SVN+WebDAV
当初、SVN+SSHの導入を考えていたが、SVNクライアントのSVN+SSH対応がイマイチなので、WebDAVとの連携で構築してみる。
SSL暗号化とbasic認証でセキュリティを高めることにした。
[install]
# cd /usr/ports/devel/subversion
# make WITHOUT_BDB="YES" WITH_MOD_DAV_SVN="YES" install clean
リポジトリ生成
# mkdir /home/svn/
# mkdir /home/svn/test
# svnadmin create /home/svn/test
オーナーとパーミションの変更
# chown -R www:www /home/svn
# chmod -R 0755 /home/svn
Basic認証生成
#cd /usr/local/etc/apache22/Includes
# htpasswd -c basic-htpasswd test
New password: ←testsvn
Re-type new password: ←testsvn
Adding password for user test
webdav_svn.conf生成
#nano /usr/local/etc/apache22/Includes/webdav_svn.conf
----------------------------------------------------------------
DAV svn
SVNAutoversioning on
SVNPath /home/svn/test
# SSLRequireSSL
# AuthsSVNAccessFile /usr/local/etc/apache22/authzsvn.conf
AuthType Basic
AuthUserFile /usr/local/etc/apache22/Includes/basic-htpasswd
AuthName "WebDAV Subversion Authentication"
Require valid-user
----------------------------------------------------------------
確認
http://localhost/svn/test/
SSLの有効化(リソース http://platz.jp/howto/apache_ssl6.html )
秘密鍵生成
#cd /usr/local/etc/apache22
# openssl req -new -x509 -nodes -out server.crt -keyout server.key -days 365
色々質問される--------------------------------------------------
Generating a 1024 bit RSA private key
.............++++++
.......++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:JP
State or Province Name (full name) [Some-State]:Tokyo
Locality Name (eg, city) []:Shinjyuku-ku
Organization Name (eg, company) [Internet Widgits Pty Ltd]:LOCALHOST inc
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:localhost←ここを省略するとsvnクライアントでエラーEmail Address []:
----------------------------------------------------------------
同じフォルダにSSLの秘密鍵 server.key とプライベート証明書 server.crt が出来る。
[root@dell /usr/local/etc/apache22]# ls
Includes extra httpd.conf.save mime.types server.key
envvars.d httpd.conf magic server.crt
httpd.conf書き換え
# nano /usr/local/etc/apache22/httpd.conf
# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf ←#を取る
webdav_svn.conf書き換え
# nano /usr/local/etc/apache22/Includes/webdav_svn.conf
SVNPath /home/svn/test
SSLRequireSSL
# AuthsSVNAccessFile /usr/local/etc/apache22/authzsvn.conf ←#を取る
# /usr/local/etc/rc.d/apache22 restart
確認
http://localhost/svn/test/ ←不可
https://localhost/svn/test/ ←可
BASIC認証は
ID:test
PASS:testsvn
として設定(危険!)
ココでは自己証明のサーバー証明書を用意しているが、SVNクライアントによっては認証が通らず、使えない場合がある
