# sudo apt-get install libapache2-svn subversion subversion-tools
# cd /etc/apache2/mods-enabled
# sudo ln -s /etc/apache2/mods-available/dav_svn.load
# sudo ln -s /etc/apache2/mods-available/ldap.load
# sudo ln -s /etc/apache2/mods-available/authnz_ldap.load
# sudo /etc/init.d/apache2 restart# cd /etc/apache2/mods-enabled
# sudo touch dav_svn.conf
# sudo vi dav_svn.conf
其中加粗的两个命令是启用ldap相关的apache模块,这是参考的文章中没有提到的,否则会出现:“Unknown Authn provider: ldap
”的错误提示。dav_svn.conf文件,指明svn仓库在那里,如何认证用户身份:
authz.conf文件,定义用户的组和访问不同项目仓库的权限:
<Location /svn/>
DAV svn
SVNParentPath /home/svn
AuthType Basic
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthLDAPBindDN "cn=readuser,ou=dep,dc=mydomain,dc=com"
AuthLDAPBindPassword "password"
AuthLDAPURL "ldap://adserver:3268/ou=dep,dc=mydomain,dc=com?sAMAccountName?sub?(objectClass=user)"
AuthzLDAPAuthoritative Off
Require valid-user
SVNListParentPath on
AuthzSVNAccessFile /home/svn/authz.conf
</Location>
[groups]
svnadmin = xieyanbo
erpadmin = user1
[/]
* =
@svnadmin = rw
[sandbox:/]
* = rw
[repos1:/]
@erpadmin = rw
为了创建项目方便,写了一个脚本add_project.sh做一些琐碎的事情,比如目录权限、配置文件的修改等:#!/bin/bash
project_name="$1"
if [ x"$project_name" = "x" ]; then
echo "$0 PROJECT_NAME"
exit 1
fi
sudo mkdir /home/svn/"$project_name"
sudo svnadmin create /home/svn/"$project_name"
sudo chown -R www-data:www-data /home/svn/"$project_name"
sudo chmod -R go-rwxs /home/svn/"$project_name"
sudo sh -c "echo 'auth-access = write' >> /home/svn/$project_name/conf/svnserve.conf"
sudo sh -c "echo '['$project_name':/]' >> /home/svn/authz.conf"
sudo sh -c "echo >> /home/svn/authz.conf"
补充,增加SSL支持
参考《Apache2 SSL and Subversion in Debian》,给服务添加SSL支持。助记如下:
sudo apt-get install openssl
sudo mkdir /etc/apache2/ssl
export RANDFILE=/dev/random
sudo openssl req $@ -new -x509 -days 365 -nodes \
-out /etc/apache2/ssl/apache.pem \
-keyout /etc/apache2/ssl/apache.pem
sudo chmod 600 /etc/apache2/ssl/apache.pem
cd /etc/apache2/sites-available/
sudo cp default ssl
sudo a2ensite ssl
sudo a2enmod ssl
sudo vi /etc/apache2/ports.conf # add Listen 443
其实生成证书用apache的命令
apache2-ssl-certificate
很方便,但Ubuntu从Debian继承的一个bug把它给搞丢了,可惜...下面是ssl的apache配置文件/etc/apache2/sites-available/ssl的内容:<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
Include /etc/apache2/mods-enabled/dav_svn.conf
</VirtualHost>
2007-08-01再补充,SVNListParentPath on
的bug临时应对方案
参考svn bug #2753,在使用 authz 的情况下,
SVNListParentPath on
这个设置会失效,apache总是报告权限错误。避免这种情况的临时方案:把<Location /svn>
改成<Location /svn/>
,路径的最后面增加一个斜线。还真是个古怪的bug呀。
没有评论:
发表评论