How to redirect http to https with Apache/SVN/SSL [SOLVED]
Daniel B. Thurman
dant at cdkkt.com
Mon May 11 22:10:12 UTC 2009
Arthur Pemberton wrote:
> On Mon, May 11, 2009 at 12:18 PM, Daniel B. Thurman <dant at cdkkt.com> wrote:
>
>> Arthur Pemberton wrote:
>>
>>> On Mon, May 11, 2009 at 9:51 AM, Daniel B. Thurman <dant at cdkkt.com> wrote:
>>>
>>>
>>>> Patrick W. Barnes wrote:
>>>>
>>>>
>>>>> On Sunday 10 May 2009 19:26:51 Daniel B. Thurman wrote:
>>>>>
>>>>>
>>>>>
>>>>>> DRAT! TYPO!
>>>>>>
>>>>>> Should be:
>>>>>>
>>>>>> <VirtualHost host.domain.com:80>
>>>>>> ServerName host.domain.com
>>>>>> CustomLog /svn/Admin/logs/access.log combined
>>>>>> ErrorLog /svn/Admin/logs/error.log
>>>>>> SSLProxyEngine on
>>>>>> ProxyPass / https://host.domain.com/
>>>>>> ProxyPassReverse / https://host.domain.com/
>>>>>> </VirtualHost>
>>>>>>
>>>>>> <VirtualHost host.domain.com:443>
>>>>>> [...]
>>>>>> </VirtualHost>
>>>>>>
>>>>>> My mistake was the 2nd VirtualHost clause where 80 should be 443:
>>>>>>
>>>>>> Now, that's better ;)
>>>>>>
>>>>>>
>>>>>>
>>>>> Keep in mind that having Apache proxy non-HTTPS queries will mean that
>>>>> the
>>>>> link from the client to the server will NOT be SSL-protected. Traffic
>>>>> from
>>>>> the SVN client to your server will be in the clear.
>>>>>
>>>>>
>>>>>
>>>> Sigh, I tested http://[...] and it appears that SSL certification is not
>>>> being requested, so it appears that you are correct.
>>>>
>>>> I will keep trying. If anyone has a (potential) solution, please let me
>>>> know?
>>>>
>>>>
>>> Why don't you just turn of http? And/or redirect all http to https?
>>>
>>>
>> Then that would mean that my normal website for anonymous users
>> would be forced use https when it is not required?
>>
>> As it is, I could just drop the <VirtualHost host.domain.com:80>
>> code block for subversion and who cares if subversion reports an error
>> for those attempting to use the http:[...]/svn/svnX string, as it would
>> not be allowed except for https.
>>
>> Seems nicer to force http to https only for /svn requests but perhaps
>> there is no solution/support for it... from what I can tell, others have
>> claimed to get this to work but I have not been able to duplicate it.
>>
>
> Put a redirect to https inside a <Location> tag then
>
I tried that, it does not work:
$ svn list http://host.domain.com/svn/svn1
svn: PROPFIND request failed on '/svn/svn1'
svn: PROPFIND of '/svn/svn1': 301 Moved Permanently (http://host.domain.com)
More information about the fedora-list
mailing list