Updated: added hack to extend certificate lifetime.
For some development projects I have setup a SubVersion repository. Most is easy, but I had to do some research to get it working in Ubuntu 8.04 with Apache 2.
- install some packages:
sudo apt-get install subversion subversion-tools libapache2-svn
- create subversion root:
sudo svnadmin create /var/lib/svn
- create password file (replace username; leave out the -c option for an existing file):
sudo htpasswd -c /etc/apache2/dav_svn.passwd username
- edit the config:
sudo vi /etc/apache2/mods-enabled/dav_svn.conf
- add (or uncomment) the lines listed below to the section
<Locationand check the<Location>section is active too:DAV svn
SVNPath /var/lib/svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
- add (or uncomment) the lines listed below to the section
- reload Apache2:
sudo /etc/init.d/apache2 reload
- correct permissions:
sudo chown -R www-data:www-data /var/lib/svn
SubVersion should be working now using HTTP. Every hostname that the server serves suffixed by /svn should be working, because the <Location> directive was used.
To increase security I have setup SSL.
- if you are using Ubuntu you may need to edit the certificate generation tool because it default generates certificates which expire after 30 days:
sudo vi /usr/sbin/make-ssl-cert
- goto line 118 which look like:
openssl req -config $TMPFILE -new -x509 -nodes -out $output -keyout $output > /dev/null 2>&1
- add the days parameter and use a normal value for it (2 years in the case below):
openssl req -config $TMPFILE -new -x509 -nodes -days 730 -out $output -keyout $output > /dev/null 2>&1
- goto line 118 which look like:
- create a SSL certificate:
sudo mkdir /etc/apache2/ssl
sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem - activate the SSL module:
sudo a2enmod ssl
- change the default VirtualHost config:
sudo vi /etc/apache2/sites-available/default
- change the lines below:
NameVirtualHost *
into:
<VirtualHost *>NameVirtualHost *:80
<VirtualHost *:80>
- change the lines below:
- copy the default VirtualHost config:
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default-ssl
- edit the new default SSL VirtualHost config:
sudo vi /etc/apache2/sites-available/default-ssl
- change the port numbers from 80 to 443 resulting in the lines below:
NameVirtualHost *:443
<VirtualHost *:443> - add the lines below to the <VirtualHost> section:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
- change the port numbers from 80 to 443 resulting in the lines below:
- enable the SSL VirtualHost config:
cd /etc/apache2/sites-enabled/
sudo ln -s ../sites-available/default-ssl 001-default-ssl
sudo /etc/init.d/apache2 force-reload
Now you can use SubVersion with and without SSL. To prevent unencrypted communications you have to redirect. Note that the authentication must be done while communicating using SSL only: redirect before authentication.
- enable the RewriteEngine:
sudo a2enmod rewrite
- edit the default (insecure) VirtualHost config:
sudo vi /etc/apache2/sites-available/default
- add the lines below to the <VirtualHost> section:
<Location /svn>
RewriteEngine on
RewriteRule ^/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]
</Location>
- add the lines below to the <VirtualHost> section:
- reload Apache2 config:
sudo /etc/init.d/apache2 reload
SubVersion is running in secure mode only now.
