You are not logged in.

#1 2008-08-12 20:00:13

diamondmind
Member
From: Lexington
Registered: 2007-12-19
Posts: 31

Subversion, SSH and Apache [SOLVED]

I'm trying to setup my first SVN server and I'd like to have it where I can access it with SSH over Apache if possible. I've followed the Subversion Setup guide on the wiki and after filling in some blanks I've got a setup that's partially working. (I'm still pretty green when it comes to sever admin stuff, so please bear with me. hmm)

Setup :
* SVN / Apache server living at 192.168.1.101
* Desktop box living at 192.168.1.100

Checkout:
Checkout from my desktop (192.168.1.100) works but never prompts me for a password.

$ svn co svn+ssh://192.168.1.101/svnrepos/photo_scripts
A    photo_scripts/sort_image_type.sh
A    photo_scripts/sort_exif_date.sh
Checked out revision 2.

Now .. the weird (for me anyway) part. I can kill apache but still checkout with the above. How exactly is the "svn+ssh" working if Apache isn't running to do the checking? Or am I completely missing the point? hmm

I obviously need to setup Apache differently, but I'm not sure what exactly?

I thought I was starting to get my head around this but the more  dig the more confused I get. yikes

Many thanks in advance for any help.


[EDIT]:

For completeness here are the relevant Apache config files:

[[ /etc/httpd/conf/httpd.conf ]]:

.
.
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
.
.

And I added the following to [[ /etc/httpd/conf/extra/httpd-ssl.conf ]] per the wiki guide above inside the <VirtualHost> section:

<Location /svn>
   DAV svn
   SVNParentPath /svnrepos
   AuthzSVNAccessFile /svnrepos/.svn-policy-file
   AuthName "SVN Repos"
   AuthType Basic
   AuthUserFile /svnrepos/.svn-auth-file
   Satisfy Any
   Require valid-user
</Location>

My auth and policy files are as follows:

$ cat /svnrepos/.svn-auth-file
nate:{SHA}P+URBwV3CYx6ILm4Vd/hKeV2nks=

$ cat /svnrepos/.svn-policy-file
[photo_scripts:/]
nate = rw

Last edited by diamondmind (2008-08-14 16:06:48)

Offline

#2 2008-08-12 20:56:38

Garns
Member
Registered: 2008-05-28
Posts: 239

Re: Subversion, SSH and Apache [SOLVED]

diamondmind wrote:

Setup :
* SVN / Apache server living at 192.168.1.101
* Desktop box living at 192.168.1.100

Checkout:
Checkout from my desktop (192.168.1.100) works but never prompts me for a password.

$ svn co svn+ssh://192.168.1.101/svnrepos/photo_scripts
A    photo_scripts/sort_image_type.sh
A    photo_scripts/sort_exif_date.sh
Checked out revision 2.

Now .. the weird (for me anyway) part. I can kill apache but still checkout with the above. How exactly is the "svn+ssh" working if Apache isn't running to do the checking? Or am I completely missing the point? hmm

You're  accessing svn via ssh, any chance there is an ssh server running as well and you have your box configured for login with key file?

Have you tried accessing svn via http or https ?

svn co http://192.168.1.101/svnrepos/photo_scripts
svn co https://192.168.1.101/svnrepos/photo_scripts

I'm sorry but I can't help you with the apache config.

Offline

#3 2008-08-12 22:22:25

diamondmind
Member
From: Lexington
Registered: 2007-12-19
Posts: 31

Re: Subversion, SSH and Apache [SOLVED]

Garns wrote:

You're  accessing svn via ssh, any chance there is an ssh server running as well and you have your box configured for login with key file?

Have you tried accessing svn via http or https ?

svn co http://192.168.1.101/svnrepos/photo_scripts
svn co https://192.168.1.101/svnrepos/photo_scripts

I'm sorry but I can't help you with the apache config.

I do have an ssh server running on the box and I'm using key files for password-less login between boxes on my LAN. I killed the SSH daemon on the SVN server and tried to checkout via both http and https from within my LAN and I got the same error as before:

$ svn co https://192.168.1.101/svnrepos/photo_scripts
svn: PROPFIND request failed on '/svnrepos/photo_scripts'
svn: PROPFIND of '/svnrepos/photo_scripts': 405 Method Not Allowed (https://192.168.1.101)

Offline

#4 2008-08-13 07:26:14

diamondmind
Member
From: Lexington
Registered: 2007-12-19
Posts: 31

Re: Subversion, SSH and Apache [SOLVED]

I *think* I just got it figured out. I can checkout from within my LAN using https:// anyway. smile I'll have to do some more testing to make sure everything is as secure as I think it is and see how it works from remote locations, but anyway, here's what I did:

* I read through (AGAIN roll) the SVN book to get basic http:// access running first. I pretty much followed the instructions there verbatim, skipping the parts that I'd already done by following the guide on the ArchWiki (modding httpd-ssl.conf and creating svn-auth + policy files)
* Once http:// was working I took the <Location> section out of httpd.conf and saw that it was still allowing plain http access so I commented out the Listen 80 directive in httpd.conf and that broke SVN access via plain http:// (which is what I want ... YMMV) which is good. **NOTE / WARNING: This will no longer allow Apache to serve up web pages on port 80. I'm not using this Apache as my web server, so I couldn't care less, but that's just me for this particular setup. **
* I added the stuff to httpd-ssl.conf as specified here: wiki link but I didn't wrap it in a <VirtualHost> directive (that's one of the things I'm going to investigate further)
* Then I went to the parent directory of my SVN repositories and changed everything to the svnusers group:

# chown -R :svnusers .

* Now make it r+w for the group:

# chmod -R 775 .

* And finally (apparently this is the real kicker according to the SVN documentation but it wasn't really a big deal to me?) change httpd.conf so that Apache will run with permission to read and write to the SVN repo directories. For me it was easy enough to edit httpd.conf and have it run as "svnusers"

One misc type note here since this really threw me for a while, but that could be my uber n00bness coming through. I couldn't get Apache to start and stop correctly using:

/etc/rc.d/httpd [start|stop|restart]

I had to do:

/usr/sbin/httpd -k [start|stop]

And make sure it's a "hard" start and stop .. namely "restart" doesn't seem to do anything. It's probably just a matter of editing /etc/rc.d/httpd but I figure if it's not broke, don't try to fix it.

Anyway, hopefully this'll help someone down the line. smile

Last edited by diamondmind (2008-08-13 07:30:11)

Offline

#5 2008-08-14 16:28:36

diamondmind
Member
From: Lexington
Registered: 2007-12-19
Posts: 31

Re: Subversion, SSH and Apache [SOLVED]

Just a quick follow up ...

I was finally able to get checkout and commits working from a remote host over https: while having plain http: access blocked .. which is what I was wanting.

I think my hangup was my not knowing exactly what I was doing in configuring Apache. big_smile When I blindly setup the following out of the wiki guide:

<Location /svn>
   DAV svn
   SVNParentPath /svnrepos
   AuthzSVNAccessFile /svnrepos/.svn-policy-file
   AuthName "SVN Repos"
   AuthType Basic
   AuthUserFile /svnrepos/.svn-auth-file
   Satisfy Any
   Require valid-user
</Location>

I was telling Apache to serve up my SVN repos on https://MY_URL/svn/REPO_NAME .. not https://MY_URL/svnrepos/REPO_NAME which is the directory name where my repos were living in my filesystem. 

Just another of the long "live and learn" tales I've authored in my Arch / Linux experience. wink

Offline

Board footer

Powered by FluxBB