We are trying to implement a simple push/deploy system using Bitbucket's webhooks. This works properly with our PHP script when Apache is not configured to use the SSLEngine and certificates; however, we cannot seem to figure out how to let Bitbucket post to our web server once we enable certificates.
We have tried changing the client verification at the virtual host to optional, and adding SSLVerifyClient require
to all directories except the deploy directory. But it seems like SSLVerifyClient require
cascades down from the root directory (/myexample/www) to all its sub directories. Any recommendations on how to configure this properly?
ssl-conf:
SSLStrictSNIVHostCheck off
<VirtualHost *:443>
ServerName example.com
DocumentRoot /myexample/www
WSGIScriptAlias / /myexample/www/thingshere/wsgi.py
<Directory /myexample/www>
Options Indexes Followsymlinks
AllowOverride all
Require all granted
</Directory>
<Directory /myexample/www/deploy>
Options Indexes Followsymlinks
AllowOverride all
Order allow,deny
Allow from all
#Require all granted
#Allow from 131.103.20.165
#Allow from 131.103.20.166
</Directory>
<Directory /myexample/www/thingshere>
Options Indexes Followsymlinks
AllowOverride all
Require all granted
<Files wsgi.py>
Require all granted
</Files>
</Directory> LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /path/mycert.crt
SSLCACertificateFile /path/mycertca.crt
SSLCertificateKeyFile /path/mycertkey.key
SSLVerifyClient require
SSLVerifyDepth 10
SSLCACertificateFile /path/mycert.crt