5 Using The https:// Protocol
If you want to use https://, please follow chapter 4, and then do this to enable the SSL Apache module and the default SSL web site:
a2enmod ssl
a2ensite default-ssl
/etc/init.d/apache2 restart
(Please note that the default Apache SSL web site uses a self-signed certificate. You might want to replace it with a certificate from a trusted CA. You might want to check out this tutorial for more details: How To Set Up An SSL Vhost Under Apache2 On Ubuntu 9.10/Debian Lenny.)
Now you can access SVN through https:// and also http://. If you want https:// only, you can disable http:// as follows:
Open /etc/apache2/mods-available/dav_svn.conf and comment out/remove the section that you have added in chapter 4:
vi /etc/apache2/mods-available/dav_svn.conf
[...] # <Location /svn> # DAV svn # SVNParentPath /var/lib/svn # AuthType Basic # AuthName "Subversion Repository" # AuthUserFile /etc/apache2/dav_svn.passwd # <LimitExcept GET PROPFIND OPTIONS REPORT> # Require valid-user # </LimitExcept> # </Location> |
Then open the vhost configuration file /etc/apache2/sites-available/default-ssl of the default SSL vhost and add the same section between <VirtualHost> and </VirtualHost>:
vi /etc/apache2/sites-available/default-ssl
[...] <Location /svn> DAV svn SVNParentPath /var/lib/svn AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dav_svn.passwd <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> </Location> [...] |
Then restart Apache:
/etc/init.d/apache2 restart
You can do a checkout as follows using the https:// protocol:
svn co --username falko https://192.168.0.100/svn/myproject /home/falko/somedir
Please note: If you decide to use http:// or https:// to access SVN, do not use any of the other protocols anymore to write to SVN because the ownerships of the changed files will not match the Apache user/group if you do not use http:// or https://!
6 Using The svn:// Protocol
We can use the svn:// protocol by starting the svnserve daemon.
Before we do this, let's configure password protection for our repository. There's a conf/svnserve.conf file in each repository, so for /var/lib/svn/myproject it's /var/lib/svn/myproject/conf/svnserve.conf. open that file...
vi /var/lib/svn/myproject/conf/svnserve.conf
... and uncomment the password-db = passwd line:
[...] [general] ### These options control access to the repository for unauthenticated ### and authenticated users. Valid values are "write", "read", ### and "none". The sample settings below are the defaults. # anon-access = read # auth-access = write ### The password-db option controls the location of the password ### database file. Unless you specify a path starting with a /, ### the file's location is relative to the directory containing ### this configuration file. ### If SASL is enabled (see below), this file will NOT be used. ### Uncomment the line below to use the default password file. password-db = passwd ### The authz-db option controls the location of the authorization ### rules for path-based access control. Unless you specify a path ### starting with a /, the file's location is relative to the the ### directory containing this file. If you don't specify an ### authz-db, no path-based access control is done. ### Uncomment the line below to use the default authorization file. # authz-db = authz ### This option specifies the authentication realm of the repository. ### If two repositories have the same authentication realm, they should ### have the same password database, and vice versa. The default realm ### is repository's uuid. # realm = My First Repository [...] |
passwd refers to the passwd file in the same directory, i.e., /var/lib/svn/myproject/conf/passwd. Open that file and add your SVN users and passwords (passwords are in clear text):
vi /var/lib/svn/myproject/conf/passwd
### This file is an example password file for svnserve. ### Its format is similar to that of svnserve.conf. As shown in the ### example below it contains one section labelled [users]. ### The name and password for each user follow, one account per line. [users] falko = falkospassword till = tillspassword |
We can now start the svnserve daemon:
svnserve -d -r /var/lib/svn/
(The -d switch makes it run as a daemon in the background.)
Run
netstat -tap | grep svn
and you should see that snvserve is listening on port 3690 (:svn):
root@server1:~# netstat -tap | grep svn
tcp 0 0 *:svn *:* LISTEN 2682/svnserve
root@server1:~#
Now we can use the svn:// protocol. For example, a checkout can be done as follows:
svn co --username falko svn://192.168.0.100/myproject /home/falko/somedir
7 Using The svn+ssh:// Protocol
To tunnel the svn:// protocol through SSH, just follow chapter 6 and make sure you have an SSH damon running on your Debian system (if you have not, you can install it by running
apt-get install openssh-server ssh
)
That's it! All you have to do now is to use svn+ssh:// instead of svn://, for example, a checkout can be done as follows:
svn co --username falko svn+ssh://192.168.0.100/var/lib/svn/myproject /home/falko/somedir
8 Links
- Subversion: http://subversion.apache.org/
- Debian: http://www.debian.org/