#
# $Id$
# Copyright 2004-2006 - Michael Sinz
#
# This is an apache configuration module that can be put into
# the http/conf.d directory of many systems.  It lets you
# configure Insurrection & Subversion for apache without much or
# any change to the standard apache configuration file.
#
# (Note that this is just an example)
#
LoadModule dav_svn_module     /home/subversion/apache/modules/mod_dav_svn.so
LoadModule authz_svn_module   /home/subversion/apache/modules/mod_authz_svn.so

## The logformat that I use for Insurrection.  Note that this looks just like
## the traditional extended log but I want to be sure of the format so I
## enforce/repeat it here
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" insurrection

#
# Note that the IP address is that of my server...
<VirtualHost _default_:80>
    ServerName svn
    ServerAlias svn.*
    UseCanonicalName Off
    CustomLog  /home/subversion/logs/access_log insurrection
    ErrorLog   /home/subversion/logs/error_log

    # To help reduce bandwidth usage, if the client supports it, use deflate
    SetOutputFilter DEFLATE
    AddOutputFilterByType DEFLATE text/* application/x-javascript
    DeflateCompressionLevel 6

    #
    # The Insurrection tree lives here...
    #
    DocumentRoot /home/subversion/www
    <Directory "/home/subversion/www">

        #
        # Possible values for the Options directive are "None", "All",
        # or any combination of:
        #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
        #
        # Note that "MultiViews" must be named *explicitly* --- "Options All"
        # doesn't give it to you.
        #
        # The Options directive is both complicated and important.  Please see
        # http://httpd.apache.org/docs-2.0/mod/core.html#options
        # for more information.
        #
        Options FollowSymLinks ExecCGI

        #
        # AllowOverride controls what directives may be placed in .htaccess files.
        # It can be "All", "None", or any combination of the keywords:
        #   Options FileInfo AuthConfig Limit
        #
        AllowOverride All

        #
        # Controls who can get stuff from this server.
        #
        Order allow,deny
        Allow from all

    </Directory>

    # Never show our internal .svn directories
    <DirectoryMatch "^/.*/\.svn">
        Order allow,deny
        Deny from all
    </DirectoryMatch>

    <Location /svn>
        DAV svn
        SVNParentPath /home/subversion/repositories
        SVNIndexXSLT "/insurrection.xsl"

        # our access control policy
        AuthzSVNAccessFile /home/subversion/authentication/access

        # try anonymous but require a user if needed
        Satisfy Any
        Require valid-user

        # how to authenticate a user
        AuthType Basic
        AuthName "Code-Host Repository"
        AuthUserFile /home/subversion/authentication/passwords
    </Location>

</VirtualHost>

#
# If there is SSL, enable that host too.
# Note that we annoyingly have to repeat the whole
# virtual host thing again.  BTW - best to have this
# match completely (or at least mostly, since we
# want to force login for https access.)
#
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerName svn
        ServerAlias svn.*
        UseCanonicalName Off
        CustomLog  /home/subversion/logs/access_log insurrection
        ErrorLog   /home/subversion/logs/error_log

        # To help reduce bandwidth usage, if the client supports it, use deflate
        SetOutputFilter DEFLATE
        AddOutputFilterByType DEFLATE text/* application/x-javascript
        DeflateCompressionLevel 6

        ## Get that SSL feature working...
        SSLEngine on
        SSLVerifyClient none
        SSLCertificateFile /etc/httpd/conf/httpd.pem

	## Turn off SSLv2
	SSLProtocol all -SSLv2
	SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

        #
        # The Insurrection tree lives here...
        #
        DocumentRoot /home/subversion/www
        <Directory "/home/subversion/www">

            #
            # Possible values for the Options directive are "None", "All",
            # or any combination of:
            #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
            #
            # Note that "MultiViews" must be named *explicitly* --- "Options All"
            # doesn't give it to you.
            #
            # The Options directive is both complicated and important.  Please see
            # http://httpd.apache.org/docs-2.0/mod/core.html#options
            # for more information.
            #
            Options FollowSymLinks ExecCGI

            #
            # AllowOverride controls what directives may be placed in .htaccess files.
            # It can be "All", "None", or any combination of the keywords:
            #   Options FileInfo AuthConfig Limit
            #
            AllowOverride All

            #
            # Controls who can get stuff from this server.
            #
            Order allow,deny
            Allow from all

            # We only want users with logins to use HTTPS
            Require valid-user

        </Directory>

        # Never show our internal .svn directories
        <DirectoryMatch "^/.*/\.svn">
            Order allow,deny
            Deny from all
        </DirectoryMatch>

        <Location /svn>
            DAV svn
            SVNParentPath /home/subversion/repositories
            SVNIndexXSLT "/insurrection.xsl"

            # our access control policy
            AuthzSVNAccessFile /home/subversion/authentication/access

            # try anonymous but require a user if needed
            Satisfy Any
            Require valid-user

            # how to authenticate a user
            AuthType Basic
            AuthName "Code-Host Repository"
            AuthUserFile /home/subversion/authentication/passwords
        </Location>

    </VirtualHost>
</IfModule>