redmine 和 subversion(https)整合

问题现象&分析

subversion是通过apache的https的访问的。

很悲催,这样在redmine项目中创建(配置》版本库》新建版本库),查看版本库, 提示404,找不到项目

查看log(apache2/logs/error_log),提示 svn: E175002服务器证书校验失败证书已经过时, 证书发行者不被信任

应该是redmine在连接svn时无法接受证书的问题。

解决方法

首先,先让redmine能找到证书。

(1)先用svn命令以“apache进程用户”执行下。

apache进程用户daemon为例:

用root登录:

1
2
3
4
mkdir /opt/web/redmine/.subversion
chown -R daemon /opt/web/redmine/.subversion
mkdir /opt/web/redmine/tmpdir
chown -R daemon /opt/web/redmine/tmpdir

用daemon登录:

1
2
cd /opt/web/redmine/tmpdir
svn --config-dir /opt/web/redmine/.subversion list https//your-repo-path/

(2)使redmine在访问svn的时候,使用刚创建的config dir

修改 /opt/web/redmine/apps/redmine/htdocs/lib/redmine/scm/adapters/subversion_adapter.rb

在self中定义变量存放configdir参数:

1
2
3
4
5
6
7
8
9
class << self

  ...

  def config_dir
    @@config_dir ||= '--config-dir /opt/web/redmine/.subversion'
  end

  ...

在所有出现svn命令,也即 cmd = “#{self.class.sq_bin}… 的地方添加 config dir 参数:

例如:

1
2
3
4
5
6
7
8
9
def entries(path=nil, identifier=nil, options={})
  path ||= ''
  identifier = (identifier and identifier.to_i > 0) ? identifier.to_i : "HEAD"
  entries = Entries.new
  
  cmd = "#{self.class.sq_bin} list #{self.class.config_dir} --xml #{target(path)}@#{identifier}"
  
  cmd << credentials_string
  ...

(3)重启redmine(bitnami)

1
./ctlscript.sh restart apache

然后,查看下apache https用的证书,在hosts文件中设置下域名。

httpd.conf 或者 其include的配置文件中有证书文件位置定义。找到证书文件,用如下命令就可查看证书针对的域名:

查看crt证书

1
openssl x509 -in certificate.crt -text -noout

例如,如下域名为 your-comp.svn

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
openssl x509 -in server.crt -text -noout

Certificate:

    Data:
        Version: 1 (0x0)
        Serial Number:
            b2:89:8b:99:14:f7:57:92
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=CN, ST=Shanghai, L=Shanghai, O=COM, CN=your-comp.svn
        Validity
            Not Before: Jan 11 00:40:45 2013 GMT
            Not After : Jan 11 00:40:45 2014 GMT
        Subject: C=CN, ST=Shanghai, L=Shanghai, O=COM, CN=your-comp.svn
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:d0:8a:28:8b:10:2f:5a:67:e7:c7:64:97:b7:9e:
                    f5:0c:7d:7a:3d:d5:60:e9:4e:85:b1:b1:51:63:1d:
                    ea:04:e6:e5:1c:56:42:a6:89:46:15:ef:a8:b7:f6:
                    1b:03:fb:da:8e:5b:3f:60:c8:9b:e9:88:7a:1f:77:
                    0e:bd:60:8b:bb:bc:0b:58:22:bc:9e:cb:68:dd:f7:
                    22:b4:d3:ef:ed:5c:d0:3f:65:29:f7:a5:03:62:cf:
                    d4:91:ff:88:87:6e:9a:52:a6:35:0d:2c:db:30:0e:
                    95:9b:83:c8:20:5f:86:dd:6c:3d:4b:15:83:cf:7a:
                    5f:20:40:ff:e7:b7:49:da:7e

                Exponent: 65537 (0x10001)

    Signature Algorithm: sha1WithRSAEncryption
        9b:10:55:29:a7:00:c2:24:89:25:15:f5:86:b0:1c:03:23:82:
        aa:61:16:b1:00:5b:3e:9a:cd:0c:5b:b3:39:9a:12:6c:17:9c:
        0d:01:83:6a:0b:7b:d4:b2:c7:88:71:79:e2:57:da:8f:a4:db:
        a0:aa:b5:85:5d:b7:50:ef:61:c5:59:0e:5e:a1:e3:8e:d0:05:
        c5:76:84:3a:d7:7c:91:8c:70:e8:5e:db:5b:36:ff:61:76:cd:
        9e:ef:31:51:d4:b0:9f:4e:38:ec:9e:4b:05:13:a8:46:b1:41:
        41:f7:20:d1:38:ea:c5:55:cf:75:6f:9e:fa:68:66:a9:44:17:
        ce:51

知道域名后,在redmine运行的机器上设置的下hosts(linux的hosts在/etc/hosts)

1
127.0.0.1 your-comp.svn

如何自己生成证书文件

intranet中配置https时,一般使用自己生产的证书,方法如下:

自己生产crt证书

1
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt

参考:
https://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html

最后,在redmine上创建新的版本库,host使用刚刚证书中发现的域名。