带有nginx + apache + subversion + ssl的502 Bad Gateway(SVN COPY)

Question

我在使用Nginx代理后面的SSL运行Apache + Subversion时出现问题,我希望有人可能有答案.我已经搜索谷歌几个小时寻找我的问题的答案,似乎无法搞清楚.我在使用subversion尝试移动或复制时看到的是"502(Bad Gateway)"错误; 但是,结帐和提交工作正常.以下是有问题的nginx和apache配置文件的相关部分(我认为):

Nginx的

upstream subversion_hosts {
    server 127.0.0.1:80;
}


server {
        listen       x.x.x.x:80;
        server_name  hostname;

        access_log   /srv/log/nginx/http.access_log main;
        error_log    /srv/log/nginx/http.error_log info;

        # redirect all requests to https
        rewrite ^/(.*)$ https://hostname/$1 redirect;
}

# HTTPS server
server {
        listen       x.x.x.x:443;
        server_name  hostname;

        passenger_enabled    on;
        root /path/to/rails/root;

        access_log   /srv/log/nginx/ssl.access_log main;
        error_log    /srv/log/nginx/ssl.error_log info;

        ssl                  on;
        ssl_certificate      server.crt;
        ssl_certificate_key  server.key;

        add_header Front-End-Https on;

        location /svn {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                set $fixed_destination $http_destination;
                if ( $http_destination ~* ^https(.*)$ )
                {
                    set $fixed_destination http$1;
                }
                proxy_set_header Destination $fixed_destination;

                proxy_pass http://subversion_hosts;
        }
}

阿帕奇

Listen 127.0.0.1:80
<VirtualHost *:80>
        # in order to support COPY and MOVE, etc -  over https (443),
        # ServerName _must_ be the same as the nginx servername
        # http://trac.edgewall.org/wiki/TracNginxRecipe
        ServerName hostname
        UseCanonicalName on

        <Location /svn>
                DAV svn
                SVNParentPath "/srv/svn"
                Order deny,allow
                Deny from all
                Satisfy any
                # Some config omitted ...
        </Location>

        ErrorLog /var/log/apache2/subversion_error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/subversion_access.log combined
</VirtualHost>

从我在研究这个问题时可以看出,服务器名称必须在apache服务器和nginx服务器上匹配,我已经完成了.此外,即使我将配置更改为仅使用http,此问题似乎仍然存在.

Answer 1

我今天遇到了这个问题.

在apache2配置中添加以下内容修复了它:

RequestHeader edit Destination ^https http early

干杯,
  伊格纳斯M.

资源:

• https://secure.bonkabonka.com/blog/2008/01/04/nginx_fronting_for_subversion.htm

Answer 2

以前的解决方案对我不起作用,我必须更改nginx配置并location在proxy_pass指令之前在块中添加以下内容:

set $fixed_destination $http_destination;
if ( $http_destination ~* ^https(.*)$ ) {
    set $fixed_destination http$1;
}
proxy_set_header Destination $fixed_destination;
proxy_set_header Host $http_host;

Answer 3

我发现问题的原因不是nginx和apache之间的代理，而是Apache本身的问题。

我在最初的问题中没有提到的是# Some config omitted. 该块包含以下内容：

AuthType Basic
AuthName "Redmine SVN Repository"
Require valid-user
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler

对于 suberversion，我使用Redmine 的身份验证处理程序来控制用户访问。在打开和关闭选项并缩小问题范围后，我了解到他们的身份验证模块不是线程安全的。我遇到这个错误是因为 Apache 正在使用 Worker MPM。切换到 Prefork MPM（sudo aptitude install apache2-mpm-prefork在 Ubuntu 中）解决了这个问题。