Debian 6 (advanced install, static IP, base system only)
Filesystem – / on one disk image, /export0 on another (which should maybe be mounted with the no execute option for safety?).
Additional packages:
ssh (both for remote admin and for https)subversion (obviously)apache2 (to serve svn over http)libapache2-svn (installs the mod_dav_svn and mod_authz_svn apache modules, if they haven’t been installed already)Check that ssh logins work, and apache works (get webpage from pointing web browser to system).
Enable the ssl site (a2ensite default-ssl) and check the ssl module is enabled (a2enmod ssl). Restart server and check the https default page works.
Disable (unless it’s going to be used for something else) the default http site (a2dissite default) and edit /etc/apache2/ports.conf to stop apache listening on 80 (and complaining about there being no virtualhosts on 80).
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
#NameVirtualHost *:80
#Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule>
Check if dav_svn module is enabled.
Create a directory for the repositories to live. On unst, this is /export0/svn/repos, with the configuration files living in /export0/svn/config
Create the first repository.
mkdir /export0/svn/repos/test1 svnadmin create /export0/svn/repos/test1
Change the ownership of the svn directory to the apache user (should be www-data).
chown -R www-data:www-data /export0/svn
Edit /etc/apache2/sites-available/default-ssl and add the following section:
<Location /repos> DAV svn # any "/svn/repos/foo" URL will map to a repository /export0/svn/repos/foo SVNParentPath /export0/svn/repos </Location>
Browse to https://unst.physics.gla.ac.uk/repos/test1 (or whatever) and check there is a page powered by subversion. Use a subversion client to connect and check updating and committing works.
Again in /etc/apache2/sites-available/default-ssl, add the authentication stuff if required in the <location /repos> section:
# the access control policy AuthzSVNAccessFile /export0/svn/config/svn_access_rules # try anonymous access first, fall back to authentication # as required. Satisfy Any Require valid-user # to authenticate users AuthType Basic AuthName "IGR group subversion server" AuthUserFile /export0/svn_config/.htpasswd_svn
In the config directory create the access rules file. For example:
[test1:/] albert = rw [test2:/] * = rw
This gives user albert only read/write access to the test1 repository, and everyone (anonymous) read/write access to the test2 repository. See: http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html
The other thing required is the password file. This is a standard apache .htpasswd type file, created using htpasswd, and referred to by the AuthUserFile directive.
Gives read/write access to albert, and everyone (including anonymous) read access to the whole of the ligo repository.