Setting up Subversion Access through Apache
Posted by Pat Thu, 09 Feb 2006 22:10:00 GMT
I’ve been using Subversion for my source code control for a few months now. For the server, I’ve just been using the built-in svnserve, which has worked perfectly fine for me. However lately I’ve been doing more projects for outside companies, and dealing with SVN access has been a pain. I have access control on my repository, but svnserve doesn’t allow any fine-grained access…any user has access to the entire repository. I also want to make some of my code publicly available over SVN. Naturally I don’t want everyone in the world to have access to all my business code.
One way to have more fine-grained access control over the repository is to use Apache and mod_dav_svn. Unfortunately we can’t use lighttpd for the task because it doesn’t support mod_dav_svn. I’m not too pleased about having to install Apache, but it’s the right tool for the job. Also, since it will only be a front end to my Subversion repository, I can keep it pretty small.
Installing and Configuring Apache 2
The Subversion documentation says you need to use Apache 2.0, not 1.3. Checking out /usr/ports/www, you’ll see there are three versions of Apache 2 – 2.0, 2.1, and 2.2. I figure it makes sense to just go with the latest one, so that’s what I’ll install. Should work fine though if you decide to go with 2.0 or 2.1 instead.
There are a couple make options that we need to set for the Apache install. You can do these on the command line, but it’s probably a good idea to throw them in /etc/make.conf so that when you upgrade Apache, those options are remembered. So put the following lines in /etc/make.conf:# Apache config
.if ${.CURDIR:M*/www/apache2*}
WITH_AUTH_MODULES=yes
WITH_DAV_MODULES=yes
WITH_SSL_MODULES=yes
WITH_BERKELEYDB=db42
.endif
# Subversion config
.if ${.CURDIR:M*/devel/subversion}
WITH_APACHE2=true
WITH_MOD_DAV_SVN=yes
.endif# cd /usr/ports/www/apache22/ && make install clean# cd /usr/ports/devel/subversion && make deinstall && make install clean# cp -Rp /home/svn/repos /usr/local/repos
# chown -R www:www /usr/local/reposLoadModule authn_file_module libexec/apache22/mod_authn_file.so
LoadModule authz_host_module libexec/apache22/mod_authz_host.so
LoadModule authz_groupfile_module libexec/apache22/mod_authz_groupfile.so
LoadModule authz_user_module libexec/apache22/mod_authz_user.so
LoadModule authz_dbm_module libexec/apache22/mod_authz_dbm.so
LoadModule authz_owner_module libexec/apache22/mod_authz_owner.so
LoadModule authz_default_module libexec/apache22/mod_authz_default.so
LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so
LoadModule include_module libexec/apache22/mod_include.so
LoadModule log_config_module libexec/apache22/mod_log_config.so
LoadModule logio_module libexec/apache22/mod_logio.so
LoadModule env_module libexec/apache22/mod_env.so
LoadModule dav_module libexec/apache22/mod_dav.so
LoadModule dav_svn_module libexec/apache22/mod_dav_svn.so
LoadModule authz_svn_module libexec/apache22/mod_authz_svn.so
LoadModule dav_fs_module libexec/apache22/mod_dav_fs.so
<Location />
DAV svn
SVNPath /usr/local/repos
</Location>apache22_enable="YES"# /usr/local/etc/rc.d/apache22.sh startCongrats, you should now be able to go to http://ip/ in your web browser to view your repository. For more detailed config info, check out the Apache section of the SVN Book.
Switching your working copies to use the new URL
You have two options at this point – either just check out your projects again using the new URL, or use the svn switch command to switch each working copy to the new URL. Either one works fine, and the first is probably easier in general. Just ‘svn co http://12.34.56.78/project’. However in case you want to immediately switch it, run the following commands (you need to have svnserve running for this to work):$ cd working_copy
$ svn switch --relocate svn://12.34.56.78/project http://12.34.56.78/projectOnce you’ve done all of this, you don’t need to run svnserve anymore, so you should kill it off. If you forgot to switch a working copy to the new URL, you’ll get an error as soon as you try to execute a command like svn update, so you’ll immediately know to just check out the project again.
Final thoughts
I spent about 15 minutes configuring Apache last night, have a nice little setup. Now my SVN repository is available to the public, and my private projects are all password protected. In addition, I can create users for each private project I’m working on, so the companies I’m developing for have easy SVN access to their own projects, without exposing other companies’ projects. Pretty sweet.
For the /etc/make.conf stuff you should have a look at http://blog.innerewut.de/articles/2006/01/14/upgrading-ports-and-preserve-make-options
Jonathon,
Thanks for the tip, I updated the guide to reflect it.
Is there a way to do this with just Lighttpd? I’m trying to get subversion http access setup without using apache. I tried proxying to svnserve but that didn’t work. Any suggestions?
Quote from the article:
Unfortunately we can’t use lighttpd for the task because it doesn’t support mod_dav_svn.
The newest version of SVN enables all of the same settings for svnserve as it does for Apache mod_dav_svn. I’ve been wanting to do the same thing you just did, and I just noticed that now it can be done in svnserve without apache!
Oh boy, after I spent all that time uninstalling and reinstalling apache/subversion just to make sure I had all the right options..now I get to go ahead and remove Apache altogether again :) Do you know if the options I show in my blog post work for subversion by itself? I’ll get around to getting rid of Apache a bit later today.
Thanks for the info.
Pat
edit: Actually I’m going to stick with Apache, since it’s on a development server anyway, so it’s not like it’s stressing a production server or anything, and I like being able to access my repository from a browser sometimes. I do appreciate the info though.