1) install svn, apache and modules:
sudo apt-get update
sudo apt-get install subversion
sudo apt-get install apache2 #default user and group is www-data (use commands "vipw" and "vigr" to check)
sudo apt-get install libapache2-svn #install apache-svn module
2) enable ssl module for apache:
sudo a2enmod ssl #go to this directory to check if it is enabled: /etc/apache2/mods-enabled
3) allow apache to support SSL port 443:
ensure apache port 443 is added to /etc/apache2/ports.conf by checking "Listen 443"
4) create a virtual host(vh) on apache (use the default vh as a template):
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mynewsite
5) enable the vh site
sudo a2ensite mynewsite
sudo a2dissite default-ssl #disable the default ssl vh
6) create a self-signed Apache SSL certificate with openssl:
generate key:
openssl genrsa -des3 -out server.key 1024
create CSR:
openssl req -new -key server.key -out server.csr
sign CSR:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
Note: a) The above procedure can also be done with the script make-ssl-cert with some path changed accordingly(advantage for using this script: a .pem file requires no passphrase input when starting apache):
sudo apt-get install ssl-cert
sudo mkdir /etc/apache2/ssl
sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
b) To allow apache auto restart when boot up without interactive password entry. Use this method.
According to this link: https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html
In any case, you can choose to run your secure service without a passphrase by leaving out the -des3 switch in the generation phase or by issuing the following command at a terminal prompt:
openssl rsa -in server.key -out server.key.insecure
7) create a SVN repository: myproj:
sudo mkdir -p /var/local/svn
#to create more repositories further, run these commands for each new repository:
sudo svnadmin create /var/local/svn/myproj
sudo chown -R www-data:www-data /var/local/svn/myproj #www-data is apache's default user and group
sudo chmod -R g+ws /var/local/svn/myproj
8) add two users for SVN DAV access:
sudo htpasswd -cm /etc/apache2/dav_svn.passwd svnuser
sudo htpasswd -m /etc/apache2/dav_svn.passwd ljsspace
9) configure the vh mynewsite: (sudo vi /etc/apache2/sites-available/mynewsite)
NameVirtualHost *:443
<virtualhost *:443>
ServerAdmin [email protected]
<Location /svnroot>
DAV svn
SVNParentPath /var/local/svn
AuthType Basic
AuthName "SVN Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
SSLRequireSSL
</Location>
CustomLog /var/log/apache2/ssl-access.log combined
ErrorLog /var/log/apache2/ssl_error.log
SSLEngine On
SSLOptions +StrictRequire
#SSLProtocol all
#SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
</virtualhost>
Note: a) this <Location> part can also be put into the file: /etc/apache2/mods-enabled/dav_svn.conf.
b) if there is no "Require valid-user", anonymous users can browser/read the repository but can't commit/write changes.
10) restart apache:
sudo /etc/init.d/apache2 restart
11) test (login with svnuser or ljsspace that are created above):
https://localhost/svnroot/myproj/
12) to add more repositories, repeat step 7) only.