Feb 192011
 

My last post about Mercurial left us with Mercurial server listening to https-only requests. This is probably best solution security-wise but there might be valid reasons for having it on http also (e.g. performance within local network).

Solution lies in editing “/etc/apache2/sites-available/hg” to have two configurations – one for http and one for https:

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /srv/hg/cgi-bin
    <Directory "/srv/hg/cgi-bin/">
        SetHandler cgi-script
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog /var/log/apache2/hg.log
    <Location />
        AuthType Basic
        AuthName "Mercurial"
        AuthUserFile  /srv/hg/.htpasswd
        Require valid-user
    </Location>
    RewriteEngine on
    RewriteRule (.*) /srv/hg/cgi-bin/hgweb.cgi/$1
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    DocumentRoot /srv/hg/cgi-bin
    <Directory "/srv/hg/cgi-bin/">
        SetHandler cgi-script
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>
    ErrorLog /var/log/apache2/hg.log
    <Location />
        AuthType Basic
        AuthName "Mercurial"
        AuthUserFile  /srv/hg/.htpasswd
        Require valid-user
    </Location>
    RewriteEngine on
    RewriteRule (.*) /srv/hg/cgi-bin/hgweb.cgi/$1
    SSLEngine on
    SSLOptions +StrictRequire
    SSLCertificateFile /srv/hg/https.crt
    SSLCertificateKeyFile /srv/hg/https.key
</VirtualHost>

After quick Apache restart your Mercurial will answer both http and https requests.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>