Central Soap Box

Setting up a Subversion Server on FreeBSD 6.2

4 Comments Published by Cory on Friday, April 06, 2007 at 2:32 PM.

I have spent a too much time getting this working the way I like it. I tried a lot of different things using 2 separate FreeBSD installs under Microsoft Virtual PC 2007. I installed a minimal install with only ssh access. All I want to use the server for is Subversion and maybe Trac later on.

I wanted the svn server to only be accessed through SSL and with some form of basic authentication.

  1. Install FreeBSD to a VPC or a machine and login as root or a user in the wheel group and become su.
    • If your not sitting at the machine or your running in a vpc id recommend downloading PuTTY and using a ssh session to your FreeBSD machine.
  2. Configure system
    • edit /etc/hosts file after the 127 loopback I added this, it is required for starting apache, needs to be able to resolve its dns
    1. vi /etc/hosts
    2. 192.168.0.100 svn
  3. Get the ports tree to the machine:
    1. portsnap fetch
    2. portsnap extract
  4. Install OpenSSL
    1. cd /usr/ports/security/openssl
    2. make install clean
  5. Install Apache
    1. cd /usr/ports/www/apache22
    2. make install clean
  6. Configure Apache
    • add accf_http_load="YES" to loader.conf
    1. vi /boot/loader.conf
    2. accf_http_load="YES"
  7. Configure SSL keys
    1. cd /usr/local/etc/apache22
    2. mkdir ssl.key
    3. mkdir ssl.crt
    4. /usr/local/bin/openssl req -new -x509 -days 365 -keyout ./ssl.key/server.key -out ./ssl.crt/server.crt -subj '/CN=Test-Only Certificate'
    5. cp ./ssl.crt/server.crt server.crt
    6. /usr/local/bin/openssl rsa -in ssl.key/server.key -out server.key
    7. cp /usr/local/etc/apache22/extra/httpd-ssl.conf /usr/local/etc/apache22/Includes
  8. Launch Apache at system startup
    1. cp /usr/local/etc/rc.d/apache22 /usr/local/etc/rc.d/apache22.sh
    2. vi /etc/rc.conf
    3. Add apache22_enable="YES" to the end of the file.
  9. Start up the apache server
    1. /usr/local/sbin/apachectl start
  10. Browse to your computer through http and https, you should see the It Works! page on both.
  11. Install Subversion with mod_dav_svn, apache2 support and without Berkeley DB support
    1. cd /usr/ports/devel/subversion
    2. make -DWITH_MOD_DAV_SVN -DWITHOUT_BDB -DWITH_APACHE2_APR
    3. make install clean
  12. Setup a Subversion Repository
    1. cd /usr/local
    2. mkdir svn-repositories
    3. cd svn-repositories
    4. mkdir repos
    5. cd repos
    6. mkdir MyRepoName
    7. /usr/local/bin/svnadmin create MyRepoName
  13. Setup the auth file for access to the repository
    1. cd /usr/local/svn-repositories
    2. mkdir conf
    3. cd conf
    4. htpasswd -c -m -b htpasswd user1 pass1
    5. htpasswd -m -b htpasswd user2 pass2
    6. htpasswd -m -b htpasswd user3 pass3
    7. etc. You get the idea
  14. Change the owner of the svn-repositories directory to nobody
    1. chown -R nobody /usr/local/svn-repositories
  15. Add a location to your apache conf file to point to the Subversion Repository Directory, using SVNParentPath lets you create as many repositories as you would like in that path and they are all configured with the same settings in the apache conf.
    1. vi /usr/local/etc/apache22/Includes/svn.conf
      <Location /svn>
      DAV svn
      SVNParentPath /usr/local/svn-repositories/repos
      AuthType Basic
      AuthName "Subversion repository"
      AuthUserFile /usr/local/svn-repositories/conf/htpasswd
      Require valid-user
      SSLRequireSSL
      </Location>
  16. /usr/local/sbin/apachectl restart
  17. Browse to https://192.168.0.100/svn/MyRepoName
  18. Accept the certificate and enter your username and password, you should now have a working subversion server.
To ensure you are using the most current OpenSSL library you can check the version you are running in Apache by doing the following:
  1. /usr/local/bin/openssl s_client -connect 192.168.0.100:443
  2. [Enter]
  3. GET / HTTP/1.0
  4. [Enter]
  5. [Enter]

The results should look similar to the following:
HTTP/1.1 200 OK
Date: Tue, 03 Apr 2007 12:07:18 GMT
Server: Apache/2.2.4 (FreeBSD) mod_ssl/2.2.4 OpenSSL/0.9.8e DAV/2 SVN/1.4.3
Last-Modified: Sat, 20 Nov 2004 20:16:24 GMT
ETag: "c21e-2c-4c23b600"
Accept-Ranges: bytes
Content-Length: 44
Connection: close
Content-Type: text/html

That is it for now on this topic, if anyone has corrections or opinions on how to improve this mini guide please leave them.


References:
Custom-Compiling Apache and Subversion
Using Subversion for Collaborative Development

4 Responses to “Setting up a Subversion Server on FreeBSD 6.2”

  1. # Blogger to bring our own end Sun Dec 09, 09:55:00 AM NST

    thanx for guiding. everything worked perfectly except subversion compiling. it didn't include mod_dav_svn module, so i couldn't run apache.

    adding the those lines to /etc/make.conf fixed it.

    APXS=/usr/local/sbin/apxs
    WITH_APACHE2= true
    WITH_AUTH_MODULES=yes
    WITH_DAV_MODULES=yes
    WITH_MOD_DAV_SVN=yes
    WITH_SSL_MODULES=yes
    WITH_PROXY_MODULES=yes
    WITH_MISC_MODULES=yes  

  2. # Anonymous Derek Sat Jan 31, 05:02:00 PM NST

    Also add:
    APACHE_PORT=www/apache22

    So that there isn't a port mismatch.  

  3. # Anonymous Anonymous Mon Feb 23, 03:03:00 PM NST

    After I followed your steps I get Forbidden

    You don't have permission to access /svn on this server.

    Can you help me with that?  

  4. # Blogger Weaseal Wed Dec 23, 04:13:00 PM NST

    You suggest "chown -R nobody" - however my Apache runs as "www" so it was necessary to chown this to "www" and not "nobody" for commits to work. Took a little while to figure that one out...helps to include "why" you're suggesting certain steps sometimes!  

Post a Comment

Search

Latest

Archives

Links



XML