I used to use VisualSVN as my SVN server. A useful product but it only works on windows. So, when I no longer has access to a windows server I had to come up with a new way to do SVN over https. After looking around I decided to go with the original SVN, setup on linux, to make my new SVN server.
I went with a basic Debian server with a MATE Desktop Environment. These steps would mostly work on other distros as well. You may have to make a few minor changes.
- First, we need to Install the Apache HTTP Server with this command.
apt-get install apache2
- Then we install subversion.
apt-get install subversion
- Then you need to Install the svn modules for apache so we can hook them togeather.
For Debian 9:
apt-get install libapache2-mod-svn
For Debian 8:
apt-get install subversion libapache2-svn
- Then we need to enable the SSL module for apache so we can have encryption.
a2enmod ssl a2ensite default-ssl service apache2 restart
- Create a Self-Signed SSL Certificate. I put the SSL stuff inside the apache2 folder. It should not matter were just make sure you point to the right place later on.
- I use 4096bit encryption because why not. I had this running on a raspberry pi for a while so there is no reason not to go with the higher encryption that I know of.
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
- Open the apache configure file to tell apache to use SSL. I use nano for this but use whatever text editor you like.
Find the following two lines, and update the paths to match the locations of the certificate and key we generated earlier.
SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
- Restart apache
service apache2 restart
- Test if apache and SSL is working by going to https://127.0.0.1 on the local box or go to the network IP of the server if you are doing it remotely.
- Create a directory for your repositories. I put them in the srv folder but I forgot why. Maybe it was some linux standard I was trying to follow.
- Create a policy file in that folder.
This just controls who has access to what repositories.
[/] * = r [REPO_NAME:/] USER_NAME = rw
The * in the / section is matched to anonymous users. Any access above and beyond read only will be prompted for a user/pass by apache AuthType Basic. The REPO_NAME:/ section inherits permissions from those above, so anon users have read only permission to it. The last bit grants read/write permission of the REPO_NAME repository to the user USER_NAME.
- Create another file.
This is either an htpasswd, or htdigest file. I used htpasswd. Again, because of SSL, I do not worry as much about password sniffing. htdigest would provide even more security vs. sniffing, but at this point, I do not have a need for it. Run the following command
htpasswd -c /svn/.svn-auth-file USER_NAME
The above creates the file (-c) and stores the password in a hash. My system looks like it used MD5 as the default. You can look up commands for htpasswd and pick other hash types.
To add additional users, leave off the (-c) flag.
htpasswd /home/svn/.svn-auth-file OTHER_USER_NAME
- Create a Repository
svnadmin create /PATH/TO/svn /REPO_NAME
- Set Permissions so Apache can access
Our apache user is “www-data” You can look in the apache Configuration file to make sure this is right for you.
chown –R www-data /PATH/TO/SVN /FOLDER
If that will not work try this.
chown –R www-data:www-data /PATH/TO/SVN /FOLDER
- Setup Apache to point to the svn folder.
At the bottom of the /etc/apache2/apache2.conf file add this. (There may be a better file to put this in.)
#svn users <Location /svn> DAV svn SVNParentPath /srv/svn/ AuthzSVNAccessFile /srv/svn/.svn-policy-file SVNListParentPath On AuthType Basic AuthName "Voltdrift SVN Server" AuthUserFile /srv/svn/.svn-auth-file Require valid-user </Location>
- Restart Apache
service apache2 restart
- If everything worked you should be able to check out the test repo we made.
svn checkout https://yourdomain.net/svn/REPO_NAME/ /my/svn/working/copy