的 (http) 儲存庫地址。這是發出 MySQL 命令的問題,如下所示:http ://www.redmine.org/boards/1/topics/14577 (在我的情況下,我可以使用 phpMyAdmin)。

引用自:https://serverfault.com/questions/849040