CentOS 部署Subversion + Apache版本控制服务器

• 安装前提
• 安装步骤
• 配置subversion

一、安装前提

 

1.关闭防火墙

# service iptables stop

# chkconfig iptables off

# service ip6tables stop

# chkconfig ip6tables off

 

2.关闭SElinux

# perl -i -p -e 's/=enforcinig/=disabled/g' /etc/selinux/config

 

重启系统

 

 

二、安装步骤

 

/***

apache 2.2  -> openssl 0.9.8 -> subversion 1.6

apache 2.4  -> openssl 1.0.0 -> subversion 1.7/8

***/

 

1.安装相应软件包

# yum install zlib*

# yum install openssl* 

# yum install dev*

# yum install pcre*

  

2.查看openssl版本

# openssl version
OpenSSL 1.0.0-fips 29 Mar 2010

 

3.安装apache

确保本机rpm安装的apache已被移除

至http://mirror.bit.edu.cn/apache/httpd/下载apache源码包

至http://apr.apache.org/download.cgi下载apr、apr-util源码包

# tar -zxvf httpd-2.4.7.tar.gz

# tar -zxvf apr-1.5.0.tar.gz

# tar -zxvf apr-util-1.5.3.tar.gz

# mv apr-1.5.0 httpd-2.4.7/srclib/apr
# mv apr-util-1.5.3 httpd-2.4.7/srclib/apr-util

# cd httpd-2.4.7

# ./configure --prefix=/usr/local/apache  --enable-mods-shared=most  --with-mpm=worker  --with-apr=/usr/local/apr/bin/apr-1-config  --with-apr-util=/usr/local/apr-util/bin/apu-1-config  --enable-so --enable-ssl --enable-http  --enable-dav  --enable-mime-magic --enable-expires  --enable-cache --enable-file-cache --enable-cache-disk  --enable-info --enable-log-forensic  --enable-suexec --enable-cgi --enable-deflate  --enable-vhost-alias --enable-rewrite  --enable-maintainer-mode

# make

# make install

 

4.安装subversion

至http://subversion.apache.org/download/下载subversion源码包

# tar -zxvf subversion-1.7.14.tar.gz

# cd subversion-1.7.14

# ./get-deps.sh

# cd neon/

# ./configure

# make

# make install

# cd ..

# ./configure  --prefix=/usr/local/svn  --with-apr=/usr/local/apr/bin/apr-1-config  --with-apr-util=/usr/local/apr-util/bin/apu-1-config  --with-apxs=/usr/local/apache/bin/apxs  --with-apache-libexecdir=/usr/local/apache/modules/   --enable-shared  --enable-static  --with-ssl  --without-berkeley-db  --with-neon=/usr/local/neon/bin/neon-config

# make

# make install

 

 

三、配置subversion

 

1.添加至系统命令

# cp /usr/local/svn/lib/* /usr/lib/

# cp /usr/local/svn/bin/* /usr/bin/

 

2.编辑httpd.conf

去除注释

Include conf/extra/httpd-dav.conf

Include conf/extra/httpd-ssl.conf

添加两行

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule authz_svn_module modules/mod_authz_svn.so

 

3.配置apache

在httpd.conf增加

<Location />
DAV svn
SVNParentPath /svnroot
SVNListParentPath On
AuthzSVNAccessFile /svnroot/acl.conf
AuthType Basic
AuthName "Subversion"
AuthzForceUsernameCase Lower
AuthUserFile /svnroot/auth.conf
Require valid-user
SSLRequireSSL#若增加此行只支持https
</Location>

 

4.创建证书

# cd /usr/local/apache/conf

创建证书 

# openssl genrsa -des3 -out ca.key 1024

# openssl req -new -x509 -days 365 -key ca.key -out ca.crt

# openssl genrsa -des3 -out server.key 4096

# openssl req -new -key server.key -out server.csr

# openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt

重启apache时不需要密码

# cp server.key server.key.org

# openssl rsa -in server.key.org -out server.key

# chmod 400 server.key

客户端证书

# openssl genrsa -out client.key 1024

# openssl req -new -out client.csr -key client.key

# openssl x509 -req -in client.csr -out client.crt -signkey client.key -CA ca.crt -CAkey ca.key -CAcreateserial -days 3650

# openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12

 

# cp ca.crt /svnroot/

# cp client.p12 /svnroot/

 

5.创建权限控制文件

# /usr/local/apache/bin/htpasswd -cm /svnroot/svn-auth-conf yumeng #第一次创建使用-cm参数 后续均使用-m即可

# vim /svnroot/acl.conf

增加

[groups]
admin = yumeng

[/]
@admin = rw

 

6.启动apache

# /usr/local/apache/bin/apachectl -t

# /usr/local/apache/bin/apachectl start