Difference between revisions of "SVN server behind Apache2 proxy"

Line 3: Line 3:
  
  
=SVN Dav=
+
=SVN through Apache2=
 +
 
 +
This is what we want to achieve:
  
SVN DAV is the technology that allows Apache2 to expose SVN files.
 
  
 
[[File:SVN behind apache2 proxy.png|SVN through Apache2 web server]]
 
[[File:SVN behind apache2 proxy.png|SVN through Apache2 web server]]

Revision as of 20:56, 18 October 2014


SVN through Apache2

This is what we want to achieve:


SVN through Apache2 web server


Required packages

# Apache2 modules
apt-get install libapache2-mod-svn
apt-get install libapache2-mod-ldap-userdir
# Enable modules
a2emod dav_svn
a2enmod ldap authnz_ldap ldap_userdir
# Restart server 
service apache2 restart


Configuration

You have 2 solutions to setup the SVN dav.

  • Use the /etc/apache2/mods-enabled/dav.conf
  • VirtualHost configuration

From a maintenance point of view it's better to use the VirtualHost configuration.


Add the following declaration:

<Location /svn>
    <IfModule dav_svn_module>
            # Enable DAV module
            DAV svn

            # SVN root
            SVNParentPath /var/svn
            SVNListParentPath On
 
            # LDAP authentication
            AuthType Basic
            AuthName "SVN Repository"
            AuthBasicProvider ldap
            AuthLDAPURL "ldap://localhost:389/ou=people,dc=vehco,dc=com?uid"
            Require valid-user
	    #Require ldap-group cn=vehco_staff
        </IfModule>
</Location>


!! Note that is it recommended to AVOID "/svn" as a Location!! A lot of robots are searching for it


Reload apache2 server

service apache2 restart


Firewall

You need to adjust your FW if you plan to serve SVN by HTTP.


IPT=`which iptables`
# Only serve SVN by HTTP to some servers
CODE_VEHCO_COM=192.168.1.45
PROXY_VEHCO_COM=192.168.1.44

$IPT -A INPUT -p tcp --dport 80 -s $CODE_VEHCO_COM -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -s $PROXY_VEHCO_COM -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -s 0.0.0.0/0 -j DROP                    # DROP all the rest !


Web access

Now instead of “svn://” + dedicated SVN user you can use “https://myServer/dav_svn/” + LDAP user.

try http://myServer/svn



Improving website

Source: http://www.reposstyle.com/

>>Summary<<

cd /var/www/
wget http://downloads.sourceforge.net/project/reposserver/reposstyle/repos-style-with-plugins-2.4.zip?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Freposserver%2Ffiles%2Freposstyle%2F&ts=1410467806&use_mirror=optimate
mv repos-style-with-plugins-2.4.zip\?r\=http%3A%2F%2Fsourceforge.net%2Fprojects%2Freposserver%2Ffiles%2Freposstyle%2F repos-style-with-plugins-2.4.zip

# unzip the archive
unzip repos-style-with-plugins-2.4.zip
rm repos-style-with-plugins-2.4.zip

# set rights
chown -R www-data:www-data /var/www/

# Update VHost



SVN behind Apache2 proxy

If you put your SVN server behind a proxy you might encounter some 502 errors... Example of advanced configuration:

SVN behind proxy


In that case, you need to adjust both the GATEWAY and the SVN server apache2 configuration.


Gateway configuration

The GW must be able to understand and forward HTTP DAV requests such as (PROPFIND, COPY, etc.).


You need to enable some Apache2 modules

apt-get install -y libapache2-mod-svn
a2enmod dav dav_svn


You also need to adjust your LOCATION settings:

<Location /svn>
     DAV svn
     ProxyPass http://svn.vehco.com/svn
     ProxyPassReverse http://svn.vehco.com/svn 
</Location>


!! NOTE !!

Some experts said the "DAV svn" instruction is not required. However, it seems to improve compatibility with older clients. I advise you to keep it !


Restart / Reload Apache2 Gateway

service apache2 restart



SVN server

You need to adjust few things on the SVN too, especially if your proxy is using HTTPS and your SVN server HTTP only.


Enable the headers modules:

a2enmod headers


Add the following instruction into your virtual host to support Headers

<VirtualHost *:80>
     ...

     RequestHeader edit Destination ^https http early
 
     ...
</VirtualHost>


Restart / Reload Apache2 Gateway

service apache2 restart


Now it's OK !

You should not have any 502 errors anymore.