Attachment 220681 Details for Bug 324271 – More fully documented /etc/httpd/conf.d/subversion.conf file.

More fully documented /etc/httpd/conf.d/subversion.conf file.

subversion.conf (text/plain), 11.96 KB, created by Greg Morgan on 2007-10-09 06:03:52 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Greg Morgan

Created: 2007-10-09 06:03:52 UTC

Size: 11.96 KB

patch

obsolete

># subversion.conf allows Apache to serve subversion repositories over
># the web.  There are several steps that must be taken to enable
># subversion and Apache to work successfully.
># 1.) At a minimum the mod_dav and mod_dav_svn Apache modules must be
>#     loaded.  mod_authz_svn is required for subversion styled authorization
>#     schemes once a developer has been authenticated.
># 2.) You must determine a physical place on disk for the subversion
>#     repository.  The location must have plenty of disc space.
># 3.) Because subversion uses the Berkley database, the subversion repository
>#     must _NOT_ be located on an NFS or other network storage file system.
># 4.) You must provide an authentication scheme, if you need to protect
>#     who writes to your subversion repository. The subversion.conf shows
>#     an example of Basic authentication.  You may elect ldap, shawdow, etc.
># 5.) After you have selected an authentication scheme, then you may need
>#     to provide an authorization scheme to parts of the repository.
>#     subversion.conf uses mod_authz_svn for authorization schemes.
># 6.) Auto versioning is a useful option to consider.  Nautilus and other
>#     tools know how to access Web_DAV systems like subversion.  If 
>#     SVNAutoversioning is enabled, then you can treat your subversion
>#     repository as a journaling file system.  Use
>#     http://localhost/svn in Nautilus or web browsers.
># 7.) If you enable auto versioning with SVNAutoversioning, then consider
>#     installing the wdfs file system.  This kernel module would allow you
>#     to mount your subversion repositories so other tools that don't speak
>#     Web_DAV can access them like any other File > Open file system
>#     supported by Linux.
># 8.) Multiple location directives can be supported in this file.  Copy a
>#     successfully configured location block to the end of the file.  Follow
>#     the copy by making adjustments to meet the requirements of that location
>#     block.
>
>#   # 1.) The related subversion Apache DSO modules must be loaded in this order.
>#         Note that authz_svn_module is loaded below in the authz section.
><IfModule !mod_dav.c>
>    LoadModule dav_module modules/mod_dav.so
></IfModule>
><IfModule !mod_dav_svn.c>
>    LoadModule dav_svn_module     modules/mod_dav_svn.so
></IfModule>
><IfModule !mod_ssl.c>
>    LoadModule ssl_module   modules/mod_ssl.so
></IfModule>
>
>#
># Example configuration to enable HTTP access for a directory
># containing Subversion repositories, "/var/www/svn".  Each repository
># must be readable and writable by the 'apache' user.  Note that if
># SELinux is enabled, the repositories must be labelled with a context
># which httpd can write to; this will happen by default for
># directories created in /var/www.  Use "restorecon -R /var/www/svn"
># to label the repositories if upgrading from a previous release.
>#
>
>#
># To create a new repository "http://localhost/repos/stuff" using
># this configuration, run as root:
>#
>#   # 2.) You must determine a physical place on disk for the subversion
>#   #     repository.  The location must have plenty of disc space.
>#   # 3.) Because subversion uses the Berkley database, the subversion repository
>#   #     must _NOT_ be located on an nfs or other network storage file system.
>#
>#   # su - root
>#   #   Make the parent directory for the repository.
>#   # mkdir -p /var/www/svn
>#   # cd /var/www/svn
>#   #   Create the repository
>#   # svnadmin create repo   
>#   # chown -R apache.apache stuff
>#   #   It is a good idea to make sure that the group bit has been set.
>#   #   Otherwise, permission issues could occur during subversion's archive
>#   #   process creating new log files.
>#   # chmod -R g+sxrw repo
>#   #   If your repository has sensitive information in it, then you should
>#   #   remove world or other permissions too.
>#   # chmod -R o-xrw repo
>#   #   For safety, you want to make sure that the svn directory in in the
>#   #   proper SELinux context.
>#   # cd /var/www
>#   # chcon -R -h -t httpd_sys_content_t /var/www/svn
>#   #   You can debug selinux problems by turning off selinux to make sure
>#   #   there is not some other configuration issue.
>#   # setenforce 0
>#   #   Turn on SELinux when problems have been resolved with.
>#   # setenforce 1
>
>#   # Optionally, create an Alias and Directory entry for the svn style sheets,
>#   # if used. See the SVNIndexXSLT line below in the <Location /svn> block.
>#   #
>#   # su - root
>#   # mkdir -p /var/www/svncss
>#   # cd /var/www/svncss
>#   # wget http://svn.collab.net/viewvc/svn/trunk/tools/xslt/svnindex.xsl
>#   # wget http://svn.collab.net/viewvc/svn/trunk/tools/xslt/svnindex.css
>#   # Edit svnindex.xml and change 
>#   #     <link rel="stylesheet" type="text/css" href="/svnindex.css"/>
>#   # to
>#   #     <link rel="stylesheet" type="text/css" href="/svncss/svnindex.css"/>
>#   # If you want more control over the style sheets, then create a place
>#   # in your /svn repository.  You could then make references to the files
>#   # as they sit in the svn URL as aposed to the Alias directive's location.
>#   # directive.
>#
>#Alias /svncss/ /var/www/svncss/
>#<Directory /var/www/svncss>
>#   Options Indexes MultiViews FollowSymLinks
>#   Order Allow,Deny
>#   Allow from all
>#</Directory>
>#
>#
>#<Location /svn>
>#   Options Indexes MultiViews FollowSymLinks
>#   Order Allow,Deny
>#   Allow from all
>#
>#   # The WebDAV protocol to speak is subversion.
>#   DAV svn
>#
>#   # Optionally provide an Apache _URL_ based path to a style sheet.
>#   # See http://svnbook.red-bean.com/en/1.1/ch06s04.html and
>#   # http://svn.collab.net/viewvc/svn/trunk/tools/xslt/  
>#   # SVNIndexXSLT "/svncss/svnindex.xsl"
>#
>#   # Describe where your subversion repository or repositories are
>#   # located.
>#   # a.) If you have multiple repositories at the /svn location, then
>#   #     use the SVNParentPath and SVNListParentPath.
>#   #     This must be an absolute path
>#   # SVNParentPath /var/www/svn
>#   # SVNListParentPath on
>#   # OR
>#   # b.) If you have only one repository at the /svn location, then
>#   #     use the SVNPath directive alone.
>#   #     This must be an absolute path
>#   # SVNPath /var/www/svn/repo
>#   # c.) Optional help.  If you have problems, then use a minimal location
>#   #     block with a path to a single repository.  Next look in the Apache
>#   #     logs for errors.
>#   # <Location /svn>
>#   #    DAV svn
>#   #    SVNPath /var/www/svn/repo
>#   # </Location>
>#
>#   # Require SSL connection for password protection.
>#   # SSLRequireSSL
>#
>#   # 4.) You must provide an authentication scheme, if you need to protect
>#   #     who writes to your subversion repository.  An example of 
>#   #     Basic authentication is shown here.
>#   #     You may elect ldap, shawdow, etc.
>#   #     a.) Create the password file and first user. Note that the -m
>#   #         option provides the greatest cross platform support.
>#   #     htpasswd -cm /path/to/dav_svn.passwd admin
>#   #     b.) Add additional users once the file has been created.
>#   #     htpasswd -m /path/to/dav_svn.passwd devel1
>#   #     htpasswd -m /path/to/dav_svn.passwd devel2
>#   #     c.) Tell Apache to use any authentication scheme for mixed 
>#   #         read and read/write environments.
>#   Satisfy Any
>#   #     d.) Tell Apache to use Basic authentication.
>#   AuthType Basic
>#   #     e.) Name your security Realm in quotes to meet your requirements.
>#   #         This will be the name your svn client shows you in a dialog
>#   #         box.
>#   AuthName "Authorization Realm"
>#   #     f.) Reference your access authorization file created in a prior
>#   #         step.  This must be an absolute path and it should not be
>#   #         servable by Apache.
>#   AuthUserFile /path/to/dav_svn.passwd
>#   #         Now make a choice between
>#   #         1.) Limit write permission to list of authenticated users
>#   #             but allow read-only anonymous access.
>#   # <LimitExcept GET PROPFIND OPTIONS REPORT>
>#   #    Require valid-user
>#   # </LimitExcept>
>#   #         2.) OR Limit both read and write permissions to list of
>#   #             authenticated users
>#   # Require valid-user
># 
>#   # 5.) After you have selected an authenication scheme, then you may need
>#   #     to provide an authorization scheme to parts of the repository.
>#   #     subversion.conf uses mod_authz_svn for authorization schemes.
>#   #     a.) If an authorization scheme is not required, then don't uncomment
>#   #         AuthzSVNAccessFile and set SVNPathAutz off.
>#   #         OR
>#   #     b.) Define SVN styled authorization file path.
>#   #         This must be an absolute path and it should not be servable
>#   #         by Apache.
>#   <IfModule !mod_authz_svn.c>
>#       LoadModule authz_svn_module   modules/mod_authz_svn.so
>#   </IfModule>
>#   SVNPathAuthz on
>#   AuthzSVNAccessFile /path/to/dav_svn.group
>#   #     c.) A sample AuthzSVNAccessFile may look like
>#   #         # Ident: /path/to/dav_svn.group
>#   #
>#   #         # Define user groups.
>#   #         [groups]
>#   #         admingrp = admin
>#   #         everyone = *
>#   #         devel1 = devel1, admin
>#   #         devel2 = devel2, admin
>#   #         developers = devel1, devel2, admin
>#   #
>#   #         # Let everyone look at the root while admin can create new repos.
>#   #         [/svn]
>#   #         @everyone = r
>#   #         @admingrp = w
>#   #
>#   #         # Only let the admin group read and write to the admin repo.
>#   #         [admin:/]
>#   #         @admingrp = rw
>#   #
>#   #         # Developers have access to the project.
>#   #         [project:/]
>#   #         @developers = rw
>#   #
>#   #         # Developer 1 has a personal repo that others can read.
>#   #         [devel1:/]
>#   #         @devel1 = w
>#   #         @developers = r
>#   #
>#   #         # ...
>#   #
>#   #         # See http://svnbook.red-bean.com/en/1.1/ch06s04.html
>#   #
>#   # 6.) Auto versioning is a useful option to consider.  Nautilus and other
>#   #     tools know how to access Web_DAV systems like subversion.  If 
>#   #     auto versioning is enabled, then you can treat your subversion
>#   #     repository as a journaling file system.  Use
>#   #     http://localhost/svn in Nautilus or web browsers.
>#   #
>#   SVNAutoversioning on
>#
>#   # 7.) If you enable auto versioning with SVNAutoversioning, then consider
>#   #     installing the wdfs file system.  This kernel module would allow you
>#   #     to mount your subversion repositories so other tools that don't 
>#   #     speak Web_DAV can access them like any other File > Open file system
>#   #     supported by Linux.
>#   #     yum install wdfs fuse
>#   #     Read /usr/share/doc/fuse* for starters. There's no man page for wdfs
>#   #     so use wdfs -h for additional information.
>#   #
>#   #     wdfs https://svn.apache.org/repos/asf/maven/wagon/tags/wagon-1.0-beta-2/wagon-providers/wagon-webdav /mnt 
>#   #     cd /mnt
>#   #     ls
>#   #     pom.xml  src
>#   #     cd src
>#   #     ls
>#   #     main  site  test
>#   #     cd site
>#   #     ls
>#   #     apt
>#   #     cd apt
>#   #     ls
>#   #     index.apt
>#   #     more index.apt
>#   #     cd /
>#   #     umount /mnt
>#   #     Also experiment with -o svn_mode option that enables subversion
>#   #     mode to access all revisions i.e.
>#
>#   #     wdfs https://svn.apache.org/repos/asf/maven/wagon/tags/wagon-1.0-beta-2/wagon-providers/wagon-webdav /mnt -o svn_mode
>#   #     cd /mnt
>#   #     ls
>#   #     0-all-revisions  pom.xml  src
>#   #     cd 0-all-revisions/
>#   #     ls
>#   #     0-199          204600-204799  310000-310199  415000-415199  5200-5399
>#   #     ...  There are many files here ;-)
>#   #     cd /
>#   #     umount /mnt
>#
>#
>#</Location>
>#
>#   # 8.) Multiple location directives can be supported in this file.  Copy a
>#   #     successfully configured location block to the end of the file.
>#   #     Follow the copy by making adjustments to meet the requirements of
>#   #     that location block.
>#
>#<Location /nextrepo>
>#   #  Repeat configuration for next block here.  Both the password and
>#   #  authorization files can be reused in this block too.  Make sure that
>#   #  the location directive does not conflict with other Apache configuration
>#   #  directives.
>#</Location>

Actions: View

Attachments on bug 324271: 220681 | 347854