Apache Subversion(简称SVN,svn)
因为某种原因我们需要用Nginx作为Subversion的http前端,但目前没有现成的Nginx+Subversion搭配方式。 而Subversion提供Apache的http处理模块。现在我们通过nginx反向代理给Apache的方式来实现Nginx+Subversion的组合方式。
构建Apache+Subversion的环境:
[[email protected] ~]# yum install httd subversion mod_dav_svn -y #mod_dav_svn是Apache的svn模块
建立SVN库:
[[email protected] ~]# mkdir -p /home/svn [[email protected] ~]# cd /home/svn/ [[email protected] svn]# svnadmin create work [[email protected] svn]# chown -R apache.apache work [[email protected] svn]# tree work/ work/ ├── conf │ ├── authz │ ├── passwd │ └── svnserve.conf ├── db │ ├── current │ ├── format │ ├── fsfs.conf │ ├── fs-type │ ├── min-unpacked-rev │ ├── rep-cache.db │ ├── revprops │ │ └── 0 │ │ └── 0 │ ├── revs │ │ └── 0 │ │ └── 0 │ ├── transactions │ ├── txn-current │ ├── txn-current-lock │ ├── txn-protorevs │ ├── uuid │ └── write-lock ├── format ├── hooks │ ├── post-commit.tmpl │ ├── post-lock.tmpl │ ├── post-revprop-change.tmpl │ ├── post-unlock.tmpl │ ├── pre-commit.tmpl │ ├── pre-lock.tmpl │ ├── pre-revprop-change.tmpl │ ├── pre-unlock.tmpl │ └── start-commit.tmpl ├── locks │ ├── db.lock │ └── db-logs.lock └── README.txt 10 directories, 28 files
添加Subversion账号:
[[email protected] svn]# htpasswd -c /home/svn/work/conf/passwdfile visitor New password: visitor#用户名和密码都设为visitor Re-type new password:visitor Adding password for user visitor
修改/etc/httpd/conf.d/subversion.conf,内容如下:
[[email protected] svn]# egrep -v "^#|^$" /etc/httpd/conf.d/subversion.conf LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /svn/work> DAV svn SVNPath /home/svn/work AuthType Basic AuthName "Authorization Realm" AuthUserFile /home/svn/work/conf/passwdfile AuthzSVNAccessFile /home/svn/work/conf/authz Require valid-user </Location>
修改Apache的端口:
[[email protected] svn]# grep "^Listen" /etc/httpd/conf/httpd.conf Listen 81
[[email protected] svn]# service iptables stop && setenforce 0 iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [[email protected] svn]# getenforce Permissive
[[email protected] svn]# /etc/init.d/httpd start Starting httpd: [ OK ] [[email protected] svn]# netstat -lnutp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1310/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1389/master tcp 0 0 :::81 :::* LISTEN 1632/httpd tcp 0 0 :::22 :::* LISTEN 1310/sshd tcp 0 0 ::1:25 :::* LISTEN 1389/master udp 0 0 0.0.0.0:68 0.0.0.0:* 1143/dhclient
使用Nginx反向代理:
[[email protected] src]# wget http://nginx.org/download/nginx-0.8.55.tar.gz [[email protected] src]# pwd /usr/local/src [[email protected] src]# ls nginx-0.8.55.tar.gz
[[email protected] nginx-0.8.55]# tar -xzvf nginx-0.8.55.tar.gz && cd nginx-0.8.55
添加nginx账号:
[[email protected] nginx-0.8.55]# useradd -s /bin/false nginx /bin/false是最严格的禁止login选项,一切服务都不能用。 /sbin/nologin只是不允许login系统
安装依赖包:
[[email protected] nginx-0.8.55]# yum install gcc pcre-devel openssl-devel -y
[[email protected] nginx-0.8.55]# ./configure --prefix=/app/server/nginx-0.8.55 \ --with-http_stub_status_module \ --with-http_gzip_static_module
[[email protected] nginx-0.8.55]# make && make install
[[email protected] server]# ls nginx-0.8.55 [[email protected] server]# ln -sf nginx-0.8.55/ nginx && cd -
[[email protected] nginx-0.8.55]# ll /app/server/ total 4 lrwxrwxrwx. 1 root root 13 Jul 25 09:36 nginx -> nginx-0.8.55/ drwxr-xr-x. 6 root root 4096 Jul 25 09:35 nginx-0.8.55
配置Nginx反向代理,修改/opt/nginx/conf/nginx.conf:
server { listen 80; server_name localhost ; location /svn/work { proxy_pass http://127.0.0.1:81/svn/work; } location / { return 404; } }
配置SNV:
[[email protected] conf]# pwd /home/svn/work/conf
[[email protected] conf]# egrep -v "^$|^#" svnserve.conf [general] anon-access = read auth-access = write password-db = /home/svn/work/conf/passwd authz-db = /home/svn/work/conf/authz
[[email protected] conf]# which svnserve /usr/bin/svnserve [[email protected] conf]# /usr/bin/svnserve -d -r /home/svn
[[email protected] conf]# netstat -lnutp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 4806/svnserve tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1744/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1389/master tcp 0 0 :::81 :::* LISTEN 1632/httpd tcp 0 0 :::22 :::* LISTEN 1744/sshd tcp 0 0 ::1:25 :::* LISTEN 1389/master udp 0 0 0.0.0.0:68 0.0.0.0:* 1143/dhclient
[[email protected] conf]# /app/server/nginx/sbin/nginx [[email protected] conf]# netstat -lnutp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 4806/svnserve tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4809/nginx tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1744/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1389/master tcp 0 0 :::81 :::* LISTEN 1632/httpd tcp 0 0 :::22 :::* LISTEN 1744/sshd tcp 0 0 ::1:25 :::* LISTEN 1389/master udp 0 0 0.0.0.0:68 0.0.0.0:* 1143/dhclient
[[email protected] work]# cat /home/svn/work/conf/authz ### This file is an example authorization file for svnserve. ### Its format is identical to that of mod_authz_svn authorization ### files. ### As shown below each section defines authorizations for the path and ### (optional) repository specified by the section name. ### The authorizations follow. An authorization line can refer to: ### - a single user, ### - a group of users defined in a special [groups] section, ### - an alias defined in a special [aliases] section, ### - all authenticated users, using the ‘$authenticated‘ token, ### - only anonymous users, using the ‘$anonymous‘ token, ### - anyone, using the ‘*‘ wildcard. ### ### A match can be inverted by prefixing the rule with ‘~‘. Rules can ### grant read (‘r‘) access, read-write (‘rw‘) access, or no access ### (‘‘). [aliases] # joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average [groups] # harry_and_sally = harry,sally # harry_sally_and_joe = harry,sally,&joe # [/foo/bar] # harry = rw # &joe = r # * = [/] test=r # [repository:/baz/fuz] # @harry_and_sally = rw # * = r
时间: 2024-10-14 00:55:34