We're setting up Subversion version control in Dreamweaver CS4 and we'd like to transmit our files over SSL. We have it working without SSL. But, when we select HTTPS as the protocol, it's unable to connect. https://thedevserver.edu, DW fails to connect.
Has anyone gotten this to work? Is there something on the Apache or Subversion sides that we're missing?
We have an SVN configuration include file with the following contents:
LoadModule dav_svn_module modules/mod_dav_svn.so
<Location /repos>
DAV svn
SVNParentPath /folder/folder1/SVN_REPOS_folder
SVNListParentPath on
SSLRequireSSL
AuthType Digest
AuthName webdav
AuthDigestDomain /repos
AuthUserFile /some/where/on/the/server
AuthDigestProvider file
Require valid-user
</Location>
I've Included this file in the virtual host file. But, still, DW can't connect using HTTPS.
If you can connect to http repo, but can't to https: this is obviously Apache part - it must support secure connection for used for repository virtualhost or server.
Subversion (mod_dav_svn) in this case work over base httpd-engine
Related
I am trying to Setup Server dictated configurations on my Subversion repository which is served by an Apache 2.4 server.
Based on the information I found one has to alter the SVN configuration file on the server but which one is used by the mod_dav_svn module of the Apache Server?
I already tried different ones (Admin, Public) but none worked.
Does anybody know which configuration file is used by this module?
Thanks,
Thomas
As I know the SVN config file is the user and not to the server. The only things you have to do is give apache user write permission on svn repo and config the apache.
Here is a example of apache config file, repo available at http://mysserver/SVN_REPO1
LoadModule dav_svn_module modules/mod_dav_svn.so
<IfModule mod_dav_svn.c>
Alias /SVN_REPO "/PATH_TO/SVN_REPO"
<Location /SVN_REPO1>
DAV svn
SVNPath "/PATH_TO/SVN_REPO"
SVNPathAuthz Off # More faster but don't check permission permission in all parenth path ( - security)
AuthzSVNAccessFile "/path_to_/authz"
require valid-user
Satisfy Any
Options MultiViews
Require all granted
</Location>
I have created SVN host using:
<Location /svn>
DAV svn
SVNParentPath /home/xxx/xxx/xxx/xxx/Main_Folder/company-1
AuthType Basic
SVNListParentPath On
AuthName "Test"
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>`
Although I have specified user privileges in svnserve.conf, it does not seem to "take it" because I can access the repository (see below) without any prompt for user/password.
Can you please point what am I doing wrong?
Thanks!
Read the docs, it seems that you use a wrong configuration file.
Configuration settings in the file svnserve.conf do not have any effect in this particular case. Your server runs Apache and Apache does not process svnserve.conf. This configuration file is used by svnserve custom server only.
Platform: Windows Server 2008 R2
Apache 2.2.23 (win32)/SSL 1.0.0j upgrading to Apache 2.4.23 (win32)/SSL 1.0.2h
CollabNet Subversion Client SVNServe 1.7.8
Trac 1.0.9 (win32)
Python 2.7.1
On a Windows server, I had Subversion and Trac interacting nicely when running Apache 2.2.23, Subversion 1.7.8 with Trac 1.0.9 and the mod_python module. Access to Trac projects was permitted based on access control groups defined in the subversion access control file. The setting of the AuthzSVNAccessFile variable in the httpd.conf file pointed to the subversion access control file, e:/etc/.svnaccess. If the user had access to a subversion repo, then they had access to the associated Trac project, otherwise access was denied.
The httpd.conf file contained the following:
<Location /trac>
SVNParentPath e:/svn_repository
AuthzSVNAccessFile "E:/etc/.svnaccess"
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir e:\trac
PythonOption TracUriRoot /trac
AuthType SSPI
SSPIAuth On
SSPIOfferSSPI Off
SSPIAuthoritative On
SSPIDomain <domaincontroller>
SSPIOmitDomain Off
SSPIUsernameCase lower
SSPIPerRequestAuth On
SSPIOfferBasic On
AuthName "UTAS TRAC Login (Use domain\userid format)"
Require valid-user
</Location>
I then had to upgrade Apache/SSL to 2.4.23, 1.0.2h. With this upgrade, mod_python was obsoleted so I had to switch to use mod_wsgi load module. I added in the mod_wsgi.so load module and modified the config file to remove the Python-related settings (keeping the AuthzSVNAccessFile setting), and adding in mod_wsgi info.
After the Apache upgrade, the httpd.conf file contained:
<Location /trac>
SVNParentPath e:/svn_repository
AuthzSVNAccessFile "E:/etc/.svnaccess"
AuthType SSPI
SSPIAuth On
SSPIOfferSSPI Off
SSPIAuthoritative On
SSPIDomain <domaincontroller>
SSPIOmitDomain Off
SSPIUsernameCase lower
SSPIPerRequestAuth On
SSPIOfferBasic On
AuthName "UTAS TRAC Login (Use domain\userid format)"
Require valid-user
</Location>
WSGIScriptAlias /trac e:/trac/trac.wsgi
<Directory "e:/trac">
WSGIApplicationGroup %{GLOBAL}
Order deny,allow
Allow from all
</Directory>
The e:/trac/trac.wsgi has the following in it:
import os
import trac.web.main
import site
site.addsitedir('e:\Python\Lib\site-packages')
os.environ['PYTHON_EGG_CACHE'] = r'c:\Trac-Python-Egg-Cache'
def application(environ, start_response):
environ['trac.env_parent_dir'] = r'e:\trac'
return trac.web.main.dispatch_request(environ, start_response)
The trac.ini file (for Beth_test project) has these critical sections, same as before the Apache upgrade:
[components]
tracopt.versioncontrol.svn.* = enabled
tracstats.* = enabled
[repositories]
Beth_test.dir = e:\svn_repository\Beth_test
Beth_test.description = This is the ‘Beth_test’ project repository on the Test svn server.
Beth_test.type = svn
Beth_test.url = https://<my_server>/svn/Beth_test
Beth_test.hidden = true
tsvn = tsvn: Interact with TortoiseSvn
[trac]
authz_file = E:\etc\.svnaccess
permission_policies = AuthzSourcePolicy, DefaultPermissionPolicy, LegacyAttachmentPolicy
permission_store = DefaultPermissionStore
repository_dir = e:\svn_repository\Beth_test
repository_type = svn
…plus a bunch of other settings
My directory structure on the server is:
E:\svn_repository\
Beth_test
SVN_test
E:\trac\
Beth_test
SVN_test
When I bring up the Trac url after entering my active directory credentials, I see the 2 Trac projects listed. However when I click on a project, it gives me access to it even though I have not added my id to the access control group associated with the subversion Beth_test repo. With TortoiseSVN I am properly blocked, but with Trac using the mod_wsgi module, I can (erroneously) access the Trac project and subsequently browse the subversion source.
There is nothing useful in the Apache or Trac log files.
Any idea why Trac no longer follows the subversion access control permissions after upgrading Apache and switching from mod_python to mod_wsgi?
I had been playing with the svn access control file, and my id was in the admin group. The admin group had r/w access to the top-level slash (/) directory. Consequently, my id had access to all repositories since I did not remove permissions in each repo for the admin group. Once I removed my id from the admin directory, both svn and trac followed the repo's groups defined access.
I have a dedicated server, running Apache, with several virtual hosts, each with it's own domain. Subversion is setup to use WebDAV, via Apache and an SSL cert. The SSL cert is setup only for one of these domains.
I want to only be able to access the svn repos via the domain which has the SSL cert.
My problem, is that I can also access the repos via my other domains, and even though the SVN authentication is working regardless, I want to restrict to a single domain.
How would I go about configuring this scenario?
If you'll define SVN-Location inside virtualhost (name-based virtusl-hosts used), you'll see repositories only in this host
Dirty (partially ugly) sample
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName svn
<Location />
DAV svn
SVNParentPath /svn/repositories
SVNListParentPath on
AuthType Basic
AuthName "Subversion"
AuthUserFile svn-auth-file
Require valid-user
</Location>
</VirtualHost>
For repository REPO, only http://svn/REPO URL will show conent of repository, for any other virtualhost /REPO in URL must give "Path not found" (if real directory REPO doesn't exist, but - anyway - this is not access to repository)
I am trying to set up an SVN server on a Linux server, but I am facing the issue in setting up the server:
Below is the configuration I did:
<Location /svn>
DAV svn
SVNParentPath /home/subver/public_html/svn
AuthType Basic
AuthName "Subversion repositories"
AuthUserFile /etc/svn-auth-users
Require valid-user
</Location>
When I try to checkout from my local machine I am getting this error:
Redirect cycle detected for URL 'http:///svn'
Never place repositories physically under ordinary web-root - it's extremely bad and insecure and error-full idea
SVNParentPath /home/subver/public_html/svn + <Location /svn> is your problem. If public_html is web-root of "just Apache" (and it seems so) you have real subdirectory /svn, which you try to redefine with "virtual" Location under the same path and get permanent redirect between these two locations: real and virtual, as expected by any good Apache-admin
Move repositories outside web-space (YOU MUST DO IT), change SVNParentPath accordingly to new location.
Lame and lazy solution, source of future big headache - use another path, than /svn, for Location container