Archive

Posts Tagged ‘apache’

Subversion + Apache + SSL

November 4, 2009 Leave a comment

This article will explain how to setup subversion with apache.

But before setting up subversion, you need to create a directory where you wish to keep all your repositories(mine is under /project/myrepo). SVN repository is then created by svnadmin.

mkdir /project/myrepo

svnadmin create /project/myrepo

Note :
You might encounter problems due to old libsvn_fs library accessing newer database schema, In such cases, you will see an error like

svn: Expected FS format between ‘1’ and ‘3’; found format ‘4’

All you need to do is to create a repository by issuing a flag command

svnadmin create /project/svnrepo –pre-1.4-compatible

for details refer http://svn.collab.net/repos/svn/trunk/notes/repos_upgrade_HOWTO –> will help you upgrading/downgrading SVN.

Apache with SSL will provide higher levels of user access control. This set up in encouraged when repository is used by many projects. Since the rpms for some required packages are not availabe, you may need to compile the apache from source.(Get the latest source from http://httpd.apache.org/download.cgi)

Apache httpd installation:
wget http://www.reverse.net/pub/apache/httpd/httpd-2.2.11.tar.gz
tar -zxvf httpd-2.2.11.tar.gz
cd httpd-2.2.11
./configure --prefix=/usr/local/subversion/ --enable-dav --enable-so --enable-ssl
make && make install

After that, install subverion:
wget http://subversion.tigris.org/downloads/subversion-1.5.5.tar.gz
tar -zxvf subversion-1.5.5.tar.gz
cd subversion-1.5.5
./configure --prefix=/usr/local/subversion/ --with-apxs=/usr/local/subversion/bin/apxs --with-ssl
make && make install

Now create a user and a group to run the repository:
groupadd svn
useradd -m -d /home/svn/ -g svn svn

Now that you want to create more repositories. In that case, make the directories and create repositories using svnadmin create command. For example, if you have two projects, Project1 and Project2 and you want to add them to repository,

su - svn
mkdir /project/Project1
mkdir /project/Project2
svnadmin create /project/Project1
svnadmin create /project/Project2

Add the following lines to /usr/local/subversion/conf/httpd.conf:
ServerRoot "/usr/local/subversion/"
User svn
Group svn
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

Add following lines also to turn on SSL mode:
Listen 443
SSLEngine On
SSLCertificateFile /usr/local/subversion/cert/server.crt
SSLCertificateKeyFile /usr/local/subversion/cert/server.key

You can use htaccess to provide user authentication.Create a htaccess file using the command:
sudo htpasswd -cm /etc/svn-auth-file
More svn users can be added by issuing
sudo htpasswd -m /etc/svn-auth-file

Add the following lines to httpd conf file to allow accessing svn repository:

DAV svn
SVNParentPath /home/svn/
SVNListParentPath on
#setting access control policies
AuthzSVNAccessFile /etc/svn-access-file
Require valid-user
AuthType Basic
AuthName "Inhouse Subversion repository"
#User authentication file
AuthUserFile /etc/svn-auth-file

Given below is the sample of svn access control file.:
[/]
* = r
[groups]
dev = dev1, dev2
qa = qa1, qa2
build = build1
[repositories:/Project1]
@dev = rw
[repositories:/Project2]
@qa = rw
[/]
@build = rw

The first two statements tells you that anonymous user has read access to all repositories. Three groups dev, qa and build are created. Groups dev and build have read/write access to Project1 while qa doesn’t have access. Similarly groups qa and build have read/write access to Project2 where dev does not.

Create a new init script /etc/init.d/apache. Copy the existing httpd deamon to apache and reset the httpd path and CONFFILE path to newly subversion with apache. Then stop the existing apache and start run the command

service apache start

Finally checkout https://localhost/svn/myrepo/

You will see the repositories added in myrepo 🙂


Importing existing repositories:

You can import exisitng repositories which doesn’t have apache access to the new one. Type the following command
svn import /path/to/old/repo/ file:///project/myrepo/ -m “Initial Project import”
and check the url at https://localhost/svn/myrepo/
You will see your new project imported to the new subversion. Note, this will not modify your existing subversion repository.

Categories: apache, ssl, Subversion Tags: , ,