Shulou(Shulou.com)06/03 Report--

Centos7 installation configuration svn https access

1. Install svn and dependencies

Java code

Yum install mod_dav_svn subversion

2. Create a version library

Java code

Svnadmin create / data/svndata/rd

Not surprisingly, at this point, you can access it using the svn:// protocol

3. Install apache

Java code

Yum-y install httpd

4. Modify the version library configuration file created in step 2

Java code

[general] anon-access = noneauth-access = writepassword-db = / data/svndata/passwd.conf # httpd authentication using authz-db = / data/svndata/authz.conf # svn version library permissions file realm = rd # version library force-username-case = none [sasl] use-sasl = truemin-encryption = 0max-encryption = 256

5. Create the authentication file mentioned in step 4 and add a user

Java code

Touch / data/svndata/passwd.confhtpasswd-c / data/svndata/passwd.conf unclecode # when adding a second user, do not-c, otherwise it will be overwritten

/ usr/local/apache/bin/htpasswd / usr/local/svn/conf/svn_passwdfile username

Sh script to add users

#! / bin/sh

If [!-n "$1"]; then

Read-p "Enter create user' name:" name

/ usr/local/apache/bin/htpasswd / usr/local/svn/conf/svn_passwdfile $name

Else

/ usr/local/apache/bin/htpasswd / usr/local/svn/conf/svn_passwdfile $1

Fi

6. Create the svn version library permission file mentioned in step 4

Java code

Vi / data/svndata/ authz.confs [groups] rd= unclecode [Rd: /] @ rd=rw

7. Http mode

Java code

Vi / etc/httpd/conf/httpd.confListen 8088vi / etc/httpd/conf.d/subversion.conf or write the content directly in httpd.conf, do not create this file. DAV svnSVNListParentPath onSVNParentPath / data/svndataAuthType BasicAuthName "Authorization" AuthUserFile / data/svndata/passwd.confAuthzSVNAccessFile / data/svndata/authz.confRequire valid-user launch apache: systemctl restart httpd.service

Cat / etc/selinux/config SELINUX=enforcing to disabled launch svn: e-d-r / data/svndata/

8. Look at the effect in http mode

Java code

Http://127.0.0.1:8088/svn, enter the user name and password created in step 5.

9. Https mode

9.1. Install openssl

Java code

Yum install mod_ssl openssl

9.2. Generate certificates

Java code

Cd / etc/pki/tls/privateopenssl genrsa-out svn_server.key 1024openssl req-new-key svn_server.key-out svn_server.csr commonName must be entered when building the certificate and must be consistent in the apache configuration file, otherwise the synchronization Times will be wrong. ServerName svn.ht.com:9091cd / etc/pki/tls/certsopenssl x509-req-days 365-in / etc/pki/tls/private/svn_server.csr-signkey / etc/pki/tls/private/svn_server.key-out svn_server.crt in Httpd.conf

9.3. Configure apache ssl

Java code

Vi / etc/httpd/conf.d/ssl.confSSLCertificateFile / etc/pki/tls/certs/svn_server.crtSSLCertificateKeyFile / etc/pki/tls/private/svn_server.key

If you change to port 443, remember two places. Vi / etc/httpd/conf.d/subversion.conf / / does not create or directly write the content in httpd.conf SSLRequireSSLDAV svnSVNListParentPath onSVNParentPath / data/svndataAuthType BasicAuthName "Authorization" AuthUserFile / data/svndata/passwd.confAuthzSVNAccessFile / data/svndata/authz.confRequire valid-user add a line of SSLRequireSSL before it

Java code

Vi / etc/httpd/conf/httpd.conf is automatically imported after installing mod_ssl with 2 lines at the bottom of LoadModule dav_svn_module modules/mod_dav_svn.soLoadModule authz_svn_module modules/mod_authz_svn.soLoadModule ssl_module modules/mod_ssl.so / /.

10. Restart apache

Java code

Systemctl restart httpd.service

11. See the effect in https mode

Java code

Https://127.0.0.1:8088/svn, enter the user name and password created in step 5.

Https access: uncomment the following three lines.

# Include conf/extra/httpd-ssl.conf

# SSLRequireSSL

# LoadModule ssl_module modules/mod_ssl.so

Workaround for not installing mod_ssl when installing apache

In order for Apache to support https access, the system needs to be equipped with apache, openssl and mod_ssl.so.

1. Install openssl:

Basically, the system has been installed, under / usr/bin/openssl, directly use the openssl command; if the system is not installed, download openssl to install.

2. Install mod_ssl.so:

Now Apache comes with this module, which is not installed by default. There are two ways to install: static compilation and dynamic loading.

Use the whereis openssl command to get the path to lib and include

Cd apache source code path / modules/ssl

Use the command (apache_home/bin) apxs-I-a-D HAVE_OPENSSL=1-I/usr/include/openssl/-L/usr/lib64/openssl/-c * .c-lcrypto-lssl-ldl

If you have changed the svn port, use the default port 443 for access.

You cannot have a port even if you specify a port for Listen 9091 https access. I don't understand why.

Other commonly used scripts

Vim pre-commit

#! / bin/sh

REPOS= "$1"

TXN= "$2"

Make sure that the log message contains some text.

SVNLOOK=/usr/local/svn/bin/svnlook

# $SVNLOOK log-t "$TXN"$REPOS" |\

Grep "[a-zA-Z0-9]" > / dev/null | | exit 1

#

Check that the author of this commit has the rights to performthe commit on the files and directories being modified.commit-access-control.pl "$REPOS"$TXN" commit-access-control.cfg | | exit 1

LOGMSG=$SVNLOOK log-t "$TXN"$REPOS" | grep "[a-zA-Z0-9]" | wc-c

If ["$LOGMSG"-lt 5]; # .5

Then

Echo-e "Svn Log Message can't be empty! you must input at least 5 chars for your thanks." 1 > & 2

Exit 1

Fi

All checks passed, so allow the commit.

Exit 0

Vim post-commit

#! / bin/sh

Export LC_CTYPE=en_US.UTF-8

Export PATH=$PATH:/usr/local/svn/bin:/home/svn/Net-DAP/hooks:

REPOS= "$1"

REV= "$2"

# SENDTO= "wangyanfu@huatusoft.com"

Send it to these people, calling the script we created above

# / usr/local/svn/script/svnemail_commit.sh "$REPOS"$REV"$SENDTO"

Vim pre-revprop-change

#! / bin/sh

Exit 0

Svn client

Configure the environment variable / etc/profile

Unset i

Unset-f pathmunge

Export SVN_HOME=/opt/CollabNet_Subversion/

Export PATH=$PATH:$SVN_HOME/bin

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.