Subversion Using Apache And SSL
So you’d like to host a SVN repository which allows fine-grained access control and different users and projects? Look no further, as we’ll be covering how to achieve just that in this post. What we’ll be using is the Apache Web server (with SSL encryption), SubVersion and Trac which is a web-based software management package. I’ll be doing this on my Kubuntu Hardy Heron (Linux debian) machine, so if you’re installing it under a different version / OS instructions may vary slightly.
Note: You will need sudo access rights and a basic text editor (such as Kate) to do these.
Step 1: Install Apache httpd
This is as simple as installing the ‘apache2′ package using apt-get or aptitude:
$ sudo aptitude install apache2
For further detail on the installation of the Apache web server, see this.
Step 2: Install Subversion & Apache SVN Libraries
Similar to step 1, to install the subversion and the svn libraries for apache, simply run:
$ sudo aptitude install subversion libapache2-svn
Step 3: Enable SSL
First we enable the Apache ssl module, followed by adding ‘Listen 443′ to the Apache2 port configuration file (see below):
$ sudo a2enmod ssl $ sudo kate /etc/apache2/ports.conf
After opening the ports.conf file, make sure that the following is in the file:
<IfModule mod_ssl.c>
Listen 443
</IfModule>Step 4: Generate SSL Certificate
Once we have enabled the SSL module, we need to generate a certificate to use:
#create dir where ssl certificates will go: $ sudo mkdir /etc/apache2/ssl #create certificate (should launch application asking some basic questions) $ sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
Step 5: Create a Virtual Host
#copy default folder to svnserver folder $ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/svnserver #Open svnserver: $ sudo kate /etc/apache2/sites-available/svnserver
Now, within the svnserver file, change the following:
"NameVirtualHost *" to "NameVirtualHost *:443" "<VirtualHost *>" to <VirtualHost *:443>"
Directly under ‘ServerAdmin’, add the following:
SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM
Step 6: Enable The Site
$ sudo a2ensite svnserver $ sudo /etc/init.d/apache2 restart #To avoid warnings when restarting apache2, add "ServerName $your_server_name" to /etc/apache2/apache2.conf
Step 7: Add Repositories
To host more than one repository, use the following configurations, replacing $REPOS with the name of your repository-folder, for example I’ve used ’svn-repos’
$ sudo mkdir /var/svn $ sudo svnadmin create /var/svn/$REPOS $ sudo chown -R www-data:www-data /var/svn/$REPOS $ sudo chmod -R g+ws /var/svn/$REPOS
Step 8: Add Authenticated User
Add a user using the following, substituting $username with your selected username. You’ll be prompted for a password.
$ sudo htpasswd -c -m /etc/apache2/dav_svn.passwd $username
Step 9: WebDAV and SVN Configuration
Open the file: /etc/apache2/mods-available/dav_svn.conf using Kate, and either enable (uncomment) or add the following:
<Location /svn> DAV svn SVNParentPath /var/svn/ AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dav_svn.passwd Require valid-user SSLRequireSSL </Location>
Now restart the Apache2 webserver one final time:
$ sudo /etc/init.d/apache2 restart
Step 10: Test It !
Point your browser to: https://localhost/svn/$REPOS (where $REPOS is your specific svn repository)
You should now see something like “Revision 0: /” appear – this is our first SVN repository contents. Obviously it is empty, so let’s get right stuck into
testing it out with some SVN!