On Wed, 2004-10-06 at 23:47, Stefan C.Kremer wrote:
> Hi,
>
> I'm new to subversion, but have been impressed so far. I am trying to
> set up a subversion server using dav_svn 1.0.6-2 under apache2 (2.0.52)
> (with Debian).
>
> I want to use AuthType basic, but don't want my passwords and data
> transmitted as plain text. So, I enabled SSL and can access everything
> via https (so far so good).
>
> I don't trust my users to remember to use https instead of http, so I
> would like to turn off non-ssl connections to the repository to make
> sure no-one accidentally transmits their password in plain text.
The following is slightly simplified version of what we do (some stuff
not relevant to your question removed, and we actually do it with
small per-repository files Included into a framework) - in the main
configuration file:
################################################################
# this section configures read-only access over http
################################################################
<VirtualHost scm.sipfoundry.org>
ServerName scm.sipfoundry.org
Include conf.d/scm.SHARED.conf
################################################################
## Project sipXpbx
################################################################
<Location /rep/sipXpbx/>
<LimitExcept GET PROPFIND OPTIONS REPORT>
Deny from all
</LimitExcept>
</Location>
</VirtualHost>
################################################################
# this section configures read-write access over https
################################################################
<VirtualHost scm.sipfoundry.org:443>
ServerName scm.sipfoundry.org:443
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/scm.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/scm.key
Include conf.d/scm.SHARED.conf
################################################################
## Project sipXpbx
################################################################
<Location /rep/sipXpbx/>
<LimitExcept GET PROPFIND OPTIONS REPORT>
Satisfy all
SSLRequireSSL
Require group sipX sipXpbx
</LimitExcept>
</Location>
</VirtualHost>
================== scm.SHARED.conf =====================================
### Included into scm.{ANON,USER}.conf
###
### This configures all the scm content that is not project-specific
###
DocumentRoot /home/www/scm
<Directory /home/www/scm/>
Allow from all
</Directory>
<Location /rep>
DAV svn
# any "/rep/foo" URL will map to a repository /scm/rep/foo
SVNParentPath /scm/rep
Allow from all
# For any operations other than these, require an authenticated user.
<LimitExcept GET PROPFIND OPTIONS REPORT>
Satisfy All
Allow from all
Require valid-user
</LimitExcept>
</Location>
--
Scott Lawrence
Consulting Engineer
Pingtel Corp.
sip:slawrence@pingtel.com
+1.781.938.5306 x162
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Oct 7 14:35:09 2004