HTTPS SVN Installation and Setup

January 15, 2019 SVN 0

Install Required Packages:

yum install httpd
yum install subversion mod_dav_svn
yum install mod_ssl openssl

Configure apache subversion config file:
vi /etc/httpd/conf.modules.d/10-subversion.conf
Paste the content below:

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
LoadModule dontdothat_module  modules/mod_dontdothat.so

Configure Apache to run on port 443:
vi /etc/httpd/conf/httpd.conf
add:
Listen 443

Configure Apache SVN in httpd conf:
vi /etc/httpd/conf.d/svn.conf

<virtualhost *:443>

ServerName repo.domain.ext

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/ssl/ca.crt
SSLCertificateKeyFile /etc/httpd/ssl/ca.key

ErrorLog /var/log/httpd/svn_error_log
TransferLog /var/log/httpd/svn_access_log
LogLevel warn

<location />
DAV svn
SVNParentPath /data/
AuthType Basic
AuthName "Authorization Realm"
AuthUserFile /etc/subversion/svn.users
Require valid-user
</location>

<files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</files>

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd/svn_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</virtualhost>

This will:
– create alias for /data , so https://localhost/ be accessable
– Enable DAV
– Configure user authentication file:/etc/subversion/svn.users

Create SVN users:

htpasswd -cm /etc/subversion/svn.users dejanr
Note -c will delete existed password filke and create new, not use this for adding or modify existed passwords
htpasswd -m /etc/subversion/svn.users saska

Create SVN Home and one repository

mkdir /data/
chown apache.apache /data
cd data
svnadmin create repo

SELinux configuration

chcon -R -t httpd_sys_content_t /data/repo/
chcon -R -t httpd_sys_rw_content_t /data/repo/

See: http://www.serverlab.ca/tutorials/linux/web-servers-linux/configuring-selinux-policies-for-apache-web-servers/

Enable SSL/HTTPS

cd /etc/httpd/ssl
# Generate private key
openssl genrsa -out ca.key 2048

# Generate CSR
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Apache restart

systemctl restart httpd.service
systemctl enable httpd.service

Configure firewall:

iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v

To connect to SVN:

connect using URL: http://localhost/repo

Be the first to comment

Leave a Reply

Your email address will not be published.


*