[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: How to set up subversion, apache, and SSL

From: Toby Thain <toby_at_smartgames.ca>
Date: 2007-10-05 01:39:44 CEST

On 4-Oct-07, at 5:30 PM, ion wrote:

>
> I've been wracking my head with this for weeks, and no amount of
> googling helped me.
>
> Has anyone here set up subversion, with a mostly standard apache2
> installation doing SSL encryption?
>
> I have subversion 1.4.5, apache 2.2.4 and openssl 0.9.8e installed,
> but I cannot figure out how to make them work together. I could be
> retarded.
>
> apache is installed in /usr/local/apache2, a very standard build
> from source, with mod_dav_svn and mod_authz_svn loading at startup.
>
> subversion and apache work together, I access my repositories
> through http://server/svn/repo. But I need it to run with https.
>
> Surely someone here has a similar set up and was successful
> configuring SSL to work with subversion, to the point of being able
> to relay how it was done.

Have done this many times, on Linux and Solaris. The Svn Apache
modules don't care whether you're using SSL or not. The following is
extracted from my Apache config on Gentoo Linux. It assumes you have
built and installed the Apache modules for Subversion. Good
instructions for doing this are part of the Subversion source
distribution.

# these are actually buried in /etc/apache2/modules.d/
47_mod_dav_svn.conf
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<VirtualHost *:443>
         ServerName DOMAIN.com
         ErrorLog /var/www/logs/error-ssl.log
         CustomLog /var/www/logs/access-ssl.log combined

         SSLEngine on
         SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:
+SSLv2:+EXP:+eNULL
         SSLCertificateFile conf/ssl/server.crt
         SSLCertificateKeyFile conf/ssl/server.key

         <Location /svn>
                 DAV svn
                 SVNParentPath /var/svn # individual repos under here
                 # AuthzSVNAccessFile /var/svn/policy # if you wish

                 Order allow,deny
                 Allow from all

                # example authentication setup
                 Require valid-user
                 AuthType Basic
                 AuthName "Subversion repository"
                 AuthUserFile /var/svn/htpasswd
                 Satisfy Any
         </Location>
</VirtualHost>

The trickiest part is creating the SSL cert and key (server.crt,
server.key). I set up my own certifying authority (CA) according to
this recipe:
http://www.debian-administration.org/articles/284

HTH
--Toby

> Please help me here.
>
>
> many thanks in advance.....
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Oct 5 01:40:08 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.