Linux server deployment svn+apache http + ssl https access
1. Other links
linux server to build svn+apache+ssl deployment environment:
1. Svn installation and use under linux reference link: linux server svn installation and version control .
2. svn configuration https access service reference link under linux: linux server deployment svn https access .
3 , linux svn setting boot self-starting reference link: linux svn setting booting self-starting .
4. Setting apache httpd service under Linux to start automatically . Reference link: Setting apache httpd
service under Linux to start automatically. Link: The use of svn commands under linux .
2. Install and configure HTTP access
In actual project development, everyone often uses the http connection method. Below we configure http access for svn. The http access of svn depends on the dav_svn module of apache, and then grants www-data access rights for version control.
2.1 Install Apache HTTP service
1. Check whether the Apache HTTP service is installed: httpd -v
2. If the Apache HTTP service is not installed, install the Apache HTTP service:
yum install httpd
After installation, execute the command in the first step to view the installation result.
Note: some systems already have Apache httpd, this step can be ignored.
2.2 Install the svn module
1. Check whether httpd has installed the svn module:
ls /etc/httpd/modules/ | grep svn
2. If the SVN module is not installed, install the SVN module:
yum -y install deltarpm
yum install subversion mod_dav_svn
After installation, execute the command in the first step to view the installation result.
Note: some systems already have svn modules, this step can be ignored.
2.3 configuration
1. Modify the warehouse owner
## 将 SVN 版本库目录权限全部者改成 apache(httpd 进程默认的启动用户)
chown -R apache:apache /opt/svn/
#查看目录权限
ls -lt
Note: This refers to the repository directory, not the project directory
Because the user of the subsequent httpd service is apache by default, and the httpd service needs to read the content under the warehouse, so modify the user group here, and the operating system can have no apache user. After execution, the owner of the /opt/svn/ folder becomes apache
2. Enable read and write permissions:
(1) View SElinux status:getenforce
SELINUX=enforcing: Enforcing mode, which means that SELinux is running normally and all policies have taken effect. (The default state of SELINUX)
SELINUX=permissive: Permissive mode, which means that SELinux has been started, but only warning messages will be displayed, and it will not actually restrict process access to file or directory resources. (This state is reached after executing "setenforce 0").
SELINUX=disable: Closed, which means that SELinux is disabled. (This state is reached after modifying the specified system file).
If selinux is closed, do not use the chcon command;
if SELINUX is turned on, you need to execute the following command:
chmod -R o+rw /opt/svn/mathPhysics
chcon -R -t httpd_sys_content_t /opt/svn/mathPhysics
chcon -R -t httpd_sys_rw_content_t /opt/svn/mathPhysics
setsebool httpd_unified=1
2. Because the HTTP access uses the password stored by the httpd service, not the SVN user password, it is necessary to create a username and password for http access to SVN.
htpasswd -c -m svn目录/conf/httpdPasswd 用户名
Command description:
-c is to create a new file, only used when creating an account password for the first time
-m is to force the use of MD5 encrypted passwords (default)
httpdPasswd is the name of the created file
root is the name of the accessible user you want to create
Then enter the password twice in a row to complete the creation of the http access user, here my default password is "math"
Note:
When adding the first user, the command is:htpasswd -c -m svn目录/conf/httpdPasswd 用户名
when adding the next nth user, the command is:htpasswd -m svn目录/conf/httpdPasswd 用户名
(Note: -c is to create a new file, only used when creating an account password for the first time)
3. Create the svn.conf configuration file under httpd:
Execute cd /etc/httpd/conf.d/and lscommand to check subversion.conf whether the file already exists, and create a file if it does not exist:
touch /etc/httpd/conf.d/subversion.conf
4. Add subversion.conf file content: gedit subversion.conf
file content example: the specific path needs to be filled in according to the actual situation
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /svn>
DAV svn
SVNListParentPath on
SVNParentPath /opt/svn
#SVNPath /opt/svn/
# Limit write permission to list of valid users.
AuthType Basic
AuthName "Authorization Realm"
#httpd服务储存的密码
AuthUserFile /opt/svn/mathPhysics/conf/httpdPasswd
AuthzSVNAccessFile /opt/svn/mathPhysics/conf/authz
Satisfy all
Require valid-user
SVNAutoversioning on
ModMimeUsePathInfo on
</Location>
Description of file content:
5. Modify the svnserve.conf configuration file of svn:gedit svnserve.conf
change the corresponding value of password-db tohttpdPasswd
2.4 Start the service
2.4.1 Start Apache httpd
systemctl restart httpd.service
【Explanation】 :
The default port of httpd is 80. If it is occupied, modify /etc/httpd/conf/httpd.conf and open the firewall port.
(1) Use tonetstat -antlp |grep 端口号check whether the port is occupied:(2) The default port of httpd is 80, if the port is occupied, modify the port number in /etc/httpd/conf/httpd.conf
Execute the command:gedit /etc/httpd/conf/httpd.conf
modify the port number corresponding to Listen
( 3) Add firewall release: see section 2.4.3 for details
2.4.2 Restart the Apache httpd service
systemctl restart httpd
If the following exception occurs:
You can execute the command:systemctl status httpdto check the cause of the failure in detail, and then go to the specific revision:
and then restart the httpd service:systemctl httpd restart
2.4.3 Add firewall permission policy
firewall-cmd --permanent --add-service=http
firewall-cmd --reload
firewall-cmd --zone=public --add-port=端口号/tcp --permanent
2.4.3 http access svn (ip+svn)
Use the svn client or browser to access (ip+svn): http://ip:端口/svn/svn目录
The browser prompts to enter the user name and password, and if the above picture is displayed, the setting is successful.
If the password is wrong at this time, then
(1) Configure users: add [users]configuration to the httpdPasswd file, as follows:
(2) Restart http and svn:
systemctl restart httpd.service
firewall-cmd --zone=public --add-port=443/tcp --permanent
netstat -ntpl|grep 443
pkill svnserve
svnserve -d -r /opt/svn/mathPhysics/
ps -ef|grep svnserve
(3) Configure users and add login users:
Repeat the following command to add login users
htpasswd -m /opt/svn/mathPhysics/conf/httpdPasswd 用户名
4. Exception handling
If the access is still abnormal after the above operations, you can check the error log of apach and handle it according to the log records. To find a custom log file location,
1. Open it with a text editor gedit /etc/httpd/conf/httpd.confand look for ServerRoot, which shows the top level of the Apache web server directory tree where log files and configuration are located. For example:
ServerRoot "/etc/httpd"
Then, look for the line beginning with ErrorLog, which tells where the Apache web server writes the error log. Note that the location specified is relative to the ServerRoot value. For example:
ErrorLog "logs/error_log"
Combining the two directives above gives you the full error log path, which by default is: /etc/httpd/logs/error_log
In a fresh installation of Apache, this is a symbolic link to /var/log/httpd/errorlog.
In practice, ErrorLog could point to any location on your Linux system.
2. View the log file to locate the problem: gedit 日志文件, such asgedit /etc/httpd/logs/error_log
5. Install and configure https access
It is convenient to access the svn version library through http, but the http protocol uses clear text transmission, and the user name and password may be leaked if you randomly capture packets on the network, so consider using https transmission, which is more secure, that is, apache+svn+ssl . Hope svn supports https, the main job is to configure the SSL protocol (Secure Sockets Layer Secure Sockets Layer).
For the specific operation process, see the link for details: CentOS server deployment svn https access .