====== Apache ======

===== SSL =====
There are different ways of accessing SVN repositories. The one used here is WebDAV protocol with SSL encryption (https). A few things have to be done before repositories can be created:
<code>
a2enmod ssl
a2ensite default-ssl
htpasswd -c /etc/subversion/passwd username1
htpasswd /etc/subversion/passwd username2
/etc/init.d/apache2 restart
</code>
''htpasswd -c'' creates a new files (which is necessary at the beginning), but will also overwrite existing files - be careful!

[[https://help.ubuntu.com/community/forum/server/apache2/SSL|SSL Install Method]]\\
[[http://en.newinstance.it/2009/08/27/tutorial-ubuntu-904-apache-with-ssl-subversion-over-http-https-and-trac/|Install Tutorial: Ubuntu 9.04, Apache with SSL, Subversion over HTTP / HTTPs, and Trac]]

===== Subdomains =====
''/etc/apache2/httpd.conf''
<file>
<VirtualHost *:80>
  ServerName host.com
  DocumentRoot /var/www
</VirtualHost>

<VirtualHost *:80>
  ServerName whatever.host.com
  DocumentRoot /var/www/whatever
</VirtualHost>

<VirtualHost *:443>
  ServerName bla.host.com
  DocumentRoot /var/www/bla
  SSLEngine On
  SSLCertificateFile /etc/ssl/private/cert-file.crt
  SSLProtocol all
  SSLCipherSuite HIGH:MEDIUM
</VirtualHost>
</file>

===== Rewrite HTTP -> HTTPS =====
Required Apache module: ''rewrite''\\
''.htaccess''
<file>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</file>

Alternative: ''/etc/apache2/httpd.conf''
<file>
<VirtualHost *:80>
  ServerName abc.host.com
  RewriteEngine On
  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</VirtualHost>
</file>

[[http://httpd.apache.org/docs/1.3/misc/rewriteguide.html|URL Rewriting Guide]]

===== WebDAV =====
Required Apache module: ''dav_fs''\\
Requires password file created with ''htpasswd''\\
First create the directory:
<code>
mkdir /home/webdav
chown www-data:www-data /home/webdav
</code>

''/etc/apache2/mods-enabled/dav_fs.conf''
<file>
<VirtualHost *:443>
  ServerName files.host.com
  SSLEngine On
  SSLCertificateFile /etc/ssl/private/cert-file.crt
  SSLProtocol all
  SSLCipherSuite HIGH:MEDIUM
  DocumentRoot /home/webdav
  <Location />
    Dav On
    AuthType Basic
    AuthName "File Storage"
    AuthUserFile /etc/apache2/passwd
    Require valid-user
  </Location>
</VirtualHost>
</file>

===== Create self-signed SSL certificate =====
Generate a Private Key
<code>
openssl genrsa -des3 -out server.key 1024
</code>

Generate a CSR (Certificate Signing Request)
<code>
openssl req -new -key server.key -out server.csr
</code>
''Common Name = host.com''\\
There can only be one SSL certificate per IP. If multiple subdomains use https, they will have to share the same certificate. Hence the common name has to chosen appropriately by using a wildcard, for example ''*.host.com''.

Remove Passphrase from Key
<code>
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
</code>

Generate a Self-Signed Certificate
<code>
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
</code>

Install the Private Key and Certificate
<code>
cp server.crt /path/to/ssl.crt
cp server.key /path/to/ssl.key
</code>
:!: make sure that normal users cannot read these files

Configure SSL Enabled Virtual Hosts
<code>
...
SSLEngine on
SSLCertificateFile /path/to/ssl.crt
SSLCertificateKeyFile /path/to/ssl.key
...
</code>

Restart Apache and Test

[[http://www.akadia.com/services/ssh_test_certificate.html|How to create a self-signed SSL Certificate]]