nginx, Apache 2 and subversion – 502 Bad Gateway error

All subversion checkouts, commits and other basic operations work as expected, but when attempting to copy, move or tag (copy) a (502 Bad Gateway) error presents itself.

greg@codemine:~/code/Foo (git-svn)-[trunk] %>; git svn tag foo-2.1.1
 Copying https://svn/projects/Foo/trunk at r18311 to https://svn/projects/Foo/tags/foo-2.1.1...
 RA layer request failed: Server sent unexpected return value (502 Bad Gateway) in response to COPY request for '/projects/!svn/bc/18311/Foo/trunk' at /usr/libexec/git-core/git-svn line 1123

There is a machine running nginx on port 80 (and 443 SSL) that serves as a reverse proxy for among other things subversion repositories. subversion runs on the backend on apache2.

The Problem

When performing a remote svn operation like MOVE or COPY the actual request is translated into a WebDAV request that looks similar to this:

COPY /svn/repos/oldname.txt HTTP/1.1

Apache, the webserver, translates the above request to:


It uses the Host parameter and the first request line COPY /svn/repos/oldname.txt HTTP/1.1 to assemble the source URL,

However, since requests are being reverse proxied through nginx, the source URL is changed from https:// to http:// as Apache listens on port 80 (HTTP). This results in a COPY operation that looks like this:

Note the http:// instead of https://

Apache determines it can not move a file to, for as far as Apache is concerned and are two entirely different hosts.  This results with a "502 Bad Gateway" error.

The Solution

Configure nginx to change the Destination header in the same way it changes the Host header; whereas, Apache can then handle the COPY or MOVE operation correctly. This is done by adding the following to your nginx configuration:

set $fixed_destination $http_destination;
 if ( $http_destination ~* ^https(.*)$ ) {
 set $fixed_destination http$1;
 proxy_set_header Destination $fixed_destination;
Example Configs


server {  
    listen 80;
    rewrite ^(.*)$1 permanent;

server {  
    listen 443;

    ssl on;
    ssl_certificate /etc/nginx/conf.d/;
    ssl_certificate_key /etc/nginx/conf.d/;
    ssl_verify_depth 3;

    client_max_body_size 100m;
    access_log /var/log/nginx/;

    location / {
        set $fixed_destination $http_destination;
        if ( $http_destination ~* ^https(.*)$ ) {
            set $fixed_destination http$1;
        proxy_set_header Destination $fixed_destination;
        proxy_set_header Host $http_host;

        proxy_pass http://localhost:9080;
        proxy_connect_timeout 75;
        proxy_read_timeout 300;
        proxy_send_timeout 300;


<VirtualHost *:9080>  
    ErrorLog /var/log/apache2/
    <Location />
        DAV svn
        DAVMinTimeout 0
        SVNParentPath /home/svn
        AuthType Basic
        AuthName "Subversion Repos"
        AuthUserFile /home/svn/.htpasswd
        AuthzSVNAccessFile /home/svn/conf/authz
        Require valid-user