Sucess: Subversion, apache2, SSL, ubuntu 7.10/8.04, with users
Posted by linuxhappy on January 21, 2008
—————————–
UPDATE: 6/21/08
I followed my instructions for Ubuntu 8.04 and everything seems to work a-ok! Make sure if you’re on ubuntu 8.04, do all the security updates before you start!
——————————–
I’m setting up a subversion source control server at home because I need some sort of version control system. I know there’s lots of tutorials out there on doing this, but none of them seemed to work start to finish from a super uber fresh ubuntu 7.10 machine… It’s understandable, most people already have live systems running.. So after all subversion/ssl/apache research, I’m basing this post on two (very exceptional) tutorials:
HOWTO – Apache2 + Subversion + SSL
Subversion over Apache 2 on Ubuntu
http://davidwinter.me.uk/articles/2006/02/16/subversion-over-apache-2-on-ubuntu/
I’m going to take the approach that you’ve just installed Ubuntu 7.10 Gutsy Gibbon and starting out fresh. This setup is overkill for one guy using one source control server, but, in case one day I want to setup an Enterprise Subversion server.. well I can say that I have done it.. sooo here we go!
Apache + Subversion + SSL + Certificates + users
.. just for me.. ha ha ha ha
First!!!!…
- Boot your freshly installed Ubuntu machine - Install all the updates with that handy dandy popup that ubuntu gives you in the upper right hand corner and then grab a beverage of choice: [ beer | wine | box juice | mineral water | coffee | tea ] - Reboot if needed, then open a shell!
Install openssh-server
sudo apt-get install openssh-server
Install apache2
sudo apt-get install apache2
Install subversion
sudo apt-get install subversion
Install libapache2-svn
sudo apt-get install libapache2-svn
Restarting apache
sudo /etc/init.d/apache2 restart
Now lets enable SSL
sudo a2enmod ssl
At this point if you cat the file /etc/apache2/ports.conf, it should say the following:
jwoo@monkfish:~$ cat /etc/apache2/ports.conf Listen 80 <IfModule mod_ssl.c> Listen 443 </IfModule>
Ok, now we have to run this apache2-ssl-certificate, here’s what I did:
cd mkdir temp cd temp wget http://launchpadlibrarian.net/7477840/apache2-ssl.tar.gz tar -xzvf apache2-ssl.tar.gz sudo cp ssleay.cnf /usr/share/apache2/. sudo mkdir /etc/apache2/ssl sudo ./apache-ssl-certificate [ Fill in your custom information ]
Modify your own ssl site (/etc/apache2/sites-available/myown-ssl)
cd /etc/apache2/sites-available sudo cp default myown-ssl sudo gedit myown-ssl Change this from: NameVirtualHost * To: NameVirtualHost *:443 Change this from: <VirtualHost *> To: <VirtualHost *:443>
Right before </VirtualHost>, add in:
SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.pem SSLProtocol all SSLCipherSuite HIGH:MEDIUM
(save, quit)
Now,
sudo a2ensite myown-ssl sudo /etc/init.d/apache2 restart
Now modify your dav_svn.conf file
sudo gedit /etc/apache2/mods-available/dav_svn.conf
<Location /svn>
DAV svn
SVNPath /var/lib/svn AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dav_svn.passwd Require valid-user </Location>
(save and exit)
Now lets create the directory that svn will use
sudo mkdir /var/lib/svn sudo svnadmin create /var/lib/svn sudo chown -R www-data /var/lib/svn
Now to create a user, use the following:
sudo htpasswd -cm /etc/apache2/dav_svn.passwd jwoo
(use any user name you want, don't use mine.. unless you have the same name as me)
Now, restart!
sudo /etc/init.d/apache2 restart
Ok. now at this point, you should be able to use firefox to go to:
https://yourserver/svn
and login with the user name and password you just created
So, now we can start adding in a structure for our source control server.
svn mkdir https://yourserver/svn/project -m "new project" svn mkdir https://yourserver/svn/project/trunk -m "trunk" svn mkdir https://yourserver/svn/project/branches -m "branches" svn mkdir https://yourserver/svn/project/tags -m "tags"
Part 2, I’ll get trac going.
Andre said
Ubuntu looks very sweet. I’m going to install it as dualboot on my laptop. 🙂
markyg said
In Ubuntu 7.10, you will also need to install openssl, e.g. sudo apt-get install openssl. This will allow the sudo ./apache-ssl-certificate to be run without error.
great article btw! I’ve looked it up at least two to three times while installing this on different machines!
Pedro Duarte said
Quicker to setup alternative : http://www.assembla.com – free SVN service. A bit slow, of course.
linuxhappy said
Pedro, Indeed — you can go to assembla and go get yourself a svn. But what if your code is patent pending, or.. has some trade secrets or, you want to integrate your CM system with buildbot (which I plan on doing very soon). Anyways, thanks for the tip. I believe google code also allows you to have free svn servers (in case you’re shopping around for free svn servers).
Google code:
http://code.google.com/hosting/
Philip Van Cleven said
Hello
this is a great tutorial — many thanks
I encountered 1 problem : the SSL directory was not created under the apache2 directory and the creation of a the resulting ssl certificate was not possible. I created the directory manually and everything went correct afterwards
I am using the server in combination with tortoisesvn
Zach said
I just wanted you to know that the SSL tutorial is excellent and trumps many of the dated ones that I’ve found! Could I possibly post it in UbuntuForums with a link to the original and a acknowledgment of the author? This is the first tutorial that worked for me and I would like to share it with others!
Arboisr said
Thank you for your tutorial.
When I followed to
svn mkdir https://yourserver/svn/project -m “new project”
I got this error message
Authentication realm: Subversion Repository
Password for ‘root’:
What password does it ask?
linuxhappy said
Arboisr,
Sounds like you’re logged in as root. The Subversion client defaults to checking out of the repository with the same user that you’re logged in as. So if you’re logged in as “root”, doing a svn mkdir will try to create a dir in the repository with the “root” user name.
Caution:
I do not recommend you operating as a root user.. but.. I’ll assume for now that you have a really really really good reason you’re running as root.
Solution:
In the step above, you were suppose to create a user with the command:
sudo htpasswd -cm /etc/apache2/dav_svn.passwd jwoo
where jwoo is the username you want to use for subversion operations.. Lets say you choose jwoo.. in this case, you would want to use
svn mkdir https://yourserver/svn/project -m “new project” –username jwoo
At this point, you would accept the credentials of the server and then enter the password that corresponds to the jwoo user. Does this help?
nic said
I never believed it’s that simple. I used your tutorial to set up SVN with HTTPS on my local home server running Ubuntu 8.04.1.
Thanks for that brilliant tutorial.
Christina said
Thanks for the tutorial! When I try to go to svn in Firefox, I login with the correct username and password, but it gives me a 403 error. Any tips?
Thanks!
Natali said
Hi! I used a lot of tutorials and I can’t set up SVN with SSL on my server until I found you tutorial 🙂 It’s so wonderful.
But I have a problem. I’m going to use SVN as a repository with different users. Each user or developer team are going to have their own project and they can’t access to the others ones. How can I do that? I need it to my boss’s course of Software Engineering.
Please help me!
Thanks a lot 🙂
(I’m learning English, so If I have a mistake, please tell me 🙂 )
Warren said
Awesome. Nice and concise and worked beautifully. Got this up and running in about 20 minutes with your guide.
‘Tis greatly appreciated.
Andy said
Instead of assigning www-data ownership to /var/lib/svn
create a subversion group, assign it group ownership. Add yourself and Apache to the subversion group. Then you can have local and web access without any issues.
1. Create a subversion group
sudo adduser --system --no-create-home --group subversion
2. Change the /var/lib/svn group to subversion
sudo chgrp -R subversion /var/lib/svn
3. Reset the permissions
sudo chmod -R g+rwxs /var/lib/svn
4. Add apache and yourself to the subversion group
apache:
sudo adduser www-data subversion
yourself:
sudo adduser your_username subversion
Note: You will need to logout/login so the group change
is made. Also restart apache.
5. Create a sample project as yourself
mkdir temp
cd temp
mkdir -p myproject/{branches,tags,trunk}
mkdir -p myproject/trunk/{dir1,dir2}
touch myproject/trunk/dir1/file1.txt
touch myproject/trunk/dir2/file2.txt
6. Import the project, this checks your permissions and access
svn import myproject file:///var/lib/svn/myproject -m "first project"
Adding myproject/branchs
Adding myproject/trunk
Adding myproject/tags
Committed revision 1.
Note: If you setup the permissions and group correctly
this will work. If you get an error, check to make sure
you are in the subversion group. Also check the group
file permissions on the /var/lib/svn directory. The
command in step [3] sets the correct permissions.
7. Import the project through the website
svn import myproject https://localhost/svn/myproject2 -m "second project"
Authentication realm: https://localhost/svn/myproject2
UserName: xxxx
Password: yyyy
Adding myproject/branchs
Adding myproject/trunk
Adding myproject/tags
Committed revision 2.
Reference
Subversion Book:
The Allnighter said
Thanks a lot for this great tutorial !!
I just want to add two hints for people following this tutorial for Ubuntu 8.04 (hardy).
– don’t forget to install OpenSSL : sudo apt-get install openssl
– If you’re getting this warning in apache’s log “RSA server certificate CommonName(CN) myserver.domain.com does NOT match server name!?” ,configure your /etc/host as follow : 127.0.0.1 localhost.localdomain localhost myserver.domain.com
cheers
Eric P. said
Great tutorial!
Is there anyway to *not* allow regular ‘http’ access? I found that I can access my repo w/either http or https. It does prompt me for my credentials either way, but I’d like to just turn it off so that a user can’t pull down the repo via plain text http.
Thanks again for the tutorial!
Eric P.