[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Determine repository based on ssh host

From: Kalin KOZHUHAROV <kalin_at_thinrope.net>
Date: 2005-12-28 14:50:47 CET

Max Bowsher wrote:
> Kalin KOZHUHAROV wrote:
>
>>>Max Bowsher wrote:
>>>
>>>
>>>>Clint Priest wrote:
>>>>
>>>>
>>>>
>>>>>>Hey there,
>>>>>>
>>>>>>I'm new to using subversion and it just rocks, quite amazing! I'm
>>>>>>trying to figure out how I can do something similar to virtual hosting,
>>>>>>except using ssh.
>>>>>>
>>>>>>Ideally I would like to be able to do something like:
>>>>>>
>>>>>>svn checkout svn+ssh://user@host1.example.com/project/trunk
>>>>>>
>>>>>>-and-
>>>>>>
>>>>>>svn checkout svn+ssh://user@host2.example.com/project2/trunk
>>>>>>
>>>>>>Where host1.example.com and host2.example.com are really the same
>>>>>>machine, however authenticating by the different host would select a
>>>>>>different 'svnserve -r /path/to/repos' command.
>>>>>>
>>>>>>Can you think of any way to do this?
>>>>
>>>>
>>>>The only possibility I can see is if the two hostnames actually resolve
>>>>to separate IP addresses - i.e. IP-based virtual hosting, not name-based
>>>>virtual-hosting. If this was the case, you could replace svnserve with a
>>>>wrapper which looked at the SSH_CONNECTION environment variable.
>>>
>>>A bit of debuggind and I think the above is not possible:
>
> ....
>
>>>Everyhting is converted to IP addresses.
>
> Uhh, yes, so? That's exactly why I specified separate IP addresses were
> needed.

[unsnip]
>>> Hmm, now that I read it again you ask for something else... the reverse actually.
[/unsnip]
That is why :-) I misunderstood Clint's question at first glance, but I have already written the answer.

>>>On a side note, why do you want svn+ssh? Just go with https and you have the apache name based
>>>virtual hosting for free :-)
>
>
> Possible, though you would need a special wildcard SSL certificate to
> avoid certificate validation errors, since (as currently deployed) HTTPS
> is only capable of supporting name-based virtual hosting for a group of
> subdomains having a common parent domain.

Aha, the certificate validation... forgot about that.

So, if you get a certificate for *.example.com you can use HTTPS name based hosting with apache
(have to try to issue/sign such a certificate with `openssl ca` and then test). If possible that
will be expensive with trusted certificates (say VeriSign).

To use normal "server sertificates", for each certificate you can have one IP+port pair. So you
either use several IPs/host (ip based virtual hosting) or several ports (port base virtual hosting?)
or both at the same time.

As ssh does not provide for name based virtual hosting you are stuck with IP and/or port based
virtual hosting. If you change the client and server software (to send/use a variable like HTTP/1.1
HOST header), then you may implement name based virtual hosting as well.

Hope I am clearer now, but I am sleepier than yesterday, so hope != certainty at all.

Kalin.

P.S. Fixed subject as well.

-- 
|[ ~~~~~~~~~~~~~~~~~~~~~~ ]|
+-> http://ThinRope.net/ <-+
|[ ______________________ ]|
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Dec 28 14:53:59 2005

This is an archived mail posted to the Subversion Users mailing list.