SVN + Apache user MD5 encryption

SVN configuration

1. Pre-Installation Prerequisites

Get Subversion Server program to official website http://subversion.tigris.org/
I'm under Collabnetsubversion-server-1.6.5-6.win32.exe.

Get TORTOISESVN client program Http://tortoisesvn.net/downloads

Tortoisesvn-1.5.5.14361-win32-svn-1.5.4.msi

2. Configuration Instructions

The SVN service is open in two ways: the Svnserve Service (svn://) and its use with Apache (http://)

Go to the command line and switch to the installation Subversion directory (C:\Program files\collabnet\subversion Server), and execute the following command

Svnadmin Create E:\svn\repos//create a version library

Running the service process
In the Subversion directory, enter:
Svnserve-d-R E:\SVN
Note: the-D parameter effect is the same as--daemon
-R parameter effect is the same as--root
Svnserve will wait for the request on Port 3690,
The--daemon (two dash) option tells Svnserve to run as a daemon so that it does not exit before it is manually terminated. Do not close the command line window, and closing the window will stop the Svnserve.
You can create a. bat file directly to handle the following as a system service

SC create Svnserve binpath= "C:\Program files\collabnet\subversion server\svnserve.exe--service-r e:\svn" depend= Tcpip start= Auto

SC start Svnserve

Pause

The--root option sets the root location to limit the server's access directory, increasing security and saving time to enter Svnserve URLs
If you do not add the root argument, the service URL is: Svn://localhost/svn/repos
And if you add the root argument, the service URL is: Svn://localhost/repos

The startup configuration here affects the service URL, and if you enter a URL error, an exception occurs when you access it

To verify that Svnserve is working properly, use the TortoiseSVN-> repo-browser to view the version library. In the Pop-up URL dialog box, enter:
Svn://localhost/repos

An empty file directory is visible after successful access.

Configuring Users and Permissions
Open the E:\svn\repos1\conf directory with a text editor and modify the svnserve.conf:
Will:
# password-db = passwd

To
Password-db = passwd

That is, remove the previous # annotation and note that there is no space in front of it.
Then modify the passwd file in the same directory and add an account number:

Will:
[Users]
# Harry = Harryssecret
# sally = Sallyssecret

Add account Number:
[Users]
#harry = Harryssecret
#sally = Sallyssecret
admin= Admin

This can be done using client tortoise.

Install APACHESVN Server Tutorial (reprint)

Subversion's design includes an abstract network layer, which means that the version library can be accessed through a variety of server processes. In theory, subversion can be implemented with an unlimited number of network protocols, and there are currently two kinds of servers in practice.
? Svnserver:svnserve is a small (also called lightweight), stand-alone server that uses its own defined protocols and clients. (Author Note: This server is called the "Svnserver server" and the installation configuration above is the installation of the Svnserver server.) ）
? Apachesvn:apache is the most popular Web server, and by using the MOD_DAV_SVN module, Apache can access the version library and enable clients to access it using the HTTP extension protocol Webdav/deltav. (Author Note: This server is called "APACHESVN server" below)

Access to the version library via the Http protocol is one of the highlights of Subversion. APACHESVN servers have features that are not available in many Svnserve servers and are more flexible to use, but a bit difficult to configure, and flexibility often brings complexity.

Because Subversion requires versioning, the standard Http protocol does not meet the requirements. For Apache to work in conjunction with Subversion, you need to use WebDAV (web-based Distributed Authoring and Versioning:) Web Distributed Authoring and Versioning. WebDAV is an extension of HTTP 1.1, and the specification and working principle of WebDAV can be referenced in the IETF RFC 2518 (http://www.ietf.org/rfc/rfc2518.txt).

First, the necessary conditions
In order for your version library to use the HTTP network, you must have the following conditions:

1, configure good httpd 2.2.x, and start using Mod_dav.
2. Install MOD_DAV_SVN plugin for Mod_dav.
3, configure your httpd.conf, so that the HTTP protocol can access the version library.

The following is explained in detail in my configuration process.

Environment:
Os:windows XP SP2
Web:apache 2.2.6
svn:svn-win32-1.4.6

Second, the installation
1. Install Apache
The specific installation method see: "Install Apache 2.2.x under Windows"

2. Install Subversion
Will download down the Svn-win32-1.4.6.zip directly decompression can, for example, I extract to e:\subversion.
Copy Intl3_svn.dll, Libdb44.dll, mod_authz_svn.so, mod_dav_svn.so to the Apache module directory from the bin subdirectory of the Subversion installation directory (Apache installation directory Modules folder).

Three, basic Apache configuration
Modify the Apache configuration file httpd.conf and use LoadModule to load the MOD_DAV_SVN module.

Will
#LoadModule Dav_module modules/mod_dav.so

Change into:
LoadModule Dav_module modules/mod_dav.so

That is, remove the front "#" number.

Add to:
LoadModule Dav_svn_module modules/mod_dav_svn.so

Make sure it's after Mod_dav.

Now you've set up Apache and subversion, but Apache doesn't know how to handle subversion clients, such as TORTOISESVN. In order for Apache to know which directory is used as a subversion repository, you need to edit the Apache configuration file using an editor such as Notepad.

At the end of the configuration file, add the following lines:

<Location/repository>
DAV SVN
Svnpath E:/SVN/REPOS1
</Location>

This configuration tells Apache that you first need to enable Dav_module and then load Dav_svn_module. The external URL of the version library is: http://server ip/repository, all the Subversion version libraries are physically located in E:/svn/repos1.
After the configuration is completed, restart Apache, open the browser, enter the http://server ip/repository will see the following screen:



This means that the DAV_SVN module of Apache is working properly. Users can access your version library through the HTTP protocol using any kind of Subversion client.

If you want to specify more than one version library, you can use more than one Location label, or you can use Svnparentpath instead of Svnpath, for example, there are multiple versions of the library Repos1,repos2, and so on, as specified in the following manner:

<Location/repository>
DAV SVN
Svnparentpath E:/SVN
</Location>

"Svnparentpath e:/svn" means that each subdirectory under E:\SVN is a version library. can be accessed through the http://server ip/repository/repos1,http://server Ip/repository/repos2.

Your version library is now accessible to anyone and has full write permission. That is, anyone can read, modify, submit, and delete the contents of the version library anonymously (note: You do not need to configure the E:\svn\repos\conf\svnserve.conf file at this time, and you do not need to start E:\subversion\bin\ Svnserve.exe. Because the submission is handled via the Apache DAV module, not by Svnservice. )。 We know by using TORTOISESVN client authentication.
Obviously most of the occasions this is not in line with demand. So how do you set the permissions, Apache provides the basic permissions settings:

Four, authentication option
1. Basic HTTP Authentication
The simplest method of client authentication is to authenticate a user by using the HTTP Basic authentication mechanism, and simply use the username and password. Apache provides a HTPASSWD tool to manage a user file that contains user names and encrypted passwords, which you want to give the Subversion special privileges to. HTPASSWD can be found in the Apache Bin installation directory. The specific use of the following methods:

To create a user file:
Htpasswd-c/etc/svn/passwordfile username

Add new User (-m to MD5 encrypted password):
htpasswd [m]/etc/svn/passwordfile Newusername

change user password:
htpasswd [m]/etc/svn/passwordfile username

Delete User (to use uppercase D):
Htpasswd–d/etc/svn/passwordfile username


Next, modify httpd.conf and add the following in the Location tag:

AuthType Basic
AuthName "SVN repos"
AuthUserFile e:/usr/apache2.2/bin/passwd
Require Valid-user

Description
AuthType Basic: Enable Basic authentication, such as username/password pairs.
AuthName "SVN repos": Information that appears in the authentication dialog box when an authentication dialog box pops up. (preferably in English, TORTOISESVN does not support Chinese, except for installation language packs.) ）
AuthUserFile e:/usr/apache2.2/bin/passwd: Specifies E:\usr\Apache2.2\bin\passwd as a user file to authenticate the user's username and password.
Require valid-user: Restrict users to access this path only if they have entered the correct username and password

Restart Apache and open the browser to access the version library. Apache will prompt you to enter your username and password to authenticate the login, and now only users in the passwd file can access the version library. You can also configure only specific users to be able to access, replacing the above "Require Valid-user" as "Require user Tony Robert" will only have user files in which Tony and Robert can access that version of the library.

Sometimes you may not need such strict access control, for example, most open source projects allow anonymous read operations, and only authenticated users allow write operations. To achieve more granular authorization, you can use the Limit and limitexcept tags. For example:

<limitexcept Get PROPFIND OPTIONS report>
Require Valid-user
</LimitExcept>

The above configuration will give anonymous users read access, and restrict only those users configured in passwd to use write operations.
If this does not meet your requirements, you want accurate control of the version Library directory access, you can use the Apache MOD_AUTHZ_SVN module for each directory authentication operation.

2, using MOD_AUTHZ_SVN for Directory access control
First you need to have Apache load the MOD_AUTHZ_SVN module in. Locate the MOD_AUTH_SVN module in the Subversion installation directory and copy it to the modules subdirectory of the Apache installation directory. Modify the httpd.conf file and add:

LoadModule Authz_svn_module modules/mod_authz_svn.so

You can now use the Authz feature in the Location tab. A basic Authz configuration is as follows:

<Location/repository>
DAV SVN
Svnparentpath E:/SVN

# Our Access control Policy
Authzsvnaccessfile e:/usr/apache2.2/bin/accesspolicy.conf

# Try anonymous access resort to Real
# Authentication if necessary.
Satisfy any
Require Valid-user

# How to authenticate a user
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile e:/usr/apache2.2/bin/passwd
</Location>

Authzsvnaccessfile is pointing to the Authz policy file, which can be specified in the policy file with detailed permission controls. The syntax for accessing the file accesspolicy.conf is very similar to the svnserve.conf and Apache configuration files, and the rows beginning with (#) are ignored; In its simple form, each section names a version library and a path inside. The authenticated user name is the option name in each subsection; the value of each option describes the level at which the user accesses the version library: R (read-only) or RW (read-write), which is not allowed if the user does not mention it, or if the value is left blank; * represents all users, using it to control the access rights of anonymous users; Such as:

[Groups]
Committers = Paulex, Richard
Developers = Jimmy, Michel, Spark, Sean

[/]
* = R
@committers = RW

[/branches/dev]
@developers = RW

[/tags]
Tony = RW
[/private]
* =
@committers = R

When you use Svnparentpath instead of Svnpath to specify the parent directory for multiple versions of libraries, all of the version libraries are configured according to this policy file. For example, in the example above, Tony will have read and write access to the/tags directory in all versions of the library. If you want to configure each version of the library, use the following syntax:

[Groups]
Project1_committers = Paulex, Richard
Project2_committers = Jimmy, Michel, Spark, Tony, Robert

[repos1:/]
* = R
@ project1_committer = RW

[repos2:/]
* = R
@ project2_committer = RW

Such a repos1 project1_committer group can only write permissions to files under the REPOS1 version Library and cannot modify the version library Repos2, and REPOS2 groups Project2_commiter also cannot modify files in REPOS1 version libraries.

FAQ:

1. Error message prompts when path or insufficient permissions are present:

http://localhost (incorrect path)
Error * PROPFIND request failed on '/' PROPFIND of '/': OK (http://localhost)

HTTP://LOCALHOST/SVN (Insufficient permissions)
Error * PROPFIND request failed on '/SVN ' PROPFIND of '/svn ': 403 Forbidden (http://localhost)

Http://localhost/svn/repos (normal display)

Http://localhost/repos (permission not allowed)
Error * PROPFIND request failed on '/repos ' PROPFIND of '/repos ': 405 Method not allowed (http://localhost)


2. Do not start E:\subversion\bin\svnserve.exe, but start apachesvn, access (tortoisesvn–> Repo–browser) or submit (SVN commit) as follows:

Phenomenon: Svn://localhost/svn/repos cannot access or submit, hint: Error * can ' t connect to host ' localhost ': unable to connect due to the active refusal of the target machine. But File:///e:/svn/repos and http://localhost/svn/repos can be accessed or submitted.

Reason: svn://is a standalone server svnserver its own protocol. file:///is a local access, that is, the server side and the client are on a machine.