svn apache mediatemple dv 4.0 how to

Sometimes, things which seem like they shouldn’t be that hard actually aren’t that hard, but it’s hard to figure out how easy they are. Configuring Subversion to run over Apache on a MediaTemple dv 4.0 server is one of those things. It’s actually pretty easy, but if you don’t know what you’re doing, then finding out the simple steps is shockingly hard even with strong google-fu. So, we thought we’d write down the steps for you in this one, handy how-to guide.

First, the requisite basics — if you haven’t already done so, you’ll need to

  1. Install developer tools
  2. Enable root access
  3. Enable ssh
  4. Disable ssh for root

Now you’re ready to go, so just ssh into your server and

$ sudo mkdir -p /var/svn/
$ svnadmin create –fs-type fsfs /var/svn/myreponame
$ chown -R user:group /var/svn/myreponame
$ chmod -R 771 /var/svn/myreponame

where user and group are the system user and group which own your httpdocs tree.

That’s it for getting subversion running. You should be able to do things like

$ svn import /my/src file:///var/svn/myreponame/myproject 

But note the file:/// semantic. You can’t yet access the repository from anywhere other than directly on the local machine. And of course what we’re trying to do here is make the repository accessible over http. So next,

$ sudo yum install mod_dav_svn

Amongst other things, this will have created the file /etc/httpd/conf.d/subversion.conf. Uncomment the <Location /repos> block of code. NB: by default, this will set SVNParentPath, which is probably not what you want. Instead, change that to SVNPath and point it at the repository you created above: SVNPath /var/svn/myreponame.

To keep the contents of your repository (i.e., your source code) from transiting the Internet in clear text, you’ll want to force your repository connections to be over SSL. On MediaTemple, you do this by creating a custom vhost.conf file. That file goes in the conf directory for your site (<mysite>): /var/www/vhosts/<mysite>/conf. Add the following line to vhost.conf:

Redirect permanent /repos

Obviously, use your correct domain, and instead of “/repos” use whatever you put in apache’s <Location> directive. Normally, that Redirect statement goes inside of a <VirtualHost> block, but from here it’s just being included in another file, so doing so will generate an error message.

Finally, change the file permissions so it’s accessible by apache, and update Plesk so it knows about the file:

$ chown root:apache vhost.conf
$ chmod 640 vhost.conf
$ /usr/local/psa/admin/sbin/httpdmng --reconfigure-all

Now your source code isn’t transiting in the clear, but it’s still accessible to everyone. To fix that, you need to go back to your subversion.conf file and add or uncomment the AuthName, AuthType, AuthUserFile, and Require directives. AuthName can be anything, but it needs to be the same here and when you create users, below. We set AuthType to Digest, which will mean we’ll need to use htdigest to create our user:password combinations. The AuthUserFile is where these user:password combinations are stored. We recommend putting it in /usr/local/etc. And finally, the Require setting lets us specify authorization in addition to authentication. When you’re done, your subversion.conf file should look something like this:

LoadModule dav_svn_module     modules/
LoadModule authz_svn_module   modules/

<Location /repos>
   DAV svn
   SVNPath /var/svn/myreponame

   # Authentication: Digest
   AuthName "My Authentication Realm"
   AuthType Digest
   AuthUserFile /usr/local/etc/svn-auth.htdigest

   # Authorization: Authenticated users only
   Require valid-user

Then you create your users and passwords, just as the manual instructs:

$ ### First time: use -c to create the file
$ htdigest -c /usr/local/etc/svn-auth.htdigest "My Authentication Realm" harry
Adding password for harry in realm Subversion repository.
New password: *****
Re-type new password: *****
$ htdigest /usr/local/etc/svn-auth.htdigest "My Authentication Realm" sally
Adding user sally in realm Subversion repository
New password: *******
Re-type new password: *******

Et voila! That’s all it took. Like I said — very easy — and now, hopefully easier to find.

Props to Ingrid Alongi

for a clear intro to setting up basic subversion on MediaTemple.

Posted in Random and tagged .

Chris Richardson has strong opinions on just about everything. Just ask.