On Thu, Mar 31, 2005 at 01:48:40PM +0100, Dick Davies wrote:
> * Seth Daniel <subversion@sethdaniel.org> [0329 00:29]:
> > Hello,
> >
> > I have a setup where my subversion repository is hosted on a
> > local/private network and if someone is *outside* this network they can
> > make requests to the public reverse proxy.
> >
> > Both servers (subversion server and reverse proxy) are apache 2.0.53.
> > Connections to the reverse proxy are https. The connection to the
> > internal subversion server is regular http. Authentication is basic
> > auth and is handled by the internal subversion server.
>
> That's your problem, I think. I haven't seen this with subversion, but I
> did tunnelling to https:// webdav through stunnel on a mac (the finder
> doesn't support ssl, long story).
>
> In a nutshell, DAV moves and copys use fully qualified urls, so the copy
> is asking the server to move to https://yadadyada and it thinks that's a
> different server.
> It's not the request url (which your proxy would rewrite) but the
> url which is passed in one of the headers
> (I forget which, think it's something like Destination:).
> If it was a relative url it would work. wonder why it's not?
>
> for dav I used cadaver -debug to confirm, you might need tcpdump for svn.
I used tethereal and, indeed, the Destination header is for the external
address and not for the internal address.
Thanks for your help. I guess I'll need to setup my internal server to
deal with https too. Hm.
--
seth / @sethdaniel.org
A is for Apple.
-- Hester Pryne
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Mar 31 18:05:00 2005