[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn+ssh vs. https (different access methods)

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: Thu, 9 Feb 2012 07:54:29 -0600

On Thu, Feb 9, 2012 at 3:15 AM, <d.guthmann_at_gmx.net> wrote:
> Hello,
> first of all: I'm really sorry for the missing subject-line.
> -------- original message --------
>> Will it stay with access on the repositories only or is it will your
>> external devs need access to test infrastructure, documentation or
>> whatever, too? In the latter case I would prefer setting up a proper
>> VPN infrastructure which allows you to use Apache as the svn host for
>> your external devs and only let them see specific networks they need
>> via routing, firewall etc.
> Normally I would agree to you, but it would be too extensive to gave only to that part of our network, which is necessary for that project, when using a VPN-Client. So the VPN-Connection would be restricted only to the Subversion-Service, so I seems to be easier to set up a SSH-Tunnel than a VPN-Service.
> A better solution would be a kind of proxy-service that I can place in the DMZ... is there a working proxy-solution for subversion?
> Some time ago I've gave access to a subversion-repository via a reverse-proxy running on apache... that wasn't working properly...
> Are there other proxy-like services which will work well with subversion?

What kind of trouble did you have with apache in the reverse-proxy
mode? I've had that working and I think the only issue was that the
relative path had to be the same as the actual target. That is you
can't proxy http:/realhost/svn as http://proxyhost/somewhere/svn.
Also for a straight passthrough you might run stunnel accepting https
from outside your dmz, connecting to http on the inside server.

   Les Mikesell
Received on 2012-02-09 14:55:03 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.