Home ›
Properly installing Subversion on Apache2 with SSLProperly installing Subversion on Apache2 with SSL
Submitted by Benjamin Melançon on September 2, 2007 - 6:36am
Getting Subversion (SVN) to work on Apache 2, and apparently doing it right means SSL is involved.
debian latest version of svn
apt-get install subversion
not that Debian has the latest version.
- all that not so relevant.
subversion apache configuration
Solution:
Apache2 SSL and Subversion in Debian on the freaks unidos wiki.
NOTE: That page, that link above, has all the instructions. This page, Agaric's page, just describes what happened when we followed the instructions.
Note that the RANDFILE=/dev/random openssl req $@ -new -x509 -days 365 -nodes \ -out /etc/apache2/ssl/apache.pem \ -keyout /etc/apache2/ssl/apache.pem command will NOT work using sudo, you must su to root first.
Sweet Apache command I didn't know about:
a2ensite ssl
(That enables any site, a2ensite anysite that is in sites-available and you want to create a symlink in sites-enabled. It's the same thing but easier.)
The problem:
Ebony:~/workspace/repos ben$ svn checkout http://66.135.37.243/srv/svn/agaric
svn: PROPFIND request failed on '/srv/svn/agaric'
svn: PROPFIND of '/srv/svn/agaric': 302 Found (http://66.135.37.243)
Ebony:~/workspace/repos ben$ svn checkout https://66.135.37.243/srv/svn/agaric
svn: PROPFIND request failed on '/srv/svn/agaric'
svn: PROPFIND of '/srv/svn/agaric': could not connect to server (https://66.135.37.243)
Still problems after following instructions on page above.
searched for:
svn PROPFIND request failed on 301 Moved Permanently
Solution: http://subversion.tigris.org/faq.html#http-301-error
Progress! A new error message:
svn: PROPFIND request failed on '/svn/agaric'
svn: PROPFIND of '/svn/agaric': 405 Method Not Allowed
And after everything, all we had to do to make it work was add our full path back in (even though I thought the Apache rules made it unnecessary).
/srv/svn/agaric
And then to make non-anonymous check-in work, you do have to actually add users to the svn password file as described by the directions we're following (link at top) and then you have to make sure both that file is readable and (not in the directions) the repository itself is writable by the logging in user.
debian create web user
debian create www-data user
Not necessary because of course it already existed in the correct group. Simply remember to use chown -R www-data:www-data svn rather than chmod, which bash will rightly tell you is incorrect. In this case a capital -R is recursive.
This is where it occurs to Agaric that having a separate svn login, user, and all is a lot more secure, possibly. Time to re-consult with sysadmin.
Getting Subversion (SVN) to work on Apache 2, and apparently doing it right means SSL is involved.
debian latest version of svn
apt-get install subversion
not that Debian has the latest version.
- all that not so relevant.
subversion apache configuration
Solution:
Apache2 SSL and Subversion in Debian on the freaks unidos wiki.
NOTE: That page, that link above, has all the instructions. This page, Agaric's page, just describes what happened when we followed the instructions.
Note that the RANDFILE=/dev/random openssl req $@ -new -x509 -days 365 -nodes \ -out /etc/apache2/ssl/apache.pem \ -keyout /etc/apache2/ssl/apache.pem command will NOT work using sudo, you must su to root first.
Sweet Apache command I didn't know about:
a2ensite ssl
(That enables any site, a2ensite anysite that is in sites-available and you want to create a symlink in sites-enabled. It's the same thing but easier.)
The problem:
Ebony:~/workspace/repos ben$ svn checkout http://66.135.37.243/srv/svn/agaric
svn: PROPFIND request failed on '/srv/svn/agaric'
svn: PROPFIND of '/srv/svn/agaric': 302 Found (http://66.135.37.243)
Ebony:~/workspace/repos ben$ svn checkout https://66.135.37.243/srv/svn/agaric
svn: PROPFIND request failed on '/srv/svn/agaric'
svn: PROPFIND of '/srv/svn/agaric': could not connect to server (https://66.135.37.243)
Still problems after following instructions on page above.
searched for:
svn PROPFIND request failed on 301 Moved Permanently
Solution: http://subversion.tigris.org/faq.html#http-301-error
Progress! A new error message:
svn: PROPFIND request failed on '/svn/agaric'
svn: PROPFIND of '/svn/agaric': 405 Method Not Allowed
And after everything, all we had to do to make it work was add our full path back in (even though I thought the Apache rules made it unnecessary).
/srv/svn/agaric
And then to make non-anonymous check-in work, you do have to actually add users to the svn password file as described by the directions we're following (link at top) and then you have to make sure both that file is readable and (not in the directions) the repository itself is writable by the logging in user.
debian create web user
debian create www-data user
Not necessary because of course it already existed in the correct group. Simply remember to use chown -R www-data:www-data svn rather than chmod, which bash will rightly tell you is incorrect. In this case a capital -R is recursive.
This is where it occurs to Agaric that having a separate svn login, user, and all is a lot more secure, possibly. Time to re-consult with sysadmin.
Comments
make sure you know where the
make sure you know where the damn file you are trying to edit is!!!
god!
and make sure you read this:
su www-data -c "htpasswd -m /srv/svn/.dav_svn.passwd gus"
Post new comment