Running Subversion on Debian Sarge or Etch and Apache 2 22 comments

I had more than few headaches getting Subversion up and running on Sarge or Etch. For my money Subversion is the best free source control system out there. I know fans of the distributed systems like arch will probably jump down my throat for saying that, but my experience is that if I want the source to a project using Subversion I can get it quickly and easily without having to immerse myself in a ton of documentation. I do not need to pass weird command line arguments like I find myself doing with CVS. It is easy and it works. (update, a long time has passed since this tutorial was originally written, I think subversion still makes a good first source control system, but I would recommend anyone who knows their way around to take a look at mercurial, bazaar or git, these systems are not that much harder to use but give you a lot of useful features subversion simply does not have) So without further delay, If you would like to know how I installed and configured it, read on.

Before we start, our goal is to set up Subversion and Apache2 using SSL for access with the ability to host multiple repositories on Debian Sarge and running the Subversion site on a subdomain as a Virtual Host. If thats what you want read on and we will walk through it step by step

Step 1. Installing Apache2

Simplicity itself, log in as root and run

apt-get install apache2

Then run the script

apache2-ssl-certificate

to set up a SSL certificate for Apache.Debian etch seem to be missing this script, but the following command will do the same job if apache2-ssl-certificate is not there.

export RANDFILE=/dev/random
mkdir /etc/apache2/ssl
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem

chmod 600 /etc/apache2/ssl/apache.pem

Step 2. Installing Subversion

Yet again, pretty easy

apt-get install subversion libapache2-svn subversion-tools

Step 3. Configure Subversion

Make a directory for our Subversion repositories to live in ( I am planning on having more than 1)

su
cd /
mkdir /subversion

We need Apache to be able to read and write to these directories so we will give the www-data (this is the standard user for Apache to run as under Debian) ownership of the directory.

chown www-data:www-data /subversion

We need to create another directory below this for the individual repositories to live in, yet again Apache needs access to all of these directories so we will use su to switch to the www-data user in order to create them

cd subversion
su www-data

I called my base directory public, it doesn't have to be called public, thats just my choice. If you want to call it something else go ahead, just watch out for the references to public further on.

mkdir public
cd public

Now we can actually create a repository, the first repository I wanted to create was for my ogham project. so...

svnadmin create ogham

Thats Subversion set up for now, we will obviously need to import some code into our repository, but we will get Apache up and running before that

Step 4. Configure Apache

First of all we want to use SSL to connect to our repositories so we need Apache to listen for SSL connections on port 443.

Add the line

Listen 443

to /etc/apache2/ports.conf

Now we will create the Virtual Host

Create the file /etc/apache2/sites-available/subversion. Edit the file to look like the following. I will go through it line by line in a moment

<VirtualHost 65.110.15.148:443>
    ServerAdmin sean@odonnell.nu
    ServerName svn.odonnell.nu
    LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
    LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so
    LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem
    <Location /public>
        Order allow,deny
        Allow from all
        DAV svn
        SVNParentPath /subversion/public
        AuthzSVNAccessFile /etc/apache2/auth-files/public-svn-authzfile
        Satisfy Any
        Require valid-user
        AuthType Basic
        AuthName "odonnell.nu Subversion Repository"
    AuthUserFile /subversion/.dav_svn. passwd
    </Location>

    ErrorLog /var/log/apache2/error.log
    # Possible values include: debug, info, notice, warn, error, crit, 
    # alert, emerg.

    LogLevel warn
    CustomLog /var/log/apache2/access. log combined

</VirtualHost>

Ok , line by line here is what we have done

The Virtual Host should listen to port 443 on IP Address 65.110.15.148, obviously you will need to change the IP to that of your server.

<VirtualHost 65.110.15.148:443>

I want the server to be called svn.odonnell.nu , I have already created the DNS records for this subdomain and this tutorial does not cover the creation of those DNS records. You will have to alter this line to reflect the subdomain you want to use

ServerName svn.odonnell.nu

Load the modules required for Subversion and SSL to work. Apache may already be doing this in which case it will give a warning when starting that they are already loaded.If that is the case the relevent lines can be removed.

    LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so
    LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so
    LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so

We want Apache to use ssl for this virtual host and we want to use the ssl key in the file /etc/apache2/ssl/apache.pem. The apache2-ssl-certificate script we ran earlier should have created this.

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem

The following settings apply to urls that look like https://svn.odonnell.nu/public, if you remember from earlier, public is also the name of the parent directory for the various repositories. I am not actually sure if the two have to match, but this is one of the parts I had a great deal of trouble with, so I am not going to mess with it. If someone with more expertise than me wants to clarify the matter, I will update this document accordingly.

  <Location /public>

Accept all connections, Apache seems to deny all by default on sarge.

        Order allow,deny
        Allow from all

Use the svn_dav module instead of the normal webdav module. svn_dav is a superset of normal webdav.

         DAV svn

Our Subversion repositories can be found under this directory

        SVNParentPath /subversion/public

This file contains details of which users are allowed to access which repositories. We will create it shortly.

        AuthzSVNAccessFile /etc/apache2/auth-files/public-svn-authzfile

One of the following authentication schemes must be satisfied or Apache will return a 403 Forbidden Error ( I was sick of these before I got it all to work correctly). We are only going to use one authentication method HTTP Basic Authentication.

        Satisfy Any

We require that the user who connects be a valid user from the file specified in the AuthUserFile line (we will create this file shortly). We will authenticate that user using Basic Authentication. The Authname line simply provides the text that appears in the title of the login window when it appears. Change this to whatever you like.

        Require valid-user
        AuthType Basic
        AuthName "odonnell.nu Subversion Repository"
        AuthUserFile /subversion/.dav_svn. passwd

Use the standard Apache error log for error messages.

    ErrorLog /var/log/apache2/error.log

Log everything as serious as a warning and worse. Any line in this config file beginning with a # is just a comment, so only the last line here actually does anything.

    # Possible values include: debug, info, notice, warn, error, crit, 
    # alert, emerg.

    LogLevel warn

Use the standard log file for logging access to this website.

    CustomLog /var/log/apache2/access. log 

To actually enable this site configuration.

ln -s /etc/apache2/sites-available/subversion /etc/apache2/sites-enabled/subversion

This just means if you ever want to turn the site off you can simply delete the file in sites-enabled and restart Apache, to turn it back on re-link and restart Apache.For example if you find that this tutorial is not working for you and Apache wont start, just delete the file in sites-enabled and you can come back to it later.

In the virtual host configuration we specified that we would store our valid users and passwords in /subversion/.dav_svn.passwd. Its time to create it. logged in as root run

htpasswd -cm /subversion/.dav_svn.passwd sean
chown www-data:www-data /subversion/.dav_svn.passwd

The first line creates the file and adds the user sean (it will prompt you for a password), the -c switch actually creates the file, so to add another user drop the c from the command like this.

htpasswd -m /subversion/.dav_svn.passwd dave

That will add the dave user to the file without wiping the sean user, which it would do if you did not lose the -c switch. The second file we have to create describes which users can access which repositories once they have logged in. In the virtual host configuration we said we would place the file at AuthzSVNAccessFile /etc/apache2/auth-files/public-svn-authzfile. So create this file and edit it to look like this. Yet again I will go through this line by line in a moment.

# directory specific authorization control
[groups]
owner=sean
ogham-developers=sean
[/]
@owner=rw
[ogham:/]
@ogham-developers=rw
*=r

The first groups section sets the owner of the entire installation to be sean, and then creates a group called ogham-developers and adds sean to it. If you wanted to include the dave user in the group as well , it would look like.

# directory specific authorization control
[groups]
owner=sean
ogham-developers=sean, dave

This file is extremely touchy about format, if you get 403 errors later, check you haven't added any unnecessary whitespace, tabs, or anything else. If you cant see anything wrong with it, delete it and create it again, there might be a weird little typo there you cannot see.

Next we give the owner (sean) read write permissions on the repository root. This effectively means sean is the only one who can create a new repository

[/]
@owner=rw

Now we give everyone in the ogham-developers group read write access to the ogham repository.

[ogham:/]
@ogham-developers=rw
*=r

And finally we allow everyone read access on this repository, if you do not want your repository to be publicly readable, then don't add this line

*=r

For more details on the syntax of this file check here http://svnbook.red-bean.com/en/1.1/ch06s04.html

Once you have finished settings up your users and groups, change ownership of the file to www-data so Apache can read it

chown www-data:www-data /etc/apache2/auth-files/public-svn-authzfile

Ok, we should be in business now, restart Apache

apache2ctl restart

If you did not get any errors, we are ready to import some code into our repository

Step 5. Import your codebase

I keep my development version of ogham in /home/sean/ogham on my laptop, so I switch to that directory.

cd /home/sean/ogham/

And now to import the code into the repository.

svn --username sean import ogham https://svn.odonnell.nu/public/ogham -m "Initial Import"

The syntax is svn [user to log in as] import [directory to import] [address of repository] -m "[comment]"

If you now browse to your equivalent of https://svn.odonnell.nu/public/ogham you can browse the source tree. If you did not enable public read access you may need to log in first.

To check the code out again, run the command

svn co https://svn.odonnell.nu/public/ogham

Which is the same command anyone will use to check the code out for the first time.

Where to go next

For a nice tutorial on the basics of Subversion see

http://www.germane-software.com/~ser/R_n_R/subversion.html

or

http://www.cbcb.duke.edu/%7Efaheem/svn_tutorial/svn.en.html

There is also a very comprehensive Subversion Manual available online.

Thanks

I hope you have now successfully installed your own repository and are enjoying it. I would like to thank Nelson Castillo for his tutorial and Vinay Venkatesh for his tutorial. This tutorial largely consists of me patching their works together to get the configuration I wanted and without them I would still be scratching my head while looking at 403 Forbidden errors.

All comments, tips and corrections will be gratefully received.

Comments

Thanks for a nice guide. Note that the virtualhost and location tags are missing from your output of "/etc/apache2/sites-available/subversion". /Martin.

Martin Kamp Jensen 17:33 Sunday the 4th of September 2005 #

Doh,I forgot to escape some of the chevrons. Fixed now, thanks for that Martin.

Sean O'Donnell 17:34 Sunday the 4th of September 2005 #

I noticed that too, yesterday. But your server was down at that time and I was looking at it through google's cache and thought that that might have been the reason. Thanks for this tutorial, Chris!

Jannis 17:35 Sunday the 4th of September 2005 #

Thank you very much for this nice and explanatory guide. I tried some other tutorials and howtos and they left me nothing more than confused!

Oliver 17:37 Sunday the 4th of September 2005 #

Very nice. I've googled and fought this for two days. Now to teach the programmers in my organization how to properly utilize this and http://tortoisesvn.sourceforge.net/ Thanks a million!

Jeremy 17:40 Sunday the 4th of September 2005 #

Hey, I'm trying to get subversion working at the moment but when I try to log in I keep on getting a 403. I have all the permissions on the files set properly I believe. Everything is owned by www-data. Any ideas? Thanks.

Eric 17:41 Sunday the 4th of September 2005 #

Hi Eric, I've emailed you directly with a list of suggestions. That error generally tends to be a file permission problem somewhere.

Sean O'Donnell 17:42 Sunday the 4th of September 2005 #

Thanks!

Peter 17:42 Sunday the 4th of September 2005 #

The sample subversion configuration file shown above (/etc/apache2/sites-available/subversion) is missing some crucial data because its XML-like syntax is swallowed by the web server or browser. Look instead to the original file at: http://mattl.co.uk/apache2subversiondebianhowto.html

DJ Molny 17:44 Sunday the 4th of September 2005 #

Thanks DJ, I migrated servers recently, and it doesnt appear the article made it intact. I just edited it to patch it back up , and I think everything is showing up now. (if anyone sees any other errors please let me know)

Sean O'Donnell 17:44 Sunday the 4th of September 2005 #

You also need this LoadModule for AuthzSVNAccessFile directive to work LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so

Pete 17:45 Sunday the 4th of September 2005 #

Nice tutorial ! Very helpful.

Mirko 17:46 Sunday the 4th of September 2005 #

Hi Sean I've setup the server strictly as you directed. However, whenever trying to use authentication I got 403 Forbidden. Simpliest conf with anonymous access is OK, I can see the Revision 0 page for the project. What could be wrong? Thanks in advance.

Dolores 17:47 Sunday the 4th of September 2005 #

Hi Dolores, does it ask you for the password before it says 403 forbidden? or does it go straight to the 403 error? Feel free to mail me directly (see the contact me link above on the left).

Sean O'Donnell 17:48 Sunday the 4th of September 2005 #

Hi Sean, thank you so much for this tutorial, it's saved me yet again!

Nicholas Johnson 17:48 Sunday the 4th of September 2005 #

Thanks this handy tutorial! Simple and clear. I've followed your tutorial to setup my SVN server, but I got 403 error after I've made successfully login. They should be something wrong with the permission but I can't figure it out myself. Any hint?

Antony 17:49 Sunday the 4th of September 2005 #

To those having 403 problems, check that the format of the authz file is correct, extra spaces, tabs, anything can throw it off. Just finished helping someone with an installation and after hours that turned out to be the problem.

Sean O'Donnell 17:50 Sunday the 4th of September 2005 #

Thanks so much for this. After 2 years I am now reluctantly turning off my subversion server and migrating everything over to Git. I've referred to this tutorial often over that time and just wanted to say a big Thanks for taking the tie to write it and to make it so comprehensively useful.

Nicholas Johnson 17:51 Sunday the 4th of September 2005 #

did exactly what you say but it doesn't work, why can't people write tutorials step by step that work for a non geek. for example you ssl stuff it just doesn't work with that simple script you have to do more then that if you wanna write a tutorial then write everything !

Meto 17:52 Sunday the 4th of September 2005 #

meto, to the best of my knowledge that is exactly what you have to do, no more and no less. If you found additional steps where needed, or found something confusing or unclear, please let me know exactly what it was and ill update the tutorial accordingly.

Sean O'Donnell 17:52 Sunday the 4th of September 2005 #

Hi, nelson I have troubles  when i put the AuthzSVNAccessFile on my browser shows the 403 error, could you give me an advice in order to fix mi error, thanks

 

Jose 19:35 Wednesday the 12th of May 2010 #

Really nice guide. Subversion is great but I would really recommend to check out Git distrubuted version control. Its the best version control out there at the moment. Here is a guide on how to install a repository server on linux debian distros. How to install and setup a Git Repository Server using Gitolite on Linux Ubuntu 10.04 &amp; 11.04 [Development Environment]

Christian D. H. 22:17 Thursday the 18th of August 2011 #

New Comment

required

required (not published)

optional