Re: How to redirect http to https with Apache/SVN/SSL [SOLVED]

["Daniel B. Thurman" <dant@xxxxxxxxx>]

Arthur Pemberton wrote:
> On Mon, May 11, 2009 at 12:18 PM, Daniel B. Thurman <dant@xxxxxxxxx> wrote:
>   
> > Arthur Pemberton wrote:
> >     
> > > On Mon, May 11, 2009 at 9:51 AM, Daniel B. Thurman <dant@xxxxxxxxx> wrote:
> > >
> > >       
> > > > Patrick W. Barnes wrote:
> > > >
> > > >         
> > > > > On Sunday 10 May 2009 19:26:51 Daniel B. Thurman wrote:
> > > > >
> > > > >
> > > > >           
> > > > > > DRAT!  TYPO!
> > > > > >
> > > > > > Should be:
> > > > > >
> > > > > > <VirtualHost host.domain.com:80>
> > > > > >  ServerName host.domain.com
> > > > > >  CustomLog /svn/Admin/logs/access.log combined
> > > > > >  ErrorLog  /svn/Admin/logs/error.log
> > > > > >  SSLProxyEngine on
> > > > > >  ProxyPass / https://host.domain.com/
> > > > > >  ProxyPassReverse / https://host.domain.com/
> > > > > > </VirtualHost>
> > > > > >
> > > > > > <VirtualHost host.domain.com:443>
> > > > > >  [...]
> > > > > > </VirtualHost>
> > > > > >
> > > > > > My mistake was the 2nd VirtualHost clause where 80 should be 443:
> > > > > >
> > > > > > Now, that's better ;)
> > > > > >
> > > > > >
> > > > > >             
> > > > > Keep in mind that having Apache proxy non-HTTPS queries will mean that
> > > > > the
> > > > > link from the client to the server will NOT be SSL-protected.  Traffic
> > > > > from
> > > > > the SVN client to your server will be in the clear.
> > > > >
> > > > >
> > > > >           
> > > > Sigh,  I tested http://[...] and it appears that SSL certification is not
> > > > being requested, so it appears that you are correct.
> > > >
> > > > I will keep trying.  If anyone has a (potential) solution, please let me
> > > > know?
> > > >
> > > >         
> > > Why don't you just turn of http? And/or redirect all http to https?
> > >
> > >       
> > Then that would mean that my normal website for anonymous users
> > would be forced use https when it is not required?
> >
> > As it is, I could just drop the <VirtualHost host.domain.com:80>
> > code block for subversion and who cares if subversion reports an error
> > for those attempting to use the http:[...]/svn/svnX string, as it would
> > not be allowed except for https.
> >
> > Seems nicer to force http to https only for /svn requests but perhaps
> > there is no solution/support for it...  from what I can tell, others have
> > claimed to get this to work but I have not been able to duplicate it.
> >     
>
> Put a redirect to https inside a <Location> tag then
>   
I tried that, it does not work:
$ svn list http://host.domain.com/svn/svn1
svn: PROPFIND request failed on '/svn/svn1'
svn: PROPFIND of '/svn/svn1': 301 Moved Permanently (http://host.domain.com)

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines