Forum: 

adding https access to SVN on the redmine appliance

Samuel Taggart's picture

I downloaded the redmine appliance and really liked it, but I had some issues trying to figure out how to change the svn access so that I could access it over https.

I finally figured it out and made a blog post about it.  I thought I would post it here in case anyone wanted to do the same thing. 

I don't have it completely integrated with redmine yet.  I know there have been a bunch of posts about that lately.

 

anway here is the link

http://automatedenver.com/development-server-setup/

Enjoy. 

Comments are welcome.  Be gentle though.  Keep in mind I'm an electrical engineer, not an IT professional or computer engineer.

Jeremy Davis's picture

Nice blog post! And thanks for sharing!

TBH I have never used SVN from a development standpoint but IMO any server access (especially write access) should have an encrypted pathway, at least as an option (if not the default!). So I've added it to our issue tracker.

TBH after I originally thought about it, I'm not sure if it should be set up by default, or whether it should just be an easy option?! Are there any implications for other VC connection methods if SVN supports HTTPS OOTB? It doesn't seem to effect Redmine itself directly and the SVN path is specifically for SVN so setting it as default (although not forcing it) might be a good option?

Love to hear the thoughts of someone who knows much more than me about this! :)

Samuel Taggart's picture

As it is default out of the box, I believe you can svn + ssh for authentication. 

I am no security expert, so take that with a grain of salt.

I just like https, because it gets through most firewalls easily and is fairly secure.  Although if you think it is completely secure you should really listen to the latest episode of Steve Gibsons "Security Now" podcast on "This week in Tech" where he talks about he easy it can be to generate fake SSL certs. It's kind of scary.

Jeremy Davis's picture

I have only used it with Git and I use that via SSH. It's also been a while since I worked on the Redmine (or Revision Control) appliance(s).

[OT] I had a quick look at "Security Now". I assume you are referring to "Security Now #567 - Hacking Certificates"? If so, whilst it's concerning that it happened; it's the result of a lack of attention to detail by a CA. Not getting their automated software audited by security minded developers is a MAJOR oversight! Hopefully there weren't too many dodgey certs issued?!

[Really OT] As an aside, Liraz posted on our blog. The article regarding the inbuilt security holes in current hardware might also be of interest to you?

Post new comment