以nginx作为subversion前端的一些细节
153 views
Skip to first unread message
Shell Xu
Apr 1, 2010, 11:40:33 PM4/1/10
to MSN Space, shell909090.all_blogs, shlug
本文系电脑资料,同步到blog上。小黄姐姐不必看了,可以帮我留个言。
nginx性能不错,可惜不支持WebDAV,因此没法拿来作为subversion的http服务。于是考虑开一个nginx作为前端,后端就跑一个apache来作为容器。配置这么写的(节选):
=========/etc/nginx/sites-enabled/default=========
server {
listen 443;
server_name OOXX
ssl on;
ssl_certificate keys/server.crt;
ssl_certificate_key keys/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/localhost.access.log;
include /etc/nginx/mapping-ssl;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
}
========================================
打开了一个https的服务,这是当然的,svn传输的数据使用http很危险。
===========/etc/nginx/mapping-ssl=============
location ^~ /svn {
proxy_set_header Destination $http_destination;
proxy_pass http://apache_svr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
========================================
将/svn下面的所有请求交给apache2。
=====/etc/apache2/mods-enabled/dav_svn.conf=====
<Location /svn/main>
DAV svn
SVNPath /var/web/svn/main
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /var/web/svn/main/conf/passwd
AuthzSVNAccessFile /var/web/svn/main/conf/authz
</Location>
========================================
看起来很美,但是在使用中会发生502错误,原因是来自文件移动后,svn会使用COPY作为Verb去请求服务器端,这时候发生了这样一条日志:
==========/var/log/apache2/access.log==========
127.0.0.1 - {user} [02/Apr/2010:11:07:31 +0800] "COPY {path} HTTP/1.0" 502 546 "-" "SVN/1.5.4 (r33841)/TortoiseSVN-1.5.5.14361 neon/0.28.3"
========================================
搜索了一下,这是因为使用https作为http服务的前端造成的,这里(https://secure.bonkabonka.com/blog/2008/01/04/nginx_fronting_for_subversion.html)提到了解决方案,而它又引用了另一个网页(http://silmor.de/49)解释细节。不幸的是,这个细节是错误的。关键在于这句上
LoadModule headers_module /usr/lib/apache2/modules/mod_headers_too.so
仔细看一下就会发现,mod_headers_too应当是mod_headers。在debian下,应当执行这几条指令。
cd /etc/apache2/mods-enabled
ln -s ../mods-available/headers.load headers.load
然后,在/etc/apache2/httpd.conf中写入以下内容:
RequestHeader edit Destination ^https http early
问题解决,Q.E.D。
nginx性能不错,可惜不支持WebDAV,因此没法拿来作为subversion的http服务。于是考虑开一个nginx作为前端,后端就跑一个apache来作为容器。配置这么写的(节选):
=========/etc/nginx/sites-enabled/default=========
server {
listen 443;
server_name OOXX
ssl on;
ssl_certificate keys/server.crt;
ssl_certificate_key keys/server.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/localhost.access.log;
include /etc/nginx/mapping-ssl;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/nginx-default;
}
}
========================================
打开了一个https的服务,这是当然的,svn传输的数据使用http很危险。
===========/etc/nginx/mapping-ssl=============
location ^~ /svn {
proxy_set_header Destination $http_destination;
proxy_pass http://apache_svr;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
========================================
将/svn下面的所有请求交给apache2。
=====/etc/apache2/mods-enabled/dav_svn.conf=====
<Location /svn/main>
DAV svn
SVNPath /var/web/svn/main
AuthType Basic
AuthName "Subversion Repository"
Require valid-user
AuthUserFile /var/web/svn/main/conf/passwd
AuthzSVNAccessFile /var/web/svn/main/conf/authz
</Location>
========================================
看起来很美,但是在使用中会发生502错误,原因是来自文件移动后,svn会使用COPY作为Verb去请求服务器端,这时候发生了这样一条日志:
==========/var/log/apache2/access.log==========
127.0.0.1 - {user} [02/Apr/2010:11:07:31 +0800] "COPY {path} HTTP/1.0" 502 546 "-" "SVN/1.5.4 (r33841)/TortoiseSVN-1.5.5.14361 neon/0.28.3"
========================================
搜索了一下,这是因为使用https作为http服务的前端造成的,这里(https://secure.bonkabonka.com/blog/2008/01/04/nginx_fronting_for_subversion.html)提到了解决方案,而它又引用了另一个网页(http://silmor.de/49)解释细节。不幸的是,这个细节是错误的。关键在于这句上
LoadModule headers_module /usr/lib/apache2/modules/mod_headers_too.so
仔细看一下就会发现,mod_headers_too应当是mod_headers。在debian下,应当执行这几条指令。
cd /etc/apache2/mods-enabled
ln -s ../mods-available/headers.load headers.load
然后,在/etc/apache2/httpd.conf中写入以下内容:
RequestHeader edit Destination ^https http early
问题解决,Q.E.D。
Bruce Wang
Apr 2, 2010, 2:09:50 AM4/2/10
to sh...@googlegroups.com, MSN Space, shell909090.all_blogs
2010/4/2 Shell Xu <shell...@gmail.com>
本文系电脑资料,同步到blog上。小黄姐姐不必看了,可以帮我留个言。
nginx性能不错,可惜不支持WebDAV,因此没法拿来作为subversion的http服务。于是考虑开一个nginx作为前端,后端就跑一个apache来作为容器。配置这么写的(节选):
这样多累啊,换git/hg吧
simple is good
http://brucewang.net
http://twitter.com/number5
Shell Xu
Apr 2, 2010, 2:31:11 AM4/2/10
to shlug
我很多地方用了hg了,问题是还有的地方需要用svn。--
与其相濡以沫,不如相忘于江湖
与其相濡以沫,不如相忘于江湖
Ben Luo
Apr 2, 2010, 2:44:23 AM4/2/10
to sh...@googlegroups.com
Alan Zheng
Apr 2, 2010, 2:38:16 AM4/2/10
to sh...@googlegroups.com
Ben Luo
Apr 2, 2010, 3:04:06 AM4/2/10
to sh...@googlegroups.com
Rory Ye
Apr 2, 2010, 5:52:29 AM4/2/10
to sh...@googlegroups.com
想问一下为啥svn 用http很危险啊。我们公司现在的svn就是用的http.
--
My site:http://www.jdkcn.com
Twitter: @jdkcn
2010/4/2 Shell Xu <shell...@gmail.com>
--
My site:http://www.jdkcn.com
Twitter: @jdkcn
YiZhi Liu
Apr 3, 2010, 4:48:00 AM4/3/10
to sh...@googlegroups.com
可以https嘛--
JavelinJS
@ZheJiang University
JavelinJS
@ZheJiang University
Shell Xu
Apr 3, 2010, 11:45:23 AM4/3/10
to sh...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages