Subversion http://subversion.tigris.org/ is a wonderful open-sourced version control system. With the mighty apache http://www.apache.org/, you can do very fine access control.
Here I record a small trick to deal with a problem when I set up apache+subversion.
For apache to view a subversion repository, you can either use SVNPath or SVNParentPath directive (you have to make sure the WedDAV is enabled). The former explicitly specify the location of a repository; the latter, as the name hints, specify the parent path of several repositories. This is quite handy when you want to host multiple repsitories. You just put all of them in the same directory and apache will pick them up automatically. So you don’t need to change the apache configuration everytime you add/delete a repository, if you use SVNParentPath over SVNPath.
But there will be a minor problem here. For example you decide to put repositories repo1, repo2, repo3, ... under /var/svn/ directory, and you set apache to browse them as http://www.mysite.org/svn/repo1/, ..., which is all fine, until you type http://www.mysite.org/svn/ in your browser address bar. Err, what have you got? An ulgy svndav error message. The reason is because /var/svn itself is not a repository, all its subdirectories are.
So what you can do to get rid of the scaring error message?
The apache mod_rewrite comes to rescue!
At least you have two choices here. Both use mod-rewrite to make apache serve the browser with a different url: (1) you rewrite the request with another page where all available repositories are listed (you’ll update that simple page whenever you add/remove a repository of course); (2) you redirect the request to a default repository you chosen (this works only when the default repository is not removed/renamed of course). You can choose whichever you like. But I found the second choice is suitable for apache virtual hosts where you don’t want a request escaping the virtual host scope.
Here is the sample part of /etc/httpd/conf/httpd.conf for the first option: (you browse http://www.mysite.org/svn/ and get a proxy page, http://www.mysite.org/svnrepo.html, where you can list all available repositories)
# subversion settings
DAV svn
# Set the parent path for all repositories.
SVNParentPath /var/svn
# Turn off all path-based authorization thus increase speed (default is on).
SVNPathAuthz Off
# For per-directory access control policy
#AuthzSVNAccessFile /var/svn/httpaccess
# Limit write permission to list of valid users.
AuthType Basic
AuthName "My Subversion Repository"
AuthUserFile /var/svn/httpauth
Require valid-user
# Use mod_rewrite to serve a proxy page if unspecified.
# Otherwise requests on /svn/ receive a DAV-SVN error as the directory
# itself is not a repository - its subdirectories are.
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/svn/$
# can rewrite to a full url or better only rewrite to the requested uri
# Also note the P or proxy flag here for proxy.
#RewriteRule /svn/ http://svn.mysite.org/svnrepo.html [proxy]
RewriteRule /svn/ /svnrepo.html [proxy]
and here is sample for the second option: (you browse http://svn.mysite.org/ and get redirected to the default repository, http://svn.mysite.org/software/)
# subversion settings
# DocumentRoot has actually no effect here.
# In fact it should be omitted to avoid confusion.
#DocumentRoot /var/svn
ServerName svn.mysite.org
DAV svn
# Set the parent path for all repositories.
SVNParentPath /var/svn
# Turn off all path-based authorization thus increase speed (default is on).
SVNPathAuthz Off
# For per-directory access control policy
#AuthzSVNAccessFile /var/svn/httpaccess
# Limit write permission to list of valid users.
AuthType Basic
AuthName "My Subversion Repository"
AuthUserFile /var/svn/httpauth
Require valid-user
# Use mod_rewrite to set default repository if unspecified.
# Otherwise requests on / receive a DAV-SVN error as the directory
# itself is not a repository - its subdirectories are.
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/$
# can rewrite to a full url or better only rewrite to the requested uri
#RewriteRule / http://svn.mysite.org/software/ [redirect=permanent]
RewriteRule / /software/ [redirect=permanent]
Note:
- In above samples, the basic apache authentication is used. Anonymous users can read the repositories but only authenticated users have write accresses. The authentication info is stored in
/var/svn/httpauthwhich is managed by thehtpasswdutility. - The above two samples assume you have webdav and svndav modules loaded appropriately. In most case the modules are enabled with a seperate apache configuration file, say,
/etc/httpd/conf.d/subversion.conf, whilst I recommend to put the above configurations in the apache master confoguration file,/etc/httpd/conf/httpd.conf.
Update:
- Since v1.3 and later versions of subversion (specifically, mod_dav_svn), the Apache httpd-based server can now display (in a web browser) the collection of repositories exported by the SVNParentPath directive: simply set ‘SVNListParentPath on’ in the apache configuration file. Therefore, the hack described in this page is now largely irrelevant. ;)
No comments:
Post a Comment