DaemonForums  

Go Back   DaemonForums > Miscellaneous > Guides

Guides All Guides and HOWTO's.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th May 2010
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default Minimal Apache configuration file for subversion

Minimal Apache configuration file for subversion
Last Updated on 19 May 2010

If you want to use subversion over HTTP you have little choice but to use Apache.

Somewhat unfortunately, Apache configuration is something of a mess and the default httpd.conf file is much much larger than needed, especially if you only want to use it for subversion access.

This is a “minimal” Apache configuration file for use with subversion access with SSL. In many cases, the best approach is to “Start simple, add complexity when needed”. The default Apache configuration file is anything but “start simple”.

httpd.conf
Note: these directives are written for Apache 2.2 on FreeBSD. They may or may not work for other Apache versions. It should work for other operating systems.

Code:
  # Modules to load
  LoadModule alias_module libexec/apache22/mod_alias.so
  LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
  LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so
  LoadModule authn_file_module libexec/apache22/mod_authn_file.so
  LoadModule authz_default_module libexec/apache22/mod_authz_default.so
  LoadModule authz_host_module libexec/apache22/mod_authz_host.so
  LoadModule authz_user_module libexec/apache22/mod_authz_user.so
  LoadModule dav_module libexec/apache22/mod_dav.so
  LoadModule deflate_module libexec/apache22/mod_deflate.so
  LoadModule ssl_module libexec/apache22/mod_ssl.so
  
  # SVN modules
  LoadModule dav_svn_module libexec/apache22/mod_dav_svn.so
  LoadModule authz_svn_module libexec/apache22/mod_authz_svn.so
  
  # ServerRoot: The top of the directory tree under which the server's
  # configuration, error, and log files are kept.
  # Do not add a slash at the end of the directory path.
  ServerRoot "/usr/local"
  
  # Only listen on one IP
  Listen 94.142.244.51:443
  
  # Make sure the Apache process can write to your SVN dir if you want to allow
  # files to be commited.
  User apache
  Group apache
  
  # We do not want to serve anything other than svn
  DocumentRoot "/var/empty/"
  
  # Do not fork a zillion times.
  StartServers 2
  MinSpareServers 1
  MaxSpareServers 2
  
  # The location of the error log file.
  ErrorLog "/var/log/httpd-error.log"
  
  # Control the number of messages logged to the error_log.
  # Possible values: debug, info, notice, warn, error, crit, alert, emerg.
  LogLevel warn
  
  # The default MIME type the server will use for a document
  DefaultType text/plain
  
  # Enable SSL.
  SSLEngine on
  
  # PEM encoded certificate, key is also loaded from this file.
  SSLCertificateFile "/usr/local/etc/ssl/svn.pem"
  
  <Location /svn>
          # This is a SVN dir
          DAV svn
          SVNParentPath /home/svn
  
          # Only allow from authenticated users
          AuthType Basic
  
          AuthName "Subversion repository"
          AuthUserFile /usr/local/etc/svn-auth-file
          Require valid-user
  
          # Allow from everyone.
          Order allow,deny
          Allow from all
  
          # Use compression
          SetOutputFilter DEFLATE
          SetInputFilter DEFLATE
  </Location>
The default configuration:

Code:
  [/usr/local/etc/apache22]# wc -l httpd.conf extra/httpd-ssl.conf
       481 httpd.conf
       231 extra/httpd-ssl.conf
       712 total
  [/usr/local/etc/apache22]# grep -Ev '(^#|^$)' httpd.conf extra/httpd-ssl.conf | wc -l
       256
Compared to the above file:

Code:
  [/usr/local/etc/apache22]# wc -l httpd.conf
        72 httpd.conf
  [/usr/local/etc/apache22]# grep -Ev '(^#|^$)' httpd.conf | wc -l
        41
Additional setup
You can generate a basic self-signed SSL certificate with:

Code:
  $ openssl req -new -x509 -keyout svn.pem -out svn.pem -days 365 -nodes
When OpenSSL asks for your name, enter the server’s hostname, not your name.

It is recommended you chown it to the user you run the Apache server as (apache in my case) and chmod the file to 400.

The AuthUserFile /usr/local/etc/svn-auth-file can be created/modified with the htpasswd command.

Code:
  $ touch /usr/local/etc/svn-auth-file
  $ htpasswd -m /usr/local/etc/svn-auth-file lovecraft dunwich
On FreeBSD, you may also want to load the accf_data(9) and accf_http(9) modules, they’re supposed to increase performance. (Apache will warn you, but continue happily, if they are not loaded).

Further reading
svnbook chapter 6: httpd, the Apache HTTP Server
Official Apache documentation
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Reply

Tags
apache, freebsd, subversion

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Easily retrievable configuration file backup with Gmail J65nko Guides 5 10th February 2010 04:30 AM
Subversion and system files tanked FreeBSD Ports and Packages 4 23rd September 2008 06:44 PM
Default Apache won't read .css file erehwon OpenBSD General 23 21st September 2008 10:21 PM
minimal jail install with sysinstall daemon-dd FreeBSD General 3 16th September 2008 08:28 AM
Kernel configuration file ignored? FWS FreeBSD Installation and Upgrading 16 26th June 2008 10:28 AM


All times are GMT. The time now is 08:03 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick