Guest post by my brother John.
Mike and I need a good place to share code, so I decided to install subversion on our server. I had a couple requirements for our source control setup:
- accessible from anywhere
- browsable via the web
- authenticated access (for both read and write — this is for private code)
- secure connection (don’t want my password sent in the clear)
- easy to use (eg, once I have a working copy set up, I don’t want to type my password every time it connects to the server)
I looked at the options, and discovered that svn+ssh can be a great secure option, but didn’t deliver on everything I wanted. I decided to try subversion over HTTPS, and so far I’m very happy with that solution.
Environment
When I started, I didn’t have Subversion installed on our server, I didn’t have WebDav enabled, and I didn’t have any sites set up with SSL. I did have several basic virtual hosts set up in Apache 2, and a couple tutorials to help me along the way.
Install Subversion and set up repository
Start by installing subversion. On Ubuntu, it was as easy as this (thanks to this Introduction to Subversion):
sudo aptitude install subversion
Then we want to create our first repository. I decided to have only a single repository, which will store all of our projects. It’s fairly simple to change to multiple repositories if desired. You can put the repository just about anywhere, but I wanted a common location, so I used this:
sudo mkdir /var/repository sudo svnadmin create /var/repository
We’re going to want Apache to be able to write to the repository, so we’ll make it own the files right now (apache runs as www-data on my server):
sudo chown -R www-data.www-data /var/repository
Set up authentication
We’re going to use basic HTTP authentication over our SSL connection. To do this, we’ll need to set some users and passwords up in a new /etc/svn-passwd file (you could put it somewhere else, if you want):
sudo htpasswd -cm /etc/svn-passwd john sudo htpasswd -m /etc/svn-passwd mike
The first command created a new /etc/svn-passwd file, and set the password for john using an md5 hash. The second command set the password for mike. Both of them prompt for the new password to be set.
I’m not going any further than that on authentication. I believe that I could set up more detailed privileges in the /var/repository/conf/svnserve.conf file, but I’m not going to worry about that — any user that is able to authenticate via the svn-passwd file will be granted full access to the repository.
Create self-signed certificate
For my purposes, a free self-signed certificate for SSL is all I need. I found a great tutorial on creating this cert, and followed all of their directions. First, I made sure that the ssl-cert package was installed:
sudo aptitude install ssl-cert
Then I created the cert by running the following command and answering all prompts:
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/certs/selfsigned.pem
Install and configure SSL
I mostly followed the instructions in this tutorial to enable and configure SSL support. mod_ssl was already installed, but not enabled, so I ran this to enable it:
sudo a2enmod sslThat links the mod_ssl.conf and mod_ssl.load files into /etc/apache2/mods-enabled/. The default settings in mod_ssl.conf should be fine.
Now we need to set up SSL on one of our vhosts. Choose a vhost, edit the conf file for it, and duplicate the existing virtual host with a few modifications.
<VirtualHost *:80> ServerAdmin webmaster@localhost ServerName domain.com ... </VirtualHost>
Copy that, change to 443, and enable SSL:
<VirtualHost *:443> ServerAdmin webmaster@localhost ServerName domain.com ... SSLEngine on SSLCertificateFile /etc/ssl/certs/selfsigned.pem </VirtualHost>
Now restart Apache, and make sure there are no errors on startup:
sudo /etc/init.d/apache2 restart
Test that https is indeed working: https://domain.com/
Install mod_dav and mod_dav_svn
We need to make sure the mod_dav_svn.so is installed on the server.
sudo aptitude install libapache2-svn
Check and make sure that the mods-enabled directory contains links to both dav.load and dav_svn.load — if not, run these commands:
cd /etc/apache2/mods-enabled sudo ln -s ../mods-available/dav.load sudo ln -s ../mods-available/dav_svn.load
Edit that virtual host conf file again, and add a new section inside the 443 virtual host:
<VirtualHost *:443> ServerAdmin webmaster@localhost ServerName domain.com ... <Location /svn> DAV svn SVNPath /var/repository AuthType Basic AuthName "Subversion repository" AuthUserFile /etc/svn-passwd Require valid-user </Location> SSLEngine on SSLCertificateFile /etc/ssl/certs/selfsigned.pem </VirtualHost>
Restart apache once again:
sudo /etc/init.d/apache2 restart
And now you should be able to access svn via https, using the user and password you set up in the svn-passwd file at https://domain.com/svn/
And If you want to import a project to the repository, you should be able to do something like this:
svn import /path/to/existing/code https://domain.com/svn/myproject/trunk -m "initial import"
Hope this helps someone, and that I didn’t forget any key steps in the process.
0 comments:
Post a Comment