软件源码包:
httpd-2.2.20.tar.bz2(http://httpd.apache.org/download.cgi)
openssl-1.0.0e.tar.gz(http://www.openssl.org/source/)
subversion-1.6.16.tar.bz2(http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=10339&expandFolder=10339&folderID=11151)
subversion-deps-1.6.16.tar.bz2(http://subversion.tigris.org/servlets/ProjectDocumentList?folderID=10339&expandFolder=10339&folderID=11151)
安装openssl
>tar zxvf openssl-1.0.0e.tar.gz
>cd openssl-1.0.0e/
>./config --prefix=/usr/openssl-1.0.0e/
>make
>make test
>make install
>/usr/openssl-1.0.0e/bin/openssl version
OpenSSL 1.0.0e 6 Sep 2011
安装httpd
>tar jxvf httpd-2.2.20.tar.bz2
>cd httpd-2.2.20/
>./configure --prefix=/usr/httpd-2.2.20/ --enable-dav --enable-so --enable-ssl=/usr/openssl-1.0.0e/ --with-included-apr
>make
>make install
安装subversion
>tar jxvf subversion-1.6.16.tar.bz2
>tar jxvf subversion-deps-1.6.16.tar.bz2
>cd subversion-1.6.16/
>./configure --prefix=/usr/subversion-1.6.16 --with-ssl --with-apxs=/usr/httpd-2.2.20/bin/apxs
>make
>make install
修改apache配置文件
>vi /usr/httpd-2.2.20/conf/httpd.conf
打开注释并修改:ServerName IP:端口
启动apache服务
>/usr/httpd-2.2.20/bin/apachectl start
测试apache
浏览器访问http://IP,显示It works!
生成服务器私钥
>cd /usr/httpd-2.2.20/conf/
>/usr/openssl-1.0.0e/bin/openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.........................++++++
......................++++++
e is 65537 (0x10001)
Enter pass phrase for server.key:创建证书密码
Verifying - Enter pass phrase for server.key:确认输入密码
生成服务器证书请求
>/usr/openssl-1.0.0e/bin/openssl req -new -key server.key -out server.csr
输入所有相关信息
签证
>/usr/openssl-1.0.0e/bin/openssl x509 -req -days 700 -in server.csr -signkey server.key -out server.crt
输入证书密码
安全设置
>chmod 400 server.key
>chmod 400 server.crt
apache添加ssl功能
>vi /usr/httpd-2.2.20/conf/httpd.conf
#Listen 80(取消http的80端口服务)
打开
Include conf/extra/httpd-ssl.conf
包含ssl的配置文件
启动apache服务
>/usr/httpd-2.2.20/bin/apachectl start
输入证书密码
测试apache
浏览器访问https://IP,显示It works!
创建SVN库
>cd /home/nap
>mkdir subversion
>cd subversion
>svnadmin create PFX
>cp PFX/conf/authz PFX/conf/passwd .
>vi authz
设置用户权限
[/]
nap = rw
>/usr/httpd-2.2.20/bin/htpasswd -c passwd nap
创建用户密码
确认输入密码
文件最后添加
<Location /subversion>
DAV svn
SVNParentPath /home/nap/subversion
SVNListParentPath On
AuthType Basic
AuthName "crowd"
AuthzSVNAccessFile /home/nap/subversion/authz
AuthUserFile /home/nap/subversion/passwd
Require valid-user
</Location>
重启apache
>/usr/httpd-2.2.20/bin/apachectl restart
访问SVN
开放文件夹写权限
>chmod 700 -R PFX/
>chown -R daemon:daemon PFX/
可以正常使用SVN库
IP地址屏蔽
<Location /subversion>
DAV svn
SVNParentPath /home/nap/subversion
SVNListParentPath On
AuthType Basic
AuthName "crowd"
AuthzSVNAccessFile /home/nap/subversion/authz
AuthUserFile /home/nap/subversion/passwd
Require valid-user
Order Allow,Deny(默认全部禁止)
Allow from 10.1(白名单)
</Location>