Setting up Subversion for Multiple Projects via HTTPS
These instructions are for a multiple project subversion repository that uses HTTPS with a self-signed certificate on a Debian system. Installing it on other Linux distributions will be fairly similar. It is also possible to install it on Amiga OS, Windows, or Mac OS X, but the installation procedure will be different. from that given here Debian was chosen by me simply because I have used it in the past, and it is set up more as a server operating system than a desktop (Ubuntu is nicer as a desktop, but could equally well be used as a server). Whatever your choice, I recommend that you run your SVN (and Trac) server on a dedicated machine rather than on your development machine since this will instantly serve as a backup on a separate machine.
Why a Secure Server?
A secure server encrypts the connection between the client and server, thus making it near impossible to intercept and steal the data. This may well be overkill in some cases (e.g., the server is inaccessible from the internet), however, source-code is usually a trade-secret (unless it is open-source) and source-code theft could have serious impact on a company's competitiveness. Regardless of how critical protecting the source-code is, setting up a secure server requires only a little extra effort.
A secure Subversion server can be set up using either HTTPS, or SSH (Secure SHell). In my case the Amiga OS 4.x server currently (5 December 2008) does not support using SSH, so HTTPS was the only secure option. Therefore the following instructions are for setting up an HTTPS based SVN server. Those who wish to use SSH should look elsewhere.
Automated Installation (ScripTS)
I have put the entire installation process into a bash script. There are two scripts: one installs just the SVN repository whilst the other installs SVN and Trac to provide a complete version control and management system (assuming that you also with to install Trac). The easiest method to install these is to enter the commands provided below into the Linux consolte (terminal); these commands will download and execute the installation script. Please note that these scripts assume that all files are in the same place as a Debian 4.0 installation. Also, these scripts download a few files from this website, so an internet connection is required.
- Secure Subversion installation script: svn-https-install
su
<it will prompt for your root (administrator) password>
wget https://hdrlab.org.nz/assets/Articles/SVNInstall/svn-https-install
chmod 766 svn-https-install
./svn-https-install
- Full Secure Subversion and Trac installation script (still to come)
Setting up the Subversion Server
The following steps are for Debian 4.0 or better (they may work with previous versions, but it has not been tested:
- Install the following packages: subversion, apache2, libapache2-svn subversion-tools (if you are going to install Trac too, install it now as well). This can be done either via the package manager, or use the console (easier in my opinion). To install these packages via the console (Terminal), enter the following:
su
<it will prompt for your root (administrator) password>
apt-get update
apt-get install apache2 subversion libapache2-svn subversion-tools
- Two files are missing from Debian's Apache2 installation: apache2-ssl-certificate and ssleay.cnf (click here to download them as an archive). These must be downloaded and placed in /usr/sbin and /usr/share/apache2/, respectively. Apache2-ssl-certificate's permissions must be set to 766 and ssleay.cnf's permissions should be 644. In the console, this can be achieved via the following commands:
cd /usr/sbin/
wget http://hdrlab.org.nz/assets/Articles/SVNInstall/apache2-ssl-certificate
chmod 766 apache2-ssl-certificate
cd /usr/share/apache2/
wget http://hdrlab.org.nz/assets/Articles/SVNInstall/ssleay.cnf
chmod 644 ssleay.cnf
- Next, create the directory /etc/apache2/ssl:
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
- Now create a self-signed certificate:
apache2-ssl-certificate
- The apache2-ssl-certificate script will ask for a few details to include in the certificate such as organization name, etc. Enter the appropriate details.
- Enable SSL in apache and restart the server:
a2enmod ssl
- Add "Listen 443" to /etc/apache2/ports.conf. This file can be modified by entering "gedit /etc/apache2/ports.conf" (without the quotes) into the console.
- Now a new virtual host must be set up for the secure server. Download this file and save it in /etc/apache2/sites-available/. This file can be modified if you wish to put the SVN repository somewhere other than /home/svn. In the console, this step can be achieved via the following commands:
cd /etc/apache2/sites-available
wget http://hdrlab.org.nz/assets/Articles/SVNInstall/ssl
chmod 644 ssl
- Enable the newly created site, and restart the server:
a2ensite ssl
/etc/init.d/apache2 force-reload
- Create the root directory for all SVN project/repositories:
cd /home
mkdir svn
chown www-data svn
- At least one user will need to be created (replace "yourusername" with whatever you wish to have as user-name:
su www-data -c "htpasswd -c -m /home/svn/.dav_svn.passwd yourusername"
- To add additional users, use the following line ('-c' has been removed so that it does not recreate the password file; replace "user2" with the desired user-name):
su www-data -c "htpasswd -m /home/svn/.dav_svn.passwd user2"
- In order to test the setup, create a new project (replace newproject with the desired project name):
cd /home/svn
su www-data -c "svnadmin create newproject"
- Test the repository by opening a browser, and entering the URL , e.g., http:mysvnserver.com/svn/newproject (replace mysvnserver.com with the URL of your server, and newproject with the new project name). The web browser will warn you that the certificate is certified by an "unknown authority." This "unknown authority" is yourself (it is a self-signed certificate). Permanently accept the certificate. If everything was successful, your web browser should look something like the following:
- The installation is complete. It is now time to install Trac, or start using Subversion.
Articles » A (Linux) Server for Software Developers » Setting up and Using a Secure Trac and Subversion Server » Setting up Subversion for Multiple Projects via HTTPS