Use apache + svn + ssl to configure the secure version control platform in Centos

The company decided to migrate svn from windows to linux. With this article, mosquitoes decided to record the process of configuring apache + svn + ssl in linux for later viewing.

Environment:

Centos 5.4 _ x64
Apache 2.2.14
Subversion-1.4.2 (the latest version is not considered due to packet relevance issues)

Installation Process:

1. install apache

#. /Configure -- prefix =/usr/local/apache -- enable-so -- enable-dav = shared -- enable-dav-fs = shared -- enable-dav-lock = shared -- enable- ssl = shared

Make

Make install

This configuration is sufficient if apache is not used for other purposes.

2. subversion Installation

Subversion-1.4.2] #./autogen. sh # It is recommended that you execute this command first. The subversion will be initialized. Previously, the mosquito reported an error when making. Then, after executing this operation, make went smoothly.

Subversion-1.4.2] #. /configure -- with-apxs =/usr/local/apache/bin/apxs -- with-apr =/usr/local/apache/bin/apr-1-config -- with-apr-util =/ usr/local/apache/bin/ apu-1-config -- with-ssl

Subversion-1.4.2] # make
Subversion-1.4.2] # make install

At this point, if no error occurs, the installation is complete. The configuration phase is as follows:

1. apache configuration

Normal Installation

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule ssl_module modules/mod_ssl.so

These modules are not commented out.
Include conf/extra/httpd-dav.conf
Include conf/extra/httpd-ssl.conf

Remove the preceding comments from the two rows.

Edit conf/extra/httpd-dav.conf, add the following content, and delete all other content

<Location/svn> # The access path specified on the url or svn Client
DAV svn # declare svn
SVNParentPath/data3/svn # is used to represent the common parent directory. All different version libraries are stored in this directory.
AuthzSVNAccessFile/data3/svn/authz # specify the version library access policy file in the SAVE path
AuthType Basic # simple authentication method and password file storage location for apache
AuthName "Subversion repository"
AuthUserFile/data3/svn/htpasswd
Require valid-user
</Location>

After editing, save and exit. Because the password transmitted through http access is in plain text, you also need to configure ssl for encrypted transmission.

To configure ssl, follow these steps:

Step 1: Create the key and request:
Openssl req-new> new. cert. csr

Step 2: delete passphrase from the key (optional ):
Openssl rsa-in privkey. pem-out new. cert. key

Step 3: Convert the request to signed sert:
Openssl x509-in new. cert. csr-out new. cert. cert-req-signkey new. cert. key-days 1825

Step 4: copy the cert and key files to the appropriate location:
Cp new. cert. cert/usr/local/apache/conf/server. crt
Cp new. cert. key/usr/local/apache/conf/server. key

NOTE: If passphrase is not deleted from the key in step 2, you must enter the password each time you start apache. This means that if your server is restarted for some reason, your web server will not be started unless you manually enter the password next to the server.

Now, apache configuration is complete, and the subversion is configured.

2. subversion Configuration

Create an authz file under/data3/svn with the following content:

[Group]
Test = abc

[Test:/]
@ Test = rw

Save and exit.

Set the abc Password

/Usr/local/apache/bin/htpasswd-bc/data3/svn/htpasswd abc 12345678.

In this way, the htpasswd file will be created under/data3/svn with the following content:

Abc: gtnqpowogqB/Y

The password is encrypted.

Create the test database:

Svnadmin create/data3/svn/test

Now you can start apahce to test: https: // ip/svn/test. You can also use the svn client to access svn listhttps: // ip/svn/test, enter the user name and password to access the new test database.

©2010, late night mosquitoes. All Rights Reserved. If reprinted, please note: Reprinted from the mosquito space [http://www.wenzizone.cn]