SVN server behind Apache2 proxy
Contents
SVN through Apache2
This is what we want to achieve:
Required packages
# Apache2 modules
apt-get install libapache2-mod-svn
apt-get install libapache2-mod-ldap-userdir
# Enable modules
a2emod dav_svn
a2enmod ldap authnz_ldap ldap_userdir
# Restart server
service apache2 restart
Configuration
You have 2 solutions to setup the SVN dav.
- Use the /etc/apache2/mods-enabled/dav.conf
- VirtualHost configuration
From a maintenance point of view it's better to use the VirtualHost configuration.
Add the following declaration:
<Location /svn>
<IfModule dav_svn_module>
# Enable DAV module
DAV svn
# SVN root
SVNParentPath /var/svn
SVNListParentPath On
# LDAP authentication
AuthType Basic
AuthName "SVN Repository"
AuthBasicProvider ldap
AuthLDAPURL "ldap://localhost:389/ou=people,dc=vehco,dc=com?uid"
Require valid-user
#Require ldap-group cn=vehco_staff
</IfModule>
</Location>
!! Note that is it recommended to AVOID "/svn" as a Location!! A lot of robots are searching for it
Reload apache2 server
service apache2 restart
Firewall
You need to adjust your FW if you plan to serve SVN by HTTP.
IPT=`which iptables`
# Only serve SVN by HTTP to some servers
CODE_VEHCO_COM=192.168.1.45
PROXY_VEHCO_COM=192.168.1.44
$IPT -A INPUT -p tcp --dport 80 -s $CODE_VEHCO_COM -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -s $PROXY_VEHCO_COM -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -s 0.0.0.0/0 -j DROP # DROP all the rest !
Web access
Now instead of “svn://” + dedicated SVN user you can use “https://myServer/dav_svn/” + LDAP user.
Improving website
Source: http://www.reposstyle.com/
Download the latest version of the icons: http://sourceforge.net/projects/reposserver/
cd /var/www/
wget ----myFile---
# unzip the archive
unzip repos-style-with-plugins-2.4.zip
rm repos-style-with-plugins-2.4.zip
# set rights
chown -R www-data:www-data /var/www/
# Update VHost in /etc/apache2/sites-enabled
SVN behind Apache2 proxy
If you put your SVN server behind a proxy you might encounter some 502 errors... Example of advanced configuration:
In that case, you need to adjust both the GATEWAY and the SVN server apache2 configuration.
Gateway configuration
The GW must be able to understand and forward HTTP DAV requests such as (PROPFIND, COPY, etc.).
You need to enable some Apache2 modules
apt-get install -y libapache2-mod-svn
a2enmod dav dav_svn
You also need to adjust your LOCATION settings:
<Location /svn>
DAV svn
ProxyPass http://svn.vehco.com/svn
ProxyPassReverse http://svn.vehco.com/svn
</Location>
!! NOTE !!
Some experts said the "DAV svn" instruction is not required. However, it seems to improve compatibility with older clients. I advise you to keep it !
Restart / Reload Apache2 Gateway
service apache2 restart
SVN server
You need to adjust few things on the SVN too, especially if your proxy is using HTTPS and your SVN server HTTP only.
Enable the headers modules:
a2enmod headers
Add the following instruction into your virtual host to support Headers
<VirtualHost *:80>
...
RequestHeader edit Destination ^https http early
...
</VirtualHost>
Restart / Reload Apache2 Gateway
service apache2 restart
Now it's OK !
You should not have any 502 errors anymore.
