subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Sahlberg <daniel.l.sahlb...@gmail.com>
Subject Re: Using IIS as a reverse proxy in front of Apache/SVN
Date Mon, 19 Jul 2021 21:36:22 GMT
Den tis 13 juli 2021 kl 15:44 skrev Branko ─îibej <brane@apache.org>:

> On 10.06.2021 07:44, Daniel Sahlberg wrote:
> > Den tors 10 juni 2021 kl 02:23 skrev Daniel Shahaf
> > <d.s@daniel.shahaf.name <mailto:d.s@daniel.shahaf.name>>:
> >
> >     Daniel Sahlberg wrote on Wed, Jun 09, 2021 at 08:18:04 +0200:
> >     > Hi,
> >     >
> >     > We are using VisualSVN server (basically Apache 2.4.48 and
> >     Subversion
> >     > 1.14.1 on Windows) on https://svn.companyname.tld
> >     <https://svn.companyname.tld>, listening on port 443.
> >     > Currently this is on a separate server. I need to consolidate
> >     the servers
> >     > and would like to move Subversion to another server already
> >     running IIS
> >     > (serving multiple sites on both port 80 and 443).
> >     >
> >     > My thinking is that IIS should listen for the new hostname, do SSL
> >     > offloading and forward the traffic to 127.0.0.1:[some new port
> >     for Apache].
> >     > I would like to avoid publishing the new port for Apache, since
> >     that would
> >     > mean to relocate all existing working copies.
> >     >
> >     > Does anyone have experience in using IIS as reverse proxy in
> >     front of
> >     > Apache?
> >
> >     Not what you asked, but running the test suite under a reverse proxy
> >     configuration might be informative.
> >
> >
> > Thanks! I will try to find some time to look at it.
> >
> > Thinking of it, I guess the question could be generalized as: Is it
> > possible to run Subversion behind /any/ kind of reverse proxy?
>
> Yes, it is possible. Subversion doesn't do anything magic. Some time
> ago, many reverse/caching proxies didn't understand some of the
> DAV-related HTTP methods that Subversion uses. I'd hope this is no
> longer the case ... especially as, AFAIK, IIS can be a WebDAV server.
>

Thank you Brane!

I finally found some time to test it out and it worked first time.

For reference, in case someone else face a similar problem:
* IIS is listening on port 80 and 443, these ports are exposed externally.
* VisualSVN Server (ie, Apache HTTPD + Subversion + some proprietary stuff)
is listening on port 81 for HTTP only
* I configured a site in IIS with bindings on port 80 and 443, with IIS'
setting "Require SSL" (any traffic on port 80 will give a 403 error message
so the user can update the URL).
* I configured a reverse proxy in IIS according to this guide:
https://techcommunity.microsoft.com/t5/iis-support-blog/setup-iis-with-url-rewrite-as-a-reverse-proxy-for-real-world/ba-p/846222,
rewriting incoming request to http://127.0.0.1:81/{R:1}

Now IIS is doing SSL offloading and forwarding the (unencrypted) traffic
internally to VisualSVN Server.

I've so far just made some minor tests, will migrate our production
repositories and do more detailed testing in the next few days.

Kind regards,
Daniel Sahlberg

Mime
View raw message