Sometimes, things which seem like they shouldn’t be that hard actually aren’t that hard, but it’s hard to figure out how easy they are. Configuring Subversion to run over Apache on a MediaTemple dv 4.0 server is one of those things. It’s actually pretty easy, but if you don’t know what you’re doing, then finding out the simple steps is shockingly hard even with strong google-fu. So, we thought we’d write down the steps for you in this one, handy how-to guide.
First, the requisite basics — if you haven’t already done so, you’ll need to
Now you’re ready to go, so just ssh into your server and
$ sudo mkdir -p /var/svn/ $ svnadmin create –fs-type fsfs /var/svn/myreponame $ chown -R user:group /var/svn/myreponame $ chmod -R 771 /var/svn/myreponame
group are the system user and group which own your
That’s it for getting subversion running. You should be able to do things like
$ svn import /my/src file:///var/svn/myreponame/myproject
But note the file:/// semantic. You can’t yet access the repository from anywhere other than directly on the local machine. And of course what we’re trying to do here is make the repository accessible over http. So next,
$ sudo yum install mod_dav_svn
Amongst other things, this will have created the file
/etc/httpd/conf.d/subversion.conf. Uncomment the
<Location /repos> block of code. NB: by default, this will set
SVNParentPath, which is probably not what you want. Instead, change that to
SVNPath and point it at the repository you created above:
To keep the contents of your repository (i.e., your source code) from transiting the Internet in clear text, you’ll want to force your repository connections to be over SSL. On MediaTemple, you do this by creating a custom vhost.conf file. That file goes in the conf directory for your site (<mysite>):
/var/www/vhosts/<mysite>/conf. Add the following line to vhost.conf:
Redirect permanent /repos https://www.example.com/repos
Obviously, use your correct domain, and instead of “/repos” use whatever you put in apache’s <Location> directive. Normally, that Redirect statement goes inside of a <VirtualHost> block, but from here it’s just being included in another file, so doing so will generate an error message.
Finally, change the file permissions so it’s accessible by apache, and update Plesk so it knows about the file:
$ chown root:apache vhost.conf $ chmod 640 vhost.conf $ /usr/local/psa/admin/sbin/httpdmng --reconfigure-all
Now your source code isn’t transiting in the clear, but it’s still accessible to everyone. To fix that, you need to go back to your
subversion.conf file and add or uncomment the
Require directives. AuthName can be anything, but it needs to be the same here and when you create users, below. We set AuthType to Digest, which will mean we’ll need to use
htdigest to create our user:password combinations. The AuthUserFile is where these user:password combinations are stored. We recommend putting it in /usr/local/etc. And finally, the Require setting lets us specify authorization in addition to authentication. When you’re done, your subversion.conf file should look something like this:
LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /repos> DAV svn SVNPath /var/svn/myreponame # Authentication: Digest AuthName "My Authentication Realm" AuthType Digest AuthUserFile /usr/local/etc/svn-auth.htdigest # Authorization: Authenticated users only Require valid-user </Location>
Then you create your users and passwords, just as the manual instructs:
$ ### First time: use -c to create the file $ htdigest -c /usr/local/etc/svn-auth.htdigest "My Authentication Realm" harry Adding password for harry in realm Subversion repository. New password: ***** Re-type new password: ***** $ htdigest /usr/local/etc/svn-auth.htdigest "My Authentication Realm" sally Adding user sally in realm Subversion repository New password: ******* Re-type new password: ******* $
Et voila! That’s all it took. Like I said — very easy — and now, hopefully easier to find.
Props to Ingrid Alongi
for a clear intro to setting up basic subversion on MediaTemple.