SVN server behind Apache2 proxy

Revision as of 16:40, 19 October 2014 by WikiFreak (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


This explains how to:

  • Access SVN server through HTTP protocol and port 80 or 443
  • Access SVN server through HTTP proxy and HTTP server


SVN through Apache2

This is what we want to achieve:


SVN through Apache2 web server


Required packages

# Apache2 modules
apt-get install libapache2-mod-svn
apt-get install libapache2-mod-ldap-userdir
# Enable modules
a2emod dav_svn
a2enmod ldap authnz_ldap ldap_userdir
# Restart server 
service apache2 restart


Configuration

You have 2 solutions to setup the SVN dav.

  • Use the /etc/apache2/mods-enabled/dav.conf
  • VirtualHost configuration

From a maintenance point of view it's better to use the VirtualHost configuration.


Add the following declaration:

<Location /svn>
    <IfModule dav_svn_module>
            # Enable DAV module
            DAV svn

            # SVN root
            SVNParentPath /var/svn
            SVNListParentPath On
 
            # LDAP authentication
            AuthType Basic
            AuthName "SVN Repository"
            AuthBasicProvider ldap
            AuthLDAPURL "ldap://localhost:389/ou=people,dc=vehco,dc=com?uid"
            Require valid-user
	    #Require ldap-group cn=vehco_staff
        </IfModule>
</Location>


!! Note that is it recommended to AVOID "/svn" as a Location!! A lot of robots are searching for it


Reload apache2 server

service apache2 restart


Firewall

You need to adjust your FW if you plan to serve SVN by HTTP.


IPT=`which iptables`
# Only serve SVN by HTTP to some servers
CODE_VEHCO_COM=192.168.1.45
PROXY_VEHCO_COM=192.168.1.44

$IPT -A INPUT -p tcp --dport 80 -s $CODE_VEHCO_COM -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -s $PROXY_VEHCO_COM -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -s 0.0.0.0/0 -j DROP                    # DROP all the rest !


Web access

Now instead of “svn://” + dedicated SVN user you can use “https://myServer/dav_svn/” + LDAP user.

try http://myServer/svn



Improving website

Source: http://www.reposstyle.com/


Download the latest version of the icons: http://sourceforge.net/projects/reposserver/


cd /var/www/
wget ----myFile---


# unzip the archive
unzip repos-style-with-plugins-2.4.zip
rm repos-style-with-plugins-2.4.zip

# set rights
chown -R www-data:www-data /var/www/

# Update VHost in /etc/apache2/sites-enabled



SVN behind Apache2 proxy

If you put your SVN server behind a proxy you might encounter some 502 errors... Example of advanced configuration:

SVN behind proxy


In that case, you need to adjust both the GATEWAY and the SVN server apache2 configuration.


Gateway configuration

The GW must be able to understand and forward HTTP DAV requests such as (PROPFIND, COPY, etc.).


You need to enable some Apache2 modules

apt-get install -y libapache2-mod-svn
a2enmod dav dav_svn


You also need to adjust your LOCATION settings:

<Location /svn>
     DAV svn
     ProxyPass http://svn.vehco.com/svn
     ProxyPassReverse http://svn.vehco.com/svn 
</Location>


!! NOTE !!

Some experts said the "DAV svn" instruction is not required. However, it seems to improve compatibility with older clients. I advise you to keep it !


Restart / Reload Apache2 Gateway

service apache2 restart



SVN server

You need to adjust few things on the SVN too, especially if your proxy is using HTTPS and your SVN server HTTP only.


Enable the headers modules:

a2enmod headers


Add the following instruction into your virtual host to support Headers

<VirtualHost *:80>
     ...

     RequestHeader edit Destination ^https http early
 
     ...
</VirtualHost>


Restart / Reload Apache2 Gateway

service apache2 restart


Now it's OK !

You should not have any 502 errors anymore.