|
Guides All Guides and HOWTO's. |
|
Thread Tools | Display Modes |
|
||||
Minimal Apache configuration file for subversion
Minimal Apache configuration file for subversion
Last Updated on 19 May 2010 If you want to use subversion over HTTP you have little choice but to use Apache. Somewhat unfortunately, Apache configuration is something of a mess and the default httpd.conf file is much much larger than needed, especially if you only want to use it for subversion access. This is a “minimal” Apache configuration file for use with subversion access with SSL. In many cases, the best approach is to “Start simple, add complexity when needed”. The default Apache configuration file is anything but “start simple”. httpd.conf Note: these directives are written for Apache 2.2 on FreeBSD. They may or may not work for other Apache versions. It should work for other operating systems. Code:
# Modules to load LoadModule alias_module libexec/apache22/mod_alias.so LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so LoadModule authn_file_module libexec/apache22/mod_authn_file.so LoadModule authz_default_module libexec/apache22/mod_authz_default.so LoadModule authz_host_module libexec/apache22/mod_authz_host.so LoadModule authz_user_module libexec/apache22/mod_authz_user.so LoadModule dav_module libexec/apache22/mod_dav.so LoadModule deflate_module libexec/apache22/mod_deflate.so LoadModule ssl_module libexec/apache22/mod_ssl.so # SVN modules LoadModule dav_svn_module libexec/apache22/mod_dav_svn.so LoadModule authz_svn_module libexec/apache22/mod_authz_svn.so # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # Do not add a slash at the end of the directory path. ServerRoot "/usr/local" # Only listen on one IP Listen 94.142.244.51:443 # Make sure the Apache process can write to your SVN dir if you want to allow # files to be commited. User apache Group apache # We do not want to serve anything other than svn DocumentRoot "/var/empty/" # Do not fork a zillion times. StartServers 2 MinSpareServers 1 MaxSpareServers 2 # The location of the error log file. ErrorLog "/var/log/httpd-error.log" # Control the number of messages logged to the error_log. # Possible values: debug, info, notice, warn, error, crit, alert, emerg. LogLevel warn # The default MIME type the server will use for a document DefaultType text/plain # Enable SSL. SSLEngine on # PEM encoded certificate, key is also loaded from this file. SSLCertificateFile "/usr/local/etc/ssl/svn.pem" <Location /svn> # This is a SVN dir DAV svn SVNParentPath /home/svn # Only allow from authenticated users AuthType Basic AuthName "Subversion repository" AuthUserFile /usr/local/etc/svn-auth-file Require valid-user # Allow from everyone. Order allow,deny Allow from all # Use compression SetOutputFilter DEFLATE SetInputFilter DEFLATE </Location> Code:
[/usr/local/etc/apache22]# wc -l httpd.conf extra/httpd-ssl.conf 481 httpd.conf 231 extra/httpd-ssl.conf 712 total [/usr/local/etc/apache22]# grep -Ev '(^#|^$)' httpd.conf extra/httpd-ssl.conf | wc -l 256 Code:
[/usr/local/etc/apache22]# wc -l httpd.conf 72 httpd.conf [/usr/local/etc/apache22]# grep -Ev '(^#|^$)' httpd.conf | wc -l 41 You can generate a basic self-signed SSL certificate with: Code:
$ openssl req -new -x509 -keyout svn.pem -out svn.pem -days 365 -nodes It is recommended you chown it to the user you run the Apache server as (apache in my case) and chmod the file to 400. The AuthUserFile /usr/local/etc/svn-auth-file can be created/modified with the htpasswd command. Code:
$ touch /usr/local/etc/svn-auth-file $ htpasswd -m /usr/local/etc/svn-auth-file lovecraft dunwich Further reading svnbook chapter 6: httpd, the Apache HTTP Server Official Apache documentation
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. |
Tags |
apache, freebsd, subversion |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Easily retrievable configuration file backup with Gmail | J65nko | Guides | 5 | 10th February 2010 04:30 AM |
Subversion and system files | tanked | FreeBSD Ports and Packages | 4 | 23rd September 2008 06:44 PM |
Default Apache won't read .css file | erehwon | OpenBSD General | 23 | 21st September 2008 10:21 PM |
minimal jail install with sysinstall | daemon-dd | FreeBSD General | 3 | 16th September 2008 08:28 AM |
Kernel configuration file ignored? | FWS | FreeBSD Installation and Upgrading | 16 | 26th June 2008 10:28 AM |