Apache Subversion(简称SVN,svn)
| 1 2 | 因为某种原因我们需要用Nginx作为Subversion的http前端,但目前没有现成的Nginx+Subversion搭配方式。而Subversion提供Apache的http处理模块。现在我们通过nginx反向代理给Apache的方式来实现Nginx+Subversion的组合方式。 |
构建Apache+Subversion的环境:
| 1 2 | [root@nginx-apache-svn ~]# yum install httd subversion mod_dav_svn -y#mod_dav_svn是Apache的svn模块 |
建立SVN库:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | [root@nginx-apache-svn ~]# mkdir -p /home/svn[root@nginx-apache-svn ~]# cd /home/svn/[root@nginx-apache-svn svn]# svnadmin create work[root@nginx-apache-svn svn]# chown -R apache.apache work[root@nginx-apache-svn svn]# tree work/work/├── conf│ ├── authz│ ├── passwd│ └── svnserve.conf├── db│ ├── current│ ├── format│ ├── fsfs.conf│ ├── fs-type│ ├── min-unpacked-rev│ ├── rep-cache.db│ ├── revprops│ │ └── 0│ │ └── 0│ ├── revs│ │ └── 0│ │ └── 0│ ├── transactions│ ├── txn-current│ ├── txn-current-lock│ ├── txn-protorevs│ ├── uuid│ └── write-lock├── format├── hooks│ ├── post-commit.tmpl│ ├── post-lock.tmpl│ ├── post-revprop-change.tmpl│ ├── post-unlock.tmpl│ ├── pre-commit.tmpl│ ├── pre-lock.tmpl│ ├── pre-revprop-change.tmpl│ ├── pre-unlock.tmpl│ └── start-commit.tmpl├── locks│ ├── db.lock│ └── db-logs.lock└── README.txt 10 directories, 28 files |
添加Subversion账号:(注意只是浏览项目的账户,并不能用它登录SVN)
| 1 2 3 4 | [root@nginx-apache-svn svn]# htpasswd -c /home/svn/work/conf/passwdfile visitorNew password: visitor#用户名和密码都设为visitorRe-type new password:visitor Adding password for user visitor |
修改/etc/httpd/conf.d/subversion.conf,内容如下:
?
| 1 2 3 4 5 6 7 8 9 | <Location/svn/work> DAV svn SVNPath /home/svn/work AuthType Basic AuthName "Authorization Realm" AuthUserFile /home/svn/work/conf/passwdfile AuthzSVNAccessFile /home/svn/work/conf/authz Require valid-user</Location> |
修改Apache的端口:
| 1 2 | [root@nginx-apache-svn svn]# grep "^Listen" /etc/httpd/conf/httpd.conf Listen 81 |
| 1 2 3 4 5 6 | [root@nginx-apache-svn svn]# service iptables stop && setenforce 0iptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Flushing firewall rules: [ OK ]iptables: Unloading modules: [ OK ][root@nginx-apache-svn svn]# getenforcePermissive |
| 1 2 3 4 5 6 7 8 9 10 11 | [root@nginx-apache-svn svn]# /etc/init.d/httpd startStarting httpd: [ OK ][root@nginx-apache-svn svn]# netstat -lnutpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1310/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1389/master tcp 0 0 :::81 :::* LISTEN 1632/httpd tcp 0 0 :::22 :::* LISTEN 1310/sshd tcp 0 0 ::1:25 :::* LISTEN 1389/master udp 0 0 0.0.0.0:68 0.0.0.0:* 1143/dhclient |
使用Nginx反向代理:
| 1 2 3 4 5 | [root@nginx-apache-svn src]# wget http://nginx.org/download/nginx-0.8.55.tar.gz[root@nginx-apache-svn src]# pwd/usr/local/src[root@nginx-apache-svn src]# lsnginx-0.8.55.tar.gz |
| 1 | [root@nginx-apache-svn nginx-0.8.55]# tar -xzvf nginx-0.8.55.tar.gz && cd nginx-0.8.55 |
添加nginx账号:
| 1 2 3 | [root@nginx-apache-svn nginx-0.8.55]# useradd -s /bin/false nginx/bin/false是最严格的禁止login选项,一切服务都不能用。 /sbin/nologin只是不允许login系统 |
安装依赖包:
| 1 | [root@nginx-apache-svn nginx-0.8.55]# yum install gcc pcre-devel openssl-devel -y |
| 1 2 3 | [root@nginx-apache-svn nginx-0.8.55]# ./configure --prefix=/app/server/nginx-0.8.55 \ --with-http_stub_status_module \ --with-http_gzip_static_module |
| 1 | [root@nginx-apache-svn nginx-0.8.55]# make && make install |
| 1 | [root@nginx-apache-svn nginx-0.8.55]# cd /app/server/ |
| 1 2 3 | [root@nginx-apache-svn server]# lsnginx-0.8.55[root@nginx-apache-svn server]# ln -sf nginx-0.8.55/ nginx && cd - |
| 1 2 3 4 | [root@nginx-apache-svn nginx-0.8.55]# ll /app/server/total 4lrwxrwxrwx. 1 root root 13 Jul 25 09:36 nginx -> nginx-0.8.55/drwxr-xr-x. 6 root root 4096 Jul 25 09:35 nginx-0.8.55 |
配置Nginx反向代理,修改/app/server/nginx/conf/nginx.conf:
| 1 2 3 4 5 6 7 8 9 10 11 12 | server { listen 80; server_name localhost ; location /svn/work { proxy_pass http://127.0.0.1:81/svn/work; } location / { return 404; }} |
配置SNV:
| 1 2 | [root@nginx-apache-svn conf]# pwd/home/svn/work/conf |
| 1 2 3 4 5 6 | [root@nginx-apache-svn conf]# egrep -v "^$|^#" svnserve.conf [general]anon-access = readauth-access = writepassword-db = /home/svn/work/conf/passwdauthz-db = /home/svn/work/conf/authz |
| 1 2 3 | [root@nginx-apache-svn conf]# which svnserve/usr/bin/svnserve[root@nginx-apache-svn conf]# /usr/bin/svnserve -d -r /home/svn |
| 1 2 3 4 5 6 7 8 9 10 | [root@nginx-apache-svn conf]# netstat -lnutpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 4806/svnserve tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1744/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1389/master tcp 0 0 :::81 :::* LISTEN 1632/httpd tcp 0 0 :::22 :::* LISTEN 1744/sshd tcp 0 0 ::1:25 :::* LISTEN 1389/master udp 0 0 0.0.0.0:68 0.0.0.0:* 1143/dhclient |
| 1 2 3 4 5 6 7 8 9 10 11 12 | [root@nginx-apache-svn conf]# /app/server/nginx/sbin/nginx [root@nginx-apache-svn conf]# netstat -lnutpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 4806/svnserve tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4809/nginx tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1744/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1389/master tcp 0 0 :::81 :::* LISTEN 1632/httpd tcp 0 0 :::22 :::* LISTEN 1744/sshd tcp 0 0 ::1:25 :::* LISTEN 1389/master udp 0 0 0.0.0.0:68 0.0.0.0:* 1143/dhclient |
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 | [root@nginx-apache-svn work]# cat /home/svn/work/conf/authz ### This file is an example authorization file for svnserve.### Its format is identical to that of mod_authz_svn authorization### files.### As shown below each section defines authorizations for the path and### (optional) repository specified by the section name.### The authorizations follow. An authorization line can refer to:### - a single user,### - a group of users defined in a special [groups] section,### - an alias defined in a special [aliases] section,### - all authenticated users, using the '$authenticated' token,### - only anonymous users, using the '$anonymous' token,### - anyone, using the '*' wildcard.###### A match can be inverted by prefixing the rule with '~'. Rules can### grant read ('r') access, read-write ('rw') access, or no access### (''). [aliases]# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average [groups]# harry_and_sally = harry,sally# harry_sally_and_joe = harry,sally,&joe # [/foo/bar]# harry = rw# &joe = r# * =[/]visitor=r# [repository:/baz/fuz]# @harry_and_sally = rw# * = r |
| 1 | svnserve -d -r /home/svn#注意启动的时候,一定不要:svnserve -d -r /home/svn/work |
| 1 | svn co svn://192.168.1.98/work work01#注意略径 |
真对/home/svn/work/conf/passwd是明文的不安全因素,可以考虑用vim passwd +X去加密passwd文件。(经测试这种方法行不通,无法认别,所以无法用VIM加密passwd文件!!!)
特别要注意关掉selinux:(否则重启会出现认证失败!!!)
| 1 2 | [root@NGINX-APACHE-SVN ~]# getenforceDisabled |
================================================
可以配置多个版本库:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | 主要是两个文件:/var/http/conf.d/subversion.conf 和 /app/server/nginx/conf/nginx.conf[root@NGINX-APACHE-SVN ~]# egrep -v "(^$|^#)" /etc/httpd/conf.d/subversion.conf LoadModule dav_svn_module modules/mod_dav_svn.soLoadModule authz_svn_module modules/mod_authz_svn.so<Location/svn/pro> DAV svn SVNPath /var/www/html/svn/pro AuthType Basic AuthName "Authorization Realm" AuthUserFile /var/www/html/svn/pro/conf/passwdfile AuthzSVNAccessFile /var/www/html/svn/pro/conf/authz Require valid-user</Location><Location/svn/app01> DAV svn SVNPath /var/www/html/svn/app01 AuthType Basic AuthName "Authorization Realm" AuthUserFile /var/www/html/svn/pro/conf/passwdfile AuthzSVNAccessFile /var/www/html/svn/pro/conf/authz Require valid-user</Location>多一个版本库就添加一个[Location].......[/Location]vi /app/server/nginx/conf/nginx.confserver { listen 80; server_name localhost; #charset koi8-r; #access_log logs/host.access.log main; location / { root html; index index.html index.htm; } location /svn/pro { proxy_pass http://127.0.0.1:81/svn/pro; } location /svn/app01 { proxy_pass http://127.0.0.1:81/svn/app01; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root html; }#多一个版本库 就多添加一个location /svn/xxxx {.......} |
所有的版本库的svnserver.conf都用相同的这样更于管理:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | [root@NGINX-APACHE-SVN ~]# egrep -v "(^$|^#)" /var/www/html/svn/pro/conf/svnserve.conf [general]anon-access = readauth-access = writepassword-db = /var/www/html/svn/pro/conf/passwdauthz-db = /var/www/html/svn/pro/conf/authz[sasl] =============================================================================[root@NGINX-APACHE-SVN ~]# egrep -v "(^$|^#)" /var/www/html/svn/app01/conf/svnserve.conf [general]anon-access = readauth-access = writepassword-db = /var/www/html/svn/pro/conf/passwdauthz-db = /var/www/html/svn/pro/conf/authz[sasl][root@NGINX-APACHE-SVN ~]# |
这样就OK了可以对于不能的版库,有可以设不同的密码在各自的passwd中。
文章来源网络,作者:运维,如若转载,请注明出处:https://shuyeidc.com/wp/220959.html<
