Translation: pcplayer
Keywords:SubversionInstallServerConfigurationApache SSL
Last Updated: 2007-8-19
Version: V1.0
Modification history:
V0.1 2006-08-06
Add SSL configuration to v0.2 2006-09-10
V0.21 fixed an error in 2.3 configuration (reported by blair1978)
V0.23 2006-09-26 add two necessaryFileOtherwise, the SSL certificate cannot be created.
Fixed a certificate creationCommandError
V0.26 2006-10-16 update mod_ssl_etc.rar (required for OpenSSLSoftwarePackage) in mod_ssl.so, by Sunbeam in
Http://bbs.iuseSVN. Com/thread-418-1-1.html provides
V1.0 2007-8-19: apache2.2.4 supported
Please pay attention to the original source, version, author (translator) http://bbs.iusesvn.com/thread-158-1-1.html
--------------------------------------------------------------------------------
1. Introduction
2. Installation Process
2.1. install Apache
2.2. Install Subversion
2.3. Configuration
2.4. use SSL to protect yourServiceTool
Summary
This article isTortoisesvnIn the 1.3.5 help section on server configuration, I made some adjustments and adjustments as needed. For more information, see section 3.1. Apache based server in tortoisesvn1.3.5.
To use tortoisesvn (or other SubversionClient), You need to storeVersion Library. You can store version inventory on the local machine and use file: // protocolAccessYou can also put them on a server and Use http: // or SVN: // protocol for access. The two Server protocols (http: // and SVN: //) can also be encrypted into https: // and SVN + SSH ://. Next we will show you step by step howWindowsConfigure such a server.
If you do not have a server or you only want to work independently, it is your best choice to store the version inventory on your local machine and use the file: // protocol for access. In this way, you can skip this article.
Note: currently, the subversion for apache2.2.x in windows can be used with apache2.2.x. However, the attachments contained in this document are only tested on apache2.0.x.
1. Introduction
Among all the Subversion server configuration methods, APACHE-based configuration is the most flexible. Although the configuration is a little complicated, it does not provide the advantages of other methods:
WebDAV
The Apache-based Subversion server is used by many otherProgramSupported WebDAV protocols. For example, you can use Windows ResourcesManagementTo mount such a version library into a "webfolder", and thenSystemAccess it like other folders in.
Browse version Library
You can useBrowserTo browse the content in the version library. This will makeUserYou can access your data.
User verification
You can use any authentication mechanism supported by Apache, including sspi and LDAP.
Security
Apache is very stable and secure, so your version library naturally has the same security. Including SSL encryption.
2. Installation Process
2.1. install Apache
Before installing Apache, you must have oneRunWindows, Windows XP + SP1, or WindowsComputer.
Warning: Please note that Windows XP without Service Pack 1 will cause errorsNetworkData destroys your version library!
From the Apache web server with the latest http://httpd.apache.org/download.cgi version. Make sure youDownloadThe version is later than 2.0.54. Version 2.0.54 Apache cannot work with version 1.3.xx. In addition, Apache versions earlier than 2.0.54CompileA bug exists, so it cannot be used with subversion1.2.
Once you have installed apache2, you can double-click it to guide you through the entire installation process. Make sure that you enter the correct server URL (If your server does not have a DNS name, you can directly enter the IP addressAddress). I suggest you install Apache into for all users, on port 80, as a service. Note: If you already have an IIS or other program that uses port 80, the installation mayFailed. If so, you can go to the programDirectoryApache Group \ apache2 \ConfFind the file httpd. conf in the directory and change the listen 80 to an unused port, such as listen 81. Then re-run the installation program. This time there should be no problem.
Now you can type http: // loccalhost in your browser. If a configured website is displayed, your Apache installation is successful.
Warning:
If you install Apache as a service, it runs as a local system account. It is safer to create a separate user for Apache to run it.
Make sure that the user running Apache has full access to the version library.Permission(Right-click the version library directory and choose>Attribute-> Security ). Otherwise, users cannot submit their changes.
Even if Apache runs on a local system, you mustSetIt can fully read and write the version library directory.
If you do not configure this license for Apache, the user will get the error message "forbidden access ".LogsError 500.
2.2. Install Subversion
From http://subversion.tigris.org/ser... entlist? Folderid = 91 (English)
Or
Http://bbs.iusesvn.com/forum-7-1.html (ChineseDownload the latest version of subversion.
Run the Subversion Installer. If the installer can identify that you have installed Apache, your installation will be okay. If it cannot, you need to take some additional steps.
Note: If you first install Apache and then install subversion, the following work will be done normally (before configuration 2.3 ).
Use the resource manager To Go To The sibversion installation directory (usually c: \ Program Files \ subversion) and find the file httpd/MoD _Dav_ SVN. So and mod _Authz_ SVN. So: Copy them to the modules directory of Apache (usually c: \ Program Files \ apache group \ apache2 \ modules ).
Copy the file libdb43.dll from the Subversion installation directory to the modules directory of Apache.
Use a text editor such as NotePad to edit the Apache configuration file (usually c: \ Program Files \ apache group \ apache2 \ conf \ HTTD. conf) and modify the following content:
Remove the comments from the following line (start #Delete):
- # Loadmodule dav_fs_module modules/mod_dav_fs.so
- # Loadmodule dav_module modules/mod_dav.so
CopyCode
Add the following two lines at the end of the loadmodule section:
- Loadmodule dav_svn_module modules/mod_dav_svn.so
- Loadmodule authz_svn_module modules/mod_authz_svn.so
Copy code
2.3. Configuration
Now you have installed Apache and subversion, but Apache does not know if it processes subversion clients like tortoisesvn. To let Apache know which URL will be used by subversion, edit the Apache configuration file (usually in c: \ Program Files \ apache group \ apache2 \ conf \ httpd. conf ):
Add the following lines at the end of the configuration file:
- <Location/SVN>
- Dav SVN
- Svnparentpath D: \ SVN
- Authtype basic
- Authname "Subversion repositories"
- Authuserfile D: \ passwd
- # Authzsvnaccessfile D: \ svnaccessfile
- Require valid-user
- </Location>
Copy code
This configuration indicates that all your version libraries will be located in the D: \ SVN directory. to access your version library, you can use this URL: http: // myserver/SVN /, the access permission isUser Name/Password.
To create a passwd file, open the command line (DOS window) and switch the current directory to The apache2 directory (usually c: \ Program Files \ apache group \ apache2 ), run the following command to create a file:
- Bin \ htpasswd-C passwd <username>
Copy code
This command executes htpasswd.exe in the bindirectory to create a password file and restart the apache service.
Direct your browser to http: // myserver/SVN/mynewRepository(Mynewrepository is the Subversion version library you created earlier ). If everything works, you will bePromptEnter the user name and password, and enter the correct user name and password. Then you can see the content in the version library.
Briefly describe the Apache configuration you just entered:
<Location/SVN>
This means that you can access the Subversion library through a URL like this (http: // myserver/SVN ).
Dav SVN
Tell apache which module is responsible for serving URLs like that-here it is the Subversion Module
Svnlistparentpath on
In subversion 1.3 and later, this indicator enables subversion to list all version libraries in the directory specified by svnparentpath.
Svnparentpath D: \ SVN
Tell subversion to find the version Library Under Directory D: \ SVN
Authtype basic
Enable basic authentication, such as user name/password pair
Authname "Subversion repositories"
When a verification dialog box pops up, tell the user what the verification is.
Authuserfile D: \ passwd
Specify D: \ passwd as the password file to verify the user name and password
Authzsvnaccessfile D: \ svnaccessfile
Specify D: \ svnaccessfile to limit the access permissions of each user or group in the version library directory
Require valid-user
Users must enter the correct user name and password before accessing this path.
----------------------------------------
The above configuration is just a simple example. You can also perform many configurations on Apache.
1. If you want all users to have the read permission on the version database and only specific users have the write permission, you can
- Require valid-user
Copy code
Change
- <Limitaskt get PROPFIND Options Report>
- Require valid-user
- </Limit10000t>
Copy code
2. The above configuration uses the passwd file to restrict access permissions by using all your version libraries as a unit. If you want more control, such as specifying the directory in the version library that a user can access, you can remove the following line:
- # Authzsvnaccessfile D: \ svnaccessfile
Copy code
Create a subversion authorization file in the text editor. Apache will ensure that only valid users can access your/SVN location, and then pass the user name to the authzsvnaccessfile module, so that more precise permission control can be obtained based on the Subversion authorization file. Note that the path will be specified as a [Database: path] or a simple [path]. If you do not specify a library, the access rule will apply to all version libraries in the directory specified by svnparentpath. An example of an authorization file may look like this:
-
- [Groups]
-
- Admin= John, Kate
-
- Devteam1 = John, Rachel, Sally
- Devteam2 = Kate, Peter, Mark
-
- Docs = Bob, Jane, Mike
-
- Training = Zak
-
-
- # Specify default access rules for all databases
-
- # Everyone can read,AdministratorCan be written, dangerous elements do not have any Permissions
-
- [/]
-
- * = R
-
- @ Admin = RW
-
- Dangerman =
-
-
- # AllowDevelopmentPeople can access theirProjectVersion Library
-
- [Proj1:/]
-
- @ Devteam1 = RW
-
- [Proj2:/]
-
- @ Devteam2 = RW
-
- [Bigproj:/]
-
- @ Devteam1 = RW
-
- @ Devteam2 = RW
-
- Trevor = RW
-
- #DocumentThe writer has the write permission on all Docs directories.
-
- [/Trunk/DOC]
-
- @ Docs = RW
-
-
- # Trainees can access the training version library.
-
- [Trainingrepos:/]
-
- @ Training = RW
Copy code
2.4. use SSL to protect your server
The above work can make your SVN server work normally.
If you want to be more secure, you can configure SSL to protect your server.
Due to export restrictions in the United States, the default installed Apache server does not support SSL. However, you can easily download the required module from other places and install it.
First, you need an SSL required file. You can find the corresponding software package in http://hunter.campbus.com/or here (or Download Attachment 1 for this topic:Mod_ssl_etc.rar(595.45 KB )). Then, copy mod_ssl.sow.openssl.exe, libeay32.dll, and ssleay32.dll from the package to the bin directory, and CONF/SSL. conf to the conf directory.
Open SSL. conf in the Apache conf directory with a text editor.
Comment out the following rows:
- DocumentRoot "C:/Apache/htdocs"
- Servername www.example.com: 443
- Serveradmin [email] you@example.com [/Email]
- ErrorLogLogs/Error_ Log
- Transferlog logs/access_log
Copy code
Modify
- Sslcertificatefile CONF/SSL. CRT/Server. CRT
Copy code
Is
- Sslcertificatefile CONF/SSL/my-server.cert.
Copy code
Modify
- Sslcertificatekeyfile CONF/SSL. Key/server. Key
Copy code
Is
- Sslcertificatekeyfile CONF/SSL/my-server.key.
Copy code
Modify
- Sslmutex file: logs/ssl_mutex
Copy code
Is
- Sslmutex default
Copy code
Delete the following two rows (if any ):
- <Ifdefine SSL>
- </Ifdefine>
Copy code
Open the Apache configuration file (httpd. conf) and remove the comments in this line.
- # Loadmodule ssl_module modules/mod_ssl.so
Copy code
OpenSSL requires a configuration file. You can download a working version http://tud.at/programm/openssl.cnf from here (or this topic Attachment 2:Openssl.cnf.rar(1.21 KB )). Save it to bin/OpenSSL. CNF.
Create an SSL certificate. You can open a command line window and CD it to the Apache installation directory (for example, c: \ Program Files \ apache group \ apache2), and type the following command:
- Bin \ OpenSSL req-config bin \ OpenSSL. CNF-New-out my-server.csr
Copy code
You will be asked a password phrase. Please note that you should enter an entire sentence, such as a part of a poem, instead of using a few simple words. The longer the sentence, the better. Similarly, you also need to enter your server URL. Other questions are optional, but I suggest you fill them in as well.
Next, run the following command:
- Bin \ OpenSSL RSA-In privkey. pem-out my-server.key
Copy code
And (Note that there is only one line)
- Bin \ OpenSSL X509-In my-server.csr-out my-server.cert-req-signkey my-server.key-days 4000
Copy code
In this way, a certificate that expires 4000 days later will be created. Finally, enter:
- Bin \ OpenSSL X509-In my-server.cert-out my-server.der.crt-outform der
Copy code
These commands create some files (my-server.der.crt, my-server.csr, my-server.key,. RND, privkey. Pem, my-server.cert) under the Apache directory ). Copy these files to the conf/SSL directory.
(For example, c: \ Program Files \ apache group \ apache2 \ conf \ SSL). If the directory SSL does not exist, you must first create one.
Restart the apache service.
Now you can use a URL like this to access your version library https: // servername/SVN/Project
Enforce access through SSL
When you configure SSL to improve version database security, you may want to disable the SSL-free HTTP access method, but only allow access through HTTPS. To achieve this, you need to add another indicator sslrequiressl in the <location> block.
An example <location> block may look like this:
<Location/SVN>
Dav SVN
Svnparentpath D: \ SVN
Sslrequiressl
Authtype basic
Authname "Subversion repositories"
Authuserfile passwd
# Authzsvnaccessfile svnaccessfile
Require valid-user
</Location>
Apache-based Single-database multi-database SVN Server
The configuration described above is Apache Multi-Database That is, a location can serve multiple version libraries at the same time, Assume that your IP address is 192.168.0.1 and two version libraries are created under the D: \ SVN directory, proj1 and proj2. You can use the following two URLs to access your version library.
- Http: // 192.168.0.1/SVN/proj1
Copy code
- Http: // 192.168.0.1/SVN/proj1
Copy code In this case, the permission file is similar
- [Groups]
- Admin = user1
- Dev = user2
- [Proj1:/]
- @ Admin = RW
- @ Doc = r
- [Proj2:/]
- @ Admin = RW
- @ Doc = r
Copy code Another configuration method isApache single-database modeThat is, a location can only serve one version library, During configuration, you only need to change the above svnparentpath to svnpath, and change the following path from the parent directory of the version Library to the version library directory. For example:
- <Location/SVN>
- Dav SVN
- Svnpath D: \ SVN \ proj1
- Authtype basic
- Authname "Subversion repositories"
- Authuserfile D: \ passwd
- # Authzsvnaccessfile D: \ svnaccessfile
- Require valid-user
- </Location>
Copy code In this case, you can use the following URL to access the version library proj1.
- Http: // 192.168.0.1/SVN
Copy code The permission file may be
- [Groups]
- Admin = user1
- Dev = user2
- [/]
- @ Admin = RW
- @ Doc = r
Copy code You can also refer to the difference in the permission configuration of multiple databases in a single database.ArticleTo deepen understanding Http://www.iusesvn.com/bbs/thread-157-1-1.html |
Source Address: http://bbs.iusesvn.com/thread-158-1-1.html