httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Withers <n...@nickwithers.com>
Subject [users@httpd] <Location (...)> Directive Under HTTPS
Date Fri, 03 Mar 2006 04:09:22 GMT
G'day all,

I'm going quickly insane attempting to set up a Subversion
("http://subversion.tigris.org") repository to be accessed
through the Apache HTTPD over HTTPS and was hoping you lovely
campers would be able to offer me some help...

Here's the story (as I understand it):
  - I'm running Apache HTTPD 2.2.0 with the prefork MPM under
FreeBSD 6.0-RELEASE
  - I have to use a "<Location (...)>" directive to instruct
the HTTPD to pass requests for "https://www.nickwithers.com/svn/
(...)" through mod_dav
  - Whilst I can get the thing to work without dramas over
HTTP, the "<Location (...)>" directive appears to be silently
ignored over HTTPS - Requests for
"https://nickwithers.com/svn/downtime", for instance, produce
the output "client denied by server
configuration: /usr/local/www/data/svn" in the configured error
log
  - I can access other data over HTTPS (i.e.: My SquirrelMail
installation)

Here's a (vaguely) sanitised version of my "httpd.conf":
_____

ServerRoot "/usr/local"

Listen 80

LoadModule authn_file_module libexec/apache22/mod_authn_file.so
LoadModule authn_dbm_module libexec/apache22/mod_authn_dbm.so
LoadModule authn_anon_module libexec/apache22/mod_authn_anon.so
LoadModule authn_default_module
libexec/apache22/mod_authn_default.so LoadModule
authz_host_module libexec/apache22/mod_authz_host.so LoadModule
authz_groupfile_module libexec/apache22/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache22/mod_authz_user.so
LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so
LoadModule authz_owner_module
libexec/apache22/mod_authz_owner.so LoadModule
authz_default_module libexec/apache22/mod_authz_default.so
LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
LoadModule auth_digest_module
libexec/apache22/mod_auth_digest.so LoadModule
file_cache_module libexec/apache22/mod_file_cache.so LoadModule
cache_module libexec/apache22/mod_cache.so LoadModule
disk_cache_module libexec/apache22/mod_disk_cache.so LoadModule
include_module libexec/apache22/mod_include.so LoadModule
filter_module libexec/apache22/mod_filter.so LoadModule
charset_lite_module libexec/apache22/mod_charset_lite.so
LoadModule deflate_module libexec/apache22/mod_deflate.so
LoadModule log_config_module libexec/apache22/mod_log_config.so
LoadModule logio_module libexec/apache22/mod_logio.so
LoadModule env_module libexec/apache22/mod_env.so LoadModule
mime_magic_module libexec/apache22/mod_mime_magic.so LoadModule
cern_meta_module libexec/apache22/mod_cern_meta.so LoadModule
expires_module libexec/apache22/mod_expires.so LoadModule
headers_module libexec/apache22/mod_headers.so LoadModule
usertrack_module libexec/apache22/mod_usertrack.so LoadModule
unique_id_module libexec/apache22/mod_unique_id.so LoadModule
setenvif_module libexec/apache22/mod_setenvif.so LoadModule
proxy_module libexec/apache22/mod_proxy.so LoadModule
proxy_connect_module libexec/apache22/mod_proxy_connect.so
LoadModule proxy_ftp_module libexec/apache22/mod_proxy_ftp.so
LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so
LoadModule proxy_ajp_module libexec/apache22/mod_proxy_ajp.so
LoadModule proxy_balancer_module
libexec/apache22/mod_proxy_balancer.so LoadModule ssl_module
libexec/apache22/mod_ssl.so LoadModule mime_module
libexec/apache22/mod_mime.so LoadModule dav_module
libexec/apache22/mod_dav.so LoadModule dav_svn_module
libexec/apache22/mod_dav_svn.so LoadModule status_module
libexec/apache22/mod_status.so LoadModule autoindex_module
libexec/apache22/mod_autoindex.so LoadModule asis_module
libexec/apache22/mod_asis.so LoadModule info_module
libexec/apache22/mod_info.so LoadModule cgi_module
libexec/apache22/mod_cgi.so LoadModule dav_fs_module
libexec/apache22/mod_dav_fs.so LoadModule vhost_alias_module
libexec/apache22/mod_vhost_alias.so LoadModule
negotiation_module libexec/apache22/mod_negotiation.so
LoadModule dir_module libexec/apache22/mod_dir.so LoadModule
imagemap_module libexec/apache22/mod_imagemap.so LoadModule
actions_module libexec/apache22/mod_actions.so LoadModule
speling_module libexec/apache22/mod_speling.so LoadModule
userdir_module libexec/apache22/mod_userdir.so LoadModule
alias_module libexec/apache22/mod_alias.so LoadModule
rewrite_module libexec/apache22/mod_rewrite.so LoadModule
php4_module        libexec/apache22/libphp4.so LoadModule
authz_svn_module   libexec/apache22/mod_authz_svn.so

<IfModule !mpm_winnt_module>
<IfModule !mpm_netware_module>
User www
Group www
</IfModule>
</IfModule>

ServerAdmin www@nickwithers.com

DocumentRoot "/usr/local/www/data"

<Directory />
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html index.php
</IfModule>

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
</FilesMatch>

ErrorLog /var/log/httpd-error.log

LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%
{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b"
common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%
{User-Agent}i\" %I %O" combinedio </IfModule>

    CustomLog /var/log/httpd-access.log combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/www/cgi-bin/"
</IfModule>

<Directory "/usr/local/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
    TypesConfig etc/apache22/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
</IfModule>

<IfModule ssl_module>
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin

    Include etc/apache22/httpd-ssl.conf
</IfModule>

ServerTokens Prod
ServerSignature Off

NameVirtualHost *:80

<Directory /usr/local/www/data/nickwithers.com>
    Order allow,deny
    Allow from all
</Directory>

<Directory /usr/local/www/svn>
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /etc/svn/auth-user
    Require valid-user
</Directory>

<Location /svn>
    DAV svn
    SVNParentPath /usr/local/www/svn
    AuthzSVNAccessFile /etc/svn/http-access-policy
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /etc/svn/auth-user
    Require valid-user
</Location>

<VirtualHost *:80>
    ServerName nickwithers.com
    ServerAlias nickwithers.com www.nickwithers.com
    DocumentRoot /usr/local/www/data/nickwithers.com
    CustomLog /var/log/httpd-nickwithers.com-access.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName nickwithers.net
    ServerAlias nickwithers.net www.nickwithers.net
    DocumentRoot /usr/local/www/data/nickwithers.com
    CustomLog /var/log/httpd-nickwithers.net-access.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName nickwithers.org
    ServerAlias nickwithers.org www.nickwithers.org
    DocumentRoot /usr/local/www/data/nickwithers.com
    CustomLog /var/log/httpd-nickwithers.org-access.log combined
</VirtualHost>

# (More unrelated directories and VirtualHosts, including several 
# that are proxied off to other internal servers through
# mod_proxy)

Include etc/apache22/Includes/*.conf
_____

...And the "httpd-ssl.conf":
_____

Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout  300

SSLMutex  file:/var/run/ssl_mutex

<VirtualHost _default_:443>

DocumentRoot "/usr/local/www/data"
ServerName nickwithers.com:443
ServerAdmin www@nickwithers.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log

SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile (PATH)/server.crt
SSLCertificateKeyFile (PATH)/server.key

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog /var/log/httpd-ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Alias /squirrelmail "/usr/local/www/squirrelmail"

<Directory /usr/local/www/squirrelmail>
    SSLRequireSSL
    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>

</VirtualHost>
_____

I've tried whacking the "<Location (...)>" directive in the
"<VirtualHost _default_:443>" section of the "httpd-ssl.conf"
file too, to no avail...

Any ideas? It's bound to be me doing something daft! I'm
thinking all this VirtualHost stuff might be biting me somehow.

Thanks!

-- 
Nick Withers
email: nick@nickwithers.com
Web: http://www.nickwithers.com
Mobile: +61 414 397 446

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message