Setting up a SVN server

I used to use VisualSVN as my SVN server. A useful product but it only works on windows. So, when I no longer has access to a windows server I had to come up with a new way to do SVN over https. After looking around I decided to go with the original SVN, setup on linux, to make my new SVN server.

I went with a basic Debian server with a MATE Desktop Environment. These steps would mostly work on other distros as well. You may have to make a few minor changes.

  1. First, we need to Install the Apache HTTP Server with this command.
    apt-get install apache2
  2. Then we install subversion.
    apt-get install subversion
  1. Then you need to Install the svn modules for apache so we can hook them togeather.
    For Debian 9:

    apt-get install libapache2-mod-svn

    For Debian 8:

    apt-get install subversion libapache2-svn
  1. Then we need to enable the SSL module for apache so we can have encryption.
    a2enmod ssl
    a2ensite default-ssl
    service apache2 restart
  1. Create a Self-Signed SSL Certificate. I put the SSL stuff inside the apache2 folder. It should not matter were just make sure you point to the right place later on.
    mkdir /etc/apache2/ssl
  1. I use 4096bit encryption because why not. I had this running on a raspberry pi for a while so there is no reason not to go with the higher encryption that I know of.
    openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
  1. Open the apache configure file to tell apache to use SSL. I use nano for this but use whatever text editor you like.
    nano /etc/apache2/sites-enabled/default-ssl.conf

    Find the following two lines, and update the paths to match the locations of the certificate and key we generated earlier.

    SSLCertificateFile /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key
  1. Restart apache
    service apache2 restart
  1. Test if apache and SSL is working by going to https://127.0.0.1 on the local box or go to the network IP of the server if you are doing it remotely.
  2. Create a directory for your repositories. I put them in the srv folder but I forgot why. Maybe it was some linux standard I was trying to follow.
    mkdir /srv/svn
  3. Create  a policy file in that folder.
    /svn/.svn-policy-file

    This just controls who has access to what repositories.

    [/]
    * = r
    [REPO_NAME:/]
    USER_NAME = rw

The * in the / section is matched to anonymous users. Any access above and beyond read only will be prompted for a user/pass by apache AuthType Basic. The REPO_NAME:/ section inherits permissions from those above, so anon users have read only permission to it. The last bit grants read/write permission of the REPO_NAME repository to the user USER_NAME.

  1. Create another file.
    /svn/.svn-auth-file

This is either an htpasswd, or htdigest file. I used htpasswd. Again, because of SSL, I do not worry as much about password sniffing. htdigest would provide even more security vs. sniffing, but at this point, I do not have a need for it. Run the following command

htpasswd -c  /svn/.svn-auth-file USER_NAME

The above creates the file (-c) and stores the password in a hash. My system looks like it used MD5 as the default. You can look up commands for htpasswd and pick other hash types.

To add additional users, leave off the (-c) flag.

htpasswd /home/svn/.svn-auth-file OTHER_USER_NAME
  1. Create a Repository
    svnadmin create /PATH/TO/svn /REPO_NAME
  2. Set Permissions so Apache can access
    Our apache user is “www-data” You can look in the apache Configuration file to make sure this is right for you.

    chown –R www-data /PATH/TO/SVN /FOLDER

    If that will not work try this.

    chown –R www-data:www-data /PATH/TO/SVN /FOLDER
  3. Setup Apache to point to the svn folder.
    At the bottom of the /etc/apache2/apache2.conf file add this. (There may be a better file to put this in.)

    #svn users
    
    <Location /svn>
    DAV svn
    SVNParentPath /srv/svn/
    
    AuthzSVNAccessFile /srv/svn/.svn-policy-file
    SVNListParentPath On
    AuthType Basic
    AuthName "Voltdrift SVN Server"
    AuthUserFile /srv/svn/.svn-auth-file
    Require valid-user
    </Location>
  4. Restart Apache
    service apache2 restart
  5. If everything worked you should be able to check out the test repo we made.
    svn checkout https://yourdomain.net/svn/REPO_NAME/ /my/svn/working/copy
SPREAD THE WORD

Leave a Reply

Your email address will not be published. Required fields are marked *