Full introduction to building SVN servers on Ubuntu

1   Overview... 3

2   Install the Ubuntu 8.10 server... 3

3   Install the Apache server... 3

4   Create SVN server... 3

4.1    Install SVN... 3

4.2    Add group... 4

4.3    Create an SVN repository... 4

4.4    Configure the Apache server... 4

5   Configure SSL. 6

6   Remotely modify the svn user password... 10

6.1    Modify the configuration file of apache2... 10

6.2    Install mod_perl default package... 10

6.3    Related configuration... 10

6.4    Get the Perl script for password modification... 11

6.5    Modify the script execution permission... 11

7   Set SVN permissions... 12

7.1    Modify Apache configuration... 12

7.2    Authentication file configuration... 13

8   References... 14

Appendix A: How to remotely modify SVN User Password tools... 14

Appendix B: Ubuntu 8.10 IP address modification... 15

Appendix C: configure the SSH service in Ubuntu... 15

 

1 Overview

This article describes in detail how to build the svn server in the svn + Apache + SSL architecture in the Ubuntu environment. Access the svn server through HTTPS and use APACHE-based user authentication management. The user's permissions are configured using authz.

2. Install the Ubuntu 8.10 Server

It can be Ubuntu 8.10server or desktop. During the installation process, create a system account with the username "Administrator" as the daily management account of the server. In addition, to facilitate subsequent instructions, assume that the IP address of the server is 192.168.19.3.

After the installation is complete, run the update manager to obtain the latest source list.

3. Install the Apache server

In the new software package manager, search for apache2 and choose to install apache2, libapache2-svn. After the installation is complete, make sure you can access http: // 192.168.19.3 through HTTP. Normally, the following page is displayed:

 

It indicates that Apache is working properly.

4. Create an SVN Server 4.1 and install SVN

In the new software package manager, search for subversion and choose to install subversion and subversion-tools. After installation, go to the next step.

4.2 Add a group.

The method is as follows:

L      InUbuntuChoose system> System Management> users and groups ";

L      Switch to the "Group" label;

L      Click "add group;

L      The group name is "Subversion ";

L      Add your (Administrator) and "www-data" (ApacheUsers) Join group members;

L      Click "OK" to confirm the modification and close the program.

 

Or directly use the command to add groups and Members:

Sudo addgroup Subversion

Sudo usermod-G subversion-a WWW-dataadministrator

Of course, you can also modify the group file sudo VI/etc/group directly.

Then you need to log out (I have restarted all of them) and then log on to make it trulySubversionA member of the group.

4.3 create an SVN Repository

Run the following command:

# Cd/home

# Sudo mkdir SVN

#/Usr/local/SVN # sudo chown-rwww-data: Subversion SVN

#/Usr/local/SVN # sudo chmod-r g + RWS SVN

The last command grants the group members the corresponding permissions on all files added to the file warehouse.

The following command is used to createSVNFile Repository:

# Sudo svnadmin create/home/SVN

4.4 configure the Apache server

Back up the configuration file of apache2 and execute the following command:

#/Usr/local/SVN # sudo CP-r/etc/apache2/etc/apache2_bak

PassWebDAVProtocol accessSVNFile warehouse, you must configure yourApache2webServer. You must add the following code snippet to your/Etc/apache2/mod-available/dav_svn.conf: (add it to the end of the file)

<Location /svn >

DAV svn

SVNPath /home/svn

AuthType Basic

AuthName "welcome to subversion repository"

AuthUserFile /etc/subversion/passwd

#<LimitExcept GET PROPFIND OPTIONS REPORT>

Require valid-user

#</LimitExcept>

</Location>

If you need to verify your password upon each logon, comment out the <limiteffectget PROPFIND optionsreport> and </limit#t> lines.

When you add the above content, you must restartApache 2webServer, enter the following command:

Sudo/etc/init. d/apache2 restart

Next, you need to create/Etc/subversion/passwdFile, which contains detailed information about user authorization. To add a user, run the following command:

Sudo htpasswd-C/etc/subversion/passwdsuperman

It will prompt you to enter the password. When you enter the password, the user will be created. You can use the following command to access the File Repository:

You can create other users, but you cannot use the-C option, because the-C option indicates creating a new user authorization file, the original authorization file is overwritten.

Sudo htpasswd/etc/subversion/passwduser_name

In this case, you can access the svn server through the Web. Enter http: // 192.168.19.3/SVN/in the address bar of the browser to display the user verification window:

 

After entering the correct user name and password, you can see the following interface:

 

 

5. Configure SSL

Here for reference: http://www.cnblogs.com/passos/archive/2006/02/18/332992.html

      There are a lot of SSL configurations. Here I have made a simple and practical SSL encryption mechanism based on the actual situation. The basic situation of apache2 in Ubuntu is as follows:

L      The default site is/Var/www/

L      The configuration file is in/Etc/apache2/

L      Log in/Var/log/Apache/

L      The STARTUP script is/Usr/SiN/apache2ctlOr/Etc/init. d/apache2

Apache2 has been installed in step 1. the SSL module is installed below:

Install the SSL module

Sudo a2enmod SSL

We can use OpenSSL to create an SSL certificate. Here I create an SSL certificate.

# Sudo OpenSSL req-X509-newkey RSA: 1024-keyoutapache. pem-out Apache. pem-nodes-days 999

Note: enter common name (eg, yourname)Enter your host name.

The sample process is as follows:

# Sudo OpenSSL req-X509-newkey RSA: 1024-keyoutapache. pem-out Apache. pem-nodes-days 999

Generating a 1024 bit RSA private key

.....................++++++

..++++++

writing new private key to 'apache.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:China

string is too long, it needs to be less than  2 bytes long

Country Name (2 letter code) [AU]:CN

State or Province Name (full name) [Some-State]:Beijing

Locality Name (eg, city) []:Haidian

Organization Name (eg, company) [Internet Widgits Pty Ltd]:ABC

Organizational Unit Name (eg, section) []:Dep9

Common Name (eg, YOUR name) []:SvnServer

Email Address []:111@gmail.com

 

The/home/Administrator directory contains an Apache. pem file.

Create a directory to store certificate files

Sudo mkdir/etc/apache2/SSL

Copy a site configuration as the prototype of SSL Configuration

# Sudo CP/etc/apache2/sites-available/default/etc/apache2/sites-available/SSL

# Sudo ln-S/etc/apache2/sites-available/SSL/etc/apache2/sites-enabled/SSL

Then edit the SSL Configuration

# Sudo VI/etc/apache2/sites-enabled/SSL

Change the port to 443 (the default value is 80) and add the SSL authentication configuration. You can customize other ports as needed.Similar to common configurations,The following blue fonts are newly added:

<VirtualHost *:443>

        ServerSignature On

        SSLEngine On

        SSLCertificateFile /etc/apache2/ssl/apache.pem

        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/

        <Directory />

                Options FollowSymLinks

                AllowOverride None

        </Directory>

        <Directory /var/www/>

                Options Indexes FollowSymLinks MultiViews

                AllowOverride None

                Order allow,deny

                allow from all

        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

        <Directory "/usr/lib/cgi-bin">

                AllowOverride None

                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch

"/etc/apache2/sites-enabled/ssl" 45L, 1055C

  

Edit the Apache port configuration and remove the listener for port 80:

# Sudo VI/etc/apache2/ports. conf

NameVirtualHost *:80

#Listen 80

<IfModule mod_ssl.c>

    # SSL name based virtual hosts are not yet supported, therefore no

    # NameVirtualHost statement here

    Listen 443

</IfModule>

You do not need to add "listen" here.443 "because the default SSL authentication port 443 has been enabled.

Don't forget to copy the previously generated SSL key file.

Sudo CP/home/Administrator/Apache. PEM/etc/apache2/SSL/

 Finally, restart the apache service:

Sudo/etc/init. d/apache2 restart

Then

Netstat-an | grep: 443

If 443 is enabled, the HTTPS service is started. Verify on the browser:

Https: // 192.168.19.3/SVN

 

Select "yes" to bring up the following verification window:

 

After entering the Superman and password:

 

The encrypted HTTP access to SVN is successful.

6. remotely modify the svn User Password

Because users in the svn + Apache architecture are not operating system users, but Apache users, there is no way to log on to the operating system through SSH to modify user passwords. Use the Web service provided by Apache to modify the authz configuration file through CGI or mod_python to modify the user password. The following describes how to use CGI in Perl to modify passwords. As for the mod_python method, I only performed half of the experiment.

6.1 modify the configuration file of apache2

Open the/etc/apache2/apache2.conf file and find the following content (if not, add the file directly. By default, it seems that it does not exist, so I add it directly at the end of the file ):

#AddHandler cgi-script .cgi

Modify:

AddHandler cgi-script .cgi .pl

6.2 install mod_perl default package

Sudo apt-Get installlibapache2-mod-perl2

6.3 Configuration

After the default installation, the cgi-bin directory points to the/USB/lib/cgi-bin/directory by default. This directory is generally not automatically created when apache2 is installed. The reason for selecting this directory is as follows:

/Etc/apache2/sites-enabled/000-Default

This file is a link pointing

/Etc/apache2/sites-available/Default

Open it and check that there is such a section, pointing the cgi-bin directory to the actual/usr/lib/cgi-bin/directory.

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

<Directory "/usr/lib/cgi-bin">

AllowOverride None

Options ExecCGI -\MultiViews +\SymLinksIfOwnerMatch

Order allow,deny

Allow from all

</Directory>

By default, the preceding files do not need to be modified.

6.4 obtain the Perl script for password Modification

Access FTP: // 192.168.19.63( ))))) changchangchangchangcopy copy Copy copy.

Sudo CP changepasswd. cgi/usr/lib/cgi-bin/

Sudo CP changepasswd. INI/usr/lib/cgi-bin/

Sudo CP changepasswd. log/usr/lib/cgi-bin/

 

6.5 modify the script execution permission

CD/usr/lib/cgi-bin/

Sudo chmod 777 changepasswd. cgi

Sudo chmod 666 changepasswd. Log

Sudo chmod 666/etc/subversion/passwd

 

Then, you can modify the password by accessing the URL without restarting the apache service. You can directly access the URL: https: // 192.168.19.3/cgi-bin/changepasswd. cgi.

 

After the verification is passed, the following password change page is displayed:

 

If you modify the result, the following page is displayed:

 

For more information about changepasswd. cgi, see Appendix.

7. Set SVN permissions 7.1 modify Apache configuration

To achieve fine-grained permission control, you can modify the conf/authz file in the svn repository directory. Before that, you need to tell Apache to use this file

Sudovi/Etc/apache2/mod-available/dav_svn.conf

After the modification is as follows, the blue font is the newly added content:

<Location /svn >

DAV svn

SVNPath /home/svn

AuthType Basic

Authzsvnaccessfile/home/SVN/CONF/authz

AuthName "welcome to subversion repository"

AuthUserFile /etc/subversion/passwd

#<LimitExcept GET PROPFIND OPTIONS REPORT>

Require valid-user

#</LimitExcept>

</Location>

 

7.2 authentication file configuration

Sudo VI/home/SVN/CONF/authz

The file content is similar to the following:

[Groups]

admin = admin

dev1 = jack, kate

dev2 = zbh2342, yingjianhh45, tantt, arei22

docs = bob, jane, mike

training = zak

# Default access rule for ALL repositories

# Everyone can read, admins can write, Dan German is excluded.

[/]

* = r

@admin = rw

dangerman =

# Allow developers complete access to their project repos

[project:/]

* = R/Other users only have read permission

@ Admin = RW/admin. The dev1 group has read and write permissions.

@dev1 = rw

Sub-project control

[Project:/ddwap]/has the read and write permissions on the project/ddwap sub-Directory, which is similar to the following.

@dev2 = rw

[project:/DDAdmin]

@dev2 = rw

[project:/DDSync]

@dev2 = rw

[project:/DDWeb]

@dev2 = rw

[project:/DDWeb]

@dev2 = rw

[project:/docs]

@dev2 = rw

[project:/thirdparty]

@dev2 = rw

Through practice, it seems that Apache's permission configuration is very simple, but not very convenient. To set different permissions for sub-directories, you need to explicitly specify the permissions for each directory.

8 references

Http://www.cnblogs.com/huntercat/archive/2008/11/16/1334540.html

Http://www.svn8.com/svnpz/20080202/56.html

Http://www.fire3.cn/2007/06/15/howto-apache2-with-perl-cgi-in-ubuntu.html

Http://linux.chinaunix.net/bbs/thread-994284-1-1.html

 

Appendix A: How to remotely modify the svn User Password

See http://www.svn8.com/svnpz/20080202/56.html
1. Place the changepasswd. cgi and changepasswd. ini files in the cgi-bin directory under the Apche installation directory.

2. confirm the position of the changepasswd. cgi program, line 1, prel tool. (My :#! /Usr/bin/perl-W)

3. Change changepasswd. cgi 84th to the path where htpasswd is located (My:/project/Apache/bin/htpasswd)

4. Modify the INI file of changepasswd. cgi 128 to the full path (My:/project/Apache/cgi-bin/changepasswd. INI)

5. configuration file changepasswd. ini line 2nd authuserfile = Password Storage path (My:/svndata/SVN-auth-file/passwd)

6. configuration file changepasswd. ini 3rd logfile = operation log storage path (My:/project/Apache/cgi-bin/changpasswd. Log)

Note:

1. Do not use the-M parameter when using htpasswd. If it was previously used, you can re-enter it for update.
2. changpasswd. log must have the "w" Write Permission

 

Appendix B: Modify the IP address of ubuntu 8.10

See http://www.diybl.com/course/6_system/linux/Linuxjs/20081217/154161.html

Run the following command:

Sudo VI/etc/Network/interface

Step 1: Disable the settings for Automatically Obtaining IP addresses

Iface eth0 Inet DHCP shields this line

The modified content is as follows:

# The primary network interface

Auto eth0

# Iface eth0 Inet DHCP

 

Step 2: Add static IP information

# The primary network interface

Iface eth0 Inet static

Address 192.168.0.10

Netmask 255.255.255.0

Gateway 192.168.0.1

 

You can also run the following command to restart the NIC to make the new configuration take effect. The advantage is that it does not affect other network interfaces.

 

$ Sudo ifdown eth0

$ Sudo IFUP eth0

 

If you only want to temporarily change the IP address, you do not need to modify the interface. You only need to use ifconfig. However, after the system restarts, the configuration in interfaces will be restored.

 

$ Sudo ifconfig eth0 192.168.1.111 netmask 255.255.255.0

 

Step 3: Set DNS

Edit/etc/resolv. conf and set DNS

Nameserver 202.96.134.133

Nameserver 202.106.0.20

 

Restart the network:/etc/init. d/networking restart

After completing the preceding steps, you only need to re-enable the network.

 

Appendix C: configure the SSH service in Ubuntu

The SSH server is not installed in Ubuntu by default. You can run the following command to install OpenSSH:

Sudo apt-Get install OpenSSH-serveropenssh-Client

SSH client is installed in Ubuntu by default.

You can configure OpenSSH by editing the/etc/ssh/sshd_config file.

Sudo CP/etc/ssh/sshd_config/etc/ssh/sshd_config.original

Sudo chmod A-W/etc/ssh/sshd_config.original

Restart After the configuration is complete:

Sudo/etc/init. d/ssh restart

Tip: http://blog.sina.com.cn/s/blog_47cccb020100emht.html