Subversion : Access to Repositories via HTTP2021/06/18 |
Access to Repositories via HTTP, without running [svnserve].
This setting is not effective to the case you access via [svn://] or [file://]. |
|
[1] | |
[2] |
Configure SSL/TLS to Apache httpd, refer to here. (Optional for this setting)
|
[3] | Install required packages. |
[root@dlp ~]# dnf -y install mod_dav_svn
|
[4] | Configure Apache httpd. For example, Set HTTP access to [/var/svn/repos/project] repository. |
[cent@dlp ~]#
vi /etc/httpd/conf.d/subversion.conf # create new <Location /project> DAV svn AuthType Basic AuthName "DAV SVN" AuthUserFile /var/svn/.svnpasswd Require valid-user SVNPath /var/svn/repos/project </Location> # add users [root@dlp ~]# htpasswd -c /var/svn/.svnpasswd cent New password: Re-type new password: Adding password for user cent [root@dlp ~]# chown -R apache. /var/svn/repos/project [root@dlp ~]# systemctl restart httpd |
[5] | If also set access permission, Configure like follow. |
[root@dlp ~]#
vi /var/svn/repos/project/conf/authzsvn.conf # create new # set group [groups] developer = cent,fedora operator = redhat # everyone can [Read] access on root directory [/] * = r # only [developer] group can [Read/Write] under the [trunk] directory [project:/trunk] @developer = rw # only [operator] group can [Read/Write] under the [branches] directory [project:/branches] @operator = rw # only [operator] group can [Read/Write] under the [tags] directory [project:/tags] @operator = rw
[root@dlp ~]#
vi /etc/httpd/conf.d/subversion.conf <Location /project> DAV svn AuthType Basic AuthName "DAV SVN" AuthUserFile /var/svn/.svnpasswd Require valid-user SVNPath /var/svn/repos/project # add the line AuthzSVNAccessFile /var/svn/repos/project/conf/authzsvn.conf </Location>[root@dlp ~]# systemctl restart httpd |
[6] | If SELinux is enabled, change policy. |
[root@dlp ~]#
vi svn-httpd.te # create new module svn-httpd 1.0; require { type svnserve_content_t; type httpd_t; class file { append create getattr lock open read rename setattr unlink write }; class dir { add_name create read remove_name rmdir write }; } #============= httpd_t ============== allow httpd_t svnserve_content_t:dir { add_name create read remove_name rmdir write }; allow httpd_t svnserve_content_t:file { append create getattr lock open read rename setattr unlink write }; checkmodule -m -M -o svn-httpd.mod svn-httpd.te checkmodule: loading policy configuration from svn-httpd.te checkmodule: policy configuration loaded checkmodule: writing binary representation (version 19) to svn-httpd.mod [root@dlp ~]# semodule_package --outfile svn-httpd.pp --module svn-httpd.mod [root@dlp ~]# semodule -i svn-httpd.pp |
[7] | Verify settings to access via HTTP/HTTPS from any Hosts. |
[redhat@node01 ~]$ svn --username cent list https://dlp.srv.world/project
Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'cent': ********
-----------------------------------------------------------------------
ATTENTION! Your password for authentication realm:
<https://dlp.srv.world:443> DAV SVN
can only be stored to disk unencrypted! You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/home/cent/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? no
branches/
tags/
trunk/
[redhat@node01 ~]$
[cent@node01 work]$ echo 'store-plaintext-passwords = no' >> ~/.subversion/servers
svn --username cent co https://dlp.srv.world/project Authentication realm: <https://dlp.srv.world:443> DAV SVN Password for 'cent': ******** A project/branches A project/tags A project/trunk A project/trunk/index.html A project/trunk/test.txt A project/trunk/testfile.txt Checked out revision 6.
[redhat@node01 work]$
cd project/trunk
# after creating or editing any files under the repository, # try to [commit] with [redhat] user [redhat@node01 trunk]$ echo index.html >> index.html [redhat@node01 trunk]$ svn --username redhat ci index.html -m "update by redhat"
Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'redhat': ********
Sending index.html
Transmitting file data .svn: E195023: Commit failed (details follow):
svn: E195023: Changing file '/home/redhat/work/project/trunk/index.html' is forbidden by the server
svn: E175013: While preparing '/home/redhat/work/project/trunk/index.html' for commit
svn: E175013: Access to '/project/!svn/txr/6-6/trunk/index.html' forbidden
# denied normally as settings
# [commit] with [fedora] user [redhat@node01 trunk]$ svn --username fedora ci index.html -m "update by fedora"
Authentication realm: <https://dlp.srv.world:443> DAV SVN
Password for 'fedora': ********
Sending index.html
Transmitting file data .done
Committing transaction...
Committed revision 7.
# done normally as settings
|
[8] | It's also possible to access on Web browser (read only). |
Sponsored Link |
|