[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: F9: Unable to get SVN/Apache working

On Sun, 2009-05-03 at 11:31 -0700, Daniel B. Thurman wrote:
>   repos
>     svn1 svn2 svn3 svn4
>     Note:
>       1) All selinux contexts of dir/files are: httpd_sys_content_t

Example contexts on my webserver:

ll -Z /var/www
drwxr-xr-x  root      root system_u:object_r:httpd_sys_content_t:s0 html

ll -Z /var/www/html/
-rwxr-xr-x  tim  tim  unconfined_u:object_r:httpd_sys_content_t:s0 homepage.html

If you serve from another location, you'll need to apply the right
contexts, and set up SELinux policy rules so that if a relabel is done,
the same contexts are reset.

Likewise, if anything creates new files there, it'll either have to
create them with the right contexts, or you'll have to set them.

> And httpd error_log shows:
> ===================
> $ svn list http://localhost/svn/svn3
> svn: PROPFIND request failed on '/svn/svn3'
> svn: PROPFIND of '/svn/svn3': 403 Forbidden (http://localhost)
> ===================

>       2) All directory permissions are: 2770

In general, webservable content needs to have directories world readable
and world executable.  Served content is accessed as "other users," as
it's owned by someone other than the apache user (and that's how it
should be done).

>       3) All file permissions are: 660

In general, webserverable content needs to be world readable.

> [Sun May 03 13:25:11 2009] [error] avahi_client_new() failed: An 
> unexpected D-Bus error occured

Do you use Avahi/ZeroConf?  It's used for a machine to award itself a
random IP (in the range) that isn't in use by other
machines on the same network.

If you use any other method to assign an IP to the network interface
(manual configuration, DHCP, etc.), then disable all Avahi daemons.

> I have ignored this error.  Also, as appeared in the original 
> posting, Apache's mod_security was reporting "errors", so I removed
> mod_security so that these messages do not appear for the purpose of
> testing

If you want someone's advice, post what the error actually says.

> But httpd error_log shows:
> ===================
> [Sun May 03 14:00:56 2009] [error] [client] Could not fetch 
> resource information.  [301, #0]

A "301" error is a redirect.  What's asked for doesn't exist, but
there's an instruction to fetch it from somewhere else.

e.g. A request made to <http://example.com/giveme.html>.  But there's a
redirect instruction on the server that says requests for /giveme.html
should go to /takethis.html instead.  So a 301 redirect instruction is
sent to the client with that information, and the client then requests

> [Sun May 03 14:00:56 2009] [error] [client] (84)Invalid or 
> incomplete multibyte or wide character: Requests for a collection must 
> have a trailing slash on the URI.  [301, #0]

Not knowing what your particular situation does, nor what a "collection"
is, but the error's complaining that the URI doesn't end with a trailing
slash.  That could be a client error, it could be an error in your
particular serving application.  But HTTP 301s don't require such a
thing, in fact it'd break many redirects if it did.  

It could be a case of getting a listing of a directory, in which case
Apache does want a trailing slash.  So a redirect from
http://example.com/olddirectoryname to
http://example.com/newdirectoryname should both have had trailing
slashes on them.  In some cases, redirects can add the slash,

> However, it seems to work.  I can walk down the trees to
> the leafs and no further error_log messsages appear.

Might be related to what I've just described, with the first redirect
being corrected for you.

> Next, I tested svn on the command line:
> ===================
> $ svn list http://gold/svn/svn3
> svn: PROPFIND request failed on '/svn/svn3'
> svn: PROPFIND of '/svn/svn3': 403 Forbidden (http://gold)

Probably the "world readable" issue I mentioned earlier.

> I have at this point, tried almost every permutations of changing dir/file
> permissions, relocating the repositories to: /var/www and to /var/www/html,
> modifying subversion.conf, checked apache permissions (Allow from all) in
> /etc/httpd/conf/httpd.conf & subversion.conf files, checked the firewalls
> (they are wide open) and I could never get past the PROPFIND,
> 403 Forbidden problem.

Sounds more like a directory/file permission or SELinux issue.  Or even
Apache access limits to parts of the directory tree (AllowFrom
directives).  If playing with allow from all options, you need to make
sure that opposing rules aren't applied on top, and allow/deny rules in
the right order.

Firewalls might stop a client, but aren't going to stop a server
accessing a local file.

Perhaps you should post those two configuration files.  SVN isn't my
forte, but I do plenty of webserving.

[tim localhost ~]$ uname -r

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]