在工作中需要使用SVN作为代码管控服务器。所以运维需要掌握SVN服务器的搭建和一些常用操作。
安装Apache服务
tar jxvf httpd-2.2.22.tar.bz2
cd httpd-2.2.22
./configure --prefix=/data/svn_base/httpd --enable-so --enable-dav --enable-dav-fs --enable-maintainer-mode --with-included-apr --enable-rewrite --enable-ssl --enable-proxy --enable-proxy-http
make
make install
useradd -r -s /sbin/nologin apache
修改 /data/svn_base/httpd/conf/httpd.conf
User apache
Group apache
安装SVN
两个包的版本号信息要一致。
tar jxvf subversion-1.6.13.tar.bz2
tar jxvf subversion-deps-1.6.13.tar.bz2
cd subversion-1.6.13
./configure --prefix=/data/svn_base/subversion --with-apxs=/data/svn_base/httpd/bin/apxs --with-apr=/data/svn_base/httpd/bin/apr-1-config --with-apr-util=/data/svn_base/httpd/bin/apu-1-config
yum -y install expat expat-devel
make
make install
配置Apache
确认httpd.conf中有以下三行
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
Include conf/extra/httpd-svn.conf
并且modules目录下要存在这两个文件
编辑/data/svn_base/httpd/conf/extra/httpd-svn.conf
DAV svn
SVNListParentPath On
SVNParentPath /data/svn_base/
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile //data/svn_base/subversion/conf/svn_passwdfile
AuthzSVNAccessFile /data/svn_base/subversion/conf/svn_accessfile
Require valid-user
mkdir -p /data/svn_base/subversion/conf/
创建SVN用户和密码存储文件,默认没有这个文件,第一次创建需要用 -c 这个参数。
/data/svn_base/httpd/bin/htpasswd -c /data/svn_base/subversion/conf/svn_passwdfile john
这只用户的访问权限
vim /data/svn_base/subversion/conf/svn_accessfile
[groups]
admin = john
project1 = user0
project1_server = user1,user2
project1_client = user3,user4
[/]
@admin = rw
[project1:/]
@admin = rw
@project1 = rw
[project1:/server]
@admin = rw
@project1 = rw
@project1_server = rw
[project1:/client]
@admin = rw
@project1 = rw
@project1_client = rw
4. 创建项目仓库
/data/svn_base/subversion/bin/svnadmin create /data/svn_base/project1
chown apache:apache -R /data/svn_base/project1
5.添加Apache启动文件,设置开机启动
#!/bin/bash
#
# httpd Startup script for the Apache HTTP Server
#
# chkconfig: - 85 15
# description: The Apache HTTP Server is an efficient and extensible \
# server implementing the current HTTP standards.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd/httpd.pid
#
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $named
# Required-Stop: $local_fs $remote_fs $network
# Should-Start: distcache
# Short-Description: start and stop Apache HTTP Server
# Description: The Apache HTTP Server is an extensible server
# implementing the current HTTP standards.
### END INIT INFO
# Source function library.
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/httpd ]; then
. /etc/sysconfig/httpd
fi
# Start httpd in the C locale by default.
HTTPD_LANG=${HTTPD_LANG-"C"}
# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""
# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
# with the thread-based "worker" MPM; BE WARNED that some modules may not
# work correctly with a thread-based MPM; notably PHP will refuse to start.
# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/data/svn_base/httpd/bin/apachectl
httpd=${HTTPD-/data/svn_base/httpd/bin/httpd}
prog=httpd
pidfile=${PIDFILE-/data/svn_base/httpd/logs/httpd.pid}
lockfile=${LOCKFILE-/var/lock/subsys/httpd}
RETVAL=0
STOP_TIMEOUT=${STOP_TIMEOUT-10}
# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $"Starting $prog: "
LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch ${lockfile}
return $RETVAL
}
# When stopping httpd, a delay (of default 10 second) is required
# before SIGKILLing the httpd parent; this gives enough time for the
# httpd parent to SIGKILL any errant children.
stop() {
echo -n $"Stopping $prog: "
killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}
}
reload() {
echo -n $"Reloading $prog: "
if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
RETVAL=6
echo $"not reloading due to configuration syntax error"
failure $"not reloading $httpd due to configuration syntax error"
else
# Force LSB behaviour from killproc
LSB=1 killproc -p ${pidfile} $httpd -HUP
RETVAL=$?
if [ $RETVAL -eq 7 ]; then
failure $"httpd shutdown"
fi
fi
echo
}
# See how we were called.
case "$1" in
start)
start
;;
;;
status)
status -p ${pidfile} $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart|try-restart)
if status -p ${pidfile} $httpd >&/dev/null; then
stop
start
fi
;;
force-reload|reload)
reload
;;
graceful|help|configtest|fullstatus)
$apachectl $@
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}"
RETVAL=2
esac
exit $RETVAL
chkconfig --level 35 httpd on
6.设置HTTPS方式访问
yum install openssl openssl-devel
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.crt -days 3650 -x509
将httpd.conf中以下一行注释去掉
Include conf/extra/httpd-ssl.conf
service httpd reload
7.通过Nginx访问
如果默认使用Nginx作为WEB服务器,又想要通过HTTP或HTTPS的方式访问SVN,就需要通过Nginx转发请求到Apache.Apache需要设置监听不同的端口。
以下为使用HTTPS的方式访问Nginx,然后由Nginx转发HTTP请求到Apache。生成秘钥的方式和以上相同。server {
listen 443 ssl;
ssl_certificate conf.d/ssl/www.xxx.com.crt;
ssl_certificate_key conf.d/ssl/www.xxx.com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
server_name www.xxx.com;
root /data/svn_base/;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_pass http://127.0.0.1:88;
}
}