Matthias Schoettle

Software Developer

Setting up Apache and Subversion on Debian Wheezy

I’m assuming Apache is already installed and running properly on your server. This includes PHP if you want to use WebSVN for example.

Install Subversion

apt-get install subversion libapache2-svn

Create a folder for your repositories, create a repository and change the owner to the user running Apache

mkdir /home/svn
svnadmin create /home/svn/myRepository
chown -R www-data:www-data /home/svn

Edit /etc/apache2/mods-available/dav_svn.conf and add this

<Location /svn>
    DAV svn
    SVNParentPath /home/svn
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile /home/svn/passwd
    AuthzSVNAccessFile /home/svn/authz

    Require valid-user

    SSLRequireSSL
</Location>

Activate SSL and the DAV modules on Apache

a2enmod ssl
a2enmod dav
a2enmod dav_svn

Now you need the authz and passwd file. The passwd file can be created using htpasswd

htpasswd -cm /home/svn/passwd username

You will then be asked to enter the password for this user.

For authz you can get a sample file from your repository (conf/authz). Copy it to the parent repository location. To enable your user for the previously created repository add this

[yourrepository:/]
youruser = rw

This will give your user read and write permissions for this repository. Now you can use it through this URL https://example.com/svn/yourrepository

Create a self-signed certificate in /etc/apache2/ssl (create this directory first). It will be valid for 365 days. You don’t have to enter information when you get asked but some might be helpful. Your browser will tell you that there is a problem with this certificate (since it’s not issued by a certified auhorization)

openssl req -new -x509 -days 365 -nodes -out apache.pem -keyout apache.key

Create a file for your site in /etc/apache2/sites-available/

<VirtualHost *:443>
 ServerAdmin admin@server.name
 ServerName your.server.name

 DocumentRoot /var/www/yourSiteSSL

 <Directory /var/www/yourSiteSSL>
 Options -Indexes FollowSymLinks
 AllowOverride None
 Order deny,allow
 Allow from all
 </Directory>

 ErrorLog ${APACHE_LOG_DIR}/error_ssl.log
 LogLevel warn
 CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

 SSLEngine On
 SSLCertificateFile /etc/apache2/ssl/apache.pem
 SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>

Enable your SSL site and restart the server

a2ensite yoursiteSSL
apache2ctl restart

Optional: Install WebSVN

apt-get install websvn

After, the configuration dialog appears.

  • Select Apache2 (deselect the others using space)
  • Type in the location of the folder with your svn repositories

To make SSL a requirement for WebSVN edit /etc/websvn/apache.conf and uncomment SSLRequireSSL. And to restrict access only to authenticated users add this

AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /home/svn/passwd

Require valid-user

You may notice that the authz line is missing. This has to be done in the websvn config file located in /etc/websvn/config.php. Uncomment this line and add the path to the auth file

$config->useAuthenticationFile(‘/path/to/authz’);

Optional: Disable to show the complete server token for Apache

In /etc/apache2/conf.d/security change the line

ServerTokens OS

to

ServerTokens Prod

18 Comments

  1. Didn’t see any comments, so I thought I’ll leave one. Worked, thanks!

  2. Nice one. Got our svn installed in no time thanks to your walkthrough. Cheers!

  3. My very much thanks 😉

  4. Awesome tutorial! Thanks!

  5. Nice seeing there are guys who know things and share their knowledge with illiterate me.
    Thank yoy matthias

  6. Nice tutorial but I have a 403 Error while trying to checkout or access by browser….

    • Matthias Schoettle

      December 14, 2012 at 21:54

      Are you using http instead of https? This example only works with https.

      Otherwise a look into the error log (most likely in /var/log/apache2/error.log) should help you with what the problem exactly is.

  7. Still (very) useful. Thanks Matthias.

    • Matthias Schoettle

      November 3, 2014 at 17:00

      Thanks! Do you mean still, because it is written for Squeeze? I guess it’s universal and I should remove that 🙂

      • I’m not sure if “universal” is the right adjective here (I can not see far enough), but it worked well for Wheezy. Thanks again (for the article and the mood).

  8. Hi!

    I get “Invalid command ‘AuthzSVNAccessFile’, perhaps misspelled or defined by a module not included in the server configuration” in dav_svn.conf on line with:

    AuthzSVNAccessFile /home/svn/authz

    file contains:
    “[myRepository:/]
    anton = rw”

    I dont know what is going wrong …

  9. So I’ve installed a2enmod authz_svn and apache restarted, but I can’t acces my svn any way, even server ip does not show anything in browser…

    • Matthias Schoettle

      January 26, 2015 at 16:29

      The way the setup is described it would be https://yourserver.net/svn
      What do you get when you try to access it?

  10. Okay! O managed all problems, somehow after I installed websvn I am able to reach my svn, so it looks like it works, thanks alot!

    • Matthias Schoettle

      January 26, 2015 at 16:33

      Great! Thanks for letting me know.

      It might be possible that you tried to access just /svn, which will give you a 403 Forbidden page. You need to access a specific repository directly (e.g., https://yourserver.net/svn/myrepository). websvn shows all available repositories the user has acccess to by default.

  11. Hi, one more thing. I add path to authz file to useAuthenticationFile, something like $config->useAuthenticationFile(‘/etc/apache2/dav_svn.authz’); but I am not able to see any repos. File is:

    [/]
    * =
    anton = rw
    eugen = rw
    [NetGame:/]
    anton = rw
    tanya = r
    [NetGame:/art/]
    tanya = rw

    ant I am logining to /svn/NetGame with anton account, and I see “You do not have the necessary permissions to view this content”. Dont know what to do.

    • Matthias Schoettle

      January 27, 2015 at 22:56

      Hi Anton,

      do you get the authentication prompt before seeing the error message?

      You could check the error and access log of Apache to see if anything is reported there that points to the problem. You can find them in /var/log/apache2. If you use SSL it is probably in error_ssl.log.

      Your config line is for websvn, the URL for that is “/websvn”. For the regular HTTPS SVN access you need to add the corresponding entry to the dav_svn.conf (see above).

      Hope this helps,
      Matthias

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2019 Matthias Schoettle

Theme by Anders NorenUp ↑