Wednesday, August 02, 2006

Subversion + Apache2 + SSL on Ubuntu in 10 steps

1. Install required packages

    sudo apt-get install subversion libapache2-svn
                         libapache-mod-dav apache2

2. Enable SSL support in Apache

    sudo a2enmod ssl

3. Stop Apache

    sudo /etc/init.d/apache2 stop

4. Let Apache2 listen on port 443

    sudo gedit /etc/apache2/ports.conf

Add to the end of file

    Listen 443

5. Create SSL certificate

    sudo apache2-ssl-certificate

Provide some information following the prompt

    Country Name: <country_code> (example: VN)
    State or Province Name: <state_name>
    Locality Name: <city_name>
    Organization Name: <organization_name>
    Organization Unit Name: <organization_unit_name>
    Server Name: <server_name>
    Email Address: <email_address>

6. Configure site

    sudo cp /etc/apache2/sites-available/default
            /etc/apache2/sites-available/<sitename>

then edit

    sudo gedit /etc/apache2/sites-available/<sitename>

        
  1. Change NameVirtualHost to NameVirtualHost *:443
        
  2. Change <VirtualHost> to <VirtualHost *:443>
        
  3. Append before </VirtualHost> the following

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.pem
        SSLProtocol all
        SSLCipherSuite HIGH:MEDIUM

Then create a symbol link to your site configuration in sites-enabled

    sudo ln -s /etc/apache2/sites-available/<sitename>
               /etc/apache2/sites-enabled/<sitename>

Note: <sitename> should be same as your hostname

7. Create a Subversion Repository

    sudo svnadmin create /var/lib/svn
    sudo chown -R www-data:www-data /var/lib/svn
    sudo chmod -R g+ws /var/lib/svn

8. Use Apache for Authentication

    sudo htpasswd -c -m /var/lib/svn/conf/htpasswds <username>

9. Configure mod_dav

edit dav_svn.conf

    sudo gedit /etc/apache2/mods-available/dav_svn.conf

        DAV svn
        SVNPath /var/lib/svn
        AuthType Basic
        AuthName "Subversion Repository"
        AuthUserFile /var/lib/svn/conf/htpasswds
        Require valid-user
        SSLRequireSSL

Disable anonymous browsing by commenting out the following:

    #<LimitExcept GET PROPFIND OPTIONS REPORT>
    #  Require valid-user
    #</LimitExcept>

10. Start Apache

    sudo /etc/init.d/apache2 start

Now try to browse https://<sitename>/svn and import something
Posted by at

3 comments:

t800t8 said...

This setting up works well with single repository. But I have problem when try to setup multiple repositories.

I changed from SVNPath to SVNParentPath in dav_svn.conf but have "403 Forbidden" :-(

Can anybody help me? Thanks

9:41 AM
t800t8 said...

My stupid bug. Fixed it.

Browse by using

https://[sitename]/svn/[repository-name]/

7:13 PM
t800t8 said...

If you want to accept users to see list of repositories, add

SVNListParentPath on

to dav_svn.conf

4:21 PM

Post a Comment

Subscribe to: Post Comments (Atom)