SVN configuration https access - linux server

Mobile 2023-05-07 21:17:26 views: null

CentOS server deployment svn+apache http + ssl https access

linux server to build svn+apache+ssl deployment environment:
1. svn installation and use under linux reference link: linux server svn installation and version control .
2. svn configuration http access service reference link under linux: linux server svn configuration http access .
3 , linux svn setting boot self-starting reference link: linux svn setting booting self-starting .
4. Setting apache httpd service under Linux to start automatically . Reference link: Setting apache httpd
service under Linux to start automatically. Link: The use of svn commands under linux .

1. Configure https request to access SVN

  It is convenient to access the svn version library through http, but the http protocol uses clear text transmission, and the user name and password may be leaked if you randomly capture packets on the network, so consider using https transmission, which is more secure, that is, apache+svn+ssl . Hope svn supports https, the main job is to configure the SSL protocol (Secure Sockets Layer Secure Sockets Layer)

To configure https requests, you need to install apache first, and configure http access: svn configuration http access under linu .

1.1 Install the SSL module

If the SSL module is not installed, please refer to the following steps to install it:

# 查看ssl是否已安装
openssl version
#未安装的安装openssl
yum -y install openssl
#查看apache是否已经安装了ssl_module
apachectl -t -D DUMP_MODULES|grep ssl
#安装ssl_module模块
yum -y install mod_ssl

1.2 Generate server-side digital certificate

The following steps must generate the required files in a specific folder, ensure that the input command is correct, and ensure that the folder where the generated file is located is correct, otherwise an error will occur later

1. Confirm whether the file already exists:

#进入目录
cd /etc/pki/CA
# ls查看目录下是否有index.txt    serial这两个文件
ls 
#如果没有index.txt,创建
touch /etc/pki/CA/index.txt
# 如果没有serial,创建serial号文件
echo 00 > /etc/pki/CA/serial

2. Generate a certificate

#进入目录
cd /etc/pki/CA

#(1)生成服务器端    私钥(key文件);
openssl genrsa -des3 -out private/svn_server.key 1024
#这里我的密码设置为:math123456

  When running, you will be prompted to enter a password. This password is used to encrypt the key file (the parameter des3 is an encryption algorithm, and other secure algorithms can also be selected), and you need to enter it whenever you need to read this file (through the command or API provided by openssl). password.
If you do not want a password, use the command to remove the password:
openssl rsa -in private/svn_server.key -out private/svn_server_1.key
insert image description here

#(2)生成服务器端  证书签名请求文件(csr文件);
openssl req -new -key private/svn_server.key -out certs/svn_server.csr

  Generate a Certificate Signing Request (CSR), and the generated csr file will be signed by the CA to form the server's own certificate. There will be prompts on the screen, follow the prompts to enter the required personal information step by step (such as: Country, province, city , company, etc.).
1
Example:
2

1.3 Generate client digital certificate

#1.生成客户端     私钥(key文件);
openssl genrsa -des3 -out private/svn_client.key 1024
2.生成客户端 证书签名请求文件(csr文件);
openssl req -new -key private/svn_client.key -out certs/svn_client.csr
#注意这里的commonName要与服务端的域名不同(随便取一个)

2

1.4 Generate CA certificate file

The server.csr and client.csr files must be signed by the CA to form a certificate.

#1.首先生成CA的key文件:
[root@localhost CA]#openssl genrsa -des3 -out ca.key 1024
#2.生成CA自签名证书:    可以加证书过期时间选项 "-days 365".
 openssl req -new -x509 -key ca.key -out ca.crt
 #注意:注意这里的commonName要与服务端的域名相同

3

1.5 Sign with CA certificate

openssl ca -in certs/svn_server.csr -out certs/svn_server.crt -cert ca.crt -keyfile ca.key
openssl ca -in certs/svn_client.csr -out certs/svn_client.crt -cert ca.crt -keyfile ca.key

1
2

1.6 Configure certificate

  Execute the command cd /etc/httpd/conf.d/to check whether there is ssl.conf or httpd-ssl.conf in the directory. If there is no such file, you need to confirm whether the ssl_module module has been installed correctly.
Edit the configuration file ssl.conf:

gedit /etc/httpd/conf.d/ssl.conf

Edit the following properties as needed, where the certificate file location must be correctly specified:

#443为默认端口,可指定为其他端口
Listen 443
SSlRandomSeed startup builtin
#指定日志文件位置
ErrorLog logs/ssl_error_log
#指定日志等级
Loglevel warn
<VirtualHost *:443>
#指定域名 - 前面生成证书时填写的域名 
ServerName localhost.localdomain
SSLEngine on
#指定证书文件位置
SSLCertificateFile /etc/pki/CA/certs/svn_server.crt
SSLCertificateKeyFile /etc/pki/CA/private/svn_server_1.key
</VirtualHost>

1.7 Configure https request

gedit /etc/httpd/conf/httpd.conf

Add https requests in the following locations:SSLRequireSSL 

<Directory />
Options FollowSymLinks
AllowOverride None
#添加此行
SSLRequireSSL 
</Directory>

1.8 Restart verification

# 会提示输入证书密码,输入后即可成功启动
systemctl restart httpd.service
 #查看https是否启动成功
netstat -ntpl|grep 443      
#重启svn服务
pkill svnserve
svnserve -d -r /opt/svn/mathPhysics/
ps -ef|grep svnserve

Enter the URL in the browser: https://ip address:port number/svn/svn directory/
Since our self-signed certificate is not trusted, an insecure sign will appear at this time, open the advanced settings, and add trust for this to access .
My input URL: https://192.168.0.100/svn/mathPhysics/
1

2. Exception handling

  If the access is still abnormal after the above operations, you can check the error log of apach and handle it according to the log records. To find a custom log file location,
1. Open it with a text editor gedit /etc/httpd/conf/httpd.confand look for ServerRoot, which shows the top level of the Apache web server directory tree where log files and configuration are located. For example:

ServerRoot "/etc/httpd"

2. Please open it with a text editor gedit /etc/httpd/conf.d/ssl.conf, and then look for the line beginning with ErrorLog, which indicates where the Apache Web server writes the error log. Note that the location specified is relative to the ServerRoot value. For example:

ErrorLog logs/ssl_error_log

Combining the above two directives, you can get the full error log path for ssl access, which is by default: /etc/httpd/logs/ssl_error_log
In a fresh installation of Apache, this is a symbolic link to /var/log/httpd/errorlog.

In practice, ErrorLog could point to any location on your Linux system.

2. View the log file to locate the problem: gedit 日志文件, such asgedit /etc/httpd/logs/ssl_error_log

Guess you like

Origin blog.csdn.net/weixin_44462773/article/details/124588310
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com