HOWTO - Apache2 + Subversion + SSL

http://ubuntuforums.org/showthread.php?t=51753

HOWTO - Apache2 + Subversion + SSL

---

I needed install Apache2 + Subversion and i have searching for info, etc. and now i'm decide to create this tutorial, i hope you like!

Here we go:

INSTALL APACHE2

To install apache2 run that command:

Code:

sudo apt-get install apache2

(if you want also install php and mysql just follow this Link)

After you will install subversion:

Code:

sudo apt-get install subversion

(in that moment doens't exist the pre-buil binary of the last version (1.2.1), but when it's out you can simple upgrade )

To use svn with apache you need install libapache2-svn:

Code:

sudo apt-get install libapache2-svn

Now is better restart apache :

Code:

sudo /etc/init.d/apache2 restart

If you don't want SSL go to the last instructions (dav_svn.conf configurations, and users accounts).

Run:

Code:

a2enmod ssl

Add "Listen 443" to /etc/apache2/ports.conf:

Code:

sudo gedit /etc/apache2/ports.conf

Run:

Code:

apache2-ssl-certificate

Create a new SSL configuration file:

Code:

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/myown-ssl

Edit myown-ssl file:

Code:

sudo gedit /etc/apache2/sites-available/myown-ssl

Change:

Code:

NameVirtualHost *

to

Code:

NameVirtualHost *:443

and

Code:

<VirtualHost *>

to

Code:

<VirtualHost *:443>

Add before </VirtualHost>:

Code:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM

Run:

Code:

a2ensite myown-ssl

Restart Apache:

Code:

sudo /etc/init.d/apache2 restart

Last instruction:

Edit dav_svn configuration file and follow the instructions:

Code:

sudo gedit /etc/apache2/mods-available/dav_svn.conf

Restart apache:

Code:

 sudo /etc/init.d/apache2 restart

Create SVN folder:

Code:

sudo svnadmin create /srv/svn
sudo chown -R www-data:www-data /srv/svn
sudo chmod -R g+ws /srv/svn

Create the users account file:

Code:

sudo htpasswd2 -c /etc/apache2/dav_svn.passwd svnuser

(after asks for a password)

Test SVN:

Code:

svn import .bashrc https://localhost/svn/testfile -mlogentry

That is all!!!


For the SSL instructions i have follow this Tutorial.
About how using SVN see the official SVN book here or visit the official website ( Link).

Any error, please report! (and not only in the istructions but also in the english...)

 

 

 

====

http://forum.synology.com/wiki/index.php/Enable_HTTP_and_HTTPS_access_for_Subversion

Enable HTTP and HTTPS access for Subversion

From SynologyWiki

Jump to: navigation, search

This guide describes how to setup and configure an Apache2 server that allows authenticated access to the Subversion server. It assumes you followed the Step-by-step guide to installing Subversion.

Install Apache 2 Server

Install Apache 2 Package

As you have already installed ipkg to install the Subversion server, you can type the following command to install the Apache 2 server. Issue:

ipkg install apache

ipkg might install some dependencies. Just let it happen.

if you havent allready, you may need to run ipkg install svn to get the required svn modules

Test installation

As the diskstation does already have an Apache server running for its admin web interface and (if you enabled it) the web station, the default HTTP port (80) is already in use. Therefore the additional server's port is set to 8000 per default. Thus, testing your installation is done by accessing http://<IP of your Diskstation>:8000/. You should see the message It works! if it worked.

If you get a message similar to Failed to connect make sure the server is running by issuing the following command:

/opt/sbin/apachectl start

Then try again. If the command above caused the output httpd (pid <Number>) already running, refer to the following section (Configure ports), as your Apache server seems to use a different default port.

Configure ports (optional)

As it might be desirable to have the newly installed Apache server use the default port for HTTP access, this section explains how to swap ports with the diskstation's internal Apache.

First open the configuration file of our new Apache server:

vi /opt/etc/apache2/httpd.conf

Search for the line Listen 8000 and change the port to 80 by moving to the end of the line and pressing x twice. Save the changes by typing :wq and pressing enter.

Now open the user configuration file of the diskstation's Apache server:

vi /usr/syno/apache/conf/httpd.conf-user

Search for the line Listen 80 and change the port to 8000 by moving to the end of the line, pressing a (append), add the two 0 and quit append mode by pressing ESC. Save the changes by typing :wq and pressing Enter.

Note: The file /usr/syno/apache/conf/httpd.conf seems to have no effect, you can safely ignore it. But you should NEVER touch the /usr/syno/apache/conf/httpd.conf-sys file, as it configures the web administration interface, and you don't want that to get broken...

To make sure both Apaches get restarted properly, just reboot the diskstation:

reboot

Enable SSL (optional)

To enable SSL, open the configuration file of our new Apache server again:

vi /opt/etc/apache2/httpd.conf

Now search for the line

#Include etc/apache2/extra/httpd-ssl.conf

and remove the asterisk (#) at the start (move the cursor over it and press x). Save and quit (:wq and Enter).

Now you have to provide an SSL server certificate and key. This guide will just use the ones that come with the diskstation. Therefore change to the config directory of our Apache server and create links to the diskstation's certificate files:

cd /opt/etc/apache2
ln -s /usr/syno/etc/ssl/ssl.crt/server.crt
ln -s /usr/syno/etc/ssl/ssl.key/server.key

Now restart the Apache server:

/opt/sbin/apachectl restart

In case the server fails to restart due to missing certificate files, you will have to check the SSL configuration at /volume1/opt/etc/apache2/extra/httpd-ssl.conf to check where it looks for them. In doubt, specify the following lines (they should already exist, so replace them!) which point to the location where we just put the links to the diskstation's files to:

SSLCertificateFile "/opt/etc/apache2/server.crt"
SSLCertificateKeyFile "/opt/etc/apache2/server.key"

Note: You can change the HTTPS ports just as easy as the HTTP ports. Simply search for the Listen directives within the /opt/etc/apache2/extra/httpd-ssl.conf and /usr/syno/apache/conf/extra/httpd-ssl.conf-user files and change them accordingly.

Configure Subversion access

The Apache server installed comes with the two additional modules required for Subversion access via HTTP(S), mod_dav and mod_dav_svn. It also provides a configuration template (located at /opt/etc/apache2/conf.d/mod_dav_svn.conf) for Subversion which we will use.

Note: If the template is missing, just create the file from scratch. The guide will give you the full configuration file's content below.

Enable Subversion

To enable the configuration template we have to edit the Apache server config once more:

vi /opt/etc/apache2/httpd.conf

Now we add the following block (move to the end of the file and press i to start editing) to include the configuration template:

# Subversion
Include etc/apache2/conf.d/mod_dav_svn.conf

Now we have to add the repository. As it is located at /volume1/svn and thus cannot be reached by our Apache, we have to link to it from within our web folder. This is done by issuing the following commands:

cd /opt/share
ln -s /volume1/svn

Now we edit the configuration template (vi /opt/etc/apache2/conf.d/mod_dav_svn.conf) and make it look like this (by adding the Location block at the end):

LoadModule dav_svn_module     libexec/mod_dav_svn.so
LoadModule authz_svn_module   libexec/mod_authz_svn.so

#
# Example configuration to enable HTTP access for a Subversion
# repository, "/home/svnroot".
#

#<Location /svn/repos>
#   DAV svn
#   SVNPath /home/svnroot
#
#   # Limit write permission to list of valid users.
#   <LimitExcept GET PROPFIND OPTIONS REPORT>
#      # Require SSL connection for password protection.
#      # SSLRequireSSL
#
#      AuthType Basic
#      AuthName "Authorization Realm"
#      AuthUserFile /path/to/passwdfile
#      Require valid-user
#   </LimitExcept>
#</Location>

<Location /svn>
    DAV svn
    SVNParentPath /opt/share/svn
</Location>

Restart the Apache server to apply the changes:

/opt/sbin/apachectl restart

Now every repository that is located on the server can be reached by accessing http://<IP of your Diskstation>:8000/svn/<repo name>, for example http://192.168.0.100:8000/svn/test. This does also apply for the SSL connection, if configured.

Add password protection

As full access to our repositories should most likely not be given to everyone, this section describes how to add password protection. Therefore an htaccess file is required which contains the users allowed to access the repositories. The following shows the creation of a new htaccess file svn-auth-file, overwriting any existing one, and adds the user test. To add users to an existing file, change the -cm option to -m.

> /opt/sbin/apache-htpasswd -cm /opt/share/svn/svn-auth-file test
New password:
Re-type new password:
Adding password for user test

Now we have to tell the Apache server to use the authentication(s) within the file. Therefore we update the Location block within the /opt/etc/apache2/conf.d/mod_dav_svn.conf file to look as follows:

<Location /svn>
    DAV svn
    SVNParentPath /opt/share/svn
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /opt/share/svn/svn-auth-file
    Require valid-user
</Location>

This will require authentication with any of the users specified within the file to access the repository. If only write access should be restricted, we have to limit the Require valid-user option:

<Location /svn>
    DAV svn
    SVNParentPath /opt/share/svn
    AuthType Basic
    AuthName "Subversion repository"
    AuthUserFile /opt/share/svn/svn-auth-file

    #Limit all except read-only HTTP request types
    <LimitExcept GET PROPFIND OPTIONS REPORT>
        Require valid-user
    </LimitExcept>
</Location>

Restart the Apache server and test the result:

/opt/sbin/apachectl restart

Known Problems

Permission denied/authentification problems

If you initially followed the Step-by-step guide to installing Subversion you probably have created the svnowner user and you could use this user also for the apache by adding it to httpd.conf. (I expirienced some problems with the initial configuration where User was set to 'nobody').

vi /opt/etc/apache2/httpd.conf

...

#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User svnowner
Group #-1

...

Further reading

Now that your Subversion is accessible and (possibly) protected, you may want to tweak read/write permissions, maybe even on a repository / folder basis. See The Subversion Book for further details on that and anything else SVN.

Thanks

I'd like to thank

• Synology for making a product that is so nicely adjustable to one's personal needs, and
• Risto for his Step-by-step guide to installing Subversion which made my day :-)

--Boris59 19:15, 30 June 2009 (UTC)