Apache

Apache

SSL

There are different ways of accessing SVN repositories. The one used here is WebDAV protocol with SSL encryption (https). A few things have to be done before repositories can be created:

a2enmod ssl
a2ensite default-ssl
htpasswd -c /etc/subversion/passwd username1
htpasswd /etc/subversion/passwd username2
/etc/init.d/apache2 restart

htpasswd -c creates a new files (which is necessary at the beginning), but will also overwrite existing files - be careful!

SSL Install Method
Install Tutorial: Ubuntu 9.04, Apache with SSL, Subversion over HTTP / HTTPs, and Trac

Subdomains

/etc/apache2/httpd.conf

<VirtualHost *:80>
  ServerName host.com
  DocumentRoot /var/www
</VirtualHost>

<VirtualHost *:80>
  ServerName whatever.host.com
  DocumentRoot /var/www/whatever
</VirtualHost>

<VirtualHost *:443>
  ServerName bla.host.com
  DocumentRoot /var/www/bla
  SSLEngine On
  SSLCertificateFile /etc/ssl/private/cert-file.crt
  SSLProtocol all
  SSLCipherSuite HIGH:MEDIUM
</VirtualHost>

Rewrite HTTP -> HTTPS

Required Apache module: rewrite
.htaccess

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Alternative: /etc/apache2/httpd.conf

<VirtualHost *:80>
  ServerName abc.host.com
  RewriteEngine On
  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</VirtualHost>

URL Rewriting Guide

WebDAV

Required Apache module: dav_fs
Requires password file created with htpasswd
First create the directory:

mkdir /home/webdav
chown www-data:www-data /home/webdav

/etc/apache2/mods-enabled/dav_fs.conf

<VirtualHost *:443>
  ServerName files.host.com
  SSLEngine On
  SSLCertificateFile /etc/ssl/private/cert-file.crt
  SSLProtocol all
  SSLCipherSuite HIGH:MEDIUM
  DocumentRoot /home/webdav
  <Location />
    Dav On
    AuthType Basic
    AuthName "File Storage"
    AuthUserFile /etc/apache2/passwd
    Require valid-user
  </Location>
</VirtualHost>

Create self-signed SSL certificate

Generate a Private Key

openssl genrsa -des3 -out server.key 1024

Generate a CSR (Certificate Signing Request)

openssl req -new -key server.key -out server.csr

Common Name = host.com
There can only be one SSL certificate per IP. If multiple subdomains use https, they will have to share the same certificate. Hence the common name has to chosen appropriately by using a wildcard, for example *.host.com.

Remove Passphrase from Key

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Generate a Self-Signed Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Install the Private Key and Certificate

cp server.crt /path/to/ssl.crt
cp server.key /path/to/ssl.key

make sure that normal users cannot read these files

Configure SSL Enabled Virtual Hosts

...
SSLEngine on
SSLCertificateFile /path/to/ssl.crt
SSLCertificateKeyFile /path/to/ssl.key
...

Restart Apache and Test

How to create a self-signed SSL Certificate

Table of Contents

Apache

SSL

Subdomains

Rewrite HTTP -> HTTPS

WebDAV

Create self-signed SSL certificate