Install Apache-based SVN server (including SSL configuration) in Windows )[

Source: Internet
Author: User
Tags apache error log openssl rsa openssl x509 subversion client tortoisesvn
Modification history:
V0.1 2006-08-06
Add SSL configuration to v0.2 2006-09-10
V0.21 fixed an error in 2.3 configuration (reported by blair1978)
V0.23 add two necessary files in Attachment 1. Otherwise, the SSL certificate cannot be created.
Fixed a certificate creation command error.
V0.26 2006-10-16 update mod_ssl.so in mod_ssl_etc.rar (OpenSSL Required Software Package ),
Http://bbs.iuse SVN . Com/thread-418-1-1.html provides
V1.0 2007-8-19: apache2.2.4 supported

Please pay attention to the original source, version, author (translator) http://bbs.iusesvn.com/thread-158-1-1.html
--------------------------------------------------------------------------------

1. Introduction
2. Installation Process
2.1. install Apache
2.2. Install Subversion
2.3. Configuration
2.4. use SSL to protect your server

Summary

This article describes how to configure servers in tortoisesvn1.3.5. You have made some adjustments and adjustments as needed. For more information, see section 3.1. Apache based server in tortoisesvn1.3.5.

To use tortoisesvn (or other subversion clients), you must have a place to store the version library. You can store version inventory on the local machine and use file: //
You can also put them on a server and Use http: // or SVN: // protocol for access. The two Server protocols (http: // and SVN: //) can also be encrypted

Https: // and SVN + SSH ://. Next, we will show you step by step how to configure such a server on Windows.

If you do not have a server or you only want to work independently, it is your best choice to store the version inventory on your local machine and use the file: // protocol for access. In this way, you can skip this article.

Note: currently, the subversion in windows can be used with apache2.2.x. However, the attachments in this article are only tested on apache2.0.x.

1. Introduction
Among all the Subversion server configuration methods, APACHE-based configuration is the most flexible. Although the configuration is a little complicated, it does not provide the advantages of other methods:

Reference:

WebDAV
The Apache-based Subversion server is used by many otherProgramSupported WebDAV protocols. For example, you can mount such a version library into a "webfolder" in Windows Resource Manager and access it like other folders in the file system.

Browse version Library
You can use a browser to browse the content in the version library without installing the Subversion client. This will allow a wider range of users to access your data.

User verification
You can use any authentication mechanism supported by Apache, including sspi and LDAP.

Security
Apache is very stable and secure, so your version library naturally has the same security. Including SSL encryption.

2. Installation Process
2.1. install Apache
Before installing Apache, you must have a computer running Windows2000, Windows XP + SP1, or Windows2003.

Warning: Please note that Windows XP without Service Pack 1 will cause incorrect network data and damage your version library!

From http://httpd.apache.org/download.cgi
The latest Apache Web Server version. Make sure that the version you downloaded is later than 2.0.54. Apache of version 2.0.54 cannot be used with subversion
1.3.xx. Apache versions earlier than 2.0.54 cannot work with subversion1.2 due to a bug in Windows compilation.
.

Once you have installed apache2, you can double-click it to guide you through the entire installation process. Make sure that you enter the correct server URL (If your server does not have a DNS name,
You can directly enter the IP address ). I suggest you install Apache into for all users, on port 80, as
Service. Note: If you already have an IIS or other program that uses port 80, the installation may fail. If so, you can go to Apache under the program directory
In the group \ apache2 \ conf directory, find the file httpd. conf and change Listen 80 to an unused port, such as listen.
81. Then re-run the installation program. This time there should be no problem.

Now you can type http: // loccalhost in your browser. If a configured website is displayed, your Apache installation is successful.

Warning:

If you install Apache as a service, it runs as a local system account. It is safer to create a separate user for Apache to run it.

Make sure that the user running Apache has full access to the version library.Permission(Right-click the version library directory-& gt; properties-& gt; security ). Otherwise, users cannot submit their changes.

Even if Apache runs on a local system, you must set it to fully read and write the version library directory.

If this license is not configured for Apache, the user will get the error message "forbidden access", which is displayed as Error 500 in the Apache error log.

2.2. Install Subversion
From http://subversion.tigris.org/ser... entlist? Folderid = 91 (English)
Or
Http://bbs.iusesvn.com/forum-7-1.html (ChineseDownload the latest version of subversion.

Run the Subversion Installer. If the installer can identify that you have installed Apache, your installation will be okay. If it cannot, you need to take some additional steps.
Note: If you first install Apache and then install subversion, the following work will be done normally (before configuration 2.3 ).
Use the resource manager to enter the sibversion installation directory (usually c: \ Program
Files \ subversion), find the files httpd/mod_dav_svn.so and mod_authz_svn.so, and copy them to Apache
(Usually c: \ Program Files \ apache group \ apache2 \ modules ).

Copy the file libdb43.dll from the Subversion installation directory to the modules directory of Apache.

Use a text editor such as NotePad to edit the Apache configuration file (usually c: \ Program Files \ apache group \ apache2 \ conf \ HTTD. conf) and modify the following content:

Remove the comments from the following line (delete the beginning ):

Copy content to clipboard

Code :

# Loadmodule dav_fs_module modules/mod_dav_fs.so
# Loadmodule dav_module modules/mod_dav.so

Add the following two lines at the end of the loadmodule section:

Copy content to clipboard

Code:

Loadmodule dav_svn_module modules/mod_dav_svn.so
Loadmodule authz_svn_module modules/mod_authz_svn.so

2.3. Configuration
Now you have installed Apache and subversion, but Apache does not know if it processes subversion clients like tortoisesvn.
To let Apache know which URL will be used by subversion, You need to edit the Apache configuration file (usually in c: \ Program
Files \ apache group \ apache2 \ conf \ httpd. conf ):

Add the following lines at the end of the configuration file:

Copy content to clipboard

Code:

& Lt; Location/SVN & gt;
Dav SVN
Svnparentpath D: \ SVN
Authtype basic
Authname & quot; subversion repositories & quot;
Authuserfile D: \ passwd
# Authzsvnaccessfile D: \ svnaccessfile
Require valid-user
& Lt;/Location & gt;

This configuration indicates that all your version libraries will be located in the D: \ SVN directory. to access your version library, you can use this URL: http: // myserver/SVN /, the access permission is restricted by the user name/password in the passwd file.

To create a passwd file, open the command line (DOS window) and switch the current directory to The apache2 directory (usually c: \ Program Files \ apache group \ apache2 ), run the following command to create a file:

Copy content to clipboard

Code:

Bin \ htpasswd-C passwd & lt; username & gt;

This command executes htpasswd.exe in the bindirectory to create a password file and restart the apache service.

Direct your browser to http: // myserver/SVN/mynewrepository (mynewrepository is the Subversion version library you created earlier ). If everything is normal, you will be prompted to enter the user name and password. after entering the correct user name and password, you will be able to see the content in the version library.

Briefly describe the Apache configuration you just entered:

Reference:

& Lt; Location/SVN & gt;

This means that you can access the Subversion library through a URL like this (http: // myserver/SVN ).

Dav SVN

Tell apache which module is responsible for serving URLs like that-here it is the Subversion Module

Svnlistparentpath on

In subversion 1.3 and later, this indicator enables subversion to list all version libraries in the directory specified by svnparentpath.

Svnparentpath D: \ SVN

Tell subversion to find the version Library Under Directory D: \ SVN

Authtype basic

Enable basic authentication, such as user name/password pair

Authname "Subversion repositories"

When a verification dialog box pops up, tell the user what the verification is.

Authuserfile D: \ passwd

Specify D: \ passwd as the password file to verify the user name and password

Authzsvnaccessfile D: \ svnaccessfile

Specify D: \ svnaccessfile to limit the access permissions of each user or group in the version library directory

Require valid-user

Users must enter the correct user name and password before accessing this path.

----------------------------------------

The above configuration is just a simple example. You can also perform many configurations on Apache.

1. If you want all users to have the read permission on the version database and only specific users have the write permission, you can

Copy content to clipboard

Code:

Require valid-user

Change

Copy content to clipboard

Code:

& Lt; limitaskt get PROPFIND Options Report & gt;
Require valid-user
& Lt;/limit10000t & gt;

2. The above configuration uses the passwd file to restrict access permissions by using all your version libraries as a unit. If you want more control, such as specifying the directory in the version library that a user can access, you can remove the following line:

Copy content to clipboard

Code:

# Authzsvnaccessfile D: \ svnaccessfile

However
And then create a subversion authorization file in the text editor. Apache will ensure that only valid users can access your/SVN location, and then pass the user name
Authzsvnaccessfile module, so that you can obtain more detailed permission Control Based on the Subversion authorization file. Note that the path will be specified as a [Database: path] or simple
. If you do not specify a library, the access rule will apply to all version libraries in the directory specified by svnparentpath. An example of an authorization file may look like this:

Copy content to clipboard

Code:

[Groups]
Admin = John, Kate
Devteam1 = John, Rachel, Sally
Devteam2 = Kate, Peter, Mark
Docs = Bob, Jane, Mike
Training = Zak

# Specify default access rules for all databases
# Everyone can read and the administrator can write data. dangerous elements do not have any permissions.
[/]
* = R
@ Admin = RW
Dangerman =

# Allow developers to have full access to their project version Libraries
[Proj1:/]
@ Devteam1 = RW
[Proj2:/]
@ Devteam2 = RW
[Bigproj:/]
@ Devteam1 = RW
@ Devteam2 = RW
Trevor = RW

# The document writer has the write permission on all Docs directories.
[/Trunk/DOC]
@ Docs = RW

# Trainees can access the training version library.
[Trainingrepos:/]
@ Training = RW

2.4. use SSL to protect your server
The above work can make your SVN server work normally.
If you want to be more secure, you can configure SSL to protect your server.
Due to export restrictions in the United States, the default installed Apache server does not support SSL. However, you can easily download the required module from other places and install it.

First, you need an SSL required file. You can find the corresponding software package in http://hunter.campbus.com/or here (or Download Attachment 1 for this topic:
Mod_ssl_etc.rar(595.45 KB)

Mod_ssl_etc.rar (595.45 KB)
Downloads: 16222006-10-16

). Then, copy mod_ssl.sow.openssl.exe, libeay32.dll, and ssleay32.dll from the package to the bin directory, and CONF/SSL. conf to the conf directory.

Open SSL. conf in the Apache conf directory with a text editor.

Comment out the following rows:

Copy content to clipboard

Code:

DocumentRoot & quot; C:/Apache/htdocs & quot;
Servername www.example.com: 443
Serveradmin [email] you@example.com [/Email]
Errorlog logs/error_log
Transferlog logs/access_log

Modify

Copy content to clipboard

Code:

Sslcertificatefile CONF/SSL. CRT/server. CRT

Is

Copy content to clipboard

Code:

Sslcertificatefile CONF/SSL/my-server.cert.

Modify

Copy content to clipboard

Code:

Sslcertificatekeyfile CONF/SSL. Key/server. Key

Is

Copy content to clipboard

Code:

Sslcertificatekeyfile CONF/SSL/my-server.key.

Modify

Copy content to clipboard

Code:

Sslmutex file: logs/ssl_mutex

Is

Copy content to clipboard

Code:

Sslmutex default

Delete the following two rows (if any ):

Copy content to clipboard

Code:

& Lt; ifdefine SSL & gt;
& Lt;/ifdefine & gt;

Open the Apache configuration file (httpd. conf) and remove the comments in this line.

Copy content to clipboard

Code:

# Loadmodule ssl_module modules/mod_ssl.so

OpenSSL requires a configuration file. You can download a working version http://tud.at/programm/openssl.cnf from here (or this topic Attachment 2:
Openssl.cnf.rar(1.21 KB)

Openssl.cnf.rar (1.21 KB)
Downloads: 10572006-9-10

). Save it to bin/OpenSSL. CNF.

Create an SSL certificate. You can open a command line window and CD it to the Apache installation directory (for example, c: \ Program Files \ apache group \ apache2), and type the following command:

Copy content to clipboard

Code:

Bin \ OpenSSL req-config bin \ OpenSSL. CNF-New-out my-server.csr

You will be asked a password phrase. Please note that you should enter an entire sentence, such as a part of a poem, instead of using a few simple words. The longer the sentence, the better. Similarly, you also need to enter your server URL. Other questions are optional, but I suggest you fill them in as well.

Next, run the following command:

Copy content to clipboard

Code:

Bin \ OpenSSL RSA-In privkey. pem-out my-server.key

And (Note that there is only one line)

Copy content to clipboard

Code:

Bin \ OpenSSL X509-In my-server.csr-out my-server.cert-req-signkey my-server.key-days 4000

In this way, a certificate that expires 4000 days later will be created. Finally, enter:

Copy content to clipboard

Code:

Bin \ OpenSSL X509-In my-server.cert-out my-server.der.crt-outform der

These commands create some files (my-server.der.crt, my-server.csr, my-server.key,. RND, privkey. Pem, my-server.cert) under the Apache directory ). Copy these files to the conf/SSL directory.

(For example, c: \ Program Files \ apache group \ apache2 \ conf \ SSL). If the directory SSL does not exist, you must first create one.

Restart the apache service.

Now you can use a URL like this to access your version library https: // servername/SVN/Project

Reference:

Enforce access through SSL

When you configure SSL to improve version database security, you may want to disable the SSL-free HTTP access method, but only allow access through HTTPS. To achieve this, you need to add another indicator sslrequiressl in the & lt; Location & gt; block.

An example of & lt; Location & gt; block may be like this:

& Lt; Location/SVN & gt;

Dav SVN

Svnparentpath D: \ SVN

Sslrequiressl

Authtype basic

Authname "Subversion repositories"

Authuserfile passwd

# Authzsvnaccessfile svnaccessfile

Require valid-user

& Lt;/Location & gt;

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.