重新配置 Apache 以通过 HTTPS(而不是 HTTP)提供 Subversion 存储库

tag-icon tag-icon https svn mac-osx-server apache2 redmine
重新配置 Apache 以通过 HTTPS(而不是 HTTP)提供 Subversion 存储库

我有一个 Apache、Redmine(3.3.2.stable)以及 Subversion(1.6.17)的工作设置;服务器是 Mac OS X 10.6.8 Snow Leopard。出于安全考虑,我们将服务器协议更改为 HTTPS,因此我们使用了我们的证书颁发机构进行签名。所以一切都在运行,现在所有网页都通过 HTTPS 提供服务,SVN 存储库除外。

尝试从原始 HTTTP SVN 中签出,得到以下结果:

svn co http://my.domain/svn/repos .
svn: E175011: Unable to connect to a repository at URL 'http://my.domain/svn/repos'
svn: E175011: Repository moved temporarily to 'https://my.domain/svn/repos'; please relocate

所以我认为这是合理的,因为从技术上讲它确实被重新定位了。但是,尝试使用 HTTPS 选项执行相同的命令会得到以下结果:

svn co https://my.domain/svn/repos .
Error validating server certificate for 'https://my.domain:443':
- The certificate is not issued by a trusted authority. 
Use the fingerprint to validate the certificate manually!
Certificate information:
- Hostname: my.domain
- Valid: from Apr 26 13:22:21 2017 GMT until Jul  9 23:59:00 2019 GMT
- Issuer: CA, DE([email protected])
- Fingerprint: ...
(R)eject, accept (t)emporarily or accept (p)ermanently? t
Authentication realm: <https://my.domain:443> Redmine SVN Repository
Password for 'admin':

这也很好,只是它不接受任何 Redmine 用户帐户(或本地系统帐户)。 无论如何,我给你提供了服务器日志的相关部分:

[Tue May 09 14:38:12 2017] [error] "DAV Off" cannot be used to turn off a subtree of a DAV-enabled location.
[Tue May 09 14:38:12 2017] [error] [client IP] mod_auth_apple: User admin: authentication failure for "/svn": User not found by checkpw
[Tue May 09 14:38:12 2017] [error] [client IP] mod_auth_apple: User admin: authentication failure for "/svn": User not found in htaccess file

希望有人曾经尝试在 Mac 服务器上执行过类似操作。理想情况下,我希望获得有关如何将 SVN 服务器设置从 HTTP 更改为 HTTPS 的分步说明;这至少应该在某个地方(到目前为止我还没有找到任何东西)。感谢您的任何指点。

编辑:我在下面粘贴了 httpd.conf 中的相关代码:

#this handles SVN authentication through Redmine DB
# /svn location for users
PerlLoadModule Apache::Redmine
<Location "/svn">
DAV Off
SVNParentPath "/usr/local/svn"
Order deny,allow
Deny from all
Satisfy any
# If a client tries to svn update which involves updating many files,
# the update request might result in an error Server sent unexpected
# return value (413 Request  Entity Too Large) in response to REPORT
# request,because the size of the update request exceeds the limit
# allowed by the server. You can avoid this error by disabling the
# request size limit by adding the line LimitXMLRequestBody 0
# between the <Location...> and </Location> lines. 
LimitXMLRequestBody 0
# Only check Authentication for root path, nor again for recursive
# folder.
# Redmine core does only permit access on repository level, so this
# doesn't hurt security. On the other hand it does boost performance
# a lot!
SVNPathAuthz off
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
AuthType Basic
AuthName "Redmine SVN Repository"
AuthUserFile /dev/null
#read-only access    
<Limit GET PROPFIND OPTIONS REPORT>
    Require valid-user
    Satisfy any
</Limit>
# write access
<LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
</LimitExcept>
## for mysql
RedmineDSN "DBI:mysql:database=redmine;host=localhost"
RedmineDbUser 'user'
RedmineDbPass 'password'

答案1

现在一切正常。原来 Apache 配置已被更改,以在指令DAV Off中包含该行<Location "/svn">。这确实应该是DAV svn(请参阅http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl)。进行此更改后,再次签出存储库即可(接受服务器证书后)。从 Redmine 内部浏览存储库仍然不起作用,因为 Redmine 安装仍然指向旧的(http)存储库地址。这是发出 MySQL 命令的问题,如下所示:http://www.redmine.org/boards/1/topics/14577(就我而言,我可以使用 phpMyAdmin 来实现这一点)。

答案2

看起来您正在尝试使用用户 ID“admin”访问您的 Subversion 存储库。这可能是由于您没有提供明确的用户 ID,因此将采用发出 svn 命令的用户 ID。在上面的示例中,这似乎是“admin”。

接下来,从日志条目判断,服务器要求对用户“admin”进行身份验证,但 checkpw 和 htaccess 文件都找不到该用户。

您必须将管理员添加到 htaccess 文件,或者更可能的情况是,您必须在 svn 命令中提供 OS X 服务器或 htaccess 文件中存在的用户 ID。例如:

svn co https://[email protected]/svn/repos .

相关内容