How to redirect http to https with Apache/SVN/SSL

Craig White craigwhite at azapple.com
Mon May 11 17:54:50 UTC 2009 

On Mon, 2009-05-11 at 10:25 -0700, Daniel B. Thurman wrote:
> Patrick W. Barnes wrote:
> > On Monday 11 May 2009 11:18:53 Craig White wrote:
> >   
> >> On Mon, 2009-05-11 at 07:44 -0700, Daniel B. Thurman wrote:
> >>     
> >>> Craig White wrote:
> >>>       
> >>>> ----
> >>>> try...
> >>>>
> >>>> RedirectPermanent /svn/ https://host.domain.com/svn
> >>>>
> >>>> Craig
> >>>>         
> >>> Thanks, but it does not work:
> >>> $ svn list http://host.domain.com/svn/svn1
> >>> svn: PROPFIND request failed on '/svn/svn1'
> >>> svn: PROPFIND of '/svn/svn1': 301 Moved Permanently
> >>> (http://host.domain.com)
> >>>       
> >> ----
> >> if this is what it actually reported, then you didn't implement
> >> correctly. What is document root in /etc/http/conf.d/ssl.conf ?
> >>
> >>     
> >
> > Actually, that is exactly the documented behavior.  RedirectPermanent sends 
> > back a 301 status message to the client.  A web browser would respond by 
> > quietly following the redirect, but Subversion does not do that.  Subversion, 
> > when presented with any 30x redirect, will dump a message and fail rather than 
> > follow the redirect... which is exactly why it will never do what Daniel wants 
> > it to do.
> >   
> So, does that mean there is no solution that can work for what I
> am trying to do?  I was also hoping to confine redirection only
> to the /svn location.
> 
>  From everywhere I looked on the Internet, many claim to get it
> working but I have not been able to duplicate it.  I constantly get
> various errors from the different schemes I have tried, to force
> redirection from http to https for subversion @ /svn only.
> 
> Using the Proxy command, it sorta works but as you pointed it out,
> and I have verified it, the http works except that it does not actually
> "switch" to https asking for an SSL self-signed certificate but it works
> if I use the https:// URL string.
> 
> I sure hope it is not something I have done wrong in my conf.d/*.conf
> files as I discovered that my early attempts in setting up a basic SVN
> setup was foiled by having system-config-httpd.conf overriding everything
> and by removing this file, I was able to get to the point where I am now.
----
I use PermanentRedirect to give end users simplified URL's and redirect
them to a much more complicated path so they don't have to type that
into various web browsers and it works.

If I were using SVN & WebDAV, I would want them to use the direct URL
and not try to sleight of hand because there could be so many different
clients that react in different and unpredictable ways and for the most
part, once the client has been given the URL, the configuration is done.
Also, if the redirect is a self-signed certificate, various clients may
not be expecting them, let alone never being able to figure out how to
deal with them.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the fedora-list mailing list