On Thursday 07 October 2004 05:47, Stefan C. Kremer wrote:
> I don't trust my users to remember to use https instead of http, so I
> would like to turn off non-ssl connections to the repository to make
> sure no-one accidentally transmits their password in plain text.
>
> I still have some other stuff served by apache that should work with
> non-ssl http, so I don't want to turn off non-ssl connections site
> wide, just to the repository.
>
> I thought I could just add the SSLRequireSSL directive to the
> "Location" block of the dav_svn configuration but this seems to have no
> effect and I can still access the repository with unencryped
> connections.
>
> Any solutions, advice, sympathy?
If you are using Debian, create two sites (/etc/apache2/sites-available):
---default---
<VirtualHost _default_:80>
#...put all unencrypted stuff here
</VirtualHost>
-------
---ssl---
<VirtualHost _default_:443>
SSLRequireSSL
#put all encrypted stuff here
#you'll find a good example config in /usr/share/doc/apache2/examples
</VirtualHost>
------
Then symlink both sites to sites-enabled and reload Apache.
I did this a week ago: http://silmor.de/page/apache2 and
http://silmor.de/page/subversion
Konrad
--
New GPG-Key: A2DA207D
Fingerprint: ACEB BA51 4C77 A030 0687 2B58 0A5B 7BEB A2DA 207D
- application/pgp-signature attachment: stored
Received on Thu Oct 7 07:51:19 2004