Announcement

Collapse
No announcement yet.

How do I configure two subversion repositories on one apache server?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do I configure two subversion repositories on one apache server?

    Hi I have two svn repositories on the same apache server under two virtual hosts on port 9000. Both hosts have their own certificates. The problem is, when I try to do an svn up I get this error below. For some reason an svn up to [URL="http://server1.example.com/"]server1.example.com[/URL] results in trying to access [URL="http://server2.example.com/"]server2.example.com[/URL] Should I use a different port number for each server? Other solutions....? Both virtual hosts have their own ssl certs and need to be separate virtual hosts.

    Thanks!

    svn up .
    Updating '.':
    Error validating server certificate for '[URL="https://server1.example.com:9000/"]https://server1.example.com:9000[/URL]':
    - The certificate hostname does not match.
    - The certificate has an unknown error.
    Certificate information:
    - Hostname: server2
    - Valid: from Aug 25 20:47:00 2017 GMT until Aug 24 20:47:00 2022 GMT


    Listen 9000
    <VirtualHost *:9000>
    ServerName [URL="http://server1.example.com/"]server1.example.com[/URL]

    DocumentRoot "/mnt/data/www"

    # SVN
    <Location "/repository1">
    SetOutputFilter DEFLATE
    SetInputFilter DEFLATE

    DAV svn
    SVNPath /mnt/data/repository1
    LimitXMLRequestBody 0

    AuthType Basic
    AuthName "repository1"
    AuthUserFile /mnt/data/repository1/svn-auth-file

    Require valid-user

    AuthzSVNAccessFile /mnt/data/repository1/acl
    </Location>

    and

    Listen 9000
    <VirtualHost *:9000>
    ServerName [URL="http://server2.example.com/"]server2.example.com[/URL]

    DocumentRoot "/mnt/data/www"


    # SVN
    <Location "/repository2">
    SetOutputFilter DEFLATE
    SetInputFilter DEFLATE

    DAV svn
    SVNPath /mnt/data/repository2
    LimitXMLRequestBody 0

    AuthType Basic
    AuthName "repository2"
    AuthUserFile /mnt/data/repository2/svn-auth-file

    Require valid-user

    AuthzSVNAccessFile /mnt/data/repository2/acl
    </Location>

  • #2
    First, I'm surprised that Apache is not complaining. Having 2 different virtual hosts on the same <IP:Port> is not really viable. You can choose different port or different IP. NOTE: the asterisk ('*') used for the IP means that it will listen on "0.0.0.0" - essentially all IP addresses that the host is assigned to. So when I say you need different IP that means that neither of them can be the asterisk. Example: <10.10.1.2:9000> and <10.10.1.3:9000> would be fine.

    However, given that the client is going to do a reverse DNS lookup as part of validating the Certificate, you really need 2 different IPs. Since you've got 2 different FQDN's there you should be able to get 2 different IP addresses assigned - 1 to each. Then teach the NIC to respond to both (or all 3 if your primary host is neither of those). Then change those Virtual Hosts so that the IP is where the asterisk is now. Things should get better.

    Comment


    • #3
      Thanks DougR,
      Running apache 1.6.11 so maybe it accepts having 2 different virtual hosts on the same ip:port and newer versions don't, but I'm a little confused because in this example it seems like they use *:80 in two virtualhost configurations and it works correctly? [url]https://httpd.apache.org/docs/2.4/vhosts/examples.html[/url]

      Also I have a number of aliases that I need to direct to the first virtual host entry but no aliases in the second.
      <VirtualHost *:9000>
      ServerName server1.example.com
      ServerAlias svn1.example.com reviewboard server1 127.0.0.1 192.168.17.50

      Thanks for the info on the reverse lookup for the cert. It seems like either way I will have to have a different ip address for the two separate virtual hosts.

      Comment


      • #4
        That Apache version number (1.6.11) looks more like an old Subversion release number, not Apache. Either than or you've managed to pull an Apache out of some ancient archive? :-)

        Anyway, I'm not an Apache wizard. Just looking at it from the networking/certificate viewpoint. Cheers.

        Comment

        Working...
        X