The post Create a Self-Signed Certificate for Apache SSL on CentOS appeared first on Justin Silver.
]]>A self-signed certificate can be used for many things, but in this case it is to provide HTTP over SSL from Apache, HTTPS. In many cases a CA signed certificate is not required – a self signed certificate offers the same level of encryption at no cost if you can live with the warnings (or install the cert in your keystore).
Use yum to get OpenSSL and ModSSL plus dependencies.
yum -y install mod_ssl openssl
This will generate a 2048 bit RSA key and certificate good for ~10 years (3650 days).
mkdir -p /etc/httpd/ssl cd /etc/httpd/ssl openssl genrsa -out ssl.key 2048 openssl req -new -key ssl.key -out ssl.csr openssl x509 -req -days 3650 -in ssl.csr -signkey ssl.key -out ssl.crt
You can now use the key and crt files in apache, either in the general configuration included by default in /etc/httpd/conf.d/ssl.conf
or in a VirtualHost as below.
<VirtualHost *:443> ServerName my.server.com DocumentRoot /var/www/html # Enable SSL and specify the certificate and key SSLEngine on SSLCertificateFile /etc/httpd/ssl/ssl.crt SSLCertificateKeyFile /etc/httpd/ssl/ssl.key # If you are reverse proxying from HTTP to HTTPS make sure to include a header rewrite #Header edit Location ^http: https: </VirtualHost>
The post Create a Self-Signed Certificate for Apache SSL on CentOS appeared first on Justin Silver.
]]>The post SVN COPY 502 Bad Gateway Error appeared first on Justin Silver.
]]>There is a lot of info to be found on the Internet about the “502 Bad Gateway Error” when trying trying to move a directory or files when your repository is hosted on Apache using SSL and WEBDAV. In a nutshell Apache is confused by the COPY command and things you are trying to make a move between HTTP and HTTPS, or in other words, a different host. You can read up on the problem here: http://www.science.uva.nl/research/air/wiki/Subversion502BadGateway
The problem that I ran into was with my HTTP server on the same host. Why do I need an HTTP server you may ask? Well, mainly to redirect requests from http://svn.example.com to https://svn.example.com. Most of the documentation I was able to find on this suggested simply adding a line to the VirtualHost
to update the header, like so:
RequestHeader edit Destination ^https http early
In my case, this just wasn’t working. What did fix it is a bit counter-intuitive – I had to enable the SSLEngine
on my HTTP VirtualHost, as well as my HTTPS VirtualHost. My configuration now looks like the following, and I am able to move files again.
SSLCertificateFile /etc/httpd/ssl/self-signed.crt SSLCertificateKeyFile /etc/httpd/ssl/self-signed.key <VirtualHost *:80> ServerName svn.example.com RequestHeader edit Destination ^https http early # Turn mod_ssl on even though we are on 80 SSLEngine on # Rewrite HTTP to HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </VirtualHost> <VirtualHost *:443> ServerName svn.example.com # Turn mod_ssl on SSLEngine on <Location "/"> DAV svn SVNPath /var/svn/repository AuthzSVNAccessFile /var/svn/repository/conf/authz AuthType Basic AuthName "example.com" AuthUserFile /var/svn/.htauthfile Require valid-user </Location> </VirtualHost>
The post SVN COPY 502 Bad Gateway Error appeared first on Justin Silver.
]]>