A quick and easy 14 steps to setup SVN and HTTPS Server

     Version controlling with subversion is widely used. Here I used https to access SVN on SLES with perproject mail configuration.
Security - SSL+TLS Encryption for client server communication
          Authenticitaion for User to access repository

TOOLS - Subversion - 1.3
        Subversion Server - 1.3
        CVS2SVN - 1.3
        perl-SVN-Notify
        APACHE - 2.2

Apache Modules used : mod_ssl,mod_digest,mod_rewrite,mod_dav,mod_authz,mod_dav_svn,mod_authz_svn and other default modules

NOTE : ALWAYS USE THE LOG FILE OF APACHE TO TRACK EVERY CHANGES 
STEPS: i) Install all above packages.

ii) Add the modules in the /etc/apache2/sysconfig.d/loadmodules.conf

as:

LoadModules mod_rewrite
e.g.
LoadModules mod_rewrite /usr/lib64/apache2/modules/mod_rewrite.so
Add all the modules

iii) Add the modules in apache conf file: /etc/sysconfig/apache2 in the "APACHE_MODULES" section

WARNING : Dont try to load the modules of apache by YAST, it will result apache 2 deadlock situation.

iv)  Enable SSL in APACHE in /etc/sysconfig/apache2 :

APACHE_SERVER_FLAGS="SSL"

v) Create SSL Certificates and PKI :
Goto a temp directory and create the certificate manually :

#mkdir /tmp/ca #cd /tmp/ca 
->Create a new Certificate of Authority (CA):
openssl genrsa -des3 -out newca.key 2048

->Create the X.509 certificate and make it expire in 2 years:
openssl req -new -x509 -days 730 -key newca.key -out newca.crt 

->Create the server key using 1024 bit for apache server:
openssl genrsa -des3 -out ap2server.key 1024

->Create the Certificate Signed Request (CSR):
openssl req -new -key ap2server.key -out ap2server.csr: 

->Create the server signed certificate from the CA and the CSR:
openssl x509 -req -in ap2server.csr -out ap2server.crt -sha1 -CA newca.crt -CAkey newca.key -CAcreateserial -days 730  
vi) Now put them in a location where apache can access them:

cp ap2server.crt /etc/apache2/ssl.crt/ 
cp ap2server.key /etc/apache2/ssl.key/ 
cp newca.crt /etc/apache2/ssl.crt/ 
 vii) Create a file which will execute by apache to get the passphrase when it starts the mod_ssl 

Add the line which executes the passphrase file in /etc/apache2/ and supply the passphrase to apahce every time apache starts other wise dont give the passphrase during certificate creation.
So create the file /etc/apache2/passphrase and add the following lines:

#!/bin/bash echo "asdf123" 
##Where asdf123 is the passphrase

viii) Addthe following lines in subversion.conf in /etc/apache2/conf.d/

SSLPassPhraseDialog exec:/etc/apache2/passphrase 
NameVirtualHost 192.168.0.3:443 
<VirtualHost 192.168.0.3:443> ServerName 192.168.0.3
ServerAdmin svn@server.darsan.org
Loglevel debug
ErrorLog /var/log/apache2/svn-error_log
TransferLog /var/log/apache2/svn-access_log
 
ServerSignature on
SSLEngine on
SSLCipherSuite HIGH:MEDIUM
SSLProtocol all -SSLv2
SSLCertificateFile /etc/apache2/ssl.crt/ap2server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/ap2server.key
SSLCertificateChainFile /etc/apache2/ssl.crt/newca.crt
SSLCACertificateFile /etc/apache2/ssl.crt/newca.crt  
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L] 
<Location /vizrepos>
 SSLRequireSSL
 DAV svn
 SVNPath /svnroot/development
 AuthType Basic
 AuthName "Subversion repository"
 AuthUserFile /etc/svn_pass
 Satisfy Any
 SetOutputFilter DEFLATE
 Require valid-user
</Location>
 
</VirtualHost>
 ix) Crate SVN repository (/svnroot ):

svnadmin create /svnroot/development 
x) Importing projects in to the repository(Let /tmp/project1):

 Note: Manually create tags,trunk and brabches inside the project and put the codes inside the /project/trunks dir
project1/tags project1/branches project1/trunks

Create a project1 inside the repository:

svn mkdir file:///svnroot/development/project1 -m "commit message"

 NOte: Now import the project to the SVN repository:

svn import /tmp/project1/ file:///svnroot/development/project1 -m "Commit message" 


xi) Converting cvs repository to svn repository: ( IF YOU HAVE AN EXISTING CVS REPOSITORY AND YOU WANT TO CONVERT IT INTO SVN)

 1st copy the cvs reposirtory to a tmp location, so any error during cvs2svn will not affect the original source code:

 cp -rv /cvsroot/repository/project2 /tmp/cvsprojects/ 
 cd to the tmp:

 cd /tmp 
 Convert the cvs repository:

 cvs2svn --dump-only --cvs-revnums /tmp/cvsprojects/project2

 Create a project2 for this inside svn repository:

 svn mkdir file:///svnroot/development/project2 -m "commit message"

 Import the dump into cvs repos:

 svnadmin load /svnroot/development/ --parent-dir projetc2 < cvs2svn-dump 


xii) List the projects inside the svn repository:

svn list file:///svnroot/development/


 xiii) Adduser to access the repository:

Create a file which will store the mappping of username and its message-digest-5 password and add this file in apache server configuration:

htpasswd2 -cm /etc/svn-pass 

After this only use

htpasswd2 -m /etc/svn-pass 

xiv) post-commit hookscript(/svnroot/development/hooks/post-commit) for perproject email: 
Add lines as needed:

# Path to the repository
REPOS="$1"

# The number of the revision which was just commited
REV="$2"

# Path to svnlook
SVNLOOK=/usr/bin/svnlook  

# Default email for commit.
D_EMAIL="svn@server.darsan.org"

# Find out who was the author of this commit
AUTHOR=`$SVNLOOK author "$REPOS" -r "$REV"`

# Cutting out the project dir name which is changed

PROJECTS=`$SVNLOOK changed $REPOS --revision $REV | awk '{print $2}' | sed -e 's#development/##' -e 's#/.*##' | sort | uniq`

# Email notification for  per project basis: (Here add the email-id associated with the projects)

for PROJECT in `echo $PROJECTS`
do
 case "$PROJECT" in
 "test")
 C_EMAIL="pdk@server.darsan.org"
 ;;
 "test2")
 C_EMAIL="svn@server.darsan.org"
 ;;
 "*")
 C_EMAIL="svn@server.darsan.org"
 esac
done  

# Send commit notification email.

/usr/bin/svnnotify \
 --repos "$REPOS" \
 --revision "$REV" \
 --to "${C_EMAIL}" \
 --from "$D_EMAIL" \
 --set-sender \
 --subject-prefix "[r%d] " \
 --subject-cx \
 --with-diff \
 --handler HTML::ColorDiff 
Advertisements

About Divyashree - The GNULINUX Guy

I am a Linux and Opensource enthusiast. I started working on Linux early in 2007 while I was doing my Masters in Computer Science and passed out in 2010. Currently working as a DevOps in in Public/Private cloud domain. my @github : https://github.com/kumarprd my @nagiosexchange : https://exchange.nagios.org/directory/Owner/divyaimca/1 my @linkedin : https://www.linkedin.com/in/priyadarshee-kumar-☁-a9415615
Gallery | This entry was posted in TUTORIALS. Bookmark the permalink.

One Response to A quick and easy 14 steps to setup SVN and HTTPS Server

  1. Pingback: Unable to access repo with SVN+HTTPS.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s