Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to configure the https access of svn under Linux. It is very detailed and has certain reference value. Friends who are interested must read it!

Apache Subversion, usually abbreviated to SVN, is an open source version control system. Subversion was developed by CollabNet Inc in 2000 and is now a project of the Apache Software Foundation. It is also part of a rich developer and user community. Compared with RCS and CVS, SVN adopts branch management system, and its design goal is to replace CVS. Most of the free version control services on the Internet are based on Subversion.

Build SVN server 1. Use the yum command to install svn server [root@localhost ~] # yum install-y subversion2. You can use the command to see if svn is installed successfully [root@localhost ~] # svn use "svn help" to get usage. [root@localhost] # svn help [root@localhost ~] # svn-- version [root@localhost ~] # svnadmin help...3. Create a warehouse for the svn server

First create a directory (here the directory can be arbitrary, I started / wfq to facilitate my own management)

[root@localhost /] # mkdir / wfq/svn/project

Then create the warehouse, and specify the warehouse directory as the directory you just created.

[root@localhost /] # svnadmin create / wfq/svn/project

Because we created the folder with root permissions, we need to modify the group permissions to prevent the svn operation from failing due to insufficient permissions

[root@localhost /] # chown-R apache:apache / wfq/svn/project

If you enter this directory, you will find that a lot of files have been generated, and the main configuration of svn in the file is in the conf directory.

[root@localhost /] # cd / wfq/svn/project/ [root@localhost project] # ll total dosage 8drwxr-xr-x. 2 root root 54 January 19 02:12 confdrwxr-sr-x. 6 root root 233 January 19 02:12 db-r--r--r--. 1 root root January 19 02:12 formatdrwxr-xr-x. 2 root root 231 January 19 02:12 hooksdrwxr-xr-x. 2 root root 41 January 19 02:12 locks-rw-r--r--. 1 root root 229 January 19 02:12 README.txt [root@localhost project] # cd conf/ [root@localhost conf] # ll total consumption 12LRW Rafael. 1 root root 1080 January 19 02:12 authz-rw-r--r--. 1 root root 309 January 19 02:12 passwd-rw-r--r--. 1 root root 3090 January 19 02:12 svnserve.conf

Conf- |

| | authz-permission configuration of svn |

-| password configuration of passwd-svn (Note: the password verification file here is not a password file because we want to use httpd)

| | svnserve.conf-basic configuration file of svn |

4.SVN specifies whether the library starts or shuts down

1. Command startup (defective)

Close svn

[root@localhost ssl] # ps-ef | grep svnserveroot 1438 10 19:06? 00:00:00 / usr/bin/svnserve-- daemon-- pid-file=/run/svnserve/svnserve.pid-r / wfq/svnroot 1493 1137 0 19:23 pts/0 00:00:00 grep-- color=auto svnserve [root@localhost ssl] # kill-9 1438

Start the specified directory

[root@localhost ssl] # svnserve-d-r / wfq/svn/ [root@localhost ssl] # ps-ef | grep svnserveroot 1509 10 19:24? 00:00:00 svnserve-d-r / wfq/svn/root 1511 1137 0 19:24 pts/0 00:00:00 grep-- color=auto svnserve [root@localhost ssl] # systemctl restart httpd

The drawback of this approach is that you cannot use the following commands to control the svn service

[root@localhost ssl] # systemctl start svnserve [root@localhost ssl] # systemctl restart svnserve [root@localhost ssl] # systemctl stop svnserve [root@localhost ssl] # systemctl status svnserve

two。 Modify the default startup directory

Change the OPTIONS= "- r / wfq/svn" variable to the root directory that was not created above

[root@localhost ssl] # vi / etc/sysconfig/svnserve# OPTIONS is used to pass command-line arguments to svnserve.## Specify the repository location in-r parameter:OPTIONS= "- r / wfq/svn"

Restart

[root@localhost ssl] # systemctl restart svnserve [root@localhost ssl] # systemctl restart httpd to create apache environment supports http svn connection 1. Download the httpd and mod_dav_svn modules using the yum source

The httpd module is the main program of the Apache Hypertext transfer Protocol (HTTP) server. Designed as a background process that runs independently, it establishes a pool of child processes or threads that process requests.

The mod_dav_svn configuration instruction module is the configuration description for providing Subversion version library services through the Apache HTTP server.

[root@localhost project] # yum install-y httpd mod_dav_svn2. Create user and password files and configure svn permissions

The last thing in the htpasswd command to create a password file is the user name, then enter the password, press enter, and confirm the password again, and the file will be created.

If you want to append users, use the-m command to remove the c command or it will be overwritten.

After viewing with the command, you will find that the user has been created

[root@localhost /] # htpasswd-cm / wfq/svn/project/conf/http-auth bugwfqNew password:Re-type new password:Adding password for user bugwfq [root@localhost /] # vi / wfq/svn/project/conf/http-authbugwfq:$apr1 $0FjoVFII, Zb4G0C8 and r3oooQKPmcJHCi

Enter the conf/authz file to configure permissions. For more information on how to configure permissions, please see configuration details.

[root@localhost /] # vi / wfq/svn/project/conf/authz### This file is an example authorization file for svnserve.### Its format is identical to that of mod_authz_svn authorization### files.### As shown below each section defines authorizations for the path and### (optional) repository specified by the section name.### The authorizations follow. An authorization line can refer to:###-a single user,###-a group of users defined in a special [groups] section,###-an alias defined in a special [aliases] section,###-all authenticated users, using the'$authenticated' token,###-only anonymous users, using the'$anonymous' token,###-anyone, using the'* 'wildcard.# A match can be inverted by prefixing the rule with'. Rules can### grant read ('r') access, read-write ('rw') access, or no access### (''). [aliases] # joe = / C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average [groups] # harry_and_sally = harry,sally# harry_sally_and_joe = harry,sally,&joeadmin = bugwfq # configure user group admin group member admin= zs,ls Ww# [/ foo/bar] # harry = rw# & joe = r # * = [/] @ admin = group permission configuration r read / write # [repository:/baz/fuz] "/ wfq/svn/project/conf/authz" 37L, 1113C written3. Configure the svnserve.conf file

Remove the number # in front of the following configurations

Anon-access = readauth-access = writepassword-db = http-auth (specify the password file just generated) authz-db = authz [root@localhost /] # vi / wfq/svn/project/conf/svnserve.conf### This file controls the configuration of the svnserve daemon, if you### use it to allow access to this repository. (If you only allow### access through http: and/or file: URLs, then this file is### irrelevant.) # Visit http://subversion.apache.org/ for more information. [general] # The anon-access and auth-access options control access to the### repository for unauthenticated (a.k.a. Anonymous) users and### authenticated users, respectively.### Valid values are "write", "read", and "none". # Setting the value to "none" prohibits both reading and writing # "read" allows read-only access, and "write" allows complete### read/write access to the repository.### The sample settings below are the defaults and specify that anonymous### users have read-only access to the repository, while authenticated### users have read and write access to the repository.anon-access = read auth-access = write### The password-db option controls the location of the password### database file. Unless you specify a path starting with a /, # the file's location is relative to the directory containing### this configuration file.### If SASL is enabled (see below), this file will NOT be used.### Uncomment the line below to use the default password file.password-db = http-auth### The authz-db option controls the location of the authorization### rules for path-based access control Unless you specify a path### starting with a /, the file's location is relative to the the### directory containing this file. If you don't specify an### authz-db, no path-based access control is done.### Uncomment the line below to use the default authorization file.authz-db = authz### This option specifies the authentication realm of the repository.### If two repositories have the same authentication realm, they should### have the same password database, and vice versa. The default realm "/ wfq/svn/project/conf/svnserve.conf" 61L, 3085C written4. Configure httpd.conf Profil

Service directory: / etc/httpd/ main configuration file: / etc/httpd/conf/httpd.conf

SVNParentPath / wfq/svn # # is the root project's parent directory AuthUserFile / wfq/svn/project/conf/httppasswd # # password file location AuthzSVNAccessFile / wfq/svn/project/conf/authz # # permission configuration

[root@localhost /] # vi / etc/httpd/conf/httpd.conf...ServerName locahost:80DAV svnSVNListParentPath onSVNParentPath / wfq/svnAuthType BasicAuthName "Subversion repositories" AuthUserFile / wfq/svn/project/conf/httppasswdAuthzSVNAccessFile / wfq/svn/project/conf/authzRequire valid-userSVNAutoversioning onModMimeUsePathInfo on... [root@localhost /] # 5. Modify the owner and group of files in the svn directory [root@localhost /] # cd / wfq/svn/ [root@localhost svn] # chown-R apache. Project/ [root@localhost svn] # ll total dosage 0drwxr-xr-x. 6 apache apache 86 January 19 02:12 project [root@localhost svn] # ll project/ total dosage 8drwxr-xr-x. 2 apache apache 71 January 19 03:21 confdrwxr-sr-x. 6 apache apache 233 January 19 02:12 db-r--r--r--. 1 apache apache January 19 02:12 formatdrwxr-xr-x. 2 apache apache 231 January 19 02:12 hooksdrwxr-xr-x. 2 apache apache 41 January 19 02:12 locks-rw-r--r--. 1 apache apache 229 January 19 02:12 README.txt [root@localhost svn] #

Restart httpd

[root@localhost svn] # systemctl restart httpdJob for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl-xe" for details.

Check the cause of startup failure

[root@localhost svn] # systemctl status httpd ● httpd.service-The Apache HTTP Server Loaded: loaded (/ usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since six 2019-01-19 03:57:46 CST 1min 30s ago Docs: man:httpd (8) man:apachectl (8) Process: 1952 ExecStop=/bin/kill-WINCH ${MAINPID} (code=exited, status=1/FAILURE) Process: 1951 ExecStart=/usr/sbin/httpd $OPTIONS-DFOREGROUND (code=exited, status=0/SUCCESS) Main PID: 1951 (code=exited Status=0/SUCCESS) January 19 03:57:46 localhost.localdomain systemd [1]: Starting The Apache HTTP Server...1 month 19 03:57:46 localhost.localdomain httpd [1951]: httpd (pid 1600) already running1 19 03:57:46 localhost.localdomain kill [1952]: kill: cannot find process "January 19 03:57:46 localhost.localdomain systemd [1]: httpd.service: control process exited Code=exited status=11 19 03:57:46 localhost.localdomain systemd [1]: Failed to start The Apache HTTP Server.1 19 03:57:46 localhost.localdomain systemd [1]: Unit httpd.service entered failed state.1 19 03:57:46 localhost.localdomain systemd [1]: httpd.service failed.

View the log

[root@localhost svn] # vi / var/log/httpd/error_ log[Sat Jan 19 02:40:38.937489 2019] [core:notice] [pid 1599] SELinux policy enabled Httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [Sat Jan 1902 pid 40 AH01757 38.938439 2019] [suexec:notice] [pid 1599] AH01232: suEXEC mechanism enabled (wrapper: / usr/sbin/suexec) [Sat Jan 1902 Vista 38.954448 2019] [auth_digest:notice] [pid 1600] AH01757: generating secret for digest authentication. [Sat Jan 1902 Vuit40 AH01232 38.965269 2019] [lbmethod_heartbeat:notice] [pid 1600] AH02282: No slotmem from mod_ heartbeat monitor [sat Jan 19 02 40 Sat Jan 38.992931 2019] [mpm_prefork:notice] [pid 1600] AH00163: Apache/2.4.6 (CentOS) SVN/1.7.14 configured-- resuming normal operations [Sat Jan 19 02 40 purge 38.992970 2019] [core:notice] [pid 1600] AH00094: Command line: 'httpd'

It turns out that the local port 80 has been forgotten. Here, the firewall is turned off directly for convenience.

[root@localhost /] # systemctl stop firewalld.service [root@localhost /] # systemctl disable firewalld.service

Then the restart found that although it was successful, it was reported 500 during the interview.

The server encountered an internal error or misconfiguration and was unable to complete your request.Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

Then I checked the error log.

[Sat Jan 1904 pid 42v 55.749505 2019] [authn_file:error] [pid 2207] (13) Permission denied: [client 192.168.4.208 pid 10890] AH01620: Could not open password file: / wfq/svn/project/conf/httppasswd [Sun Jan 203 pid 43v 02.936928 2019] [mpm_prefork:notice] [pid 2202] AH00171: Graceful restart requested, doing restart

It is found that the newly installed system SELinux is not closed and the authorization is not in effect.

There are two treatment options:

1. Permanently shut down selinux and restart the system

[root@localhost ~] # vi / etc/selinux/config

Change SELINUX=enforcing to SELINUX=disabled

Restart the system reboot command to apply relevant settings

Reference article: linux shuts down selinux

two。 Directly modify the permission configuration of the SVN directory by command

Chcon-R-h-t httpd_sys_content_t / wfq/svn/project

Then access the address http://ip/svn/project and enter the set account number and password to see the interface, which means that the access is successful.

Upgrade to https access 1.SSL environment building

SSL digital certificate

1. Download the openssl and mod_ssl modules

[root@localhost ~] # yum install-y openssl mod_ssl

two。 Generate key and certificates

[root@localhost ~] # mkdir / etc/httpd/conf/ssl/ [root@localhost ~] # cd / etc/httpd/conf/ssl/ [root@localhost ssl] # ll Total consumption 0 [root@localhost ssl] # openssl genrsa-des3-out server.key 1024Generating RSA private key 1024 bit long modulus.+.+e is 65537 (0x10001) Enter pass phrase for server.key:Verifying-Enter pass phrase for server.key: generate csr [root@localhost ssl] # openssl req-new-key server.key > server.csrEnter pass phrase for server.key:You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name ora DN. There are quite a few fields but you can leave some blankFor some fields there will be a default value If you enter'.', the field will be left blank.-Country Name (2 letter code) [XX]: CN # country name (2 letter code) State or Province Name (full name) []: gd # province Locality Name (eg, city) [Default City]: sz # City Organization Name (eg Company) [Default Company Ltd]: xx # Company name Organizational Unit Name (eg, section) []: xx # Company Department Common Name (eg Your name or your server's hostname) []: bugwfq # hostname Email Address []: bugwfq@163.com # email address Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []: 123456 # password An optional company name []: bugwfq # optional company Name. # generate certificate [root@localhost ssl] # openssl req-x509-days 2048-key server.key-in server.csr > server.crtEnter pass phrase for server.key: [root@localhost ssl] # Total amount of ll 12kashi Rwashi-1 root root 997 January 21 23:27 server.crt-rw-r--r-- 1 root root 729 January 21 23:26 server.csr-rw-r--r-- 1 root root 963 January 21 23:22 server.key

If you use an Ali CVM and have a domain name, find the corresponding domain name management, open the ssl certificate, and then download the certificate corresponding to apache.

The following files are generated

Put these files in the / etc/httpd/conf/ssl directory

two。 Configure the SSL environment

\ 1. Open the / etc/httpd/conf/httpd.conf configuration file to configure the following information

[root@localhost /] # vi / etc//httpd/conf/httpd.conf...# Load config files in the "/ etc/httpd/conf.d" directory, if any....LoadModule ssl_module modules/mod_ssl.soMutex default ssl-cacheSSLRandomSeed startup builtinSSLSessionCache noneSSLCertificateFile conf/ssl/server.crtSSLCertificateKeyFile conf/ssl/server.key#SSLCertificateChainFile conf/ssl/X_X_X_chain.crt # can not be matched if it is produced by openssl If it is configured by a formal institution, you can put it on it. DAV svn...ModMimeUsePathInfo onSSLRequireSSL # configure the line

two。 Restart httpd

[root@localhost /] # systemctl restart httpd

Then access the corresponding address https://xxx.xxx.xxx.xxx/svn/project

Because I use openssl generated, so although the certificate is OK, but only applicable to the development environment, there will be a hint that the certificate is not secure

(you need to install the certificate manually on the computer, not to mention it here.)

If we apply for a certificate from a specialized certificate authority, there will be no prompt (the following is my own Aliyun application configuration)

3. Set http to redirect to https

Because the default is http request

So we need to redirect the http request to the https request method

1. Modify the configuration file

Open the / etc/httpd/conf/httpd.conf configuration file to configure the following information

1)。 Add mod_rewrite.so module

... LoadModule ssl_module modules/mod_ssl.s. I added LoadModule rewrite_module modules/mod_rewrite.so... under this line.

two。 Configure redirection rules

... I configured RewriteEngine onRewriteCond% {SERVER_PORT}! ^ 443$ RewriteRule ^. * $https://%{SERVER_NAME}%{REQUEST_URI} [LMague R] at the top of the label.

3. Restart httpd

[root@localhost ssl] # systemctl restart httpd

Done.

Note:

Sometimes you may have to look at the log or startup information to solve different situations. The configuration of the configuration file may vary from computer to computer.

When configuring, try to explore as much as possible, and inquire more about other information on the Internet.

Some of the commands I used are attached here.

Svnserve-d-r / path # specify directory startup where-d means daemon-r indicates execution in the background / installation directory with the path of svn ps-ef | grep svnserve # here is to kill the process by using linux to shut down SVNkill-9 pid # kill the process This 4967 is the process number systemctl start service name # start the service httpd/svnserve/.systemctl stop service name # close the service httpd/svnserve/.systemctl restart service name # restart the service httpd/svnserve/.systemctl status service name # the status of the service can be queried for errors above is all the content of the article "how to configure https access for svn under Linux" Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.