Installing Mod_dav_svn

To get access to your Subversion repositories through the web, you need to install mod_dav_svn. Gregg Pollack (gregg at patchedsoftware dot com) contributed this walkthrough.

1. Install mod_dav_svn

sudo yum install mod_dav_svn

2. Edit /etc/httpd/conf/httpd.conf

Search for the LoadModule lines, and add these lines to the bottom:

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

3. Create an HTTP authentication file

To setup and create the authentication file for the first time, run:

sudo /usr/sbin/htpasswd -cm /etc/svn-auth-file some_username

To add additional users to this file, use

sudo /usr/sbin/htpasswd -m /etc/svn-auth-file new_username

4. Edit the Apache config for your app, /etc/httpd/conf/apps/your_app.conf

<VirtualHost *:80>
  ServerName svn.your_domain.com

  <Location />
        DAV svn
        SVNPath /var/www/apps/your_app/repos
        AuthType Basic
        AuthName "Authorization Realm"
        AuthUserFile /etc/absolute-auth-file
        Require valid-user
  </Location>
</VirtualHost>

5. Restart Apache

sudo /etc/init.d/httpd restart

7. Test it out

Open http://svn.your_domain.com in your browser. It should prompt for authorization, and then show you the repository!

8. Want to enable SSL security so your passwords and code aren’t sent in plaintext?

This is assuming you don’t already have your own Cert. If you do have your own cert, skip down to the bottom of the page.

First you’ll want to create your own private cert (if you don’t have one and don’t want to pay for one). Follow these instructions to create your own. You’ll need to input a passphrase you can remember for later too.

mkdir ~/sslcert
cd ~/sslcert

openssl genrsa -des3 -out server.key 1024

openssl req -new -key server.key -out server.csr

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

9. Edit your virtualhost tag again

Change the port, and add the three SSL lines:

<VirtualHost *:443>
  ServerName svn.youdomain.com
  SSLEngine On
  SSLCertificateFile /home/deploy/sslcert/server.crt
  SSLCertificateKeyFile /home/deploy/sslcert/server.key

10. Verify DNS settings

If you’re using a different subdomain, “svn.yourdomain.com”, make sure your DNS has a CNAME Record called svn so it forwards properly. You wouldn’t need to worry about this if all subdomains forward to your server.

11. Restart apache

sudo /etc/init.d/httpd restart

Now visit https://svn.yourdomain.com and you should be prompted for the cert, and for authorization, and you’re golden.

12. Optional: removing the SSL passphrase

You will be asked for your key every time you restart apache.
To get around this:

cd ~/sslcert
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key

So you have your own CERT?

I’m going to assume you configured this using railsmachine’s scripts, and that your webserver conf file (/etc/httpd/conf/apps/your_app.conf) has two parts, one for port 80 and another for port 443. I’m also going to assume that your Certificate is setup properly.

1. Adding an alias

Under your port 443 virtual host, create an alias for your svn server if you like:

ServerAlias svn.yourdomain.com

If you do use svn.yourdomain.com make sure your dns has a CNAME Record called svn so it forwards properly. You wouldn’t need to worry about this if all subdomains forward to your server.

2. Add your location directives

<Location /svn>
        DAV svn
        SVNPath /var/www/apps/your_app/repos
        AuthType Basic
        AuthName "Authorization Realm"
        AuthUserFile /etc/absolute-auth-file
        Require valid-user
  </Location>

This is a little different then the Location we used the first time. Notice this time we’re giving a path name “Location /svn”, so we’re only directed to svn if we go to that path in our URL.

3. Apache rewrite rules

Now we need to tell apache, that we DON’T want to redirect incoming requests that have SVN in the URL to our mongrel cluster. Put the following line BEFORE the RewriteRule ^/(.*)$ balancer://servername_cluster%{REQUEST_URI} [P,QSA,L] directive:

RewriteCond %{REQUEST_URI} !^/svn*

4. Restart the server

sudo /etc/init.d/httpd restart
Visit https://domain_name.com/svn/

Adding Multiple Repositories

1. Add Locations

All you need to do to add multiple repositories, without adding more IP addresses, is add additional Location directives.

<Location /domain1/svn>
        DAV svn
        SVNPath /var/www/apps/domain1/repos
        AuthType Basic
        AuthName "Authorization Realm"
        AuthUserFile /etc/domain1-auth-file
        Require valid-user
</Location>

<Location /domain2/svn>
        DAV svn
        SVNPath /var/www/apps/domain2/repos
        AuthType Basic
        AuthName "Authorization Realm"
        AuthUserFile /etc/domain2-auth-file
        Require valid-user
</Location>

2. The Apache base URL

If you want to be able to have a different base url, just add a new alias:

ServerAlias svn.domain1.com
ServerAlias svn.domain2.com