Modification history:
V0.1 2006-08-06
Add SSL configuration to v0.2 2006-09-10
V0.21 fixed an error in 2.3 configuration (reported by blair1978)
V0.23 add two necessary files in Attachment 1. Otherwise, the SSL certificate cannot be created.
Fixed a certificate creation command error.
V0.26 2006-10-16 update mod_ssl.so in mod_ssl_etc.rar (OpenSSL Required Software Package ),
Http://bbs.iuse SVN . Com/thread-418-1-1.html provides
V1.0 2007-8-19: apache2.2.4 supported
Please pay attention to the original source, version, author (translator) http://bbs.iusesvn.com/thread-158-1-1.html
--------------------------------------------------------------------------------
1. Introduction
2. Installation Process
2.1. install Apache
2.2. Install Subversion
2.3. Configuration
2.4. use SSL to protect your server
Summary
This article describes how to configure servers in tortoisesvn1.3.5. You have made some adjustments and adjustments as needed. For more information, see section 3.1. Apache based server in tortoisesvn1.3.5.
To use tortoisesvn (or other subversion clients), you must have a place to store the version library. You can store version inventory on the local machine and use file: //
You can also put them on a server and Use http: // or SVN: // protocol for access. The two Server protocols (http: // and SVN: //) can also be encrypted
Https: // and SVN + SSH ://. Next, we will show you step by step how to configure such a server on Windows.
If you do not have a server or you only want to work independently, it is your best choice to store the version inventory on your local machine and use the file: // protocol for access. In this way, you can skip this article.
Note: currently, the subversion in windows can be used with apache2.2.x. However, the attachments in this article are only tested on apache2.0.x.
1. Introduction
Among all the Subversion server configuration methods, APACHE-based configuration is the most flexible. Although the configuration is a little complicated, it does not provide the advantages of other methods:
Reference:
WebDAV
The Apache-based Subversion server is used by many otherProgramSupported WebDAV protocols. For example, you can mount such a version library into a "webfolder" in Windows Resource Manager and access it like other folders in the file system.
Browse version Library
You can use a browser to browse the content in the version library without installing the Subversion client. This will allow a wider range of users to access your data.
User verification
You can use any authentication mechanism supported by Apache, including sspi and LDAP.
Security
Apache is very stable and secure, so your version library naturally has the same security. Including SSL encryption.
2. Installation Process
2.1. install Apache
Before installing Apache, you must have a computer running Windows2000, Windows XP + SP1, or Windows2003.
Warning: Please note that Windows XP without Service Pack 1 will cause incorrect network data and damage your version library!
From http://httpd.apache.org/download.cgi
The latest Apache Web Server version. Make sure that the version you downloaded is later than 2.0.54. Apache of version 2.0.54 cannot be used with subversion
1.3.xx. Apache versions earlier than 2.0.54 cannot work with subversion1.2 due to a bug in Windows compilation.
.
Once you have installed apache2, you can double-click it to guide you through the entire installation process. Make sure that you enter the correct server URL (If your server does not have a DNS name,
You can directly enter the IP address ). I suggest you install Apache into for all users, on port 80, as
Service. Note: If you already have an IIS or other program that uses port 80, the installation may fail. If so, you can go to Apache under the program directory
In the group \ apache2 \ conf directory, find the file httpd. conf and change Listen 80 to an unused port, such as listen.
81. Then re-run the installation program. This time there should be no problem.
Now you can type http: // loccalhost in your browser. If a configured website is displayed, your Apache installation is successful.
Warning:
If you install Apache as a service, it runs as a local system account. It is safer to create a separate user for Apache to run it.
Make sure that the user running Apache has full access to the version library.Permission(Right-click the version library directory-& gt; properties-& gt; security ). Otherwise, users cannot submit their changes.
Even if Apache runs on a local system, you must set it to fully read and write the version library directory.
If this license is not configured for Apache, the user will get the error message "forbidden access", which is displayed as Error 500 in the Apache error log.
2.2. Install Subversion
From http://subversion.tigris.org/ser... entlist? Folderid = 91 (English)
Or
Http://bbs.iusesvn.com/forum-7-1.html (ChineseDownload the latest version of subversion.
Run the Subversion Installer. If the installer can identify that you have installed Apache, your installation will be okay. If it cannot, you need to take some additional steps.
Note: If you first install Apache and then install subversion, the following work will be done normally (before configuration 2.3 ).
Use the resource manager to enter the sibversion installation directory (usually c: \ Program
Files \ subversion), find the files httpd/mod_dav_svn.so and mod_authz_svn.so, and copy them to Apache
(Usually c: \ Program Files \ apache group \ apache2 \ modules ).
Copy the file libdb43.dll from the Subversion installation directory to the modules directory of Apache.
Use a text editor such as NotePad to edit the Apache configuration file (usually c: \ Program Files \ apache group \ apache2 \ conf \ HTTD. conf) and modify the following content:
Remove the comments from the following line (delete the beginning ):
Copy content to clipboard
Code :
# Loadmodule dav_fs_module modules/mod_dav_fs.so
# Loadmodule dav_module modules/mod_dav.so
Add the following two lines at the end of the loadmodule section:
Copy content to clipboard
Code:
Loadmodule dav_svn_module modules/mod_dav_svn.so
Loadmodule authz_svn_module modules/mod_authz_svn.so
2.3. Configuration
Now you have installed Apache and subversion, but Apache does not know if it processes subversion clients like tortoisesvn.
To let Apache know which URL will be used by subversion, You need to edit the Apache configuration file (usually in c: \ Program
Files \ apache group \ apache2 \ conf \ httpd. conf ):
Add the following lines at the end of the configuration file:
Copy content to clipboard
Code:
& Lt; Location/SVN & gt;
Dav SVN
Svnparentpath D: \ SVN
Authtype basic
Authname & quot; subversion repositories & quot;
Authuserfile D: \ passwd
# Authzsvnaccessfile D: \ svnaccessfile
Require valid-user
& Lt;/Location & gt;
This configuration indicates that all your version libraries will be located in the D: \ SVN directory. to access your version library, you can use this URL: http: // myserver/SVN /, the access permission is restricted by the user name/password in the passwd file.
To create a passwd file, open the command line (DOS window) and switch the current directory to The apache2 directory (usually c: \ Program Files \ apache group \ apache2 ), run the following command to create a file:
Copy content to clipboard
Code:
Bin \ htpasswd-C passwd & lt; username & gt;
This command executes htpasswd.exe in the bindirectory to create a password file and restart the apache service.
Direct your browser to http: // myserver/SVN/mynewrepository (mynewrepository is the Subversion version library you created earlier ). If everything is normal, you will be prompted to enter the user name and password. after entering the correct user name and password, you will be able to see the content in the version library.
Briefly describe the Apache configuration you just entered:
Reference:
& Lt; Location/SVN & gt;
This means that you can access the Subversion library through a URL like this (http: // myserver/SVN ).
Dav SVN
Tell apache which module is responsible for serving URLs like that-here it is the Subversion Module
Svnlistparentpath on
In subversion 1.3 and later, this indicator enables subversion to list all version libraries in the directory specified by svnparentpath.
Svnparentpath D: \ SVN
Tell subversion to find the version Library Under Directory D: \ SVN
Authtype basic
Enable basic authentication, such as user name/password pair
Authname "Subversion repositories"
When a verification dialog box pops up, tell the user what the verification is.
Authuserfile D: \ passwd
Specify D: \ passwd as the password file to verify the user name and password
Authzsvnaccessfile D: \ svnaccessfile
Specify D: \ svnaccessfile to limit the access permissions of each user or group in the version library directory
Require valid-user
Users must enter the correct user name and password before accessing this path.
----------------------------------------
The above configuration is just a simple example. You can also perform many configurations on Apache.
1. If you want all users to have the read permission on the version database and only specific users have the write permission, you can
Copy content to clipboard
Code:
Require valid-user
Change
Copy content to clipboard
Code:
& Lt; limitaskt get PROPFIND Options Report & gt;
Require valid-user
& Lt;/limit10000t & gt;
2. The above configuration uses the passwd file to restrict access permissions by using all your version libraries as a unit. If you want more control, such as specifying the directory in the version library that a user can access, you can remove the following line:
Copy content to clipboard
Code:
# Authzsvnaccessfile D: \ svnaccessfile
However
And then create a subversion authorization file in the text editor. Apache will ensure that only valid users can access your/SVN location, and then pass the user name
Authzsvnaccessfile module, so that you can obtain more detailed permission Control Based on the Subversion authorization file. Note that the path will be specified as a [Database: path] or simple
. If you do not specify a library, the access rule will apply to all version libraries in the directory specified by svnparentpath. An example of an authorization file may look like this:
Copy content to clipboard
Code:
[Groups]
Admin = John, Kate
Devteam1 = John, Rachel, Sally
Devteam2 = Kate, Peter, Mark
Docs = Bob, Jane, Mike
Training = Zak
# Specify default access rules for all databases
# Everyone can read and the administrator can write data. dangerous elements do not have any permissions.
[/]
* = R
@ Admin = RW
Dangerman =
# Allow developers to have full access to their project version Libraries
[Proj1:/]
@ Devteam1 = RW
[Proj2:/]
@ Devteam2 = RW
[Bigproj:/]
@ Devteam1 = RW
@ Devteam2 = RW
Trevor = RW
# The document writer has the write permission on all Docs directories.
[/Trunk/DOC]
@ Docs = RW
# Trainees can access the training version library.
[Trainingrepos:/]
@ Training = RW
2.4. use SSL to protect your server
The above work can make your SVN server work normally.
If you want to be more secure, you can configure SSL to protect your server.
Due to export restrictions in the United States, the default installed Apache server does not support SSL. However, you can easily download the required module from other places and install it.
First, you need an SSL required file. You can find the corresponding software package in http://hunter.campbus.com/or here (or Download Attachment 1 for this topic:
Mod_ssl_etc.rar(595.45 KB)
Mod_ssl_etc.rar (595.45 KB)
Downloads: 16222006-10-16
). Then, copy mod_ssl.sow.openssl.exe, libeay32.dll, and ssleay32.dll from the package to the bin directory, and CONF/SSL. conf to the conf directory.
Open SSL. conf in the Apache conf directory with a text editor.
Comment out the following rows:
Copy content to clipboard
Code:
DocumentRoot & quot; C:/Apache/htdocs & quot;
Servername www.example.com: 443
Serveradmin [email] you@example.com [/Email]
Errorlog logs/error_log
Transferlog logs/access_log
Modify
Copy content to clipboard
Code:
Sslcertificatefile CONF/SSL. CRT/server. CRT
Is
Copy content to clipboard
Code:
Sslcertificatefile CONF/SSL/my-server.cert.
Modify
Copy content to clipboard
Code:
Sslcertificatekeyfile CONF/SSL. Key/server. Key
Is
Copy content to clipboard
Code:
Sslcertificatekeyfile CONF/SSL/my-server.key.
Modify
Copy content to clipboard
Code:
Sslmutex file: logs/ssl_mutex
Is
Copy content to clipboard
Code:
Sslmutex default
Delete the following two rows (if any ):
Copy content to clipboard
Code:
& Lt; ifdefine SSL & gt;
& Lt;/ifdefine & gt;
Open the Apache configuration file (httpd. conf) and remove the comments in this line.
Copy content to clipboard
Code:
# Loadmodule ssl_module modules/mod_ssl.so
OpenSSL requires a configuration file. You can download a working version http://tud.at/programm/openssl.cnf from here (or this topic Attachment 2:
Openssl.cnf.rar(1.21 KB)
Openssl.cnf.rar (1.21 KB)
Downloads: 10572006-9-10
). Save it to bin/OpenSSL. CNF.
Create an SSL certificate. You can open a command line window and CD it to the Apache installation directory (for example, c: \ Program Files \ apache group \ apache2), and type the following command:
Copy content to clipboard
Code:
Bin \ OpenSSL req-config bin \ OpenSSL. CNF-New-out my-server.csr
You will be asked a password phrase. Please note that you should enter an entire sentence, such as a part of a poem, instead of using a few simple words. The longer the sentence, the better. Similarly, you also need to enter your server URL. Other questions are optional, but I suggest you fill them in as well.
Next, run the following command:
Copy content to clipboard
Code:
Bin \ OpenSSL RSA-In privkey. pem-out my-server.key
And (Note that there is only one line)
Copy content to clipboard
Code:
Bin \ OpenSSL X509-In my-server.csr-out my-server.cert-req-signkey my-server.key-days 4000
In this way, a certificate that expires 4000 days later will be created. Finally, enter:
Copy content to clipboard
Code:
Bin \ OpenSSL X509-In my-server.cert-out my-server.der.crt-outform der
These commands create some files (my-server.der.crt, my-server.csr, my-server.key,. RND, privkey. Pem, my-server.cert) under the Apache directory ). Copy these files to the conf/SSL directory.
(For example, c: \ Program Files \ apache group \ apache2 \ conf \ SSL). If the directory SSL does not exist, you must first create one.
Restart the apache service.
Now you can use a URL like this to access your version library https: // servername/SVN/Project
Reference:
Enforce access through SSL
When you configure SSL to improve version database security, you may want to disable the SSL-free HTTP access method, but only allow access through HTTPS. To achieve this, you need to add another indicator sslrequiressl in the & lt; Location & gt; block.
An example of & lt; Location & gt; block may be like this:
& Lt; Location/SVN & gt;
Dav SVN
Svnparentpath D: \ SVN
Sslrequiressl
Authtype basic
Authname "Subversion repositories"
Authuserfile passwd
# Authzsvnaccessfile svnaccessfile
Require valid-user
& Lt;/Location & gt;