LinuxHappy's Weblog

Failures and Successes of Linux-based Development

Sucess: Subversion, apache2, SSL, ubuntu 7.10/8.04, with users

Posted by linuxhappy on January 21, 2008


UPDATE: 6/21/08

I followed my instructions for Ubuntu 8.04 and everything seems to work a-ok!  Make sure if you’re on ubuntu 8.04, do all the security updates before you start!


I’m setting up a subversion source control server at home because I need some sort of version control system. I know there’s lots of tutorials out there on doing this, but none of them seemed to work start to finish from a super uber fresh ubuntu 7.10 machine… It’s understandable, most people already have live systems running.. So after all subversion/ssl/apache research, I’m basing this post on two (very exceptional) tutorials:

HOWTO – Apache2 + Subversion + SSL

Subversion over Apache 2 on Ubuntu

I’m going to take the approach that you’ve just installed Ubuntu 7.10 Gutsy Gibbon and starting out fresh. This setup is overkill for one guy using one source control server, but, in case one day I want to setup an Enterprise Subversion server.. well I can say that I have done it.. sooo here we go!

Apache + Subversion + SSL + Certificates + users
.. just for me.. ha ha ha ha

 - Boot your freshly installed Ubuntu machine

 - Install all the updates with that handy dandy popup that ubuntu gives you in the upper
right hand corner and then grab a beverage of choice:
 [ beer | wine | box juice | mineral water | coffee | tea ]

 - Reboot if needed, then open a shell!

Install openssh-server

sudo apt-get install openssh-server

Install apache2

sudo apt-get install apache2

Install subversion

sudo apt-get install subversion

Install libapache2-svn

sudo apt-get install libapache2-svn

Restarting apache

sudo /etc/init.d/apache2 restart

Now lets enable SSL

sudo a2enmod ssl

At this point if you cat the file /etc/apache2/ports.conf, it should say the following:

jwoo@monkfish:~$ cat /etc/apache2/ports.conf
Listen 80
<IfModule mod_ssl.c>
    Listen 443

Ok, now we have to run this apache2-ssl-certificate, here’s what I did:

mkdir temp
cd temp
tar -xzvf apache2-ssl.tar.gz
sudo cp ssleay.cnf /usr/share/apache2/.
sudo mkdir /etc/apache2/ssl
sudo ./apache-ssl-certificate
[ Fill in your custom information ]

Modify your own ssl site (/etc/apache2/sites-available/myown-ssl)

cd /etc/apache2/sites-available
sudo cp default myown-ssl
sudo gedit myown-ssl

Change this from: NameVirtualHost *
To:                       NameVirtualHost *:443

Change this from: <VirtualHost *>
To:                       <VirtualHost *:443>

Right before </VirtualHost>, add in:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLProtocol all
	(save, quit)


sudo a2ensite myown-ssl
sudo /etc/init.d/apache2 restart

Now modify your dav_svn.conf file

sudo gedit /etc/apache2/mods-available/dav_svn.conf
<Location /svn>
	DAV svn
	SVNPath /var/lib/svn
	AuthType Basic
	AuthName "Subversion Repository"
	AuthUserFile /etc/apache2/dav_svn.passwd
	Require valid-user

(save and exit)

Now lets create the directory that svn will use

sudo mkdir /var/lib/svn
sudo svnadmin create /var/lib/svn
sudo chown -R www-data /var/lib/svn

Now to create a user, use the following:

sudo htpasswd -cm /etc/apache2/dav_svn.passwd jwoo
	(use any user name you want, don't use mine.. unless you have the same name as me)

Now, restart!

sudo /etc/init.d/apache2 restart

Ok. now at this point, you should be able to use firefox to go to:


and login with the user name and password you just created

So, now we can start adding in a structure for our source control server.

svn mkdir https://yourserver/svn/project -m "new project"
svn mkdir https://yourserver/svn/project/trunk -m "trunk"
svn mkdir https://yourserver/svn/project/branches -m "branches"
svn mkdir https://yourserver/svn/project/tags -m "tags"

Part 2, I’ll get trac going.


15 Responses to “Sucess: Subversion, apache2, SSL, ubuntu 7.10/8.04, with users”

  1. Andre said

    Ubuntu looks very sweet. I’m going to install it as dualboot on my laptop. 🙂

  2. markyg said

    In Ubuntu 7.10, you will also need to install openssl, e.g. sudo apt-get install openssl. This will allow the sudo ./apache-ssl-certificate to be run without error.

    great article btw! I’ve looked it up at least two to three times while installing this on different machines!

  3. Pedro Duarte said

    Quicker to setup alternative : – free SVN service. A bit slow, of course.

  4. linuxhappy said

    Pedro, Indeed — you can go to assembla and go get yourself a svn. But what if your code is patent pending, or.. has some trade secrets or, you want to integrate your CM system with buildbot (which I plan on doing very soon). Anyways, thanks for the tip. I believe google code also allows you to have free svn servers (in case you’re shopping around for free svn servers).

    Google code:

  5. Hello

    this is a great tutorial — many thanks
    I encountered 1 problem : the SSL directory was not created under the apache2 directory and the creation of a the resulting ssl certificate was not possible. I created the directory manually and everything went correct afterwards

    I am using the server in combination with tortoisesvn

  6. Zach said

    I just wanted you to know that the SSL tutorial is excellent and trumps many of the dated ones that I’ve found! Could I possibly post it in UbuntuForums with a link to the original and a acknowledgment of the author? This is the first tutorial that worked for me and I would like to share it with others!

  7. Arboisr said

    Thank you for your tutorial.
    When I followed to
    svn mkdir https://yourserver/svn/project -m “new project”

    I got this error message

    Authentication realm: Subversion Repository
    Password for ‘root’:

    What password does it ask?

  8. linuxhappy said

    Sounds like you’re logged in as root. The Subversion client defaults to checking out of the repository with the same user that you’re logged in as. So if you’re logged in as “root”, doing a svn mkdir will try to create a dir in the repository with the “root” user name.

    I do not recommend you operating as a root user.. but.. I’ll assume for now that you have a really really really good reason you’re running as root.

    In the step above, you were suppose to create a user with the command:

    sudo htpasswd -cm /etc/apache2/dav_svn.passwd jwoo

    where jwoo is the username you want to use for subversion operations.. Lets say you choose jwoo.. in this case, you would want to use

    svn mkdir https://yourserver/svn/project -m “new project” –username jwoo

    At this point, you would accept the credentials of the server and then enter the password that corresponds to the jwoo user. Does this help?

  9. nic said

    I never believed it’s that simple. I used your tutorial to set up SVN with HTTPS on my local home server running Ubuntu 8.04.1.

    Thanks for that brilliant tutorial.

  10. Christina said

    Thanks for the tutorial! When I try to go to svn in Firefox, I login with the correct username and password, but it gives me a 403 error. Any tips?


  11. Natali said

    Hi! I used a lot of tutorials and I can’t set up SVN with SSL on my server until I found you tutorial 🙂 It’s so wonderful.

    But I have a problem. I’m going to use SVN as a repository with different users. Each user or developer team are going to have their own project and they can’t access to the others ones. How can I do that? I need it to my boss’s course of Software Engineering.

    Please help me!

    Thanks a lot 🙂

    (I’m learning English, so If I have a mistake, please tell me 🙂 )

  12. Warren said

    Awesome. Nice and concise and worked beautifully. Got this up and running in about 20 minutes with your guide.

    ‘Tis greatly appreciated.

  13. Andy said

    Instead of assigning www-data ownership to /var/lib/svn
    create a subversion group, assign it group ownership. Add yourself and Apache to the subversion group. Then you can have local and web access without any issues.

    1. Create a subversion group

    sudo adduser --system --no-create-home --group subversion

    2. Change the /var/lib/svn group to subversion

    sudo chgrp -R subversion /var/lib/svn

    3. Reset the permissions

    sudo chmod -R g+rwxs /var/lib/svn

    4. Add apache and yourself to the subversion group

    sudo adduser www-data subversion

    sudo adduser your_username subversion

    Note: You will need to logout/login so the group change
    is made. Also restart apache.

    5. Create a sample project as yourself

    mkdir temp

    cd temp

    mkdir -p myproject/{branches,tags,trunk}
    mkdir -p myproject/trunk/{dir1,dir2}
    touch myproject/trunk/dir1/file1.txt
    touch myproject/trunk/dir2/file2.txt

    6. Import the project, this checks your permissions and access

    svn import myproject file:///var/lib/svn/myproject -m "first project"
    Adding myproject/branchs
    Adding myproject/trunk
    Adding myproject/tags

    Committed revision 1.

    Note: If you setup the permissions and group correctly
    this will work. If you get an error, check to make sure
    you are in the subversion group. Also check the group
    file permissions on the /var/lib/svn directory. The
    command in step [3] sets the correct permissions.

    7. Import the project through the website

    svn import myproject https://localhost/svn/myproject2 -m "second project"

    Authentication realm: https://localhost/svn/myproject2
    UserName: xxxx
    Password: yyyy

    Adding myproject/branchs
    Adding myproject/trunk
    Adding myproject/tags

    Committed revision 2.


    Subversion Book:

  14. The Allnighter said

    Thanks a lot for this great tutorial !!
    I just want to add two hints for people following this tutorial for Ubuntu 8.04 (hardy).
    – don’t forget to install OpenSSL : sudo apt-get install openssl
    – If you’re getting this warning in apache’s log “RSA server certificate CommonName(CN) does NOT match server name!?” ,configure your /etc/host as follow : localhost.localdomain localhost


  15. Eric P. said

    Great tutorial!

    Is there anyway to *not* allow regular ‘http’ access? I found that I can access my repo w/either http or https. It does prompt me for my credentials either way, but I’d like to just turn it off so that a user can’t pull down the repo via plain text http.

    Thanks again for the tutorial!

    Eric P.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: