前言
通过 Http 协议访问版本库是 Subversion 的亮点之一。使用 Http 协议意味着只需要打开浏览器,输入 URL 即可轻松的浏览整个版本库。灵活通常带来复杂性,Http 方式相对于 svnserve 方式来说需要更多的配置。
由于 Subversion 需要版本化的控制,因此标准的 Http 协议不能满足需求。要让 Apache 与 Subversion 协同工作,需要使用 WebDAV(Web 分布式创作和版本控制)。WebDAV 是 HTTP 1.1 的扩展,关于 WebDAV 的规范和工作原理,可以参考 IETF RFC 2518。
为了使 Subversion 与 dav 模块通信,需要安装 mod_dav_svn 插件,可以在 Subversion 的安装目录中找到。将其拷贝到 Apache 安装目录的 modules 文件夹下。接下来就是配置 Apache 的 httpd.conf 文件,让 Apache 在启动的时候加载上述模块。
前期准备
环境:centos7.2(64位)
架构说明:subversion+httpd+ssl+mysql实现基于https协议的svn服务端
软件:
apache22.diff
apr-1.6.3.tar.gz
apr-util-1.6.1.tar.bz2
httpd-2.2.34.tar.bz2
mod_auth_mysql-3.0.0.tar.gz
serf-1.3.8.tar.bz2
sqlite-autoconf-3081002.tar.gz
subversion-1.8.19.tar.gz
开始部署
安装以下依赖程序
[root@www src]# yum install expat-devel
[root@www src]# tar xf apr-1.6.3.tar.gz
[root@www src]# cd apr-1.6.3
[root@www apr-1.6.3]# ./configure --prefix=/usr/local/apr && make -j 2 && make install
[root@www src]# tar xf apr-util-1.6.1.tar.bz2
[root@www src]# cd apr-util-1.6.1
[root@www apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr && make -j 2 && make install
[root@www src]# tar xf sqlite-autoconf-3081002.tar.gz
[root@www src]# cd sqlite-autoconf-3081002
[root@www sqlite-autoconf-3081002]# ./configure --prefix=/usr/local/sqlite && make -j 2 && make install
安装httpd
[root@www src]# tar xf httpd-2.2.34.tar.bz2
[root@www src]# cd httpd-2.2.34
[root@www src]# ./configure
--prefix=/usr/local/httpd
--enable-maintainer-mode
--with-sqlite=/usr/local/sqlite
--with-apr=/usr/local/apr/bin/apr-1-config
--with-apr-util=/usr/local/apr-util/bin/apu-1-config
--with-zlib
--enable-ssl
--enable-so
--enable-dav
--enable-cgi
--enable-rewrite
--enable-cgi
[root@www httpd-2.2.34]# make -j 2
[root@www httpd-2.2.34]# make install
[root@www ~]# cp /usr/local/httpd/bin/apachectl /etc/init.d/httpd
[root@www ~]# chmod +x /etc/init.d/httpd
[root@www ~]# sed -i '2a# chkconfig: 2345 64 36' /etc/init.d/httpd
[root@www ~]# chkconfig --add httpd
[root@www ~]# chkconfig httpd on
[root@www ~]# useradd -r -M -s /sbin/nologin www
[root@www ~]# sed -i 's/^User.*$/User www/' /usr/local/httpd/conf/httpd.conf
[root@www ~]# sed -i 's/Listen 80/Listen 81/' /usr/local/httpd/conf/httpd.conf
[root@www ~]# sed -i 's/^Group.*$/Group www/' /usr/local/httpd/conf/httpd.conf
[root@www ~]# sed -i 's/^#ServerName.*$/ServerName localhost/' /usr/local/httpd/conf/httpd.conf
[root@www ~]# curl localhost
<html><body><h1>It works!</h1>
安装subversion
安装所用到的依赖
[root@www serf-1.3.8]# yum install -y zlib zlib-devel openssl openssl-devel
安装scons用于安装serf使svn支持http协议
[root@www src]# tar xf scons-2.3.0.tar.gz
[root@www src]# cd scons-2.3.0
[root@www scons-2.3.0]# python setup.py install
安装serf
[root@www src]# tar xf serf-1.3.8.tar.bz2
[root@www src]# cd serf-1.3.8
[root@www serf-1.3.8]# scons PREFIX=/usr/local/serf APR=/usr/local/apr APU=/usr/local/apr-util OPENSSL=/usr/bin
[root@www serf-1.3.8]# scons install
安装svn
[root@www src]# tar xf subversion-1.8.19.tar.gz
[root@www src]# cd subversion-1.8.19
[root@www subversion-1.8.19]# ./configure --prefix=/usr/local/svn
--with-apxs=/usr/local/httpd/bin/apxs
--with-apr=/usr/local/apr
--with-apr-util=/usr/local/apr-util
--with-sqlite=/usr/local/sqlite
--with-serf=/usr/local/serf
[root@www subversion-1.8.19]# make -j 2
[root@www subversion-1.8.19]# make install
[root@www ~]# cp /usr/local/svn/libexec/mod_* /usr/local/httpd/modules
[root@www ~]# echo "PATH=$PATH:/usr/local/svn/bin/" >> /etc/profile && source /etc/profile
创建svn数据目录
[root@www ~]# mkdir -p /data/svn
新建测试仓库
[root@www ~]# svnadmin create /data/svn/ops
安装http结合mysql认证模块
[root@www src]# tar xf mod_auth_mysql-3.0.0.tar.gz
[root@www src]# cp apache22.diff mod_auth_mysql-3.0.0
[root@www src]# cd mod_auth_mysql-3.0.0
[root@www mod_auth_mysql-3.0.0]# patch -p0 < apache22.diff
[root@www mod_auth_mysql-3.0.0]# /usr/local/httpd/bin/apxs -c -L /usr/local/mysql/lib/ -I /usr/local/mysql/include/ -lmysqlclient -lm -lz mod_auth_mysql.c
[root@www mod_auth_mysql-3.0.0]# /usr/local/httpd/bin/apxs -i mod_auth_mysql.la
[root@www mod_auth_mysql-3.0.0]# echo /usr/local/mysql/lib >>/etc/ld.so.conf && ldconfig
[root@www mod_auth_mysql-3.0.0]# ls /usr/local/httpd/modules/
httpd.exp mod_auth_mysql.so mod_authz_svn.so mod_dav_svn.so
配置httpd服务器支持svn
[root@www ~]# tail -23 /usr/local/httpd/conf/httpd.conf
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule mysql_auth_module modules/mod_auth_mysql.so
<Location />
DAV svn
SVNParentPath /data/svn
AuthzSVNAccessFile /data/svn/auth
AuthName "EELLY SUBVERSION"
AuthUserFile /dev/null
AuthType Basic
AuthMYSQLEnable on
AuthMySQLHost localhost
AuthMYSQLUser svn
AuthMySQLPassword caichangen
AuthMYSQLDB svn
AuthMYSQLUserTable users
AuthMYSQLNameField user_name
AuthMYSQLPasswordField user_passwd
Require valid-user
AuthBasicAuthoritative off
AuthMySQLEnable On
AuthMySQLPwEncryption md5
SetOutputFilter DEFLATE
</Location>
创建认证数据库及用户信息
MariaDB [svn]> DROP TABLE IF EXISTS `users`;
MariaDB [svn]> CREATA DATABASE svn;
MariaDB [svn]> CREATE TABLE `users` (
`user_id` int(255) NOT NULL AUTO_INCREMENT,
`user_name` char(30) NOT NULL,
`user_passwd` char(50) NOT NULL,
`create_time` datetime NOT NULL DEFAULT NOW(),
`update_time` datetime DEFAULT NOW() ON UPDATE NOW(),
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
MariaDB [svn]> insert into users(user_name,user_passwd) values('cce',md5('caichangen'));
MariaDB [(none)]> grant all privileges on svn.* to svn@'localhost' identified by 'caichangen';
svn授权
[root@www ~]# cat /data/svn/auth
[groups]
admin = cce
[ops:/]
@admin = rw
配置www用户访问svn的权限
[root@www ~]# setfacl -R -m user:www:rwx /data/svn/
[root@www ~]# setfacl -R -m default:www:rwx /data/svn/
配置Nginx反代http
1、配置nginx
[root@www ~]# cat /usr/local/nginx/conf/vhosts/wsvn.conf
server {
listen 80;
server_name wsvn.doorta.com;
return 301 https://$server_name$request_uri;
access_log /usr/local/nginx/logs/wsvn_access.log;
error_log /usr/local/nginx/logs/wsvn_error.log;
default_type 'text/html';
charset utf-8;
location / {
proxy_pass http://127.0.0.1:81;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
location /.well-known {
default_type text/plain;
alias /tmp_ssl/.well-known;
}
}
[root@www ~]# /usr/local/nginx/sbin/nginx -s relaod
2、配置ssl
[root@www ~]# /usr/local/letsencrypt/letsencrypt-auto certonly --webroot -w /tmp_ssl --email mail0426@163.com -d blog.doorta.com -d hub.doorta.com -d wsvn.doorta.com
测试访问
svn管理脚本
#!/bin/bash
#Create a project and the configuration of the hook
ADDUSER() {
read -p "Input Your Users: " USER
a=$(mysql -usvn -psvnqwe -hlocalhost -e 'select user_name from svn.users;'|grep "$USER")
echo $a
if [ $? -eq 1 ];then
echo "User already exists."
exit 100
else
read -p "Input Your Passwd: " PASS
mysql -u svn -psvnqwe -hlocalhost -e "insert into svn.users values("$USER",md5("$PASS"));"
sed -i "2s/$/&,$USER/g" /data/svn/auth
echo "User add success."
fi
}
DELUSER() {
read -p "Enter the user you need to delete: " USER
sed -i 's/cce,//' /data/svn/auth
mysql -usvn -psvnqwe -hlocalhost -e "delete from svn.users where user_name="$USER""
if [ $? -eq 1 ];then
echo "User does not exist."
exit 100
else
echo "User deleted successfully."
fi
}
ADDOBJRCT() {
read -p "please enter ObjectName: " ObjectName
read -p "please enter ObjectName Again: " ObjectAgain
if [ $ObjectName != $ObjectAgain ];then
echo "You enter error,exit"
exit
else
echo "ObjectName is $ObjectName"
fi
/usr/local/svn/bin/svnadmin create --fs-type fsfs /data/svn/$ObjectName
cat << END >> /data/svn/auth
[$ObjectAgain:/]
@admin = rw
END
}
SHOWUSER() {
mysql -usvn -psvnqwe -e 'select user_name from svn.users;'
}
cat << END
输入1添加项目
输入2添加用户
输入3查看用户
输入4删除用户
END
read -p"请输入你的选择: " VALUE
case $VALUE in
1)
ADDOBJRCT ;;
2)
ADDUSER ;;
3)
SHOWUSER ;;
4)
DELUSER ;;
q|Q|exit|bye)
exit 0 ;;
*)
echo "Usage:`basename $0` [1|2|3|4]"
esac 赞 (0)
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。