0

We are providing an SVN repository under svn.example.org. Now we want to add a Let's Encrypt certificate for that domain - however there is a problem now. Let's Encrypt verifies the domain by putting a file into a subfolder of that vhost (e.g. /.well-known/acme-challenge/…). Let's Encrypt can't verify that file, since Apache is serving the SVN repository under svn.example.org.

Now the question is, would it be possible to configure Apache, so that certain URLs are not served by the SVN repository? Currently the vhost config looks similar to this:

DocumentRoot /var/www/vhosts/svn.example.org/
<Location />
    DAV svn
    SVNParentPath /var/www/vhosts/svn.example.org/httpdocs/
    AuthType Basic
    AuthName "SVN"
    AuthUserFile /auth/svn.passwd
    Require valid-user
</Location>

I am not sure what I would have to do, so that a request to svn.example.org/.well-known/… is served differently by Apache.

fritzmg
  • 101
  • 3
  • `` for SVN is aways **The Bad Thing (tm)**. No, it's impossible to exclude anything from processing by SVN with this location – Lazy Badger Dec 28 '16 at 14:25
  • Well, see answer below, it does work in theory. What Apache config do you recommend to set up an SVN server? – fritzmg Jan 02 '17 at 08:46

2 Answers2

1

I know this should be a comment, but I don't have enough reputation (yet). Do you have any other webpage configured? If yes, a simple Alias /.well-known/acme-challenge/ /path/to/your/challenge/directory should do the trick.

staxyz
  • 126
  • 5
  • Well, the server has multiple vhosts and is managed by Plesk. Adding `Alias /.well-known/acme-challenge/ /var/www/vhosts/svn.example.org/httpdocs/.well-known/acme-challenge/` didn't help. Accessing `https://svn.inspiredminds.at/.well-known/acme-challenge` still goes via the SVN system. – fritzmg Dec 08 '16 at 19:55
  • Ah. Now I get what your issue really was. I am glad you figured it out yourself. – staxyz Dec 11 '16 at 22:38
  • Actually it does not work as expected :(. See below. – fritzmg Dec 12 '16 at 07:48
0

Update: this does not actually work, see comment below.

Got it to work now, with a combination of @Stephan 's comment and a RegEx, to exclude the .well-known path for SVN (https://regex101.com/r/h8kDEc/1):

DocumentRoot /var/www/vhosts/svn.example.org/
Alias /.well-known/ /var/www/vhosts/svn.example.org/httpdocs/.well-known/
<LocationMatch ^/(?!\.well-known).*>
    DAV svn
    SVNParentPath /var/www/vhosts/svn.example.org/httpdocs/
    AuthType Basic
    AuthName "SVN"
    AuthUserFile /auth/svn.passwd
    Require valid-user
</LocationMatch>
fritzmg
  • 101
  • 3
  • Actually it does not work as expected :(. When I access the SVN server with a browser via `https://svn.example.org/` I can browse all the repositories - and when I access `https://svn.example.org/.well-known/…` I can view regular HTML files. Everything seems to work as expected. However, when I try to update a local copy of a repository with my SVN client, I get the following error message: `Unexpected HTTP status 'Bad Request' on '%5E/(%3F!%5C.well-known).*/repo/!svn/vcc/default'` (`repo` is one of the repositories). – fritzmg Dec 12 '16 at 07:52
  • confuses svn. Use instead – Ted Shaneyfelt Jan 05 '22 at 08:44