1. 問題現象&分析
subversion是通過apache的https的訪問的。
很悲催,這樣在redmine項目中創建(配置》版本庫》新建版本庫),查看版本庫, 提示404,找不到項目 。
查看log(apache2/logs/error_log),提示 svn: E175002 、服務器證書校驗失敗證書已經過時, 證書發行者不被信任
應該是redmine在連接svn時無法接受證書的問題。
2. 解決方法
2.1. 首先,先讓redmine能找到證書。
2.1.1. (1)先用svn命令以“apache進程用戶”執行下。
apache進程用戶daemon爲例:
用root登錄:
1 2 3 4 |
mkdir /opt/web/redmine/.subversion chown -R daemon /opt/web/redmine/.subversion mkdir /opt/web/redmine/tmpdir chown -R daemon /opt/web/redmine/tmpdir |
用daemon登錄:
1 2 |
cd /opt/web/redmine/tmpdir svn --config-dir /opt/web/redmine/.subversion list https//your-repo-path/ |
2.1.2. (2)使redmine在訪問svn的時候,使用剛創建的config dir
修改 /opt/web/redmine/apps/redmine/htdocs/lib/redmine/scm/adapters/subversion_adapter.rb
在self中定義變量存放configdir參數:
1 2 3 4 5 6 7 8 9 |
class << self
...
def config_dir
@@config_dir ||= '--config-dir /opt/web/redmine/.subversion'
end
...
|
在所有出現svn命令,也即 cmd = “#{self.class.sq_bin}… 的地方添加 config dir 參數:
例如:
1 2 3 4 5 6 7 8 9 |
def entries(path=nil, identifier=nil, options={})
path ||= ''
identifier = (identifier and identifier.to_i > 0) ? identifier.to_i : "HEAD"
entries = Entries.new
cmd = "#{self.class.sq_bin} list #{self.class.config_dir} --xml #{target(path)}@#{identifier}"
cmd << credentials_string
...
|
2.1.3. (3)重啓redmine(bitnami)
1 |
./ctlscript.sh restart apache |
2.2. 然後,查看下apache https用的證書,在hosts文件中設置下域名。
httpd.conf 或者 其include的配置文件中有證書文件位置定義。找到證書文件,用如下命令就可查看證書針對的域名:
查看crt證書
1 |
openssl x509 -in certificate.crt -text -noout |
例如,如下域名爲 your-comp.svn
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
openssl x509 -in server.crt -text -noout
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
b2:89:8b:99:14:f7:57:92
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=CN, ST=Shanghai, L=Shanghai, O=COM, CN=your-comp.svn
Validity
Not Before: Jan 11 00:40:45 2013 GMT
Not After : Jan 11 00:40:45 2014 GMT
Subject: C=CN, ST=Shanghai, L=Shanghai, O=COM, CN=your-comp.svn
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:d0:8a:28:8b:10:2f:5a:67:e7:c7:64:97:b7:9e:
f5:0c:7d:7a:3d:d5:60:e9:4e:85:b1:b1:51:63:1d:
ea:04:e6:e5:1c:56:42:a6:89:46:15:ef:a8:b7:f6:
1b:03:fb:da:8e:5b:3f:60:c8:9b:e9:88:7a:1f:77:
0e:bd:60:8b:bb:bc:0b:58:22:bc:9e:cb:68:dd:f7:
22:b4:d3:ef:ed:5c:d0:3f:65:29:f7:a5:03:62:cf:
d4:91:ff:88:87:6e:9a:52:a6:35:0d:2c:db:30:0e:
95:9b:83:c8:20:5f:86:dd:6c:3d:4b:15:83:cf:7a:
5f:20:40:ff:e7:b7:49:da:7e
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
9b:10:55:29:a7:00:c2:24:89:25:15:f5:86:b0:1c:03:23:82:
aa:61:16:b1:00:5b:3e:9a:cd:0c:5b:b3:39:9a:12:6c:17:9c:
0d:01:83:6a:0b:7b:d4:b2:c7:88:71:79:e2:57:da:8f:a4:db:
a0:aa:b5:85:5d:b7:50:ef:61:c5:59:0e:5e:a1:e3:8e:d0:05:
c5:76:84:3a:d7:7c:91:8c:70:e8:5e:db:5b:36:ff:61:76:cd:
9e:ef:31:51:d4:b0:9f:4e:38:ec:9e:4b:05:13:a8:46:b1:41:
41:f7:20:d1:38:ea:c5:55:cf:75:6f:9e:fa:68:66:a9:44:17:
ce:51
|
知道域名後,在redmine運行的機器上設置的下hosts(linux的hosts在/etc/hosts)
1 |
127.0.0.1 your-comp.svn |
2.2.1. 如何自己生成證書文件
intranet中配置https時,一般使用自己生產的證書,方法如下:
自己生產crt證書
1 |
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt |
參考:
https://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html