Re: How to redirect http to https with Apache/SVN/SSL [SOLVED]



Arthur Pemberton wrote:
On Mon, May 11, 2009 at 12:18 PM, Daniel B. Thurman <dant@xxxxxxxxx> wrote:
Arthur Pemberton wrote:
On Mon, May 11, 2009 at 9:51 AM, Daniel B. Thurman <dant@xxxxxxxxx> wrote:

Patrick W. Barnes wrote:

On Sunday 10 May 2009 19:26:51 Daniel B. Thurman wrote:


DRAT! TYPO!

Should be:

<VirtualHost host.domain.com:80>
ServerName host.domain.com
CustomLog /svn/Admin/logs/access.log combined
ErrorLog /svn/Admin/logs/error.log
SSLProxyEngine on
ProxyPass / https://host.domain.com/
ProxyPassReverse / https://host.domain.com/
</VirtualHost>

<VirtualHost host.domain.com:443>
[...]
</VirtualHost>

My mistake was the 2nd VirtualHost clause where 80 should be 443:

Now, that's better ;)


Keep in mind that having Apache proxy non-HTTPS queries will mean that
the
link from the client to the server will NOT be SSL-protected. Traffic
from
the SVN client to your server will be in the clear.


Sigh, I tested http://[...] and it appears that SSL certification is not
being requested, so it appears that you are correct.

I will keep trying. If anyone has a (potential) solution, please let me
know?

Why don't you just turn of http? And/or redirect all http to https?

Then that would mean that my normal website for anonymous users
would be forced use https when it is not required?

As it is, I could just drop the <VirtualHost host.domain.com:80>
code block for subversion and who cares if subversion reports an error
for those attempting to use the http:[...]/svn/svnX string, as it would
not be allowed except for https.

Seems nicer to force http to https only for /svn requests but perhaps
there is no solution/support for it... from what I can tell, others have
claimed to get this to work but I have not been able to duplicate it.

Put a redirect to https inside a <Location> tag then
I tried that, it does not work:
$ svn list http://host.domain.com/svn/svn1
svn: PROPFIND request failed on '/svn/svn1'
svn: PROPFIND of '/svn/svn1': 301 Moved Permanently (http://host.domain.com)

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines



Relevant Pages

  • Re: cross-domain
    ... domain usually can't run your script on their server (who can't/won't afford ... I cannot view/spy/log the requests. ... Ajax Cross Domain can run over HTTPS or HTTP. ...
    (comp.lang.javascript)
  • Re: permanent redirect and ssl
    ... so the server sends the 301 response and the browser interprets ... > Since the redirect over HTTPS is happening correctly (next to the Cert ... > behavior that cannot be controlled by the server. ... this site gets all requests to our ip EXCEPT ...
    (microsoft.public.inetserver.iis.security)
  • Re: How to redirect http to https with Apache/SVN/SSL [SOLVED]
    ... My mistake was the 2nd VirtualHost clause where 80 should be 443: ... link from the client to the server will NOT be SSL-protected. ... And/or redirect all http to https? ... code block for subversion and who cares if subversion reports an error ...
    (Fedora)
  • Certificates and DNS
    ... I'm pretty new at the use of HTTPS and I'm hoping someone can help me along. ... I have a W2K server running Mobile Information Server. ... The ISA server is set up to forward requests to MIS.xantrion.com to this ... The problem is the certificate I got from the internal cert server has the ...
    (microsoft.public.inetserver.iis.security)
  • Virtual servers and proxies for https and ftp
    ... I have a setup with several virtual servers for different uses for websites - one for the main web server, one for a test server, one ... There is also one virtual machine that acts as the gateway, using apache with virtual hosts and Proxy directives to pass requests on to the appropriate virtual machine. ... I know that the https traffic could not be passed on to more than one back end server directly. ...
    (comp.os.linux.networking)