Setup SVN with SSL using Apache2 on Linux (Debian)

Accessing the SVN Repository from HTTP / Apahce2
Setting up the apache2 VHosts can be kind of tricky, especially if your web server uses it's own control panel, like ISPcp. As such I would only continue if you are comfortable and know what you are doing. As a mistake here on a live server can take down your webserver. I am not responsible for any harm / down time you may incur from following these instructions. You do these instructions knowing that each servers configuration is different and these commands / instructions may not suit your webserver. You have been warned.

First things first, you need to decide if you want to use SSL or not. If you choose to use SSL, I will have you copy your main site's vhost file like so:

1

cp /etc/apache2/sites-available/main-vhosts /etc/apache2/sites-available/ssl-main-vhosts

Instead of telling you all the modifications to do, I setup a very generic hosts file to illustrate what will need to be added / done:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

# note the * should be changed to the IP of the site in a remote server environment
<VirtualHost *:80>
	ServerAdmin webmaster@yoursite.com
	ServerName www.yoursite.com
	ServerAlias yoursite.com www.yoursite.com *.yoursite.com
 
	DocumentRoot /var/www/yoursite.com/htdocs
	<Directory /var/www/yoursite.com/htdocs/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Order allow,deny
		allow from all
	</Directory>
 
	ErrorLog /var/log/apache2/yoursite.com.error.log
 
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
 
	CustomLog /var/log/apache2/yoursite.com.access.log combined
 
	# this is the SVN Section
	# The location is how the SVN will be accessed IE: yoursite.com/svn
	# The /svn should NOT be in the webroot, as this will cause issues.
	<Location /svn>
		DAV svn
		SVNPath /var/svn/project_name
		SVNListParentPath On
		AuthType Basic
		AuthName "Project_name SVN"
		# We will go over creating the Authz file later on
		AuthUserFile /var/svn/yoursite.authz
 
		Require valid-user
	</Location>
	# End the Location DAV svn
</VirtualHost>
 
# if ssl is enabled, then include the following 
# note the * should be changed to the IP of the site in a remote server environment
<IfModule mod_ssl.c> 
NameVirtualHost *:443
 
<VirtualHost *:443>
	# SSL Section:
	SSLEngine On
	# Note this is for self-created non CA certs. 
	SSLCertificateFile /etc/apache2/ssl/ssl-yoursite.com.crt
 
	ServerAdmin webmaster@yoursite.com
	ServerName www.yoursite.com
	ServerAlias yoursite.com www.yoursite.com *.yoursite.com
 
	DocumentRoot /var/www/yoursite.com/htdocs
	<Directory /var/www/yoursite.com/htdocs/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Order allow,deny
		allow from all
	</Directory>
 
	ErrorLog /var/log/apache2/yoursite.com.error.log
 
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
 
	CustomLog /var/log/apache2/yoursite.com.access.log combined
 
	# this is the SVN Section
	# The location is how the SVN will be accessed IE: yoursite.com/svn
	# The /svn should NOT be in the webroot, as this will cause issues.
	<Location /svn>
		DAV svn
		SVNPath /var/svn/project_name
		SVNListParentPath On
		AuthType Basic
		AuthName "Project_name SVN"
		# We will go over creating the Authz file later on
		AuthUserFile /var/svn/yoursite.authz
 
		Require valid-user
	</Location>
	# End the Location DAV svn
</VirtualHost>
</IfModule>

You can have both of those type of settings, or if you have the 80 and only want SSL access to the SVN you can just leave in the SSL and remove the :80 section. This is all up to you and how you want to set it up. I am just laying out a template for your of how I setup my SVN with SSL access.

Before we decide to enable the site we need to setup the Authz file and the SSL Certificate. Here is the command I used to create the certificate:

1

sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/ssl-yoursite.com.crt

Just follow the prompts, if you get stuck google the make-ssl-cert function. This will effectively create a self-signed certificate for your site and SVN. Next we need to create our Authz File. I just used htpasswd to do this you can use htpasswd2 if you have it installed, but here are the general commands for that (note the -c is only needed for the initial creation. Adding users only requires the -m):

1
2
3
4
5
6

htpasswd -cm /var/svn/yoursite.authz username
*Your password
*Your password re-entered
htpasswd -m /var/svn/yoursite.authz other-user
*Their Password
*Their Password re-entered

Should do the trick (the *'s are just the prompts you should see after calling the htpasswd command). If you need to change your password, just use the -m with your username and it shall be done.

Activating the Vhost on Apache2
All the files should be in place now, let's activate the vhost file and verify that it works properly, along with the mods apache2 comes with similar commands for sites:

1
2

sudo a2ensite ssl-main-vhosts
sudo /etc/init.d/apache2 reload

After activating the site apache needs to reload the server configuration, incase everything goes wrong you can disable the site with a2endissite ssl-main-vhosts then do another reload or restart of the Apache2 server.

If your server started up just fine, let's do a quick test on your remote machine or the server, if on the remote put the checked out repository where ever you want to. If on your remote server, I would put a checked out version, of at least the trunk, under /var/svn/checkedout/project_name/ You will probably have to create the checkedout directory and the project_name directory. Once created do a:

1

svn co https://yoursite.com/svn/project_name/ /var/svn/checkedout/project_name/

Which should checkout the current revision to that directory. If you are working on a remote server and chose to create that directory you can then create your own shell script to basically copy changed files to your webroot from the trunk/www directory. I will not post that script as it can be damaging if done wrong, so I will implore you to look up how to best do that command and create that script on your own.

Finishing Touches
That is the basis of what I spent the past two days learning and the methods I have tried over and over again which in the end, ended up working with a few minor headaches. I am not expert at SVN or Apache2 or shell commands. I just read and try to absorb the better ways to setup items. Hopefully this will help lessen the learning curve. I would highly suggest testing this on a local server before attempting it on your remote server, test it many times till you feel comfortable with creating everything. I, myself, setup the svn repository about 3 different times on my local machine before I tried it on my Remote Web Server, which I took down apache2 about 3 times when I took it to the server because of simple mistakes, such as using SSLCACert instead of SSLCert, as I did not have a ca file.

The best of luck to you, and hopefully this learning guide / tutorial proves useful to you if nothing other then to broaden your knowledge.