Unable to setup SVN using https

Hi,

I tried to add a SVN repository to an already configured Rhodecode server working for several Git and Mercurial repositories. Since the server in question is already using Apache, I easily followed the corresponding instructions there: https://docs.rhodecode.com/RhodeCode-Enterprise/admin/svn-http.html.

However, the documentation does not cover my particular case: I have enabled https and every http request is redirected to https using the Apache configuration file. This is working perfectly fine with Git and Mercurial… but not with SVN.

The beginning of my Apache configuration file looks as follows:

## HTTP to HTTPS rewrite
<VirtualHost *:80>
    ServerName rhodecode.myserver.com
    ServerAlias rhodecode
    Redirect permanent / https://rhodecode.myserver.com/
</VirtualHost>

## MAIN SSL enabled server
<VirtualHost *:443>
    ServerName rhodecode.myserver.com
    ServerAlias rhodecode

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
 
    LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/rhodecode_error.log
    CustomLog ${APACHE_LOG_DIR}/rhodecode_access.log combined

    HttpProtocolOptions Unsafe
    Include /home/rhodecode/.rccontrol/community-1/mod_dav_svn.conf

If I tried to checkout an SVN repository, I get the following error:

svn: E170013: Unable to connect to a repository at URL 'https://rhodecode.myserver.com/svn/test'
svn: E175002: Unexpected server error 500 'Internal Server Error' on '/svn/test'

The community-1 logfile looks as follows:

ConnectionError occurred for endpoint https://rhodecode.myserver.com/svn/test
Traceback (most recent call last):
  File "/opt/rhodecode/store/wrn4w4gzarahd4k877nxa8cz1a5ifz91-python2.7-rhodecode-enterprise-ce-4.17.3/lib/python2.7/site-packages/rhodecode/lib/middleware/simplesvn.py", line 95, in __call__
    data=data, headers=request_headers, stream=stream)
  File "/opt/rhodecode/store/l481b21v236j1sdsfl51h9m6vsv749sa-python2.7-requests-2.9.1/lib/python2.7/site-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/rhodecode/store/l481b21v236j1sdsfl51h9m6vsv749sa-python2.7-requests-2.9.1/lib/python2.7/site-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/rhodecode/store/l481b21v236j1sdsfl51h9m6vsv749sa-python2.7-requests-2.9.1/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/opt/rhodecode/store/l481b21v236j1sdsfl51h9m6vsv749sa-python2.7-requests-2.9.1/lib/python2.7/site-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)
error occurred handling this request for path: /svn/test
Traceback (most recent call last):
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/router.py", line 277, in default_execution_policy
    return router.invoke_request(request)
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/router.py", line 249, in invoke_request
    response = handle_request(request)
  File "/opt/rhodecode/store/wrn4w4gzarahd4k877nxa8cz1a5ifz91-python2.7-rhodecode-enterprise-ce-4.17.3/lib/python2.7/site-packages/rhodecode/tweens.py", line 103, in sanity_check
    return handler(request)
  File "/opt/rhodecode/store/wrn4w4gzarahd4k877nxa8cz1a5ifz91-python2.7-rhodecode-enterprise-ce-4.17.3/lib/python2.7/site-packages/rhodecode/tweens.py", line 49, in vcs_detection_tween
    return handler(request)
  File "/opt/rhodecode/store/wrn4w4gzarahd4k877nxa8cz1a5ifz91-python2.7-rhodecode-enterprise-ce-4.17.3/lib/python2.7/site-packages/rhodecode/lib/middleware/request_wrapper.py", line 43, in __call__
    response = self.handler(request)
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/tweens.py", line 43, in excview_tween
    response = _error_handler(request, exc)
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/tweens.py", line 13, in _error_handler
    response = request.invoke_exception_view(exc_info)
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/view.py", line 767, in invoke_exception_view
    request_iface=request_iface.combined,
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/view.py", line 667, in _call_view
    response = view_callable(context, request)
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/config/views.py", line 169, in __call__
    return view(context, request)
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/viewderivers.py", line 401, in viewresult_to_response
    result = view(context, request)
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/viewderivers.py", line 144, in _requestonly_view
    response = view(request)
  File "/opt/rhodecode/store/wrn4w4gzarahd4k877nxa8cz1a5ifz91-python2.7-rhodecode-enterprise-ce-4.17.3/lib/python2.7/site-packages/rhodecode/config/middleware.py", line 146, in not_found_view
    return wsgiapp(vcs_app)(None, request)
  File "/opt/rhodecode/store/p3adn3yl7ni8wg3d1556z2wrqw1mfbxb-python2.7-pyramid-1.10.4/lib/python2.7/site-packages/pyramid/wsgi.py", line 38, in decorator
    return request.get_response(wrapped)
  File "/opt/rhodecode/store/p05sclzmx9zbmciggm367lfz8wrmh1h5-python2.7-webob-1.8.5/lib/python2.7/site-packages/webob/request.py", line 1314, in send
    application, catch_exc_info=False)
  File "/opt/rhodecode/store/p05sclzmx9zbmciggm367lfz8wrmh1h5-python2.7-webob-1.8.5/lib/python2.7/site-packages/webob/request.py", line 1281, in call_application
    output.extend(app_iter)
  File "/opt/rhodecode/store/wrn4w4gzarahd4k877nxa8cz1a5ifz91-python2.7-rhodecode-enterprise-ce-4.17.3/lib/python2.7/site-packages/rhodecode/lib/middleware/simplevcs.py", line 615, in _generate_vcs_response
    response = app(environ, start_response)
  File "/opt/rhodecode/store/wrn4w4gzarahd4k877nxa8cz1a5ifz91-python2.7-rhodecode-enterprise-ce-4.17.3/lib/python2.7/site-packages/rhodecode/lib/middleware/simplesvn.py", line 95, in __call__
    data=data, headers=request_headers, stream=stream)
  File "/opt/rhodecode/store/l481b21v236j1sdsfl51h9m6vsv749sa-python2.7-requests-2.9.1/lib/python2.7/site-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/rhodecode/store/l481b21v236j1sdsfl51h9m6vsv749sa-python2.7-requests-2.9.1/lib/python2.7/site-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/opt/rhodecode/store/l481b21v236j1sdsfl51h9m6vsv749sa-python2.7-requests-2.9.1/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/opt/rhodecode/store/l481b21v236j1sdsfl51h9m6vsv749sa-python2.7-requests-2.9.1/lib/python2.7/site-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)
[04/Oct/2019:14:20:22 +0200] GNCRN <21331>  127.0.0.1       rqt:0.099706 500 3404 "OPTIONS:/svn/test " usr:bbasic "-" "SVN/1.12.2 (x64-microsoft-windows) serf/1.3.9 TortoiseSVN-1.12.2.28653"

If I put my server certificate in .rccontrol-profile/etc/ca-bundle.crt, nothing changes. Does someone have any idea of the problem?

The key to having SVN on Apache as front and back server is to have it running on two different ports, or 3 in this case:

80,443, 8080,

The third 8080 should be used for SVN-Apache proxy, also it’s important to properly use SSL flags, please set force_ssl flag in rhodecode.ini file, and rebuild rhodecode apache configuration. This would
set a flag for

# fix https -> http downgrade with DAV. It requires an header downgrade for
# https -> http reverse proxy to work properly
#RequestHeader edit Destination ^https: http: early

It works, thanks a lot. I also added port 8080 in ports.conf and set use_htsts to true in rhodecode.ini, though I’m not sure this last option was required.