征服 Apache + SVN (转）

原文转自 http://snowolf.iteye.com/blog/740347

 

实在是不知道这个帖子在JE上放到哪个分类里合适，跟SVN有关，那就是项目咯，姑且放到项目管理中吧！

SVN用了很久，不过一直没有机会配置。以前工作的时候都是技术总监、部门经理搞定，自己很少有机会尝试。更别说基于svn方式、http方式， 亦或是https方式访问svn了，只有用的份，没有了解的份。最近，配置Apache开窍，索性再深入一步，搭建基于HTTPS平台的 Apache+SVN平台。


相关内容：
征服 Apache + SSL
征服 Apache + SVN
征服 Apache + Tomcat


选用Ubuntu Server 10.04，Apache 2.2.14，Subversion 1.6.6。

步骤：

1. 安装SVN相关模块
2. 配置SVN版本库
3. 配置APACHE
4. 简单测试

1.安装SVN相关模块
这里主要用到的是Subversion 以及Apache与SVN相关的模块（DAV_SVN）！
执行命令，安装：

sudo apt-get install subversion libapache2-svn

sudo apt-get install subversion libapache2-svn

注意观察安装后的结果：

引用

Considering dependency dav for dav_svn:
Enabling module dav.
Enabling module dav_svn.
Run '/etc/init.d/apache2 restart' to activate new configuration!

如果看到这样的提示，那说明DAV_SVN模块已经成功安装，可以重启Apache看看是否正常启动：

sudo /etc/init.d/apache2 restart

sudo /etc/init.d/apache2 restart

以我本机为例，正常启动了：

引用

zlex@localhost:~$ sudo /etc/init.d/apache2 restart
* Restarting web server apache2                
apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
... waiting .apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

当然，稍后你可能需要修改/etc/apache2/mods-available/dav_svn.conf 文件，配置SVN版本库等。

2.配置SVN版本库
完成上述操作，只是为Apache获知SVN给出了一种途径，最关键的还是要配置SVN相关部分!
首先，我们要创建subversion组并把www-data作为subversion中的一员。因为，apache是通过www-data账户启动的，我们需要让它能够访问subversion组的文件！

sudo addgroup subversion

sudo usermod -G subversion -a www-data

sudo addgroup subversion
sudo usermod -G subversion -a www-data

然后，我们要配置版本库：
我们可以在/var/lib 目录下构建一个svn目录，作为SVN版本库根目录：

cd /var/lib

sudo mkdir svn

cd /var/lib
sudo mkdir svn

假设我们要创建版本库zlex：

cd svn

sudo svnadmin create zlex

cd svn
sudo svnadmin create zlex

更改版本库所属用户、组：

sudo chown -R root:subversion zlex

sudo chown -R root:subversion zlex

赋予组成员对所有新加入文件仓库的文件拥有相应的权限：

sudo chmod -R g+rws zlex

sudo chmod -R g+rws zlex

试试

svn co file://localhost/var/lib/svn/zlex

svn co file://localhost/var/lib/svn/zlex

，这时候应该可以访问了！

3.配置Apache
接下来，我们需要修改/etc/apache2/mods-available/dav_svn.conf 文件，配置SVN版本库：

sudo vi /etc/apache2/mods-available/dav_svn.conf

sudo vi /etc/apache2/mods-available/dav_svn.conf

打开红框中的注释，

# dav_svn.conf - Example Subversion/Apache configuration

#

# For details and further options see the Apache user manual and

# the Subversion book.

#

# NOTE: for a setup with multiple vhosts, you will want to do this

# configuration in /etc/apache2/sites-available/*, not here.


# <Location URL> ... </Location>

# URL controls how the repository appears to the outside world.

# In this example clients access the repository as http://hostname/svn/

# Note, a literal /svn should NOT exist in your document root.

<Location /svn>


  # Uncomment this to enable the repository

  DAV svn


  # Set this to the path to your repository

  #SVNPath /var/lib/svn

  # Alternatively, use SVNParentPath if you have multiple repositories under

  # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).

  # You need either SVNPath and SVNParentPath, but not both.

  SVNParentPath /var/lib/svn


  # Access control is done at 3
 levels: (
1
) Apache authentication, via

  # any of several methods.  A "Basic Auth"
 section is commented out

  # below.  (2
) Apache <Limit> and <LimitExcept>, also commented out

  # below.  (3
) mod_authz_svn is a svn-specific authorization module

  # which offers fine-grained read/write access control for paths

  # within a repository.  (The first two layers are coarse-grained; you

  # can only enable/disable access to an entire repository.)  Note that

  # mod_authz_svn is noticeably slower than the other two layers, so if

  # you don't need the fine-grained control, don'
t configure it.


  # Basic Authentication is repository-wide.  It is not secure unless

  # you are using https.  See the 'htpasswd'
 command to create and

  # manage the password file - and the documentation for the

  # 'auth_basic'
 and 
'authn_file'
 modules, which you will need for this

  # (enable them with 'a2enmod'
).

  AuthType Basic

  AuthName "Subversion Repository"

  AuthUserFile /etc/apache2/dav_svn.passwd


  # To enable authorization via mod_authz_svn

  AuthzSVNAccessFile /etc/apache2/dav_svn.authz


  # The following three lines allow anonymous read, but make

  # committers authenticate themselves.  It requires the 'authz_user'

  # module (enable it with 'a2enmod'
).

  #<LimitExcept GET PROPFIND OPTIONS REPORT>

    Require valid-user

  #</LimitExcept>


</Location>

# dav_svn.conf - Example Subversion/Apache configuration
#
# For details and further options see the Apache user manual and
# the Subversion book.
#
# NOTE: for a setup with multiple vhosts, you will want to do this
# configuration in /etc/apache2/sites-available/*, not here.

# <Location URL> ... </Location>
# URL controls how the repository appears to the outside world.
# In this example clients access the repository as http://hostname/svn/
# Note, a literal /svn should NOT exist in your document root.
<Location /svn>

  # Uncomment this to enable the repository
  DAV svn

  # Set this to the path to your repository
  #SVNPath /var/lib/svn
  # Alternatively, use SVNParentPath if you have multiple repositories under
  # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).
  # You need either SVNPath and SVNParentPath, but not both.
  SVNParentPath /var/lib/svn

  # Access control is done at 3 levels: (1) Apache authentication, via
  # any of several methods.  A "Basic Auth" section is commented out
  # below.  (2) Apache <Limit> and <LimitExcept>, also commented out
  # below.  (3) mod_authz_svn is a svn-specific authorization module
  # which offers fine-grained read/write access control for paths
  # within a repository.  (The first two layers are coarse-grained; you
  # can only enable/disable access to an entire repository.)  Note that
  # mod_authz_svn is noticeably slower than the other two layers, so if
  # you don't need the fine-grained control, don't configure it.

  # Basic Authentication is repository-wide.  It is not secure unless
  # you are using https.  See the 'htpasswd' command to create and
  # manage the password file - and the documentation for the
  # 'auth_basic' and 'authn_file' modules, which you will need for this
  # (enable them with 'a2enmod').
  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd

  # To enable authorization via mod_authz_svn
  AuthzSVNAccessFile /etc/apache2/dav_svn.authz

  # The following three lines allow anonymous read, but make
  # committers authenticate themselves.  It requires the 'authz_user'
  # module (enable it with 'a2enmod').
  #<LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  #</LimitExcept> 

</Location>

分述：
<Location /svn> 与</Location> 成对儿出现！
DAV svn 开启DAV模块支持！
SVNPath /var/lib/svn 与SVNParentPath /var/lib/svn 选其一，不可同时出现！ 建议使用SVNParentPath ，可以在SVN根目录下创建多个SVN版本库！

引用

  AuthType Basic
  AuthName "Subversion Repository"
  AuthUserFile /etc/apache2/dav_svn.passwd

定义了授权类型、并指定了密码文件（/etc/apache2/dav_svn.passwd ）。
AuthzSVNAccessFile /etc/apache2/dav_svn.authz 授权配置文件，规定了路径访问权限！

引用

#<LimitExcept GET PROPFIND OPTIONS REPORT>
   Require valid-user
#</LimitExcept>

建议只使用Require valid-user ，打开<LimitExcept />注释，将允许匿名访问！

现在通过命令设置SVN账户：

sudo htpasswd -c /etc/apache2/dav_svn.passwd <username>

sudo htpasswd -c /etc/apache2/dav_svn.passwd <username>

这里用到参数-c ，是因为/etc/apache2/dav_svn.passwd 文件不存在，如果文件存在，则无需该参数！否则，将覆盖掉原有密码文件！
形如：

引用

sudo htpasswd -c /etc/apache2/dav_svn.passwd snowolf
New password:
Re-type new password:
Updating password for user snowolf

可以追加多个账户！

引用

sudo htpasswd /etc/apache2/dav_svn.passwd zlex
New password:
Re-type new password:
Updating password for user zlex

现在，需要设置路径访问权限文件AuthzSVNAccessFile /etc/apache2/dav_svn.authz 。
我们先做一个默认的配置，当前这个文件还不存在：

sudo vi /etc/apache2/dav_svn.authz

sudo vi /etc/apache2/dav_svn.authz

然后追加：

引用

[zlex:/]
* = r

这样，所有授权用户就都能够看到zlex项目了！
然后访问http://localhost/svn/zlex ：

试试检出：

svn co http://localhost/svn/zlex --username snowolf

svn co http://localhost/svn/zlex --username snowolf

我们通过组方式管理项目，修改/etc/apache2/dav_svn.authz 文件：

sudo vi /etc/apache2/dav_svn.authz

sudo vi /etc/apache2/dav_svn.authz  

我们定义一个超级用户组admin，组中成员为snowolf;开发组developer，组中成员为snowolf,zlex，多个用户用逗号分隔。

引用

[groups]
admin = snowolf
developer = snowolf, zlex

让admin和developer组成员有创建项目版本库的权限，其余用户只有查看权限：

引用

[zlex:/]
*=r
@admin = rw
@developer = rw

给出一个完整配置：

引用

[groups]
admin = snowolf
developer = zlex

[zlex:/]
@admin = rw
@developer = rw
* =

有关Subversion详细配置，参照Subversion官方中文文档 ！
修改这个配置文件时，不需要重启apache！

4.简单测试
我们之前构建了一个项目仓库——zlex，现在项目有了，我们需要构建相应的版本库管理，及trunk、tags以及branches！
用命令创建：

svn mkdir 
"http://localhost/svn/zlex/branches"
 
"http://localhost/svn/zlex/tags"
 
"http://localhost/svn/zlex/trunk"
 -m 
"create a new project zlex"
 --username 
"snowolf"

svn mkdir "http://localhost/svn/zlex/branches" "http://localhost/svn/zlex/tags" "http://localhost/svn/zlex/trunk" -m "create a new project zlex" --username "snowolf"    

这时，我们用zlex账号提交一个docs目录：

svn mkdir 
"http://192.168.49.132/svn/zlex/docs"
 -m 
"文档目录"
 --username zlex

svn mkdir "http://192.168.49.132/svn/zlex/docs" -m "文档目录" --username zlex

系统会提示输入密码：

192.168.49.132 是我本机的IP地址！
我们可以使用命令将项目签出：

svn checkout 
"http://localhost/svn/zlex/trunk@HEAD"
 -r HEAD --depth infinity zlex-svn --username zlex

svn checkout "http://localhost/svn/zlex/trunk@HEAD" -r HEAD --depth infinity zlex-svn --username zlex

我们随便修改一个文件：

提交修改：



如果你参照征服 Apache + SSL 完成了HTTPS平台搭建，这时候，也可以使用HTTPS方式访问了：