cmsimike Posted January 11, 2008 Share Posted January 11, 2008 hello all. i have a subversion repository set up through apache. i also have an ssl set up in order to access this subversion repository. the address to access the repository site is svn.example.com, which has the ip mapped to the server. the problem i am having is, though i have no problem accessing the repository through https://svn.example.com/, i can also get to it like this https://<ip that svn.cmsimike.com maps to>, or any other domain name that maps back to the server (for instance https://www.example2.com/ also then accesses the subversion repository). my question is, how can i set up apache to only respond with my subversion repository when only accessing it through https://svn.example.com/ ? here is the sites-available config i am using to get the ssl'ed website up. (i've changed a few things just for security sake) NameVirtualHost <private internal ip>.210:443 <VirtualHost svn.example.com:443> ServerName svn.example.com ServerAdmin webmaster@localhost LogLevel warn ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM <Location /work> DAV svn SVNPath /srv/svn/work AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/subversion/passwd-work Require valid-user </Location> ServerSignature OFF </VirtualHost> thanks for your help! Quote Link to comment Share on other sites More sharing options...
steviewdr Posted January 13, 2008 Share Posted January 13, 2008 Put in another virtualhost for 443, and place it before svn.example.com in the apache conf. The first VirtualHost picked up by apache becomes default for https://ip.address/ -steve Quote Link to comment Share on other sites More sharing options...
cmsimike Posted January 13, 2008 Author Share Posted January 13, 2008 now it looks like: NameVirtualHost *:443 <VirtualHost *:443> </VirtualHost> <VirtualHost svn.example.com:443> ServerName svn.example.com ServerAdmin webmaster@localhost LogLevel warn ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM <Location /work> DAV svn SVNPath /srv/svn/work AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/subversion/passwd-work Require valid-user </Location> ServerSignature OFF </VirtualHost> and it is still not working Quote Link to comment Share on other sites More sharing options...
steviewdr Posted January 13, 2008 Share Posted January 13, 2008 Put in at least a little info in the first Vhost!! NameVirtualHost *:443 <VirtualHost *:443> ServerName example.com ErrorLog /var/www/error.log TransferLog /var/www/access.log DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM </VirtualHost> <VirtualHost svn.example.com:443> ServerName svn.example.com ServerAdmin webmaster@localhost LogLevel warn ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM <Location /work> DAV svn SVNPath /srv/svn/work AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/subversion/passwd-work Require valid-user </Location> ServerSignature OFF </VirtualHost> Accessing via https://ipaddress will show the first vhost which is config'd properly. -steve Quote Link to comment Share on other sites More sharing options...
cmsimike Posted January 13, 2008 Author Share Posted January 13, 2008 now i have this. when i comment out the second virtual host, the rewrite works. however if i uncomment it, it still defaults to the second virtual host no matter what: by the way, thank you so very much with your input so far. this is definitely a lot further than i've ever gotten! NameVirtualHost *:443 <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM RewriteEngine On RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^/(.*) http://www.example.com/$1 [L,R] </VirtualHost> <VirtualHost svn.example.com:443> ServerName svn.example.com ServerAdmin webmaster@localhost LogLevel warn ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log SSLEngine on SSLCertificateFile /etc/apache2/ssl/svn.example.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM <Location /work> DAV svn SVNPath /srv/svn/work AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/subversion/passwd-work Require valid-user </Location> ServerSignature OFF </VirtualHost> Quote Link to comment Share on other sites More sharing options...
steviewdr Posted January 14, 2008 Share Posted January 14, 2008 Your missing a ServerName from your first VirtualHost. You need to put a ServerName e.g. ServerName www.example.com or misc.example.com in the first VirtualHost. Once the first VirtualHost has a ServerName and is working, then it will be the default for http://ip.address. -steve Quote Link to comment Share on other sites More sharing options...
cmsimike Posted January 14, 2008 Author Share Posted January 14, 2008 i was worried that putting servername in there would screw things up since the main site (www.example.com) is hosted offsite. i will try that thanks Quote Link to comment Share on other sites More sharing options...
cmsimike Posted January 14, 2008 Author Share Posted January 14, 2008 Your missing a ServerName from your first VirtualHost. You need to put a ServerName e.g. ServerName www.example.com or misc.example.com in the first VirtualHost. Once the first VirtualHost has a ServerName and is working, then it will be the default for http://ip.address. -steve NameVirtualHost *:443 <VirtualHost *:443> ServerName example.com ErrorLog /var/www/error.log TransferLog /var/www/access.log DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM </VirtualHost> <VirtualHost svn.example.com:443> ServerName svn.example.com ServerAdmin webmaster@localhost LogLevel warn ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM <Location /work> DAV svn SVNPath /srv/svn/work AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/subversion/passwd-work Require valid-user </Location> ServerSignature OFF </VirtualHost> Accessing via https://ipaddress will show the first vhost which is config'd properly. -steve Report to moderator Logged How to Install and Setup Various Linux Services :: http://wiki.kartbuilding.net cmsimike n00bie * Online Online Posts: 4 View Profile Email Re: setting up a website to only answer when accessed through a subdomain? « Reply #4 on: Yesterday at 04:43:16 PM » Reply with quoteQuote now i have this. when i comment out the second virtual host, the rewrite works. however if i uncomment it, it still defaults to the second virtual host no matter what: by the way, thank you so very much with your input so far. this is definitely a lot further than i've ever gotten! NameVirtualHost *:443 <VirtualHost *:443> ServerName www.example.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM RewriteEngine On RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^/(.*) http://www.example.com/$1 [L,R] </VirtualHost> <VirtualHost svn.example.com:443> ServerName svn.example.com ServerAdmin webmaster@localhost LogLevel warn ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log SSLEngine on SSLCertificateFile /etc/apache2/ssl/svn.example.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM <Location /work> DAV svn SVNPath /srv/svn/work AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/subversion/passwd-work Require valid-user </Location> ServerSignature OFF </VirtualHost> added the servername line and it is not working. Quote Link to comment Share on other sites More sharing options...
steviewdr Posted January 18, 2008 Share Posted January 18, 2008 What does https://ip.address show? Try using this code, and make sure you have cut out any old vhosts which may be stored elsewhere. NameVirtualHost *:80 NameVirtualHost *:443 <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName www.example.com DocumentRoot /var/www/ # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost> <VirtualHost *:443> ServerName www.example.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM RewriteEngine On RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^/(.*) http://www.example.com/$1 [L,R] </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName svn.example.com DocumentRoot /var/www/svn.example.com/ # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined ServerSignature On </VirtualHost> <VirtualHost *:443> ServerName svn.example.com ServerAdmin webmaster@localhost LogLevel warn ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log SSLEngine on SSLCertificateFile /etc/apache2/ssl/svn.example.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM <Location /work> DAV svn SVNPath /srv/svn/work AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/subversion/passwd-work Require valid-user </Location> ServerSignature OFF </VirtualHost> Quote Link to comment Share on other sites More sharing options...
cmsimike Posted January 18, 2008 Author Share Posted January 18, 2008 https://ip.address is the base for my subversion repository if i were to add, https://ip.address/work, i get to that repository. i guess i should note that www.example.com isnt hosted on the same computer. www.example.com is hosted by a hosted company. i just set up a subdomain svn.example.com that points to the computer hosting the subversion repository. not sure if that makes a difference or not. thanks for the input. i will try it out in a few and let you know Quote Link to comment Share on other sites More sharing options...
cmsimike Posted January 27, 2008 Author Share Posted January 27, 2008 thanks you all so far for the help. the previous conf example is working almost as intended. i can only access the repository from svn.example.com now, however now the problem i am running into is that, since example.com uses two ssl certs (one for the regular site, for the redirection, the other for the svn site specifically) now no matter what site i go to, it uses the first ssl cert. is there any way to correct this? thanks again ! Quote Link to comment Share on other sites More sharing options...
steviewdr Posted January 28, 2008 Share Posted January 28, 2008 There can only be 1 ssl cert per ip address. This is because the ssl negotiation must take place first (in order to have a secure connection), before any vhost negotiation. Typically I use a wildcard SSL cert, e.g. *.example.com for multiple vhosts. -steve Quote Link to comment Share on other sites More sharing options...
cmsimike Posted January 28, 2008 Author Share Posted January 28, 2008 There can only be 1 ssl cert per ip address. This is because the ssl negotiation must take place first (in order to have a secure connection), before any vhost negotiation. Typically I use a wildcard SSL cert, e.g. *.example.com for multiple vhosts. -steve oh i had NO idea you could do wildcard SSL certs. i will try that. thanks! Quote Link to comment Share on other sites More sharing options...
cmsimike Posted January 28, 2008 Author Share Posted January 28, 2008 thank you all very much for all the help. the server is now working exactly how i wanted it to! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.