Apache2 SSL and Subversion in Debian

1. Introduction
2. Apache2 / SSL
3. Subversion
   1. Installing
   2. Creating your repository
   3. Configure Apache
   4. Create some users
   5. Testing the repository
4. Links

Edit Link Top

Introduction

This document explains how to configure Subversion with Apache2 and SSL enabled in Debian GNU/Linux.

Edit Link Top

Apache2 / SSL

Debian Sarge comes with an apache2 package. I thought I'd give this a go to get it working with a self signed SSL certificate. However, I had little idea of what I was doing. Eventually I worked it out - and it's easy:

• Login or su as root
• Run:

apt-get install apache2 openssl

• Run the following commands.

  mkdir /etc/apache2/ssl
 
  RANDFILE=/dev/random openssl req $@ -new -x509 -days 365 -nodes \
    -out /etc/apache2/ssl/apache.pem \
    -keyout /etc/apache2/ssl/apache.pem
 
  chmod 600 /etc/apache2/ssl/apache.pem

When you run openssl, tell the program what it wants to know.

If you want your certificate to last longer than the default (1 month), use the -days option (as in -days 365), as we did in the example.

• Make a copy of '/etc/apache2/sites-available/default' - call it something like 'ssl'

  cd /etc/apache2/sites-available/
  cp default ssl

• Enable the site. This is done by making a sym-link to the configuration from /etc/apache2/sites-enabled/. You will see this is already done for 'default'. Apache has a command to to this for us.

 # a2ensite ssl

• To enable the ssl module, run:

 # a2enmod ssl

• Add a

Listen 443

to /etc/apache2/ports.conf

• Edit /etc/apache2/sites-available/ssl (or whatever you called your new ssl site's config) and change port 80 in the name of the site to 443. Also change the virtual host setting. Add the lines "SSLEngine On" and "SSLCertificateFile /etc/apache2/ssl/apache.pem" . The configuration file should have the following lines:

NameVirtualHost *:443
<VirtualHost *:443>
 SSLEngine On
 SSLCertificateFile /etc/apache2/ssl/apache.pem

 ...

</VirtualHost>

• Restart apache2 /etc/init.d/apache2 restart
• HTTPS should work.

Try: https://hostname/

You need to know that if you want to use name-based virtual hosts with SSL, you need to use a different port for each domain. You cannot run name-based virtual hosts with SSL enabled in the same port for more than one domain.

Edit Link Top

Subversion

Edit Link Top

Installing

Install the required packages, running the following command:

apt-get install libapache2-svn subversion subversion-tools

Edit Link Top

Creating your repository

Run as root:

cd /home
mkdir svn
chown www-data svn
su www-data -c "svnadmin create svn/src"

Your repository will live in /home/svn/src.

Note that if you let your users run things as www-data (eg. they can install CGI applications) they will be able to write to your repository!

Edit Link Top

Configure Apache

Become root again and add the following lines to our apache configuration (ssl), inside of the VirtualHost declaration.

<Location /svn/src>
   DAV svn
   SVNPath /home/svn/src
   AuthType Basic
   AuthName "My Subversion Repository"
   AuthUserFile /home/svn/.dav_svn.passwd
   Require valid-user
</Location>

If you don't want to use passwords for read-only access, use this instead of the Require valid-user line:

  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>

Once you've applied these changes, restart Apache.

Edit Link Top

Create some users

Add an user with the following command:

su www-data -c "htpasswd2 -c -m /home/svn/.dav_svn.passwd user"

The -c is only required the first time you run this command, in order to create the passwords' file. Subsequent runs won't require it:

su www-data -c "htpasswd2 -m /home/svn/.dav_svn.passwd user"

Note that the passwd file does not need to be created as www-data. It can be created as root, for example. However, it must be visible by www-data.

In the meantime htpasswd2 had changed - htpasswd will do it (apache2 – Version: 2.2.4-1 on Debian apache2-utils_2.2.4-1_i386.deb)

Edit Link Top

Testing the repository

Using your browser. Load https://hostname/svn/src/ in your browser. Replace hostname with your host name or ip. You will get something like:

Revision 0: /
Powered by Subversion version 1.1.3 (r12730).

Import your initial data:

svn --username user import src https://localhost/svn/src -m "initial import"
Authentication realm: <https://localhost:443> My Subversion Repository
Password for 'user':
Adding         src/checkers
Adding         src/checkers/trunk
Adding         src/checkers/trunk/gendelta.pl
Adding         src/checkers/site
Adding         src/checkers/branches
Adding         src/checkers/tags

Committed revision 1.

Now load your URL in your browser again and make sure you can browse what you imported:

- checkers/
Powered by Subversion version 1.1.3 (r12730).

Edit Link Top

Links

The following are some related links:

• Setting up an SSL server with Apache2
• Debian, Apache2 and SSL by Ian Miller
• Debian, Subversion et Apache 2
• Setting Up Subversion - blovett's personal notes
• An Introductory Subversion Tutorial for Unix by Faheem Mitha
• Version Control with Subversion - The subversion book
• http://www.howtoforge.com/debian_subversion_websvn
• USVN - A web interface to administrate and configure Subversion repositories

• apache(2)

• subversion(6)