Linux下如何配置svn的https访问
这篇文章主要介绍Linux下如何配置svn的https访问,文中介绍的非常详细,具有一定的参考价值,感兴趣的小伙伴们一定要看完!
Apache Subversion 通常被缩写成 SVN,是一个开放源代码的版本控制系统,Subversion 在 2000 年由 CollabNet Inc 开发,现在发展成为 Apache 软件基金会的一个项目,同样是一个丰富的开发者和用户社区的一部分。 SVN相对于的RCS、CVS,采用了分支管理系统,它的设计目标就是取代CVS。互联网上免费的版本控制服务多基于Subversion。
搭建SVN服务器
1.使用yum命令安装svn服务器
[root@localhost ~]# yum install -y subversion
2.可以使用命令查看svn是否安装成功
[root@localhost ~]# svn使用"svn help"得到用法。[root@localhost ~]# svn help[root@localhost ~]# svn --version[root@localhost ~]# svnadmin help...
3.创建svn服务器的仓库
先创建目录(这里目录可以随意,我为了方便自己管理就起了 /wfq)
[root@localhost /]# mkdir /wfq/svn/project
然后创建仓库,仓库目录指定为刚才创建的目录
[root@localhost /]# svnadmin create /wfq/svn/project
因为我们创建文件夹时使用root权限创建的所以我们需要修改组权限,防止因为权限不够而svn操作失败
[root@localhost /]# chown -R apache:apache /wfq/svn/project
进入到该目录中就会发现生成了很多文件,文件中svn中最主要的配置就在conf目录中
[root@localhost /]# cd /wfq/svn/project/[root@localhost project]# ll总用量 8drwxr-xr-x. 2 root root 54 1月 19 02:12 confdrwxr-sr-x. 6 root root 233 1月 19 02:12 db-r--r--r--. 1 root root 2 1月 19 02:12 formatdrwxr-xr-x. 2 root root 231 1月 19 02:12 hooksdrwxr-xr-x. 2 root root 41 1月 19 02:12 locks-rw-r--r--. 1 root root 229 1月 19 02:12 README.txt[root@localhost project]# cd conf/[root@localhost conf]# ll总用量 12-rw-r--r--. 1 root root 1080 1月 19 02:12 authz-rw-r--r--. 1 root root 309 1月 19 02:12 passwd-rw-r--r--. 1 root root 3090 1月 19 02:12 svnserve.conf
conf–|
–| authz —svn的权限配置
–| passwd —svn的密码配置(注意:因为我们要使用httpd 所以这里的密码验证文件不是密码文件所以不可以用)
–| svnserve.conf —svn的基本配置文件
4.SVN指定库启动与关闭
1.命令方式启动(有缺陷)
关闭svn
[root@localhost ssl]# ps -ef|grep svnserveroot 1438 1 0 19:06 ? 00:00:00 /usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid -r /wfq/svnroot 1493 1137 0 19:23 pts/0 00:00:00 grep --color=auto svnserve[root@localhost ssl]#kill -9 1438
启动指定目录
[root@localhost ssl]# svnserve -d -r /wfq/svn/[root@localhost ssl]# ps -ef|grep svnserveroot 1509 1 0 19:24 ? 00:00:00 svnserve -d -r /wfq/svn/root 1511 1137 0 19:24 pts/0 00:00:00 grep --color=auto svnserve[root@localhost ssl]# systemctl restart httpd
这种方式有点缺点就是不能 使用下面这几个命令来控制svn服务
[root@localhost ssl]# systemctl start svnserve[root@localhost ssl]# systemctl restart svnserve[root@localhost ssl]# systemctl stop svnserve[root@localhost ssl]# systemctl status svnserve
2.修改默认的启动目录
将OPTIONS="-r /wfq/svn"变量修改未上面创建的根目录
[root@localhost ssl]# vi /etc/sysconfig/svnserve# OPTIONS is used to pass command-line arguments to svnserve.## Specify the repository location in -r parameter:OPTIONS="-r /wfq/svn"
重启
[root@localhost ssl]# systemctl restart svnserve[root@localhost ssl]# systemctl restart httpd
创建 apache环境支持http svn连接
1.使用yum源下载httpd和mod_dav_svn两个模块
httpd模块 是Apache超文本传输协议(HTTP)服务器的主程序。被设计为一个独立运行的后台进程,它会建立一个处理请求的子进程或线程的池。
mod_dav_svn 配置指令 模块 是通过 Apache HTTP 服务器提供 Subversion 版本库服务的配置说明。
[root@localhost project]# yum install -y httpd mod_dav_svn
2.创建用户和密码文件,并且配置svn权限
创建密码文件 htpasswd 命令中 最后面的是用户名,然后输入密码回车,再次确认密码回车就会创建好文件
如果要追加用户的话就使用 -m 命令 去掉c命令否则会覆盖了
使用命令查看后则会发现已创建该用户
[root@localhost /]# htpasswd -cm /wfq/svn/project/conf/http-auth bugwfqNew password:Re-type new password:Adding password for user bugwfq[root@localhost /]# vi /wfq/svn/project/conf/http-authbugwfq:$apr1$0FjoVFII$Zb4G0C8/r3ooQKPmcJHCi/~~~
进入到 conf/authz 文件中配置权限详细配置方式请参考 配置详解
[root@localhost /]# vi /wfq/svn/project/conf/authz### This file is an example authorization file for svnserve.### Its format is identical to that of mod_authz_svn authorization### files.### As shown below each section defines authorizations for the path and### (optional) repository specified by the section name.### The authorizations follow. An authorization line can refer to:### - a single user,### - a group of users defined in a special [groups] section,### - an alias defined in a special [aliases] section,### - all authenticated users, using the '$authenticated' token,### - only anonymous users, using the '$anonymous' token,### - anyone, using the '*' wildcard.###### A match can be inverted by prefixing the rule with '~'. Rules can### grant read ('r') access, read-write ('rw') access, or no access### ('').[aliases]# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average[groups]# harry_and_sally = harry,sally# harry_sally_and_joe = harry,sally,&joeadmin = bugwfq #配置用户组 admin 组内成员 admin= zs,ls,ww# [/foo/bar]# harry = rw# &joe = r# * =[/]@admin = rw #所属组权限配置 r读w写# [repository:/baz/fuz]"/wfq/svn/project/conf/authz" 37L, 1113C written
3.配置svnserve.conf 文件
去掉 下面几个配置前面的#号
anon-access = read auth-access = write password-db = http-auth (指定刚才生成的密码文件) authz-db = authz
[root@localhost /]# vi /wfq/svn/project/conf/svnserve.conf### This file controls the configuration of the svnserve daemon, if you### use it to allow access to this repository. (If you only allow### access through http: and/or file: URLs, then this file is### irrelevant.)### Visit http://subversion.apache.org/ for more information.[general]### The anon-access and auth-access options control access to the### repository for unauthenticated (a.k.a. anonymous) users and### authenticated users, respectively.### Valid values are "write", "read", and "none".### Setting the value to "none" prohibits both reading and writing;### "read" allows read-only access, and "write" allows complete### read/write access to the repository.### The sample settings below are the defaults and specify that anonymous### users have read-only access to the repository, while authenticated### users have read and write access to the repository.anon-access = read auth-access = write### The password-db option controls the location of the password### database file. Unless you specify a path starting with a /,### the file's location is relative to the directory containing### this configuration file.### If SASL is enabled (see below), this file will NOT be used.### Uncomment the line below to use the default password file.password-db = http-auth### The authz-db option controls the location of the authorization### rules for path-based access control. Unless you specify a path### starting with a /, the file's location is relative to the the### directory containing this file. If you don't specify an### authz-db, no path-based access control is done.### Uncomment the line below to use the default authorization file.authz-db = authz### This option specifies the authentication realm of the repository.### If two repositories have the same authentication realm, they should### have the same password database, and vice versa. The default realm"/wfq/svn/project/conf/svnserve.conf" 61L, 3085C written
4.配置httpd.conf配置文件
服务目录:/etc/httpd/ 主配置文件:/etc/httpd/conf/httpd.conf
SVNParentPath /wfq/svn ##为根project 的上级目录 AuthUserFile /wfq/svn/project/conf/httppasswd ##密码文件位置 AuthzSVNAccessFile /wfq/svn/project/conf/authz ##权限配置
[root@localhost /]# vi /etc/httpd/conf/httpd.conf...ServerName locahost:80DAV svnSVNListParentPath onSVNParentPath /wfq/svnAuthType BasicAuthName "Subversion repositories"AuthUserFile /wfq/svn/project/conf/httppasswdAuthzSVNAccessFile /wfq/svn/project/conf/authzRequire valid-userSVNAutoversioning onModMimeUsePathInfo on...[root@localhost /]#
5.修改svn目录下文件的属主和属组
[root@localhost /]# cd /wfq/svn/[root@localhost svn]# chown -R apache. project/[root@localhost svn]# ll总用量 0drwxr-xr-x. 6 apache apache 86 1月 19 02:12 project[root@localhost svn]# ll project/总用量 8drwxr-xr-x. 2 apache apache 71 1月 19 03:21 confdrwxr-sr-x. 6 apache apache 233 1月 19 02:12 db-r--r--r--. 1 apache apache 2 1月 19 02:12 formatdrwxr-xr-x. 2 apache apache 231 1月 19 02:12 hooksdrwxr-xr-x. 2 apache apache 41 1月 19 02:12 locks-rw-r--r--. 1 apache apache 229 1月 19 02:12 README.txt[root@localhost svn]#
重启httpd
[root@localhost svn]# systemctl restart httpdJob for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
查看启动失败原因
[root@localhost svn]# systemctl status httpd● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since 六 2019-01-19 03:57:46 CST; 1min 30s ago Docs: man:httpd(8) man:apachectl(8) Process: 1952 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE) Process: 1951 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)Main PID: 1951 (code=exited, status=0/SUCCESS)1月 19 03:57:46 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...1月 19 03:57:46 localhost.localdomain httpd[1951]: httpd (pid 1600) already running1月 19 03:57:46 localhost.localdomain kill[1952]: kill: cannot find process ""1月 19 03:57:46 localhost.localdomain systemd[1]: httpd.service: control process exited, code=exited status=11月 19 03:57:46 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.1月 19 03:57:46 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.1月 19 03:57:46 localhost.localdomain systemd[1]: httpd.service failed.
查看日志
[root@localhost svn]# vi /var/log/httpd/error_log[Sat Jan 19 02:40:38.937489 2019] [core:notice] [pid 1599] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023[Sat Jan 19 02:40:38.938439 2019] [suexec:notice] [pid 1599] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)[Sat Jan 19 02:40:38.954448 2019] [auth_digest:notice] [pid 1600] AH01757: generating secret for digest authentication ...[Sat Jan 19 02:40:38.965269 2019] [lbmethod_heartbeat:notice] [pid 1600] AH02282: No slotmem from mod_heartmonitor[Sat Jan 19 02:40:38.992931 2019] [mpm_prefork:notice] [pid 1600] AH00163: Apache/2.4.6 (CentOS) SVN/1.7.14 configured -- resuming normal operations[Sat Jan 19 02:40:38.992970 2019] [core:notice] [pid 1600] AH00094: Command line: 'httpd'
原来是本地80端口忘开了,这里为了方便直接关闭防火墙
[root@localhost /]# systemctl stop firewalld.service[root@localhost /]# systemctl disable firewalld.service
然后接着重启发现虽然成功了,但是访问的时候报了500
The server encountered an internal error or misconfiguration and was unable to complete your request.Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
然后我查看了下错误日志
[Sat Jan 19 04:42:55.749505 2019] [authn_file:error] [pid 2207] (13)Permission denied: [client 192.168.4.208:10890] AH01620: Could not open password file: /wfq/svn/project/conf/httppasswd[Sun Jan 20 03:43:02.936928 2019] [mpm_prefork:notice] [pid 2202] AH00171: Graceful restart requested, doing restart
发现是新装的系统SELinux未关闭,授权没有生效。
有两种处理方案:
1.永久关闭selinux并重启系统
[root@localhost ~]# vi /etc/selinux/config
将SELINUX=enforcing修改为SELINUX=disabled
重启系统reboot命令 应用相关设置
参考文章:linux 关闭selinux
2.命令方式直接修改SVN目录的权限配置
chcon -R -h -t httpd_sys_content_t /wfq/svn/project
然后访问地址http://ip/svn/project 输入设置的账号和密码 看到该界面就说明访问成功了
升级为https访问
1.SSL环境搭建
SSL数字证书
1.下载openssl与mod_ssl模块
[root@localhost ~]# yum install -y openssl mod_ssl
2.生成key和证书
[root@localhost ~]# mkdir /etc/httpd/conf/ssl/[root@localhost ~]# cd /etc/httpd/conf/ssl/[root@localhost ssl]# ll总用量 0[root@localhost ssl]# openssl genrsa -des3 -out server.key 1024Generating RSA private key, 1024 bit long modulus............++++++...............++++++e is 65537 (0x10001)Enter pass phrase for server.key:Verifying - Enter pass phrase for server.key:生成csr[root@localhost ssl]# openssl req -new -key server.key > server.csrEnter pass phrase for server.key:You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [XX]:CN #国家名称(2个字母代码)State or Province Name (full name) []:gd #省份Locality Name (eg, city) [Default City]:sz #城市Organization Name (eg, company) [Default Company Ltd]:xx #公司名称Organizational Unit Name (eg, section) []:xx #公司部门Common Name (eg, your name or your server's hostname) []:bugwfq #主机名Email Address []:bugwfq@163.com #邮件地址Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:123456 #密码An optional company name []:bugwfq #可选的公司名称...#生成证书[root@localhost ssl]# openssl req -x509 -days 2048 -key server.key -in server.csr > server.crtEnter pass phrase for server.key:[root@localhost ssl]# ll总用量 12-rw-r--r-- 1 root root 997 1月 21 23:27 server.crt-rw-r--r-- 1 root root 729 1月 21 23:26 server.csr-rw-r--r-- 1 root root 963 1月 21 23:22 server.key
如果使用的阿里云服务器,并且有域名则找到对应的域名管理,开启ssl证书然后下载apache 对应的证书
会生成以下几个文件
将这些文件放到 /etc/httpd/conf/ssl 目录下
2.配置SSL环境
\1. 打开/etc/httpd/conf/httpd.conf 配置文件配置以下信息
[root@localhost /]# vi /etc//httpd/conf/httpd.conf...# Load config files in the "/etc/httpd/conf.d" directory, if any....LoadModule ssl_module modules/mod_ssl.soMutex default ssl-cacheSSLRandomSeed startup builtinSSLSessionCache noneSSLCertificateFile conf/ssl/server.crtSSLCertificateKeyFile conf/ssl/server.key#SSLCertificateChainFile conf/ssl/X_X_X_chain.crt #如果是openssl 生产的可以不配,如果是正规机构配置的可以放上去...DAV svn...ModMimeUsePathInfo onSSLRequireSSL #配置该行,
2.重启httpd
[root@localhost /]# systemctl restart httpd
然后访问对应的地址 https://xxx.xxx.xxx.xxx/svn/project
因为我使用openssl 生成得,所以虽然证书可以了,但是只适用于开发环境,上面还会出现证书不安全的提示
(需要在电脑上手动安装证书 在这里就不提了)
如果我们从专门得证书机构申请证书就不会出现提示(下面这个是我自己阿里云申请配置的)
3.设置http重定向到https
因为默认是http请求
所以我们要把http请求重定向到https的请求方式
1.修改配置文件
打开/etc/httpd/conf/httpd.conf 配置文件配置以下信息
1).添加mod_rewrite.so模块
...LoadModule ssl_module modules/mod_ssl.s 我添加在了这一行下面LoadModule rewrite_module modules/mod_rewrite.so...
2.配置重定向规则
...我配置在了 标签上方RewriteEngine onRewriteCond %{SERVER_PORT} !^443$RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]...
3.重启httpd
[root@localhost ssl]# systemctl restart httpd
搞定
注意:
有时候可能回遇到不同情况要多看日志或启动信息去解决,配置文件的配置可能每个电脑上配置的方式会有所差异
在配置的时候尽量多摸索,多查询网上其他资料。
在这里附上我用到的一些命令
svnserve -d -r /路径 #指定目录启动其中 -d 表示守护进程-r 表示在后台执行 /路径 为svn的安装目录ps -ef|grep svnserve #这里是采取linux杀死进程的方式关闭SVNkill -9 pid #杀死进程, 此4967为进程号systemctl start 服务名 #启动服务 httpd/svnserve/........systemctl stop 服务名 #关闭服务 httpd/svnserve/........systemctl restart 服务名 #重启服务 httpd/svnserve/........systemctl status 服务名 #服务的状态查看 可以查询错误
以上是"Linux下如何配置svn的https访问"这篇文章的所有内容,感谢各位的阅读!希望分享的内容对大家有帮助,更多相关知识,欢迎关注行业资讯频道!