I used to use VisualSVN as my SVN server. A useful product but it only works on Windows. So, when I no longer had access to a windows server I had to come up with a new way to do SVN over https. After looking around I decided to go with the original SVN, set up on Linux, to make my new SVN server.
I went with a basic Debian server with a MATE Desktop Environment. These steps should mostly work on other distros as well. But you may have to make a few minor changes.
1. First, we need to Install the Apache HTTP Server with this command.
apt-get install apache22. Then we install subversion.
apt-get install subversion3. Then you need to Install the svn modules for apache so we can hook them together.
For Debian 9 and 10:
apt-get install libapache2-mod-svn4. Then we need to enable the SSL module for Apache so we can have encryption.
a2enmod ssla2ensite default-sslsystemctl reload apache25. Create a Self-Signed SSL Certificate. I put the SSL stuff inside the apache2 folder. It should not matter were just make sure you point to the right place later on.
mkdir /etc/apache2/sslI use 4096bit encryption because why not. I had this running on a raspberry pi for a while so there is no reason not to go with the higher encryption that I know of.
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt 6. Open the
nano /etc/apache2/sites-enabled/default-ssl.confFind the following two lines, and update the paths to match the locations of the certificate and key we generated earlier.
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key7. Restart apache
systemctl reload apache28. Test if Apache and SSL are working by going to https://127.0.0.1 on the local box or go to the network IP of the server if you are doing it remotely.
9. Create a directory for your repositories. I put them in the
mkdir /srv/svn10. Create a policy file in that folder.
/svn/.svn-policy-fileThis just controls who has access to what repositories.
[/] * = r [REPO_NAME:/] USER_NAME = rwThe * in the / section is matched to anonymous users. Any access above and beyond
11. Create another file.
/svn/.svn-auth-fileThis is either an htpasswd, or htdigest file. I used htpasswd. Again, because of SSL, I do not worry as much about password sniffing. htdigest would provide even more security vs. sniffing, but at this point, I do not have a need for it. Run the following command
htpasswd -c /svn/.svn-auth-file USER_NAMEThe above creates the file (-c) and stores the password in a hash. My system looks like it used MD5 as the default. You can look up commands for htpasswd and pick other hash types.
To add additional users, leave off the (-c) flag.
htpasswd /home/svn/.svn-auth-file OTHER_USER_NAME12. Create a Repository
svnadmin create /PATH/TO/svn /REPO_NAME
13. Set Permissions so Apache can access
Our apache user is “www-data” You can look in the apache Configuration file to make sure this is right for you.
chown –R www-data /PATH/TO/SVN /FOLDERIf that will not work try this.
chown –R www-data:www-data /PATH/TO/SVN /FOLDER14. Setup Apache to point to the svn folder.
At the bottom of the /etc/apache2/apache2.conf file
#svn users
<Location /svn>
DAV svn
SVNParentPath /srv/svn/
AuthzSVNAccessFile /srv/svn/.svn-policy-file
SVNListParentPath On
AuthType Basic
AuthName "Voltdrift SVN Server"
AuthUserFile /srv/svn/.svn-auth-file
Require valid-user
</Location>15. Restart Apache
service apache2 restartIf everything worked you should be able to check out the test repo we made.
svn checkout https://yourdomain.net/svn/REPO_NAME/ /my/svn/working/copy