Setup of new SVN server (unst)

Server setup

Debian 6 (advanced install, static IP, base system only)

Filesystem – / on one disk image, /export0 on another (which should maybe be mounted with the no execute option for safety?).

Additional packages:

  • ssh (both for remote admin and for https)
  • subversion (obviously)
  • apache2 (to serve svn over http)
  • libapache2-svn (installs the mod_dav_svn and mod_authz_svn apache modules, if they haven’t been installed already)

Check that ssh logins work, and apache works (get webpage from pointing web browser to system).

Apache setup

Enable the ssl site (a2ensite default-ssl) and check the ssl module is enabled (a2enmod ssl). Restart server and check the https default page works.

Disable (unless it’s going to be used for something else) the default http site (a2dissite default) and edit /etc/apache2/ports.conf to stop apache listening on 80 (and complaining about there being no virtualhosts on 80).

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

#NameVirtualHost *:80
#Listen 80

<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to <VirtualHost *:443>
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>

SVN setup

Check if dav_svn module is enabled.

Create a directory for the repositories to live. On unst, this is /export0/svn/repos, with the configuration files living in /export0/svn/config

Create the first repository.

mkdir /export0/svn/repos/test1
svnadmin create /export0/svn/repos/test1

Change the ownership of the svn directory to the apache user (should be www-data).

chown -R www-data:www-data /export0/svn

Edit /etc/apache2/sites-available/default-ssl and add the following section:

<Location /repos>
DAV svn

# any "/svn/repos/foo" URL will map to a repository /export0/svn/repos/foo
SVNParentPath /export0/svn/repos

</Location>

Browse to https://unst.physics.gla.ac.uk/repos/test1 (or whatever) and check there is a page powered by subversion. Use a subversion client to connect and check updating and committing works.

Authentication and Authorization

Again in /etc/apache2/sites-available/default-ssl, add the authentication stuff if required in the <location /repos> section:

# the access control policy
AuthzSVNAccessFile /export0/svn/config/svn_access_rules

# try anonymous access first, fall back to authentication
# as required.
Satisfy Any
Require valid-user

# to authenticate users
AuthType Basic
AuthName "IGR group subversion server"
AuthUserFile /export0/svn_config/.htpasswd_svn

In the config directory create the access rules file. For example:

[test1:/]
albert = rw

[test2:/]
* = rw

This gives user albert only read/write access to the test1 repository, and everyone (anonymous) read/write access to the test2 repository. See: http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html

The other thing required is the password file. This is a standard apache .htpasswd type file, created using htpasswd, and referred to by the AuthUserFile directive.

Gives read/write access to albert, and everyone (including anonymous) read access to the whole of the ligo repository.

 
/export0/wikidata/pages/it/blog/31_07_2012_17_15.txt · Last modified: 2012/07/31 17:05 by admin
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki