First, Installation: 1. Apache Installation Needless to say, go to the/usr/ports/www/apache22 directory, run make install to install the default way to do it, if you have other Apache applications and requirements, your own research. 2. Subversion installation #cd/usr/ports/devel/subversion
#make Install Without_bdb=yes With_mod_dav_svn=yes apxs=/usr/local/sbin/apxs Description: Without_bdb=yes This is I do not use Berkleydb to add, you are willing to use can be removed, With_mod_dav_svn=yes apxs=/usr/local/sbin/apxs Two parameters to support Apache's WebDAV approach The installation is done and the rest is to build the library and set permissions Second, build the library Let's say I created two projects (libraries), test and Toplee, one for practice and testing, and one for saving toplee.com code.
#mkdir/var/svn (Create the root of the SVN inventory, you can choose the directory freely)
#svnadmin Create/var/svn/test
#svnadmin Create/var/svn/toplee
Get Third, set permissions Before you reach your final goal (accessed using Apache's WebDAV approach), start by simply talking about how to build your environment through the lightweight svnserve that comes with SVN, and if you're not interested, look directly at the Apache WebDAV section behind it. 1. Configure the svnserve that comes with SVN
#vi/etc/rc.conf Add the following lines Svnserve_enable= "NO"
svnserve_user= "www"
svnserve_group= "www"
Svnserve_flags= "-D--listen-host=xxx.xxx.xxx.xxx--listen-port=3690"
Svnserve_data= "/VAR/SVN"
#/usr/local/etc/rc.d/svnserve start
It's time to access the test library from SVN info svn://xxx.xxx.xxx.xxx/test.
However, with the default permissions, everyone can access and modify the contents of the library, you need to set permissions
Permission Setting Method: Under/var/svn/test and/var/svn/toplee have a conf directory, into the Conf directory, you can see Authz, passwd, Svnserve.conf three files, these three files are used to configure Svnserve mode permissions, respectively, configured as follows: A) configuration svnserve.conf Write something like the following in the file [General]
Anon-access = None
auth-access = Write
Password-db = passwdProbably mean, do not allow anonymous access, all need to use password authentication, for authenticated users, to write permissions, and for password authentication files are passwd files b) Configure the passwd file This file opened, a look to understand, is to write user name and password, uncomfortable is the password is clear, even if add a MD5. Write something like this. Michael=toplee
Test=testdb
Lee=abcThree users were set up, Michael, Test, Lee c) Configure the Authz file This file is used to configure the user to access the library files or directories of the specific policy, basically the default file contains instructions and examples, my Authz file is probably as follows: [Groups]
g_w = Michael,lee #意思是创建一个组, including two users
G_r = Test #第二个组, containing a user
[/ABC] #目录名
@g_w = RW #g_w组的用户都能read和write
@g_r =RW #g_r组的用户也能read和write
[/XYZ]
Michael=rw
Lee=r
@g_r =rThe above content is probably based on the content to understand the meaning, not much explanation At this point, the configuration is complete, running the/usr/local/etc/rc.d/svnserve Restart Restart service is effective, now using SVN info svn://xxx.xxx.xxx.xxx/test requires you to authenticate. 2. Configure Apache-based WebDAV access to SVN This is my final goal today, there are some similar documents to find, but always feel a little bit less. Key two locations, configure httpd.conf and SVN permissions files A) configuration httpd.conf Add the following piles to the httpd.conf file. LoadModule Dav_module libexec/apache22/mod_dav.so
LoadModule Dav_fs_module libexec/apache22/mod_dav_fs.so
LoadModule Dav_svn_module libexec/apache22/mod_dav_svn.so
LoadModule Authz_svn_module libexec/apache22/mod_authz_svn.so
<Location/svn>
DAV SVN
Svnparentpath/var/svn
AuthType Basic
AuthName "Subversion in Toplee.com"
authuserfile/var/svn/.svnpasswd
Authzsvnaccessfile/var/svn/.svnaccess
Satisfy any
Require Valid-user
</Location>What do you mean? In fact, the first two lines, Apache installed after basically the default is there, no tube, but you have to determine if there is really, no, no, check the/usr/local/libexe/apache22/under the corresponding so or recompile to install Apache, and activate the appropriate options. The 34th line is to install SVN when adding With_mod_dav_svn=yes apxs=/usr/local/sbin/apxs These two parameters will be added by default, if you do not manually add. The rest of the pile is the key, probably meaning to call the. svnpasswd file for user authentication, call the. svnaccess file for permission judgment, details I am too lazy to say, you follow, according to the directory of different self-change on the line. b) Configure the SVN user rights file This time we will not continue to use the previous Svnserve mode of the three files, but using the httpd.conf file configured in the. svnpasswd and. Svnaccess two files to configure, of course, the names and paths of the two files you can change according to your preferences. The first is to configure the. svpasswd file, which is actually the standard Apache. htpasswd file, get the HTTP way to verify all the things you know. Run the following command to create a three user
#htpasswd-C/var/svn/.svnpasswd Michael
#输入口令
#htpasswd/VAR/SVN/.SVNPASSWD Lee (Note that this does not require the-c parameter, it is used for the first time the file is created)
#输入lee用户的口令
#htpasswd/VAR/SVN/.SVNPASSWD Test
#输入test用户的口令 Fix it. svnpasswd file Next, start with the. svnaccess file, run the vi/var/svn/.svnaccess edit file, add the following things [Groups]
G_w = Michael,lee
G_r = Test
[test:/]
@g_w = RW
@g_r =RW
[toplee:/blog/]
Michael=rw
Lee=r
@g_r =r
[toplee:/mail/]
@g_w =RW
@g_r =wThis file, in fact, with the previous test/conf and toplee/conf under the Authz file format, but it is not necessary for each library to be created separately, and unified use of a file to configure, from the file can see the change, in the configuration directory, the name of the library added, such as [ toplee:/blog/] Indicates the meaning of the/blog/directory under the Toplee library The last is to run/USR/LOCAL/ETC/RC.D/APACHE22 restart restart Apache service is all done. Enter Http://xxx.xxx.xxx.xxx/svn/test or Http://xxx.xxx.xxx.xxx/svn/toplee in the browser, let you enter the user name password is OK If you do not succeed, one may be RPWT, the other may be in the middle where the wrong, for example, I just because the hand mistakenly put. svnpasswd. SVNHTPASSWD, The result httpd.conf inside again writes. SVNPASSWD, got a half-day without success, see Error.log just understand what happened. If you need to access SVN with HTTPS set the following: 1. Configure httpd.conf Add the following piles to the httpd.conf file. LoadModule Ssl_module libexec/apache2/mod_ssl.so <ifmodule mod_ssl.c>
Include etc/apache2/ssl.conf
</IfModule> 2 Generating certificates Mkdir/usr/local/apache2/conf/ssl.crt
#为你的Apache服务器创建一个RSA私用密钥
OpenSSL genrsa-des3-passout pass:asecretpassword-out/usr/local/apache2/conf/ssl.crt/server.key.org 1024
#用服务器RSA私用密钥生成一个证书签署请求 (csr-certificate Signing Request)
OpenSSL req-new-passin pass:asecretpassword-passout pass:asecretpassword-key/usr/local/apache2/conf/ssl.crt/ Server.key.org-out/usr/local/apache2/conf/ssl.crt/server.csr-days 3650
# 3650 is ten YEARSI certification signing request to obtain certification
OpenSSL req-x509-passin pass:asecretpassword-passout pass:asecretpassword-key/usr/local/apache2/conf/ssl.crt/ Server.key.org-in/usr/local/apache2/conf/ssl.crt/server.csr-out/usr/local/apache2/conf/ssl.crt/server.crt-days 3650
#如果没有这一步, start Apache+ssl will ask to enter the password, with the following step, you can not Passwod
OpenSSL Rsa-passin pass:asecretpassword-in/usr/local/apache2/conf/ssl.crt/server.key.org-out/usr/local/apache2/ Conf/ssl.crt/server.key
#
Mkdir/usr/local/apache2/conf/ssl.key
#
Mv/usr/local/apache2/conf/ssl.crt/server.key/usr/local/apache2/conf/ssl.key/server.key
#
chmod 400/usr/local/apache2/conf/ssl.key/server.key 3, modify SSL. conf Finally, modify the/usr/local/Apache2/conf/SSL. conf: vi/usr/local/Apache2/conf/SSL. conf The changes are in the following places: Just add the following statement to it. Modify the following: Sslcertificatefile/usr/local/etc/apache2/ssl.crt/server.crt Sslcertificatekeyfile/usr/local/etc/apache2/ssl.key/server.key Add the following: alias/svn/"/usr/local/svndata/dev/" <Location/svn>
DAV SVN
Svnpath/usr/local/svndata/dev
Allow from all
AuthType Basic
AuthName "Subversion Admin"
authuserfile/usr/local/etc/apache2/svnpass/htpasswd
Authzsvnaccessfile/usr/local/svndata/dev/conf/authz
Require Valid-user
</Location>
alias/svn/"/usr/local/svndata/dev/" So we're basically good with SSL now let's get Apache to start SSL /usr/local/Apache2/bin/apachectl Startssl can be accessed in the form of HTTPS. /USR/LOCAL/SBIN/HTPASSWD/USR/LOCAL/ETC/APACHE2/SVNPASS/HTPASSWD test fills in the Security user command, Manually set the user test permissions on the/usr/local/svndata/dev/conf/authz. Note: Authzsvnaccessfile must be used together with Require Valid-user, can also not use, but can not be used alone, or the inevitable 301 error. or 403 error. |
