How to setup access to Subversion via Apache using the HTTPS protocol
This article describes how to provide https access to a subversion repository using Apache.
Install apache and subversion packages
You’ll need to install the svn module for apache. In Ubuntu, install the packages libapache2-svn,
subversion and apache2 using the following command as root:
# apt-get install libapache2-svn subversion apache2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdb4.8 libneon27-gnutls libsvn1
Suggested packages:
apache2-doc apache2-suexec apache2-suexec-custom db4.8-util subversion-tools
The following NEW packages will be installed:
apache2 apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapache2-svn libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libdb4.8 libneon27-gnutls
libsvn1 subversion
0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/3,836 kB of archives.
After this operation, 10.8 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
...
Considering dependency dav for dav_svn:
Enabling module dav.
Enabling module dav_svn.
check mod_svn module is enabled
It should have been enabled as part of the installation in the previous step.
# a2enmod dav_svn
Considering dependency dav for dav_svn:
Module dav already enabled
Module dav_svn already enabled
Create subversion repository directory
Choose and create your repository directory. This is will grow as developers make commits to the repo.
I’ve chosen /var/svn/com.magicmonster.example
# mkdir -p /var/svn/com.magicmonster.example
Change ownership to the apache dav user
Apache will be reading and writing files to the repository, so change the ownership of the files. On Ubuntu the default user
and group for apache is www-data.
# chown www-data:www-data -R /var/svn/com.magicmonster.example
If you want to change the apache user, look in /etc/apache2/envvars.
Initialise the repo
Switch to the www-data user and create the repo.
# sudo -u www-data -i svnadmin create /var/svn/com.magicmonster.example
Import an existing repository
This step is only required if you are moving repositories and have created a backup.
Assuming the backup file was named backup.svndump, load it using the following command:
root@turtle:~# sudo -u www-data -i svnadmin load /var/svn/com.magicmonster.example < backup.svndump
<<< Started new transaction, based on original revision 1
* adding path : pom.xml ... done.
* adding path : src ... done.<
....
------- Committed revision 42 >>>
Add users
You can now add some users. You will be prompted for a password for each one. This will create the auth file
/var/svn/com.magicmonster.example-auth. Note that the first command uses the -c switch to
create the file. Subsequent commands will not need the switch.
root@turtle:~# htpasswd -cm /var/svn/com.magicmonster.example-auth developer1
New password:
Re-type new password:
Adding password for user developer1
root@turtle:~# htpasswd -m /var/svn/com.magicmonster.example-auth developer2
New password:
Re-type new password:
Adding password for user developer2
We have created subversion users developer1 and developer2 above. Remember the passwords used as these must be provided to the developers.
Check the directory
You should be able to see the auth file and also the subversion repository directory (which is owned by www-data).
root@turtle:/var/svn# ls -la
total 16
drwxr-xr-x 3 root root 4096 Nov 26 23:39 .
drwxr-xr-x 15 root root 4096 Nov 26 23:25 ..
drwxr-xr-x 6 www-data www-data 4096 Nov 26 23:30 com.magicmonster.example
-rw-r--r-- 1 root root 98 Nov 26 23:39 com.magicmonster.example-auth
Enable ssl in Apache
You’ll need to enable either mod_ssl or mod_gnutls to support ssl. I’ve chosen mod_ssl.
root@turtle:~# a2enmod ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart
Add site configuration to Apache
The following apache site config assumes port 443 will be used, and assumes the default SSL certificate is sufficient. Create the document root and log directory:
root@turtle:~# mkdir -p /var/www/com.magicmonster.example
root@turtle:~# mkdir -p /var/log/apache2/com.magicmonster.example
Next create the file /etc/apache2/sites-available/example.magicmonster.com and add the following contents.
NameVirtualHost *:443
<VirtualHost *:443>
ServerName svn-example.magicmonster.com
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<Location /com.magicmonster.example>
DAV svn
SVNPath /var/svn/com.magicmonster.example
AuthType Basic
AuthName "svn repo of com.magicmonster.example"
AuthUserFile /var/svn/com.magicmonster.example-auth
</Location>
DocumentRoot /var/www/com.magicmonster.example
ErrorLog /var/log/apache2/com.magicmonster.example/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/com.magicmonster.example/access.log combined
ServerSignature On
</VirtualHost>
Enable the site in Apache
root@turtle:~# a2ensite example.magicmonster.com
Enabling site example.magicmonster.com.
To activate the new configuration, you need to run:
service apache2 reload
Reload Apache
Restart apache:
root@turtle:~# service apache2 restart
* Restarting web server apache2
...done.
Subversion URL
Assuming you have setup DNS, you can now give the URL https://svn-example.magicmonster.com/com.magicmonster.example/
to developer1 and developer2.