1 Overview... 3
2 Install the Ubuntu 8.10 server... 3
3 Install the Apache server... 3
4 Create SVN server... 3
4.1 Install SVN... 3
4.2 Add group... 4
4.3 Create an SVN repository... 4
4.4 Configure the Apache server... 4
5 Configure SSL. 6
6 Remotely modify the svn user password... 10
6.1 Modify the configuration file of apache2... 10
6.2 Install mod_perl default package... 10
6.3 Related configuration... 10
6.4 Get the Perl script for password modification... 11
6.5 Modify the script execution permission... 11
7 Set SVN permissions... 12
7.1 Modify Apache configuration... 12
7.2 Authentication file configuration... 13
8 References... 14
Appendix A: How to remotely modify SVN User Password tools... 14
Appendix B: Ubuntu 8.10 IP address modification... 15
Appendix C: configure the SSH service in Ubuntu... 15
1 Overview
This article describes in detail how to build the svn server in the svn + Apache + SSL architecture in the Ubuntu environment. Access the svn server through HTTPS and use APACHE-based user authentication management. The user's permissions are configured using authz.
2. Install the Ubuntu 8.10 Server
It can be Ubuntu 8.10server or desktop. During the installation process, create a system account with the username "Administrator" as the daily management account of the server. In addition, to facilitate subsequent instructions, assume that the IP address of the server is 192.168.19.3.
After the installation is complete, run the update manager to obtain the latest source list.
3. Install the Apache server
In the new software package manager, search for apache2 and choose to install apache2, libapache2-svn. After the installation is complete, make sure you can access http: // 192.168.19.3 through HTTP. Normally, the following page is displayed:
It indicates that Apache is working properly.
4. Create an SVN Server 4.1 and install SVN
In the new software package manager, search for subversion and choose to install subversion and subversion-tools. After installation, go to the next step.
4.2 Add a group.
The method is as follows:
L InUbuntuChoose system> System Management> users and groups ";
L Switch to the "Group" label;
L Click "add group;
L The group name is "Subversion ";
L Add your (Administrator) and "www-data" (ApacheUsers) Join group members;
L Click "OK" to confirm the modification and close the program.
Or directly use the command to add groups and Members:
Sudo addgroup Subversion
Sudo usermod-G subversion-a WWW-dataadministrator
Of course, you can also modify the group file sudo VI/etc/group directly.
Then you need to log out (I have restarted all of them) and then log on to make it trulySubversionA member of the group.
4.3 create an SVN Repository
Run the following command:
# Cd/home
# Sudo mkdir SVN
#/Usr/local/SVN # sudo chown-rwww-data: Subversion SVN
#/Usr/local/SVN # sudo chmod-r g + RWS SVN
The last command grants the group members the corresponding permissions on all files added to the file warehouse.
The following command is used to createSVNFile Repository:
# Sudo svnadmin create/home/SVN
4.4 configure the Apache server
Back up the configuration file of apache2 and execute the following command:
#/Usr/local/SVN # sudo CP-r/etc/apache2/etc/apache2_bak
PassWebDAVProtocol accessSVNFile warehouse, you must configure yourApache2webServer. You must add the following code snippet to your/Etc/apache2/mod-available/dav_svn.conf: (add it to the end of the file)
<Location /svn >
DAV svn
SVNPath /home/svn
AuthType Basic
AuthName "welcome to subversion repository"
AuthUserFile /etc/subversion/passwd
#<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#</LimitExcept>
</Location>
If you need to verify your password upon each logon, comment out the <limiteffectget PROPFIND optionsreport> and </limit#t> lines.
When you add the above content, you must restartApache 2webServer, enter the following command:
Sudo/etc/init. d/apache2 restart
Next, you need to create/Etc/subversion/passwdFile, which contains detailed information about user authorization. To add a user, run the following command:
Sudo htpasswd-C/etc/subversion/passwdsuperman
It will prompt you to enter the password. When you enter the password, the user will be created. You can use the following command to access the File Repository:
You can create other users, but you cannot use the-C option, because the-C option indicates creating a new user authorization file, the original authorization file is overwritten.
Sudo htpasswd/etc/subversion/passwduser_name
In this case, you can access the svn server through the Web. Enter http: // 192.168.19.3/SVN/in the address bar of the browser to display the user verification window:
After entering the correct user name and password, you can see the following interface:
5. Configure SSL
Here for reference: http://www.cnblogs.com/passos/archive/2006/02/18/332992.html
There are a lot of SSL configurations. Here I have made a simple and practical SSL encryption mechanism based on the actual situation. The basic situation of apache2 in Ubuntu is as follows:
L The default site is/Var/www/
L The configuration file is in/Etc/apache2/
L Log in/Var/log/Apache/
L The STARTUP script is/Usr/SiN/apache2ctlOr/Etc/init. d/apache2
Apache2 has been installed in step 1. the SSL module is installed below:
Install the SSL module
Sudo a2enmod SSL
We can use OpenSSL to create an SSL certificate. Here I create an SSL certificate.
# Sudo OpenSSL req-X509-newkey RSA: 1024-keyoutapache. pem-out Apache. pem-nodes-days 999
Note: enter common name (eg, yourname)Enter your host name.
The sample process is as follows:
# Sudo OpenSSL req-X509-newkey RSA: 1024-keyoutapache. pem-out Apache. pem-nodes-days 999
Generating a 1024 bit RSA private key
.....................++++++
..++++++
writing new private key to 'apache.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:China
string is too long, it needs to be less than 2 bytes long
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:Beijing
Locality Name (eg, city) []:Haidian
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ABC
Organizational Unit Name (eg, section) []:Dep9
Common Name (eg, YOUR name) []:SvnServer
Email Address []:111@gmail.com
The/home/Administrator directory contains an Apache. pem file.
Create a directory to store certificate files
Sudo mkdir/etc/apache2/SSL
Copy a site configuration as the prototype of SSL Configuration
# Sudo CP/etc/apache2/sites-available/default/etc/apache2/sites-available/SSL
# Sudo ln-S/etc/apache2/sites-available/SSL/etc/apache2/sites-enabled/SSL
Then edit the SSL Configuration
# Sudo VI/etc/apache2/sites-enabled/SSL
Change the port to 443 (the default value is 80) and add the SSL authentication configuration. You can customize other ports as needed.Similar to common configurations,The following blue fonts are newly added:
<VirtualHost *:443>
ServerSignature On
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
"/etc/apache2/sites-enabled/ssl" 45L, 1055C
Edit the Apache port configuration and remove the listener for port 80:
# Sudo VI/etc/apache2/ports. conf
NameVirtualHost *:80
#Listen 80
<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
Listen 443
</IfModule>
You do not need to add "listen" here.443 "because the default SSL authentication port 443 has been enabled.
Don't forget to copy the previously generated SSL key file.
Sudo CP/home/Administrator/Apache. PEM/etc/apache2/SSL/
Finally, restart the apache service:
Sudo/etc/init. d/apache2 restart
Then
Netstat-an | grep: 443
If 443 is enabled, the HTTPS service is started. Verify on the browser:
Https: // 192.168.19.3/SVN
Select "yes" to bring up the following verification window:
After entering the Superman and password:
The encrypted HTTP access to SVN is successful.
6. remotely modify the svn User Password
Because users in the svn + Apache architecture are not operating system users, but Apache users, there is no way to log on to the operating system through SSH to modify user passwords. Use the Web service provided by Apache to modify the authz configuration file through CGI or mod_python to modify the user password. The following describes how to use CGI in Perl to modify passwords. As for the mod_python method, I only performed half of the experiment.
6.1 modify the configuration file of apache2
Open the/etc/apache2/apache2.conf file and find the following content (if not, add the file directly. By default, it seems that it does not exist, so I add it directly at the end of the file ):
#AddHandler cgi-script .cgi
Modify:
AddHandler cgi-script .cgi .pl
6.2 install mod_perl default package
Sudo apt-Get installlibapache2-mod-perl2
6.3 Configuration
After the default installation, the cgi-bin directory points to the/USB/lib/cgi-bin/directory by default. This directory is generally not automatically created when apache2 is installed. The reason for selecting this directory is as follows:
/Etc/apache2/sites-enabled/000-Default
This file is a link pointing
/Etc/apache2/sites-available/Default
Open it and check that there is such a section, pointing the cgi-bin directory to the actual/usr/lib/cgi-bin/directory.
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -\MultiViews +\SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
By default, the preceding files do not need to be modified.
6.4 obtain the Perl script for password Modification
Access FTP: // 192.168.19.63( ))))) changchangchangchangcopy copy Copy copy.
Sudo CP changepasswd. cgi/usr/lib/cgi-bin/
Sudo CP changepasswd. INI/usr/lib/cgi-bin/
Sudo CP changepasswd. log/usr/lib/cgi-bin/
6.5 modify the script execution permission
CD/usr/lib/cgi-bin/
Sudo chmod 777 changepasswd. cgi
Sudo chmod 666 changepasswd. Log
Sudo chmod 666/etc/subversion/passwd
Then, you can modify the password by accessing the URL without restarting the apache service. You can directly access the URL: https: // 192.168.19.3/cgi-bin/changepasswd. cgi.
After the verification is passed, the following password change page is displayed:
If you modify the result, the following page is displayed:
For more information about changepasswd. cgi, see Appendix.
7. Set SVN permissions 7.1 modify Apache configuration
To achieve fine-grained permission control, you can modify the conf/authz file in the svn repository directory. Before that, you need to tell Apache to use this file
Sudovi/Etc/apache2/mod-available/dav_svn.conf
After the modification is as follows, the blue font is the newly added content:
<Location /svn >
DAV svn
SVNPath /home/svn
AuthType Basic
Authzsvnaccessfile/home/SVN/CONF/authz
AuthName "welcome to subversion repository"
AuthUserFile /etc/subversion/passwd
#<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#</LimitExcept>
</Location>
7.2 authentication file configuration
Sudo VI/home/SVN/CONF/authz
The file content is similar to the following:
[Groups]
admin = admin
dev1 = jack, kate
dev2 = zbh2342, yingjianhh45, tantt, arei22
docs = bob, jane, mike
training = zak
# Default access rule for ALL repositories
# Everyone can read, admins can write, Dan German is excluded.
[/]
* = r
@admin = rw
dangerman =
# Allow developers complete access to their project repos
[project:/]
* = R/Other users only have read permission
@ Admin = RW/admin. The dev1 group has read and write permissions.
@dev1 = rw
Sub-project control
[Project:/ddwap]/has the read and write permissions on the project/ddwap sub-Directory, which is similar to the following.
@dev2 = rw
[project:/DDAdmin]
@dev2 = rw
[project:/DDSync]
@dev2 = rw
[project:/DDWeb]
@dev2 = rw
[project:/DDWeb]
@dev2 = rw
[project:/docs]
@dev2 = rw
[project:/thirdparty]
@dev2 = rw
Through practice, it seems that Apache's permission configuration is very simple, but not very convenient. To set different permissions for sub-directories, you need to explicitly specify the permissions for each directory.
8 references
Http://www.cnblogs.com/huntercat/archive/2008/11/16/1334540.html
Http://www.svn8.com/svnpz/20080202/56.html
Http://www.fire3.cn/2007/06/15/howto-apache2-with-perl-cgi-in-ubuntu.html
Http://linux.chinaunix.net/bbs/thread-994284-1-1.html
Appendix A: How to remotely modify the svn User Password
See http://www.svn8.com/svnpz/20080202/56.html
1. Place the changepasswd. cgi and changepasswd. ini files in the cgi-bin directory under the Apche installation directory.
2. confirm the position of the changepasswd. cgi program, line 1, prel tool. (My :#! /Usr/bin/perl-W)
3. Change changepasswd. cgi 84th to the path where htpasswd is located (My:/project/Apache/bin/htpasswd)
4. Modify the INI file of changepasswd. cgi 128 to the full path (My:/project/Apache/cgi-bin/changepasswd. INI)
5. configuration file changepasswd. ini line 2nd authuserfile = Password Storage path (My:/svndata/SVN-auth-file/passwd)
6. configuration file changepasswd. ini 3rd logfile = operation log storage path (My:/project/Apache/cgi-bin/changpasswd. Log)
Note:
1. Do not use the-M parameter when using htpasswd. If it was previously used, you can re-enter it for update.
2. changpasswd. log must have the "w" Write Permission
Appendix B: Modify the IP address of ubuntu 8.10
See http://www.diybl.com/course/6_system/linux/Linuxjs/20081217/154161.html
Run the following command:
Sudo VI/etc/Network/interface
Step 1: Disable the settings for Automatically Obtaining IP addresses
Iface eth0 Inet DHCP shields this line
The modified content is as follows:
# The primary network interface
Auto eth0
# Iface eth0 Inet DHCP
Step 2: Add static IP information
# The primary network interface
Iface eth0 Inet static
Address 192.168.0.10
Netmask 255.255.255.0
Gateway 192.168.0.1
You can also run the following command to restart the NIC to make the new configuration take effect. The advantage is that it does not affect other network interfaces.
$ Sudo ifdown eth0
$ Sudo IFUP eth0
If you only want to temporarily change the IP address, you do not need to modify the interface. You only need to use ifconfig. However, after the system restarts, the configuration in interfaces will be restored.
$ Sudo ifconfig eth0 192.168.1.111 netmask 255.255.255.0
Step 3: Set DNS
Edit/etc/resolv. conf and set DNS
Nameserver 202.96.134.133
Nameserver 202.106.0.20
Restart the network:/etc/init. d/networking restart
After completing the preceding steps, you only need to re-enable the network.
Appendix C: configure the SSH service in Ubuntu
The SSH server is not installed in Ubuntu by default. You can run the following command to install OpenSSH:
Sudo apt-Get install OpenSSH-serveropenssh-Client
SSH client is installed in Ubuntu by default.
You can configure OpenSSH by editing the/etc/ssh/sshd_config file.
Sudo CP/etc/ssh/sshd_config/etc/ssh/sshd_config.original
Sudo chmod A-W/etc/ssh/sshd_config.original
Restart After the configuration is complete:
Sudo/etc/init. d/ssh restart
Tip: http://blog.sina.com.cn/s/blog_47cccb020100emht.html