CentOS搭建Nginx+Subversion环境(包括多个版本库的配置)
CentOS搭建Nginx+Subversion环境(包括多个版本库的配置)
Apache Subversion(简称SVN,svn)
| 1 2 |
因为某种原因我们需要用Nginx作为Subversion的http前端,但目前没有现成的Nginx+Subversion搭配方式。
而Subversion提供Apache的http处理模块。现在我们通过nginx反向代理给Apache的方式来实现Nginx+Subversion的组合方式。
|
构建Apache+Subversion的环境:
| 1 2 |
[root@nginx-apache-svn ~]# yum install httd subversion mod_dav_svn -y
#mod_dav_svn是Apache的svn模块
|
建立SVN库:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
[root@nginx-apache-svn ~]# mkdir -p /home/svn
[root@nginx-apache-svn ~]# cd /home/svn/
[root@nginx-apache-svn svn]# svnadmin create work
[root@nginx-apache-svn svn]# chown -R apache.apache work
[root@nginx-apache-svn svn]# tree work/
work/
├── conf
│ ├── authz
│ ├── passwd
│ └── svnserve.conf
├── db
│ ├── current
│ ├── format
│ ├── fsfs.conf
│ ├── fs-type
│ ├── min-unpacked-rev
│ ├── rep-cache.db
│ ├── revprops
│ │ └── 0
│ │ └── 0
│ ├── revs
│ │ └── 0
│ │ └── 0
│ ├── transactions
│ ├── txn-current
│ ├── txn-current-lock
│ ├── txn-protorevs
│ ├── uuid
│ └── write-lock
├── format
├── hooks
│ ├── post-commit.tmpl
│ ├── post-lock.tmpl
│ ├── post-revprop-change.tmpl
│ ├── post-unlock.tmpl
│ ├── pre-commit.tmpl
│ ├── pre-lock.tmpl
│ ├── pre-revprop-change.tmpl
│ ├── pre-unlock.tmpl
│ └── start-commit.tmpl
├── locks
│ ├── db.lock
│ └── db-logs.lock
└── README.txt
10 directories, 28 files
|
添加Subversion账号:(注意只是浏览项目的账户,并不能用它登录SVN)
| 1 2 3 4 |
[root@nginx-apache-svn svn]# htpasswd -c /home/svn/work/conf/passwdfile visitor
New password: visitor#用户名和密码都设为visitor
Re-type new password:visitor
Adding password for user visitor
|
修改/etc/httpd/conf.d/subversion.conf,内容如下:
?| 1 2 3 4 5 6 7 8 9 |
<Location /svn/work>
DAV svn
SVNPath /home/svn/work
AuthType Basic
AuthName "Authorization Realm"
AuthUserFile /home/svn/work/conf/passwdfile
AuthzSVNAccessFile /home/svn/work/conf/authz
Require valid-user
</Location>
|
修改Apache的端口:
| 1 2 |
[root@nginx-apache-svn svn]# grep "^Listen" /etc/httpd/conf/httpd.conf
Listen 81
|
| 1 2 3 4 5 6 |
[root@nginx-apache-svn svn]# service iptables stop && setenforce 0
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
[root@nginx-apache-svn svn]# getenforce
Permissive
|
| 1 2 3 4 5 6 7 8 9 10 11 |
[root@nginx-apache-svn svn]# /etc/init.d/httpd start
Starting httpd: [ OK ]
[root@nginx-apache-svn svn]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1310/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1389/master
tcp 0 0 :::81 :::* LISTEN 1632/httpd
tcp 0 0 :::22 :::* LISTEN 1310/sshd
tcp 0 0 ::1:25 :::* LISTEN 1389/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 1143/dhclient
|
使用Nginx反向代理:
| 1 2 3 4 5 |
[root@nginx-apache-svn src]# wget http://nginx.org/download/nginx-0.8.55.tar.gz
[root@nginx-apache-svn src]# pwd
/usr/local/src
[root@nginx-apache-svn src]# ls
nginx-0.8.55.tar.gz
|
| 1 |
[root@nginx-apache-svn nginx-0.8.55]# tar -xzvf nginx-0.8.55.tar.gz && cd nginx-0.8.55
|
添加nginx账号:
| 1 2 3 |
[root@nginx-apache-svn nginx-0.8.55]# useradd -s /bin/false nginx
/bin/false是最严格的禁止login选项,一切服务都不能用。
/sbin/nologin只是不允许login系统
|
安装依赖包:
| 1 |
[root@nginx-apache-svn nginx-0.8.55]# yum install gcc pcre-devel openssl-devel -y
|
| 1 2 3 |
[root@nginx-apache-svn nginx-0.8.55]# ./configure --prefix=/app/server/nginx-0.8.55 \
--with-http_stub_status_module \
--with-http_gzip_static_module
|
| 1 |
[root@nginx-apache-svn nginx-0.8.55]# make && make install
|
| 1 |
[root@nginx-apache-svn nginx-0.8.55]# cd /app/server/
|
| 1 2 3 |
[root@nginx-apache-svn server]# ls
nginx-0.8.55
[root@nginx-apache-svn server]# ln -sf nginx-0.8.55/ nginx && cd -
|
| 1 2 3 4 |
[root@nginx-apache-svn nginx-0.8.55]# ll /app/server/
total 4
lrwxrwxrwx. 1 root root 13 Jul 25 09:36 nginx -> nginx-0.8.55/
drwxr-xr-x. 6 root root 4096 Jul 25 09:35 nginx-0.8.55
|
配置Nginx反向代理,修改/app/server/nginx/conf/nginx.conf:
| 1 2 3 4 5 6 7 8 9 10 11 12 |
server {
listen 80;
server_name localhost ;
location /svn/work {
proxy_pass http://127.0.0.1:81/svn/work;
}
location / {
return 404;
}
}
|
配置SNV:
| 1 2 |
[root@nginx-apache-svn conf]# pwd
/home/svn/work/conf
|
| 1 2 3 4 5 6 |
[root@nginx-apache-svn conf]# egrep -v "^$|^#" svnserve.conf
[general]
anon-access = read
auth-access = write
password-db = /home/svn/work/conf/passwd
authz-db = /home/svn/work/conf/authz
|
| 1 2 3 |
[root@nginx-apache-svn conf]# which svnserve
/usr/bin/svnserve
[root@nginx-apache-svn conf]# /usr/bin/svnserve -d -r /home/svn
|
| 1 2 3 4 5 6 7 8 9 10 |
[root@nginx-apache-svn conf]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 4806/svnserve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1744/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1389/master
tcp 0 0 :::81 :::* LISTEN 1632/httpd
tcp 0 0 :::22 :::* LISTEN 1744/sshd
tcp 0 0 ::1:25 :::* LISTEN 1389/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 1143/dhclient
|
| 1 2 3 4 5 6 7 8 9 10 11 12 |
[root@nginx-apache-svn conf]# /app/server/nginx/sbin/nginx
[root@nginx-apache-svn conf]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 4806/svnserve
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4809/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1744/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1389/master
tcp 0 0 :::81 :::* LISTEN 1632/httpd
tcp 0 0 :::22 :::* LISTEN 1744/sshd
tcp 0 0 ::1:25 :::* LISTEN 1389/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 1143/dhclient
|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
[root@nginx-apache-svn work]# cat /home/svn/work/conf/authz
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
### - a single user,
### - a group of users defined in a special [groups] section,
### - an alias defined in a special [aliases] section,
### - all authenticated users, using the '$authenticated' token,
### - only anonymous users, using the '$anonymous' token,
### - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
# [/foo/bar]
# harry = rw
# &joe = r
# * =
[/]
visitor=r
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r
|
| 1 |
svnserve -d -r /home/svn#注意启动的时候,一定不要:svnserve -d -r /home/svn/work
|
| 1 |
svn co svn://192.168.1.98/work work01#注意略径
|
真对/home/svn/work/conf/passwd是明文的不安全因素,可以考虑用vim passwd +X去加密passwd文件。(经测试这种方法行不通,无法认别,所以无法用VIM加密passwd文件!!!)
特别要注意关掉selinux:(否则重启会出现认证失败!!!)
| 1 2 |
[root@NGINX-APACHE-SVN ~]# getenforce
Disabled
|
================================================
可以配置多个版本库:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
主要是两个文件:/var/http/conf.d/subversion.conf 和 /app/server/nginx/conf/nginx.conf
[root@NGINX-APACHE-SVN ~]# egrep -v "(^$|^#)" /etc/httpd/conf.d/subversion.conf
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<Location /svn/pro>
DAV svn
SVNPath /var/www/html/svn/pro
AuthType Basic
AuthName "Authorization Realm"
AuthUserFile /var/www/html/svn/pro/conf/passwdfile
AuthzSVNAccessFile /var/www/html/svn/pro/conf/authz
Require valid-user
</Location>
<Location /svn/app01>
DAV svn
SVNPath /var/www/html/svn/app01
AuthType Basic
AuthName "Authorization Realm"
AuthUserFile /var/www/html/svn/pro/conf/passwdfile
AuthzSVNAccessFile /var/www/html/svn/pro/conf/authz
Require valid-user
</Location>
多一个版本库就添加一个[Location].......[/Location]
vi /app/server/nginx/conf/nginx.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
location /svn/pro {
proxy_pass http://127.0.0.1:81/svn/pro;
}
location /svn/app01 {
proxy_pass http://127.0.0.1:81/svn/app01;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
#多一个版本库 就多添加一个location /svn/xxxx {.......}
|
所有的版本库的svnserver.conf都用相同的这样更于管理:
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[root@NGINX-APACHE-SVN ~]# egrep -v "(^$|^#)" /var/www/html/svn/pro/conf/svnserve.conf
[general]
anon-access = read
auth-access = write
password-db = /var/www/html/svn/pro/conf/passwd
authz-db = /var/www/html/svn/pro/conf/authz
[sasl]
=============================================================================
[root@NGINX-APACHE-SVN ~]# egrep -v "(^$|^#)" /var/www/html/svn/app01/conf/svnserve.conf
[general]
anon-access = read
auth-access = write
password-db = /var/www/html/svn/pro/conf/passwd
authz-db = /var/www/html/svn/pro/conf/authz
[sasl]
[root@NGINX-APACHE-SVN ~]#
|
这样就OK了可以对于不能的版库,有可以设不同的密码在各自的passwd中。
Linux中Subversion配置实例
CentOS 6.2 SVN搭建 (YUM安装)
Apache+SVN搭建SVN服务器
Windows下SVN服务器搭建和使用 + 客户端重新设置密码
Ubuntu Server 12.04 安装 SVN 并迁移 Virtual SVN数据
Ubuntu Server搭建svn服务以及迁移方法
Subversion的安装部署与用户验证配置
Subversion (SVN) 的详细介绍:请点这里
Subversion (SVN) 的下载地址:请点这里
本文永久更新链接地址:
评论暂时关闭