1,安装 apache ,svnapt-get install apache2 subversion libapache2-svn
不安装apache 是不能通过http方式来访问的.
subversion服务器是不需要apache的,但是可以使用apache,视具体情况来选择。
1、如果只要通过file://或svn://来访问,则不需要apache,只安装svn即可,使用svnserve来作为服务。
2、如果你要建立一个可以通过http://或https://来访问的版本库服务器,则你需要使用apache。
2,版本信息.
root# svn --version
svn, version 1.6.17 (r1128011)
compiled Dec 20 2014, 19:48:25
root#apachectl -v
Server version: Apache/2.2.22 (Debian)
Server built: Dec 23 2014 22:48:32
3,创建版本库并将所有权转让给apache2
svnadmin create /disk1/d1/svn/project
chown www-data:www-data -R /disk1/d1/svn/project
4,修改 /etc/apache2/mods-enabled/dav_svn.conf
实际上是软件连接:
[email protected]:/etc/apache2/mods-enabled# ls -l
lrwxrwxrwx 1 root root 30 Jul 2 17:05 dav_svn.conf -> ../mods-available/dav_svn.conf
对应了 /mods-available/dav_svn.conf 这个文件.
打开这个文件可见内容.网上很多版本的dav_svn.conf已经不是最新的版本了.
[email protected]:/etc/apache2/mods-enabled# cat dav_svn.conf # dav_svn.conf - Example Subversion/Apache configuration # # For details and further options see the Apache user manual and # the Subversion book. # # NOTE: for a setup with multiple vhosts, you will want to do this # configuration in /etc/apache2/sites-available/*, not here. # <Location URL> ... </Location> # URL controls how the repository appears to the outside world. # In this example clients access the repository as http://hostname/svn/ # Note, a literal /svn should NOT exist in your document root. <Location /svn> # Uncomment this to enable the repository DAV svn # Set this to the path to your repository #SVNParentPath /disk1/d1/svn/project # Alternatively, use SVNParentPath if you have multiple repositories under # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...). # You need either SVNPath and SVNParentPath, but not both. SVNParentPath /disk1/d1/svn # Access control is done at 3 levels: (1) Apache authentication, via # any of several methods. A "Basic Auth" section is commented out # below. (2) Apache <Limit> and <LimitExcept>, also commented out # below. (3) mod_authz_svn is a svn-specific authorization module # which offers fine-grained read/write access control for paths # within a repository. (The first two layers are coarse-grained; you # can only enable/disable access to an entire repository.) Note that # mod_authz_svn is noticeably slower than the other two layers, so if # you don‘t need the fine-grained control, don‘t configure it. # Basic Authentication is repository-wide. It is not secure unless # you are using https. See the ‘htpasswd‘ command to create and # manage the password file - and the documentation for the # ‘auth_basic‘ and ‘authn_file‘ modules, which you will need for this # (enable them with ‘a2enmod‘). AuthType Basic AuthName "Subversion Repository"#用户密码文件. AuthUserFile /etc/apache2/dav_svn.passwd # To enable authorization via mod_authz_svn (enable that module separately): <IfModule mod_authz_svn.c> #用户权限 认证文件 AuthzSVNAccessFile /etc/apache2/dav_svn.authz </IfModule> # The following three lines allow anonymous read, but make # committers authenticate themselves. It requires the ‘authz_user‘ # module (enable it with ‘a2enmod‘). #<LimitExcept GET PROPFIND OPTIONS REPORT>#需要用户认证 Require valid-user #</LimitExcept> </Location>
5,修改svn权限设置,权限主体可为个人或小组,以目录为节点设置读/写位,下面是样例:
/etc/apache2/dav_svn.authz目录结构svn---+++++++project++++++++++++++Client++++++++++++++++++++test1++++++++++++++Document
[groups] admin = test1,test2 group_a =test3
[svn:/]
*=
[project:/]
*=
@admin =rw
[project:/Client]
*=
@group_a=rw
@admin=rw
[project:/Client/test1]
*=
test1=rw
[project:/Document]
*=
test2=rw
*=空 是没有权限 ,
r 读取
w写入 权限
6. 创建账户
#/etc/apache2
//首次加 -c htpasswd -c dav_svn.passwd test // htpasswd dav_svn.test2
重置密码:
[email protected]:/etc/apache2# htpasswd --help Usage: htpasswd [-cmdpsD] passwordfile username htpasswd -b[cmdpsD] passwordfile username password htpasswd -n[mdps] username htpasswd -nb[mdps] username password -c Create a new file. -n Don‘t update file; display results on stdout. -m Force MD5 encryption of the password (default). # -m 重置密码 -d Force CRYPT encryption of the password. -p Do not encrypt the password (plaintext). -s Force SHA encryption of the password. -b Use the password from the command line rather than prompting for it. -D Delete the specified user. On other systems than Windows, NetWare and TPF the ‘-p‘ flag will probably not work. The SHA algorithm does not use a salt and is less secure than the MD5 algorithm. #
htpasswd -m dav_svn.passwd liutxxx
7,重启apache生效
[email protected]:/etc/apache2# service apache2 restart
Restarting web server: apache2apache2: Could not reliably determine the server‘s fully qualified domain name, using 10.175.197.65 for ServerName
... waiting apache2: Could not reliably determine the server‘s fully qualified domain name, using 10.175.197.65 for ServerName
.
8,访问.
去网页打开 http://127.0.0.1/svn/project/Document/
发现所有用户都能访问,权限不生效.
一度怀疑:
1,权限文件路径是否正确
2,权限文件 dav_svn.authz 是否chmod 777 dav_svn.authz
3,重点...
老版本是报 "apache报非法指令‘AuthzSVNAccessFile‘ " 但新版本没有报错,却原因一样.
重启apache报非法指令‘AuthzSVNAccessFile‘,那么很可能是‘authz_svn_module‘没加载或apache自己加载顺序的问题,可以在 mods-available/dav.load手动加载该模块解决问题。(添加下文中的最后一行即可)
参考网址:http://www.cnblogs.com/liuyangnuts/archive/2013/03/19/2965256.html
# file: /etc/apache2/mods-available/dav.load LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so
新版本 不会报AuthzSVNAccessFile 只会没有权限,这点恶心了我一天.
重启apache : service apache2 restart
再去网页看看,能正确验证权限.
至此 svn 的搭建完成了.