在工作中需要使用SVN作为代码管控服务器。所以运维需要掌握SVN服务器的搭建和一些常用操作。
安装Apache服务
wget
tar jxvf httpd-2.2.22.tar.bz2
cd httpd-2.2.22
./configure --prefix=/data/svn_base/httpd --enable-so --enable-dav --enable-dav-fs --enable-maintainer-mode --with-included-apr --enable-rewrite --enable-ssl --enable-proxy --enable-proxy-http
make
make install
useradd -r -s /sbin/nologin apache
修改 /data/svn_base/httpd/conf/httpd.conf
User apache
Group apache
安装SVN
wget 这个是subversion的主程序包
wget 这个是subversion的补丁包。
两个包的版本号信息要一致。
tar jxvf subversion-1.6.13.tar.bz2
tar jxvf subversion-deps-1.6.13.tar.bz2
cd subversion-1.6.13
./configure --prefix=/data/svn_base/subversion --with-apxs=/data/svn_base/httpd/bin/apxs --with-apr=/data/svn_base/httpd/bin/apr-1-config --with-apr-util=/data/svn_base/httpd/bin/apu-1-config
yum -y install expat expat-devel
make
make install
配置Apache
确认httpd.conf中有以下三行
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
Include conf/extra/httpd-svn.conf
并且modules目录下要存在这两个文件
编辑/data/svn_base/httpd/conf/extra/httpd-svn.conf
<Location /svn>
DAV svn
SVNListParentPath On
SVNParentPath /data/svn_base/
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile //data/svn_base/subversion/conf/svn_passwdfile
AuthzSVNAccessFile /data/svn_base/subversion/conf/svn_accessfile
Require valid-user
</Location>
mkdir -p /data/svn_base/subversion/conf/
创建SVN用户和密码存储文件,默认没有这个文件,第一次创建需要用 -c 这个参数。
/data/svn_base/httpd/bin/htpasswd -c /data/svn_base/subversion/conf/svn_passwdfile john
这只用户的访问权限
vim /data/svn_base/subversion/conf/svn_accessfile
[groups]
admin = john
project1 = user0
project1_server = user1,user2
project1_client = user3,user4
[/]
@admin = rw
[project1:/]
@admin = rw
@project1 = rw
[project1:/server]
@admin = rw
@project1 = rw
@project1_server = rw
[project1:/client]
@admin = rw
@project1 = rw
@project1_client = rw
4. 创建项目仓库
/data/svn_base/subversion/bin/svnadmin create /data/svn_base/project1
chown apache:apache -R /data/svn_base/project1
5.添加Apache启动文件,设置开机启动
#!/bin/bash## httpd Startup script for the Apache HTTP Server## chkconfig: - 85 15# description: The Apache HTTP Server is an efficient and extensible \# server implementing the current HTTP standards.# processname: httpd# config: /etc/httpd/conf/httpd.conf# config: /etc/sysconfig/httpd# pidfile: /var/run/httpd/httpd.pid#### BEGIN INIT INFO# Provides: httpd# Required-Start: $local_fs $remote_fs $network $named# Required-Stop: $local_fs $remote_fs $network# Should-Start: distcache# Short-Description: start and stop Apache HTTP Server# Description: The Apache HTTP Server is an extensible server # implementing the current HTTP standards.### END INIT INFO# Source function library.. /etc/rc.d/init.d/functionsif [ -f /etc/sysconfig/httpd ]; then . /etc/sysconfig/httpdfi# Start httpd in the C locale by default.HTTPD_LANG=${HTTPD_LANG-"C"}# This will prevent initlog from swallowing up a pass-phrase prompt if# mod_ssl needs a pass-phrase from the user.INITLOG_ARGS=""# Set HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server# with the thread-based "worker" MPM; BE WARNED that some modules may not# work correctly with a thread-based MPM; notably PHP will refuse to start.# Path to the apachectl script, server binary, and short-form for messages.apachectl=/data/svn_base/httpd/bin/apachectlhttpd=${HTTPD-/data/svn_base/httpd/bin/httpd}prog=httpdpidfile=${PIDFILE-/data/svn_base/httpd/logs/httpd.pid}lockfile=${LOCKFILE-/var/lock/subsys/httpd}RETVAL=0STOP_TIMEOUT=${STOP_TIMEOUT-10}# The semantics of these two functions differ from the way apachectl does# things -- attempting to start while running is a failure, and shutdown# when not running is also a failure. So we just do it the way init scripts# are expected to behave here.start() { echo -n $"Starting $prog: " LANG=$HTTPD_LANG daemon --pidfile=${pidfile} $httpd $OPTIONS RETVAL=$? echo [ $RETVAL = 0 ] && touch ${lockfile} return $RETVAL}# When stopping httpd, a delay (of default 10 second) is required# before SIGKILLing the httpd parent; this gives enough time for the# httpd parent to SIGKILL any errant children.stop() { echo -n $"Stopping $prog: " killproc -p ${pidfile} -d ${STOP_TIMEOUT} $httpd RETVAL=$? echo [ $RETVAL = 0 ] && rm -f ${lockfile} ${pidfile}}reload() { echo -n $"Reloading $prog: " if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then RETVAL=6 echo $"not reloading due to configuration syntax error" failure $"not reloading $httpd due to configuration syntax error" else # Force LSB behaviour from killproc LSB=1 killproc -p ${pidfile} $httpd -HUP RETVAL=$? if [ $RETVAL -eq 7 ]; then failure $"httpd shutdown" fi fi echo}# See how we were called.case "$1" in start) start ;; ;; status) status -p ${pidfile} $httpd RETVAL=$? ;; restart) stop start ;; condrestart|try-restart) if status -p ${pidfile} $httpd >&/dev/null; then stop start fi ;; force-reload|reload) reload ;; graceful|help|configtest|fullstatus) $apachectl $@ RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}" RETVAL=2esacexit $RETVAL chkconfig --level 35 httpd on
6.设置HTTPS方式访问
yum install openssl openssl-devel
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.crt -days 3650 -x509
将httpd.conf中以下一行注释去掉
Include conf/extra/httpd-ssl.conf
service httpd reload
然后通过 就可以访问了
7.通过Nginx访问
如果默认使用Nginx作为WEB服务器,又想要通过HTTP或HTTPS的方式访问SVN,就需要通过Nginx转发请求到Apache.Apache需要设置监听不同的端口。
以下为使用HTTPS的方式访问Nginx,然后由Nginx转发HTTP请求到Apache。生成秘钥的方式和以上相同。
server { listen 443 ssl; ssl_certificate conf.d/ssl/www.xxx.com.crt; ssl_certificate_key conf.d/ssl/www.xxx.com.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; server_name www.xxx.com; root /data/svn_base/; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering on; proxy_pass http://127.0.0.1:88; }}