SVN Apache configuration manual in Windows

Introduction:

WebDAV

The Apache-based Subversion server uses the WebDAV protocol supported by many other programs. For example, you can manage windows resources.
To mount such a version library into a "webfolder", and then
Access it like other folders in.

Browse version Library

You can use a browser without installing the Subversion client.
To browse the content in the version library. This will enable a wider range of users
You can access your data.

User verification

You can use any authentication mechanism supported by Apache, including sspi and LDAP.

Security

Apache is very stable and secure, so your version library naturally has the same security. Including SSL encryption.

Apache uses the Dav and authz modules (mod_dav_svn.so and mod_authz_svn.so) provided by subversion to provide the version Library Service HTTP (s): // host/library, while svnserve.exe provides the traditional version Library Service SVN: // host/database. The client tortoisesvnor svn.exe can identify different protocols (HTTP and SVN ).

Part of this article is taken from pcplayer's article.

1. Download

Apache download URL: http://httpd.apache.org/download.cgi

Subversion download URL: http://subversion.tigris.org

Note: Due to the differences between the subversion and the Apache compilation platform, it is very difficult to cooperate with the two. Subversion provides mod_dav_svn.so and mod_authz_svn.so modules for Apache to call, so that Apache can also access the version library. Unless compiled by yourself, version 1.5.4 cannot work with Apache 2.x. (Apache cannot be started as a result of forced cooperation ). After countless experiments, I finally found two available versions: Subversion 1.4.5 and Apache 2.0.59.
(It is said to be the most stable version ). Download the following versions:

Apache_2.0.59-win32-x86-no_ssl.msi

Apache_20.59-win32-x86-openssl-0.9.7j.msi (with SSL library mod_ssl.so, etc)

Svn-1.4.5-setup.exe

Mod_ssl_etc.rar


And OpenSSL. CNF

In addition, there are compatibility issues between subversion versions. Please try to use the same version for warehouse operations (creation, backup, and recovery). Otherwise, there may be unrecognized situations. (Available
Import and Export
Solve version compatibility issues)

Repository Location D:/svndb/proj1
The command is as follows:
Svnadmin dump D:/svndb/proj1> proj1dumpfile
(If the subversion program has not been upgraded to 1.4 before, it will be upgraded at the latest)
Svnadmin create d:/svndb/proj1new
Svnadmin load D:/svndb/proj1new <proj1dumpfile

Ii. Installation

2.1. install Apache

Before installing Apache, you need to run
Windows, Windows XP + SP1, or windows.

Warning
: Note that Windows XP with no Service Pack 1 installed will cause a wrong Network
Data destroys your version library!

Make sure you download
The version is later than 2.0.54. Version 2.0.54 Apache cannot work with version 1.3.xx. In addition, Apache versions earlier than 2.0.54 are compiled on Windows.
A bug exists.
As a result, it cannot be used with subversion1.2.

Once you have installed apache2, you can double-click it to guide you through the entire installation process. Make sure that you enter the correct server URL (If your server does not have a DNS name, you can directly enter the IP address
). I suggest you install Apache into for all users, on port 80, as a service. Note: If you already have an IIS or other program that uses port 80, the installation may fail.
. If so, you can go to the program directory
Apache Group/apache2/Conf
Find the file httpd. conf in the directory and change the listen 80 to an unused port, such as listen 81. Then re-run the installation program. This time there should be no problem.

Now you can type http: // loccalhost in your browser


If a configured website is displayed, your Apache installation is successful.

Warning
:

If you install Apache as a service, it runs as a local system account. It is safer to create a separate user for Apache to run it. Make sure that the user running Apache has full access to the version library.
(Right-click the version library directory> Properties
-> Security ). Otherwise, users cannot submit their changes. Even if Apache runs on a local system, you must set
It can fully read and write the version library directory. If you do not configure this license for Apache, you will get the error message "forbidden access" in the Apache error log.
Error 500.

2.2. Install Subversion

Run the Subversion Installer. If the installer can identify that you have installed Apache, your installation will be okay. If it cannot, you need to take some additional steps.
Note: If you first install Apache and then install subversion, the following work will be done normally (before configuration 2.3 ).

Use the resource manager To Go To The sibversion installation directory (usually C:/program files/subversion) and find the file httpd/mod_dav.
_ SVN. So and mod_authz
_ SVN. So: Copy them to the modules directory of Apache (usually C:/program files/Apache Group/apache2/modules ).

Copy the file libdb43.dll from the Subversion installation directory.
To the modules directory of Apache. (Note: This is not required. The file name and version are different, for example, libdb44.dll.
)

Use a text editor such as NotePad to edit the Apache configuration file (usually C:/program files/Apache Group/apache2/CONF/HTTD. conf) and modify the following content:

Remove the comments from the following line (delete the beginning #
):

#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule dav_module modules/mod_dav.so


Add the following two lines at the end of the loadmodule section:

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so



Iii. Configuration

Next, you need to tell the mod_dav_svn module what path is used as the version library directory and what files are used for authentication. The following is a typical configuration: (note that the following "/" and "/" are allowed as paths.
And <location/SVN/
> Side effects
.)

<Location/SVN/
>
Dav SVN

Svnlistparentpath on
Svnparentpath "F:/svnroot"
# Svnindexxslt "/svnindex. XSL" // use the list template

Authname "Subversion repositories"
Authtype basic
# Authbasicprovider file // It seems that subversion 1.4.5 does not support this option

Authuserfile "F:/svnroot/htpasswd"
Authzsvnaccessfile "F:/svnroot/authz"

Require valid-user

# <Limitaskt get PROPFIND Options Report> // The following table indicates that anonymous access is allowed.
# Require valid-user
# </Limit10000t>

</Location>

Note:

<Location/SVN/>

This means you can use a URL like this (http: // myserver/SVN)


To access the Subversion library.

Dav SVN

Tell apache which module
The Service is responsible for URLs like that-here it is the Subversion Module

Svnlistparentpath on

In subversion 1.3 and later, this indicator enables subversion to list all version libraries in the directory specified by svnparentpath.

Svnparentpath F:/svnroot

Tell subversion to find the version library in the directory F:/svnroot.

Authtype basic

Enable basic authentication, such as user name/password pair

Authname "Subversion repositories"

When a verification dialog box pops up, tell the user what the verification is.

Authuserfile F:/svnroot/htpasswd

Specify F:/svnroot/htpasswd as the password file to verify the user name and password.

Authzsvnaccessfile
F:/svnroot/authz

Specify F:/svnroot/authz to limit the access permissions of each user or group in the version library directory.

Require valid-user

Users must enter the correct user name and password before accessing this path (this indicates that, whether it is IE or tortoise, only access can be obtained through password verification ).

The following indicates that anonymous access is allowed. For read operations, user verification is not required.

# <Limitaskt get PROPFIND Options Report>
# Require valid-user
# </Limit10000t>

Authuserfile and authzsvnaccessfile
The working principle is to first use the Apache user mechanism for authentication, and then submit the request to mod_authz
_ SVN. So for authentication, and finally use mod_dav
_ SVN. So provides functions.

The following describes how to create an Apache password file:

Apache2/bin/htpasswd-CM passwd Username
(-C Indicates creating a new file.-M indicates MD5 encryption)

Prompt to enter the password and confirm.

Add a new user:

Apache2/bin/htpasswd-M passwd Username

For details about permission file configuration, refer to the Subversion manual.

Next, restart the apache service and enter http: // localhost/SVN/in IE/


You can get the list (require valid-user requires authentication ). Or use tortoisesvn checkout and enter http: // localhost/SVN/library in the address.

 

Iv. use SSL Functions

If your apacheinstallation package does not contain the sslfunction, download mod_ssl_etc.rar in this document. After decompression, copy mod_ssl.sow.modules openssl.exe, libeay32.dll, and ssleay32.dll to the bin directory, and CONF/SSL. conf to the conf directory.
.

Open httpd. conf and delete the comment before # loadmodule ssl_module modules/mod_ssl.so.

Open SSL. conf in the Apache conf directory with a text editor.

Comment out the following rows:

DocumentRoot "C:/Apache/htdocs"
Servername www.example.com: 443
Serveradmin you@example.com
Errorlog
Logs/Error
_ Log
Transferlog logs/access_log

Find the two lines and comment them out. Otherwise, the SSL module will not run.

<Ifdefine SSL>
</Ifdefine>

And modify
Sslcertificatefile CONF/SSL. CRT/Server
. CRT
->
Sslcertificatefile CONF/SSL/my-server.cert.

Sslcertificatekeyfile CONF/SSL. Key/server. Key
->
Sslcertificatekeyfile CONF/SSL/my-server.key.

Sslmutex file: logs/ssl_mutex
->
Sslmutex default

Openssl.exe requires a configuration file OpenSSL. CNF, you can download the http://tud.at/programm/openssl.cnf here


And save it to apache2/bin/OpenSSL. CNF
.

Bin/OpenSSL req-config OpenSSL. CNF-New-out my-server.csr

Note: This command first requires you to enter a phrase (you need to use it next, you need to write it down first), the longer the better, and then you need to fill in some optional questions, you can press enter to ignore. Among them, comm name requires entering the domain name (if you do not enter the domain name, it may cause tortoisesvn not to log on, ie can
), And then enter the private key, OK, and next.

Bin/OpenSSL RSA-In privkey. pem-out my-server.key

Bin/OpenSSL X509-In my-server.csr-out my-server.cert-req-signkey my-server.key-days 4000

In this way, a certificate that expires 4000 days ago will be created and finally typed in

Bin/OpenSSL X509-In my-server.cert-out my-server.der.crt-outform der

These commands create some files (my-server.der.crt, my-server.csr, my-server.key,. RND, privkey. Pem, my-server.cert) under the Apache directory ). Copy these files to the conf/SSL directory (for example, C:/program files/Apache Group/apache2/CONF/SSL). If the directory SSL does not exist, you must first create one.

Restart the apache service.

Now you can use a URL like this to access your version library https: // servername/SVN/Project

Enforce access through SSL

When you configure SSL to improve version database security, you may want to disable the SSL-free HTTP access method, but only allow access through HTTPS. To achieve this, you need to add another indicator sslrequiressl in the <location> block.
.

An example <location> block may look like this:

<Location/SVN>
Dav SVN

Svnparentpath D:/SVN
Sslrequiressl

Authtype basic
Authname "Subversion repositories"
Authuserfile passwd
Authzsvnaccessfile svnaccessfile
Require valid-user

</Location>

 

References:

SVN version Library Build http://www.51testing.com /? Action_viewnews_itemid_11548.html

Subversion + Apache configuration http://www.blogjava.net/xfcy2003/archive/2007/02/26/100715.html

Installing APACHE-based SVN server (including SSL configuration) http://bbs.iusesvn.com/thread-158-1-1.html in Windows

Iusesvn http://bbs.iusesvn.com