Reverse Proxy Server 2: SVN3 over https: Difference between revisions
Reverse Proxy Server 2: SVN3 over https (view source)
Revision as of 08:18, 24 November 2010
, 24 November 2010Reverted edits by Upazixorys (Talk); changed back to last version by Ric
Upazixorys (talk | contribs) No edit summary |
m (Reverted edits by Upazixorys (Talk); changed back to last version by Ric) |
||
| Line 1: | Line 1: | ||
{{Nav reverse proxy server}} | {{Nav reverse proxy server}} | ||
| Line 13: | Line 12: | ||
If you have no already done so create a new server certificate for the proxy server as follows: | If you have no already done so create a new server certificate for the proxy server as follows: | ||
* Run server_a | * Run server_a | ||
* Left click tray icon select '''Advanced''' | * Left click tray icon select '''Advanced''' > '''Server certificate and key generator''' | ||
* Press Enter at all prompts | * Press Enter at all prompts | ||
This creates an new server certificate and key pair, in addition enables https in Apache's configuration file. | This creates an new server certificate and key pair, in addition enables https in Apache's configuration file. | ||
| Line 25: | Line 24: | ||
Add the following code: | Add the following code: | ||
<pre> | |||
ProxyPass /svn/ http://localhost:83/svn/ | ProxyPass /svn/ http://localhost:83/svn/ | ||
<Location /svn/ > | |||
ProxyPassReverse /svn/ | ProxyPassReverse /svn/ | ||
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE> | |||
Order Deny,Allow | Order Deny,Allow | ||
Allow from all | Allow from all | ||
Satisfy Any | Satisfy Any | ||
</Limit> | |||
</Location> | |||
</pre> | |||
The code is placed almost at the end of the file just above | The code is placed almost at the end of the file just above </VirtualHost> as shown below | ||
<pre> | |||
#== Most problems of broken clients are related to the HTTP | #== Most problems of broken clients are related to the HTTP | ||
# keep-alive facility. Disable keep-alive for those clients. | # keep-alive facility. Disable keep-alive for those clients. | ||
SetEnvIf User-Agent | SetEnvIf User-Agent ".*MSIE.*" \ | ||
nokeepalive ssl-unclean-shutdown \ | nokeepalive ssl-unclean-shutdown \ | ||
downgrade-1.0 force-response-1.0 | downgrade-1.0 force-response-1.0 | ||
ProxyPass /svn/ http://localhost:83/svn/ | ProxyPass /svn/ http://localhost:83/svn/ | ||
<Location /svn/ > | |||
ProxyPassReverse /svn/ | ProxyPassReverse /svn/ | ||
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE> | |||
Order Deny,Allow | Order Deny,Allow | ||
Allow from all | Allow from all | ||
Satisfy Any | Satisfy Any | ||
</Limit> | |||
</Location> | |||
</VirtualHost> | |||
</pre> | |||
=== Test === | === Test === | ||
| Line 61: | Line 60: | ||
* Start server_a | * Start server_a | ||
* Start server_c | * Start server_c | ||
* Type '''https:''' | * Type '''https:'''<nowiki>//localhost/svn/</nowiki>''' | ||
'''''Result'':''' Collection of Repositories page displayed, click the link '''myproject''' or whatever you named your repository and have a browse. | '''''Result'':''' Collection of Repositories page displayed, click the link '''myproject''' or whatever you named your repository and have a browse. | ||
| Line 69: | Line 68: | ||
Using your client either '''copy''' or '''move''' a file within the repository you will receive a '''Bad Gateway''' error message e.g. | Using your client either '''copy''' or '''move''' a file within the repository you will receive a '''Bad Gateway''' error message e.g. | ||
<pre> | |||
Error: Error while performing action: COPY of ../perl/Run.bat: 502 Bad Gateway (https://localhost) | Error: Error while performing action: COPY of ../perl/Run.bat: 502 Bad Gateway (https://localhost) | ||
</pre> | |||
'''''[[#top | Top]]''''' | '''''[[#top | Top]]''''' | ||
| Line 82: | Line 81: | ||
Interestingly mod_dav validates only the scheme and not host-name this makes the solution a one liner. | Interestingly mod_dav validates only the scheme and not host-name this makes the solution a one liner. | ||
Add this line | Add this line | ||
<pre> | |||
RequestHeader edit Destination ^https://(.*)$ http://$1 | RequestHeader edit Destination ^https://(.*)$ http://$1 | ||
</pre> | |||
It translates the destination header from '''https''' to '''http''' thus keeping DAV happy | It translates the destination header from '''https''' to '''http''' thus keeping DAV happy | ||
Edit file: C:\server_a\UniServer\usr\local\apache2\conf\ssl.conf add the line above location as shown below: | Edit file: C:\server_a\UniServer\usr\local\apache2\conf\ssl.conf add the line above location as shown below: | ||
<pre> | |||
RequestHeader edit Destination ^https://(.*)$ http://$1 | RequestHeader edit Destination ^https://(.*)$ http://$1 | ||
ProxyPass /svn/ http://localhost:83/svn/ | ProxyPass /svn/ http://localhost:83/svn/ | ||
<Location /svn/ > | |||
ProxyPassReverse /svn/ | ProxyPassReverse /svn/ | ||
<Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE> | |||
Order Deny,Allow | Order Deny,Allow | ||
Allow from all | Allow from all | ||
Satisfy Any | Satisfy Any | ||
</Limit> | |||
</Location> | |||
</pre> | |||
'''''[[#top | Top]]''''' | '''''[[#top | Top]]''''' | ||
| Line 106: | Line 105: | ||
* Start server_a | * Start server_a | ||
* Start server_c | * Start server_c | ||
* Type '''https:''' | * Type '''https:'''<nowiki>//localhost/svn/</nowiki>''' | ||
'''''Result'':''' Collection of Repositories page displayed, click the link '''myproject''' or whatever you named your repository and have a browse. | '''''Result'':''' Collection of Repositories page displayed, click the link '''myproject''' or whatever you named your repository and have a browse. | ||
| Line 126: | Line 125: | ||
{| | {| | ||
|-valign= | |-valign="middle" | ||
| [[Image:uc_small_logo.gif]] || [[User:Ric|Ric]] | | [[Image:uc_small_logo.gif]] || [[User:Ric|Ric]] | ||
|} | |} | ||
[[Category: Uniform Server 5.0-Nano]] | [[Category: Uniform Server 5.0-Nano]] | ||