Feb 192011
My last post about Mercurial left us with Mercurial server listening to https-only requests. This is probably best solution security-wise but there might be valid reasons for having it on http also (e.g. performance within local network).
Solution lies in editing “/etc/apache2/sites-available/hg” to have two configurations – one for http and one for https:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /srv/hg/cgi-bin
<Directory "/srv/hg/cgi-bin/">
SetHandler cgi-script
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/hg.log
<Location />
AuthType Basic
AuthName "Mercurial"
AuthUserFile /srv/hg/.htpasswd
Require valid-user
</Location>
RewriteEngine on
RewriteRule (.*) /srv/hg/cgi-bin/hgweb.cgi/$1
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /srv/hg/cgi-bin
<Directory "/srv/hg/cgi-bin/">
SetHandler cgi-script
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/hg.log
<Location />
AuthType Basic
AuthName "Mercurial"
AuthUserFile /srv/hg/.htpasswd
Require valid-user
</Location>
RewriteEngine on
RewriteRule (.*) /srv/hg/cgi-bin/hgweb.cgi/$1
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /srv/hg/https.crt
SSLCertificateKeyFile /srv/hg/https.key
</VirtualHost>
After quick Apache restart your Mercurial will answer both http and https requests.