I have a dedicated server, running Apache, with several virtual hosts, each with it's own domain. Subversion is setup to use WebDAV, via Apache and an SSL cert. The SSL cert is setup only for one of these domains.
I want to only be able to access the svn repos via the domain which has the SSL cert.
My problem, is that I can also access the repos via my other domains, and even though the SVN authentication is working regardless, I want to restrict to a single domain.
How would I go about configuring this scenario?
If you'll define SVN-Location inside virtualhost (name-based virtusl-hosts used), you'll see repositories only in this host
Dirty (partially ugly) sample
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName svn
<Location />
DAV svn
SVNParentPath /svn/repositories
SVNListParentPath on
AuthType Basic
AuthName "Subversion"
AuthUserFile svn-auth-file
Require valid-user
</Location>
</VirtualHost>
For repository REPO, only http://svn/REPO URL will show conent of repository, for any other virtualhost /REPO in URL must give "Path not found" (if real directory REPO doesn't exist, but - anyway - this is not access to repository)
Related
I'm migrating from Visual SVN on a Windows machine to SVN served via Apache on a Linux machine. So far mostly successfully. I can access the repositories via svn on the command line from multiple machines and browse the repository contents if I put in the full URL of an individual repository into a web browser. It also properly requires authentication.
When I go to the root directory (/svn) in the browser, however, I'm getting an empty listing of repositories. I have found a lot of posts across the internet on the situation where the listing is blocked, i.e. you get an HTTP 403 instead of a listing, but that is not my case. I'm getting a list - it just happens to be empty. That shows in the browser as a well-formed page with nothing between the <ul></ul> tags that would have the contents, and it shows in the Apache logs as a successful (HTTP 200) response given.
So the question is why this happens and how to fix it?
Configuration:
<VirtualHost *:80>
ServerName svn.example.com
Alias /svn /var/lib/svn
<Location /svn>
DAV svn
SVNParentPath "/var/lib/svn/"
SVNListParentPath On
AuthType Basic
AuthName "My Software Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
</Location>
RedirectMatch ^/$ /svn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
There are multiple virtual hosts on this machine. I've shown just the section for the SVN host.
This is the HTML returned when I navigate to svn.example.com/svn in a browser (after authenticating):
<html><head><title>Collection of Repositories</title></head>
<body>
<h2>Collection of Repositories</h2>
<ul>
</ul>
<hr noshade><em>Powered by Apache Subversion version 1.9.5 (r1770682).</em>
</body></html>
Prior to adding the SVNListParentPath on section, I would received instead an HTTP 403, and, to emphasize, that's the case that I see most often addressed here and elsewhere. But that is not my case.
Removing the line Alias /svn /var/lib/svn seems to have fixed the problem without causing any new issues.
I found this by accident dealing with a "redirect cycle", which is addressed by one of the answers to this other question that is otherwise unrelated: What is the cause of "svn: E195019: Redirect cycle detected for URL"?
I got a laravel project uploaded on a vps, I can't understand how to configure all things to have:
more than one site(laravel project) on the vps; (that is is tricky, because all configuration examples that i've found talking about pointing the root of the server to the public laravel's folder)
having .env and .composer and all the system folders not accesible directly;
wich are the right user and permission to set on the various folders;
In my system ive :
www-data classic apache group with standard privileges;
a non root user, used even to access to mysql and ftp service;
a root user;
I'm using apache2 over ubuntu server 16.04.
According to the Question, I assume that you want to host multiple Laravel Sites on the VPS without messing anything up!Here we go!
Let's Assume that you create the Directories of your site in /var/www directory because it's where your Basic Apache directory will be.Configuration for Site 1:
->Virtual Host for Site 1
<VirtualHost *:80>
DocumentRoot "var/www/site1/public"
ServerName www.site1.com
# Other directives here
</VirtualHost>
-> Directory for Site 1 (Upload your Project here): /var/www/site1
Configuration for Site 2:
->Virtual Host for Site 2
<VirtualHost *:80>
DocumentRoot "var/www/site2/public"
ServerName www.site2.com
# Other directives here
</VirtualHost>
-> Directory for Site 2 (Upload your Project here): /var/www/site2
Here is the Trick! As Laravel have its index.php file in the Public Folder of the Project, Your Domains will point to /var/www/site-x/public folder for the specific site! They will have their own composer and config files in /var/www/site-x/ directories of their own! So, This is how you can host multiple Laravel sites on the same VPS without messing anything up! I am using the same technique! I think it's the only one trick to do so! Let me know if that works!
I'm deploying a SSO in Apache webserver against an Active Directory via kerberos (mod_auth_kerb).
The module is installed and configured correctly, when I access apache websites with a logged in user to AD network, Apache receives correctly user's credentials via REMOTE_USER variable. The thing is that I want external users (non AD network ones) to be able to access Apache websites via regular login, but they get a
401 Authorization required
when accessing the websites.
I guess this can be achieved via kerberos configuration but haven't reached the solution. Does anyone know if this is posible with a kerberos location directive or should I configure some workaround for this, such as limiting location access by ip ranges in virtual host configuration Location directive?
My virtual host configuration is:
<VirtualHost *:80>
# General
ServerAdmin packettrc#my.es
DocumentRoot /home/moodle/moodle
ServerName my.es
LogLevel debug
ErrorLog logs/my.es-error.log
CustomLog logs/my.es.log combined
<Location />
AuthType Kerberos
AuthName "Kerberos Login MY"
KrbMethodNegotiate On
KrbMethodK5Passwd Off
KrbServiceName HTTP/my.es#MY.ES
KrbAuthRealms MY.ES
Krb5KeyTab /etc/krb5.keytab
require valid-user
</Location>
</VirtualHost>
Try to replace
Require valid-user
with
Satisfy Any
You can find some insights in this article. Just in case link to Apache's manual.
I am trying to setup SVN with APACHE so that each repository has its own set of .access and .passwd files.
Basically lets take this url: http://svn.thissite.com/repo1 is an address of one of the repository
I have one folder in /var/www/svn/ which contains about 20 different repositories and a set of .access and .passwd files
For the repo1 repository there would be 3 paths relevant:
/var/www/svn/repo1 (SVN repository itself)
/var/www/svn/repo1.access (Contains svn access info)
/var/www/svn/repo1.passwd (Contains SVN user and password for that specific repo)
I have about 20 repositories + relevant .access and .passwd files
So my question is:
What do I need to write in my APACHE2 config files so that it uses the repository name to access the proper .access and .passwd files? I would like a way of having it simple and not a simple copy paste of 20 blocks of tags in APACHE if possible.
Thank you!
EDIT:
Content of repo1.access (Starts with [/] for all 20 repos):
[/]
Name1 = rw
Name2 = rw
Name3 = rw
Content of repo1.passwd (password actually hidden):
Name1:XXXXXXXXXX
Name2:XXXXXXXXXX
Name3:XXXXXXXXXX
I have SVN running via Apache on my home server with multiple repositories. I have each repository set up as a Virtual Host, which then lets you specify unique auth and acl files via the AuthUserFile and AuthzSVNAcces parameters in the config file.
An example Virtual Host for my SVN installation:
<VirtualHost 192.168.1.42:80>
ServerName svn.eidola.its
DocumentRoot /Istas/Library/WebRoot/
<Location "/">
DAV svn
SVNPath /Istas/Library/Subversion/eidola.its
SVNPathAuthz off
AuthType Basic
AuthName "Eidola Repository"
AuthUserFile /Istas/Library/Config/Subversion/users.basic
AuthzSVNAccessFile /Istas/Library/Config/Subversion/eidola.acl
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
Include /Istas/Library/Config/Apache2/svn_rewrite.conf
</VirtualHost>
The svn_rewrite.conf file is used to allow me to access the repository directly at the ServerName, or via WebSVN at a rewritten URL. Obviously, that line would not pertain to your situation. :)
We're setting up Subversion version control in Dreamweaver CS4 and we'd like to transmit our files over SSL. We have it working without SSL. But, when we select HTTPS as the protocol, it's unable to connect. https://thedevserver.edu, DW fails to connect.
Has anyone gotten this to work? Is there something on the Apache or Subversion sides that we're missing?
We have an SVN configuration include file with the following contents:
LoadModule dav_svn_module modules/mod_dav_svn.so
<Location /repos>
DAV svn
SVNParentPath /folder/folder1/SVN_REPOS_folder
SVNListParentPath on
SSLRequireSSL
AuthType Digest
AuthName webdav
AuthDigestDomain /repos
AuthUserFile /some/where/on/the/server
AuthDigestProvider file
Require valid-user
</Location>
I've Included this file in the virtual host file. But, still, DW can't connect using HTTPS.
If you can connect to http repo, but can't to https: this is obviously Apache part - it must support secure connection for used for repository virtualhost or server.
Subversion (mod_dav_svn) in this case work over base httpd-engine