G'day all,
I'm going quickly insane attempting to set up a Subversion
("http://subversion.tigris.org";) repository to be accessed
through the Apache HTTPD over HTTPS and was hoping you lovely
campers would be able to offer me some help...
Here's the story (as I understand it):
- I'm running Apache HTTPD 2.2.0 with the prefork MPM under
FreeBSD 6.0-RELEASE
- I have to use a "<Location (...)>" directive to instruct
the HTTPD to pass requests for "https://www.nickwithers.com/svn/
(...)" through mod_dav
- Whilst I can get the thing to work without dramas over
HTTP, the "<Location (...)>" directive appears to be silently
ignored over HTTPS - Requests for
"https://nickwithers.com/svn/downtime";, for instance, produce
the output "client denied by server
configuration: /usr/local/www/data/svn" in the configured error
log
- I can access other data over HTTPS (i.e.: My SquirrelMail
installation)
Here's a (vaguely) sanitised version of my "httpd.conf":
_____
ServerRoot "/usr/local"
Listen 80
LoadModule authn_file_module libexec/apache22/mod_authn_file.so
LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so
LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so
LoadModule authn_default_module
libexec/apache22/mod_authn_default.so LoadModule
authz_host_module libexec/apache22/mod_authz_host.so LoadModule
authz_groupfile_module libexec/apache22/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache22/mod_authz_user.so
LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so
LoadModule authz_owner_module
libexec/apache22/mod_authz_owner.so LoadModule
authz_default_module libexec/apache22/mod_authz_default.so
LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
LoadModule auth_digest_module
libexec/apache22/mod_auth_digest.so LoadModule
file_cache_module libexec/apache22/mod_file_cache.so LoadModule
cache_module libexec/apache22/mod_cache.so LoadModule
disk_cache_module libexec/apache22/mod_disk_cache.so LoadModule
include_module libexec/apache22/mod_include.so LoadModule
filter_module libexec/apache22/mod_filter.so LoadModule
charset_lite_module libexec/apache22/mod_charset_lite.so
LoadModule deflate_module libexec/apache22/mod_deflate.so
LoadModule log_config_module libexec/apache22/mod_log_config.so
LoadModule logio_module libexec/apache22/mod_logio.so
LoadModule env_module libexec/apache22/mod_env.so LoadModule
mime_magic_module libexec/apache22/mod_mime_magic.so LoadModule
cern_meta_module libexec/apache22/mod_cern_meta.so LoadModule
expires_module libexec/apache22/mod_expires.so LoadModule
headers_module libexec/apache22/mod_headers.so LoadModule
usertrack_module libexec/apache22/mod_usertrack.so LoadModule
unique_id_module libexec/apache22/mod_unique_id.so LoadModule
setenvif_module libexec/apache22/mod_setenvif.so LoadModule
proxy_module libexec/apache22/mod_proxy.so LoadModule
proxy_connect_module libexec/apache22/mod_proxy_connect.so
LoadModule proxy_ftp_module libexec/apache22/mod_proxy_ftp.so
LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so
LoadModule proxy_ajp_module libexec/apache22/mod_proxy_ajp.so
LoadModule proxy_balancer_module
libexec/apache22/mod_proxy_balancer.so LoadModule ssl_module
libexec/apache22/mod_ssl.so LoadModule mime_module
libexec/apache22/mod_mime.so LoadModule dav_module
libexec/apache22/mod_dav.so LoadModule dav_svn_module
libexec/apache22/mod_dav_svn.so LoadModule status_module
libexec/apache22/mod_status.so LoadModule autoindex_module
libexec/apache22/mod_autoindex.so LoadModule asis_module
libexec/apache22/mod_asis.so LoadModule info_module
libexec/apache22/mod_info.so LoadModule cgi_module
libexec/apache22/mod_cgi.so LoadModule dav_fs_module
libexec/apache22/mod_dav_fs.so LoadModule vhost_alias_module
libexec/apache22/mod_vhost_alias.so LoadModule
negotiation_module libexec/apache22/mod_negotiation.so
LoadModule dir_module libexec/apache22/mod_dir.so LoadModule
imagemap_module libexec/apache22/mod_imagemap.so LoadModule
actions_module libexec/apache22/mod_actions.so LoadModule
speling_module libexec/apache22/mod_speling.so LoadModule
userdir_module libexec/apache22/mod_userdir.so LoadModule
alias_module libexec/apache22/mod_alias.so LoadModule
rewrite_module libexec/apache22/mod_rewrite.so LoadModule
php4_module libexec/apache22/libphp4.so LoadModule
authz_svn_module libexec/apache22/mod_authz_svn.so
<IfModule !mpm_winnt_module>
<IfModule !mpm_netware_module>
User www
Group www
</IfModule>
</IfModule>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot "/usr/local/www/data"
<Directory />
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>
ErrorLog /var/log/httpd-error.log
LogLevel warn
<IfModule log_config_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%
{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b"
common
<IfModule logio_module>
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%
{User-Agent}i\" %I %O" combinedio </IfModule>
CustomLog /var/log/httpd-access.log combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/"
</IfModule>
<Directory "/usr/local/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
DefaultType text/plain
<IfModule mime_module>
TypesConfig etc/apache22/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Include etc/apache22/httpd-ssl.conf
</IfModule>
ServerTokens Prod
ServerSignature Off
NameVirtualHost *:80
<Directory /usr/local/www/data/nickwithers.com>
Order allow,deny
Allow from all
</Directory>
<Directory /usr/local/www/svn>
Order allow,deny
Allow from all
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /etc/svn/auth-user
Require valid-user
</Directory>
<Location /svn>
DAV svn
SVNParentPath /usr/local/www/svn
AuthzSVNAccessFile /etc/svn/http-access-policy
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /etc/svn/auth-user
Require valid-user
</Location>
<VirtualHost *:80>
ServerName nickwithers.com
ServerAlias nickwithers.com www.nickwithers.com
DocumentRoot /usr/local/www/data/nickwithers.com
CustomLog /var/log/httpd-nickwithers.com-access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName nickwithers.net
ServerAlias nickwithers.net www.nickwithers.net
DocumentRoot /usr/local/www/data/nickwithers.com
CustomLog /var/log/httpd-nickwithers.net-access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName nickwithers.org
ServerAlias nickwithers.org www.nickwithers.org
DocumentRoot /usr/local/www/data/nickwithers.com
CustomLog /var/log/httpd-nickwithers.org-access.log combined
</VirtualHost>
# (More unrelated directories and VirtualHosts, including several
# that are proxied off to other internal servers through
# mod_proxy)
Include etc/apache22/Includes/*.conf
_____
...And the "httpd-ssl.conf":
_____
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
<VirtualHost _default_:443>
DocumentRoot "/usr/local/www/data"
ServerName nickwithers.com:443
ServerAdmin [EMAIL PROTECTED]
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log
SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile (PATH)/server.crt
SSLCertificateKeyFile (PATH)/server.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd-ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Alias /squirrelmail "/usr/local/www/squirrelmail"
<Directory /usr/local/www/squirrelmail>
SSLRequireSSL
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
_____
I've tried whacking the "<Location (...)>" directive in the
"<VirtualHost _default_:443>" section of the "httpd-ssl.conf"
file too, to no avail...
Any ideas? It's bound to be me doing something daft! I'm
thinking all this VirtualHost stuff might be biting me somehow.
Thanks!
--
Nick Withers
email: [EMAIL PROTECTED]
Web: http://www.nickwithers.com
Mobile: +61 414 397 446
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
