CentOS搭建Nginx+Subversion环境

Apache Subversion（简称SVN，svn）

因为某种原因我们需要用Nginx作为Subversion的http前端，但目前没有现成的Nginx+Subversion搭配方式。
而Subversion提供Apache的http处理模块。现在我们通过nginx反向代理给Apache的方式来实现Nginx+Subversion的组合方式。

构建Apache+Subversion的环境:

[[email protected] ~]# yum install httd subversion mod_dav_svn -y
#mod_dav_svn是Apache的svn模块

建立SVN库：

[[email protected] ~]# mkdir -p /home/svn
[[email protected] ~]# cd /home/svn/
[[email protected] svn]# svnadmin create work
[[email protected] svn]# chown -R apache.apache work
[[email protected] svn]# tree work/
work/
├── conf
│   ├── authz
│   ├── passwd
│   └── svnserve.conf
├── db
│   ├── current
│   ├── format
│   ├── fsfs.conf
│   ├── fs-type
│   ├── min-unpacked-rev
│   ├── rep-cache.db
│   ├── revprops
│   │   └── 0
│   │       └── 0
│   ├── revs
│   │   └── 0
│   │       └── 0
│   ├── transactions
│   ├── txn-current
│   ├── txn-current-lock
│   ├── txn-protorevs
│   ├── uuid
│   └── write-lock
├── format
├── hooks
│   ├── post-commit.tmpl
│   ├── post-lock.tmpl
│   ├── post-revprop-change.tmpl
│   ├── post-unlock.tmpl
│   ├── pre-commit.tmpl
│   ├── pre-lock.tmpl
│   ├── pre-revprop-change.tmpl
│   ├── pre-unlock.tmpl
│   └── start-commit.tmpl
├── locks
│   ├── db.lock
│   └── db-logs.lock
└── README.txt

10 directories, 28 files

添加Subversion账号：

[[email protected] svn]# htpasswd -c /home/svn/work/conf/passwdfile visitor
New password: visitor#用户名和密码都设为visitor
Re-type new password:visitor
Adding password for user visitor

修改/etc/httpd/conf.d/subversion.conf，内容如下:

[[email protected] svn]# egrep -v "^#|^$" /etc/httpd/conf.d/subversion.conf
LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
<Location /svn/work>
	DAV svn
	SVNPath /home/svn/work
	AuthType Basic
	AuthName "Authorization Realm"
　　　　　AuthUserFile /home/svn/work/conf/passwdfile
	AuthzSVNAccessFile /home/svn/work/conf/authz
	Require valid-user
</Location>

修改Apache的端口：

[[email protected] svn]# grep "^Listen" /etc/httpd/conf/httpd.conf
Listen 81

[[email protected] svn]# service iptables stop && setenforce 0
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[[email protected] svn]# getenforce
Permissive

[[email protected] svn]# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]
[[email protected] svn]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1310/sshd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1389/master
tcp        0      0 :::81                       :::*                        LISTEN      1632/httpd
tcp        0      0 :::22                       :::*                        LISTEN      1310/sshd
tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1143/dhclient

使用Nginx反向代理：

[[email protected] src]# wget http://nginx.org/download/nginx-0.8.55.tar.gz
[[email protected] src]# pwd
/usr/local/src
[[email protected] src]# ls
nginx-0.8.55.tar.gz

[[email protected] nginx-0.8.55]# tar -xzvf nginx-0.8.55.tar.gz && cd nginx-0.8.55

添加nginx账号：

[[email protected] nginx-0.8.55]# useradd -s /bin/false nginx
/bin/false是最严格的禁止login选项，一切服务都不能用。
/sbin/nologin只是不允许login系统

安装依赖包：

[[email protected] nginx-0.8.55]# yum install gcc  pcre-devel openssl-devel  -y

[[email protected] nginx-0.8.55]# ./configure --prefix=/app/server/nginx-0.8.55 \ --with-http_stub_status_module \ --with-http_gzip_static_module

[[email protected] nginx-0.8.55]# make && make install

[[email protected] server]# ls
nginx-0.8.55
[[email protected] server]# ln -sf nginx-0.8.55/ nginx && cd -

[[email protected] nginx-0.8.55]# ll /app/server/
total 4
lrwxrwxrwx. 1 root root   13 Jul 25 09:36 nginx -> nginx-0.8.55/
drwxr-xr-x. 6 root root 4096 Jul 25 09:35 nginx-0.8.55

配置Nginx反向代理,修改/opt/nginx/conf/nginx.conf:

server {
    listen       80;
    server_name localhost ;

    location /svn/work {
        proxy_pass  http://127.0.0.1:81/svn/work;
    }

    location / {
        return 404;
    }
}

配置SNV：

[[email protected] conf]# pwd
/home/svn/work/conf

[[email protected] conf]# egrep -v "^$|^#" svnserve.conf
[general]
anon-access = read
auth-access = write
password-db = /home/svn/work/conf/passwd
authz-db = /home/svn/work/conf/authz

[[email protected] conf]# which svnserve
/usr/bin/svnserve
[[email protected] conf]# /usr/bin/svnserve -d -r /home/svn

[[email protected] conf]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:3690                0.0.0.0:*                   LISTEN      4806/svnserve
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1744/sshd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1389/master
tcp        0      0 :::81                       :::*                        LISTEN      1632/httpd
tcp        0      0 :::22                       :::*                        LISTEN      1744/sshd
tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1143/dhclient

[[email protected] conf]# /app/server/nginx/sbin/nginx
[[email protected] conf]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:3690                0.0.0.0:*                   LISTEN      4806/svnserve
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      4809/nginx
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1744/sshd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1389/master
tcp        0      0 :::81                       :::*                        LISTEN      1632/httpd
tcp        0      0 :::22                       :::*                        LISTEN      1744/sshd
tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1143/dhclient

[[email protected] work]# cat /home/svn/work/conf/authz
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
###  - a single user,
###  - a group of users defined in a special [groups] section,
###  - an alias defined in a special [aliases] section,
###  - all authenticated users, using the ‘$authenticated‘ token,
###  - only anonymous users, using the ‘$anonymous‘ token,
###  - anyone, using the ‘*‘ wildcard.
###
### A match can be inverted by prefixing the rule with ‘~‘. Rules can
### grant read (‘r‘) access, read-write (‘rw‘) access, or no access
### (‘‘).

[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe

# [/foo/bar]
# harry = rw
# &joe = r
# * =
[/]
test=r
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r