Wednesday, August 02, 2006

Subversion + Apache2 + SSL on Ubuntu in 10 steps

1. Install required packages

sudo apt-get install subversion libapache2-svn
libapache-mod-dav apache2

2. Enable SSL support in Apache

sudo a2enmod ssl

3. Stop Apache

sudo /etc/init.d/apache2 stop

4. Let Apache2 listen on port 443

sudo gedit /etc/apache2/ports.conf

Add to the end of file

Listen 443

5. Create SSL certificate

sudo apache2-ssl-certificate

Provide some information following the prompt

Country Name: <country_code> (example: VN)
State or Province Name: <state_name>
Locality Name: <city_name>
Organization Name: <organization_name>
Organization Unit Name: <organization_unit_name>
Server Name: <server_name>
Email Address: <email_address>

6. Configure site

sudo cp /etc/apache2/sites-available/default
/etc/apache2/sites-available/<sitename>

then edit

sudo gedit /etc/apache2/sites-available/<sitename>

        
  1. Change NameVirtualHost to NameVirtualHost *:443
        
  2. Change <VirtualHost> to <VirtualHost *:443>
        
  3. Append before </VirtualHost> the following

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM

Then create a symbol link to your site configuration in sites-enabled

sudo ln -s /etc/apache2/sites-available/<sitename>
/etc/apache2/sites-enabled/<sitename>

Note: <sitename> should be same as your hostname

7. Create a Subversion Repository

sudo svnadmin create /var/lib/svn
sudo chown -R www-data:www-data /var/lib/svn
sudo chmod -R g+ws /var/lib/svn

8. Use Apache for Authentication

sudo htpasswd -c -m /var/lib/svn/conf/htpasswds <username>

9. Configure mod_dav

edit dav_svn.conf

sudo gedit /etc/apache2/mods-available/dav_svn.conf

DAV svn
SVNPath /var/lib/svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /var/lib/svn/conf/htpasswds
Require valid-user
SSLRequireSSL

Disable anonymous browsing by commenting out the following:

#<LimitExcept GET PROPFIND OPTIONS REPORT>
# Require valid-user
#</LimitExcept>

10. Start Apache

sudo /etc/init.d/apache2 start

Now try to browse https://<sitename>/svn and import something

3 comments:

t800t8 said...

This setting up works well with single repository. But I have problem when try to setup multiple repositories.

I changed from SVNPath to SVNParentPath in dav_svn.conf but have "403 Forbidden" :-(

Can anybody help me? Thanks

t800t8 said...

My stupid bug. Fixed it.

Browse by using

https://[sitename]/svn/[repository-name]/

t800t8 said...

If you want to accept users to see list of repositories, add

SVNListParentPath on

to dav_svn.conf