A-A+

CentOS搭建Nginx+Subversion环境(包括多个版本库的配置)

2016年08月03日 Linux 教程 暂无评论 阅读 560 次

Apache Subversion(简称SVN,svn)

1
2
因为某种原因我们需要用Nginx作为Subversion的http前端,但目前没有现成的Nginx+Subversion搭配方式。
而Subversion提供Apache的http处理模块。现在我们通过nginx反向代理给Apache的方式来实现Nginx+Subversion的组合方式。

 构建Apache+Subversion的环境:

1
2
[[email protected] ~]# yum install httd subversion mod_dav_svn -y
#mod_dav_svn是Apache的svn模块

 建立SVN库:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
[[email protected] ~]# mkdir -p /home/svn
[[email protected] ~]# cd /home/svn/
[[email protected] svn]# svnadmin create work
[[email protected] svn]# chown -R apache.apache work
[[email protected] svn]# tree work/
work/
├── conf
│  ├── authz
│  ├── passwd
│  └── svnserve.conf
├── db
│  ├── current
│  ├── format
│  ├── fsfs.conf
│  ├── fs-type
│  ├── min-unpacked-rev
│  ├── rep-cache.db
│  ├── revprops
│  │  └── 0
│  │      └── 0
│  ├── revs
│  │  └── 0
│  │      └── 0
│  ├── transactions
│  ├── txn-current
│  ├── txn-current-lock
│  ├── txn-protorevs
│  ├── uuid
│  └── write-lock
├── format
├── hooks
│  ├── post-commit.tmpl
│  ├── post-lock.tmpl
│  ├── post-revprop-change.tmpl
│  ├── post-unlock.tmpl
│  ├── pre-commit.tmpl
│  ├── pre-lock.tmpl
│  ├── pre-revprop-change.tmpl
│  ├── pre-unlock.tmpl
│  └── start-commit.tmpl
├── locks
│  ├── db.lock
│  └── db-logs.lock
└── README.txt
 
10 directories, 28 files

 添加Subversion账号:(注意只是浏览项目的账户,并不能用它登录SVN)

1
2
3
4
[[email protected] svn]# htpasswd -c /home/svn/work/conf/passwdfile visitor
New password: visitor#用户名和密码都设为visitor
Re-type new password:visitor
Adding password for user visitor

 修改/etc/httpd/conf.d/subversion.conf,内容如下:

?
1
2
3
4
5
6
7
8
9
<Location /svn/work>
        DAV svn
        SVNPath /home/svn/work
        AuthType Basic
        AuthName "Authorization Realm"
        AuthUserFile /home/svn/work/conf/passwdfile
        AuthzSVNAccessFile /home/svn/work/conf/authz
        Require valid-user
</Location>

修改Apache的端口:

1
2
[[email protected] svn]# grep "^Listen" /etc/httpd/conf/httpd.conf
Listen 81

 

1
2
3
4
5
6
[[email protected] svn]# service iptables stop && setenforce 0
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                        [  OK  ]
iptables: Unloading modules:                              [  OK  ]
[[email protected] svn]# getenforce
Permissive

 

1
2
3
4
5
6
7
8
9
10
11
[[email protected] svn]# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]
[[email protected] svn]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address              Foreign Address            State      PID/Program name 
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                  LISTEN      1310/sshd         
tcp        0      0 127.0.0.1:25                0.0.0.0:*                  LISTEN      1389/master       
tcp        0      0 :::81                      :::*                        LISTEN      1632/httpd         
tcp        0      0 :::22                      :::*                        LISTEN      1310/sshd         
tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master       
udp        0      0 0.0.0.0:68                  0.0.0.0:*                              1143/dhclient 

 使用Nginx反向代理

 
1
2
3
4
5
[[email protected] src]# wget http://nginx.org/download/nginx-0.8.55.tar.gz
[[email protected] src]# pwd
/usr/local/src
[[email protected] src]# ls
nginx-0.8.55.tar.gz

 

1
[[email protected] nginx-0.8.55]# tar -xzvf nginx-0.8.55.tar.gz && cd nginx-0.8.55

 添加nginx账号:

 
1
2
3
[[email protected] nginx-0.8.55]# useradd -s /bin/false nginx
/bin/false是最严格的禁止login选项,一切服务都不能用。
/sbin/nologin只是不允许login系统

 安装依赖包:

 
1
[[email protected] nginx-0.8.55]# yum install gcc  pcre-devel openssl-devel  -y

 

1
2
3
[[email protected] nginx-0.8.55]# ./configure --prefix=/app/server/nginx-0.8.55 \
--with-http_stub_status_module \
--with-http_gzip_static_module

 

1
[[email protected] nginx-0.8.55]# make && make install

 

1
[[email protected] nginx-0.8.55]# cd /app/server/

 

1
2
3
[[email protected] server]# ls
nginx-0.8.55
[[email protected] server]# ln -sf nginx-0.8.55/ nginx && cd -

 

1
2
3
4
[[email protected] nginx-0.8.55]# ll /app/server/
total 4
lrwxrwxrwx. 1 root root  13 Jul 25 09:36 nginx -> nginx-0.8.55/
drwxr-xr-x. 6 root root 4096 Jul 25 09:35 nginx-0.8.55

 配置Nginx反向代理,修改/app/server/nginx/conf/nginx.conf:

 
1
2
3
4
5
6
7
8
9
10
11
12
server {
    listen      80;
    server_name localhost ;
 
    location /svn/work {
        proxy_pass  http://127.0.0.1:81/svn/work;
    }
 
    location / {
        return 404;
    }
}

 配置SNV:

 
1
2
[[email protected] conf]# pwd
/home/svn/work/conf

 

 
1
2
3
4
5
6
[[email protected] conf]# egrep -v "^$|^#" svnserve.conf
[general]
anon-access = read
auth-access = write
password-db = /home/svn/work/conf/passwd
authz-db = /home/svn/work/conf/authz

 

1
2
3
[[email protected] conf]# which svnserve
/usr/bin/svnserve
[[email protected] conf]# /usr/bin/svnserve -d -r /home/svn

 

 
1
2
3
4
5
6
7
8
9
10
[[email protected] conf]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address              Foreign Address            State      PID/Program name 
tcp        0      0 0.0.0.0:3690                0.0.0.0:*                  LISTEN      4806/svnserve     
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                  LISTEN      1744/sshd         
tcp        0      0 127.0.0.1:25                0.0.0.0:*                  LISTEN      1389/master       
tcp        0      0 :::81                      :::*                        LISTEN      1632/httpd         
tcp        0      0 :::22                      :::*                        LISTEN      1744/sshd         
tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master       
udp        0      0 0.0.0.0:68                  0.0.0.0:*                              1143/dhclient 

 

 
1
2
3
4
5
6
7
8
9
10
11
12
[[email protected] conf]# /app/server/nginx/sbin/nginx
[[email protected] conf]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address              Foreign Address            State      PID/Program name 
tcp        0      0 0.0.0.0:3690                0.0.0.0:*                  LISTEN      4806/svnserve     
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                  LISTEN      4809/nginx         
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                  LISTEN      1744/sshd         
tcp        0      0 127.0.0.1:25                0.0.0.0:*                  LISTEN      1389/master       
tcp        0      0 :::81                      :::*                        LISTEN      1632/httpd         
tcp        0      0 :::22                      :::*                        LISTEN      1744/sshd         
tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master       
udp        0      0 0.0.0.0:68                  0.0.0.0:*                              1143/dhclient     

 

 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
[[email protected] work]# cat /home/svn/work/conf/authz
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
###  - a single user,
###  - a group of users defined in a special [groups] section,
###  - an alias defined in a special [aliases] section,
###  - all authenticated users, using the '$authenticated' token,
###  - only anonymous users, using the '$anonymous' token,
###  - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
 
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
 
[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
 
# [/foo/bar]
# harry = rw
# &joe = r
# * =
[/]
visitor=r
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r

 

1
svnserve -d -r /home/svn#注意启动的时候,一定不要:svnserve -d -r /home/svn/work

 

1
svn co svn://192.168.1.98/work work01#注意略径

 真对/home/svn/work/conf/passwd是明文的不安全因素,可以考虑用vim passwd +X去加密passwd文件。(经测试这种方法行不通,无法认别,所以无法用VIM加密passwd文件!!!)

特别要注意关掉selinux:(否则重启会出现认证失败!!!)

1
2
[[email protected] ~]# getenforce
Disabled

 ================================================

可以配置多个版本库:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
主要是两个文件:/var/http/conf.d/subversion.conf  和 /app/server/nginx/conf/nginx.conf
[[email protected] ~]# egrep -v "(^$|^#)" /etc/httpd/conf.d/subversion.conf
LoadModule dav_svn_module    modules/mod_dav_svn.so
LoadModule authz_svn_module  modules/mod_authz_svn.so
<Location /svn/pro>
    DAV svn
    SVNPath /var/www/html/svn/pro
    AuthType Basic
    AuthName "Authorization Realm"
    AuthUserFile /var/www/html/svn/pro/conf/passwdfile
    AuthzSVNAccessFile /var/www/html/svn/pro/conf/authz
    Require valid-user
</Location>
<Location /svn/app01>
    DAV svn
    SVNPath /var/www/html/svn/app01
    AuthType Basic
    AuthName "Authorization Realm"
    AuthUserFile /var/www/html/svn/pro/conf/passwdfile
    AuthzSVNAccessFile /var/www/html/svn/pro/conf/authz
    Require valid-user
</Location>
多一个版本库就添加一个[Location].......[/Location]
vi /app/server/nginx/conf/nginx.conf
server {
        listen      80;
        server_name  localhost;
 
        #charset koi8-r;
 
        #access_log  logs/host.access.log  main;
 
        location / {
            root  html;
            index  index.html index.htm;
        }
     location /svn/pro {
        proxy_pass http://127.0.0.1:81/svn/pro;
    }
    location /svn/app01 {
        proxy_pass http://127.0.0.1:81/svn/app01;
    }
 
        #error_page  404              /404.html;
 
        # redirect server error pages to the static page /50x.html
        #
        error_page  500 502 503 504  /50x.html;
        location = /50x.html {
            root  html;
        }
#多一个版本库 就多添加一个location /svn/xxxx {.......}

 所有的版本库的svnserver.conf都用相同的这样更于管理:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[[email protected] ~]# egrep -v "(^$|^#)" /var/www/html/svn/pro/conf/svnserve.conf
[general]
anon-access = read
auth-access = write
password-db = /var/www/html/svn/pro/conf/passwd
authz-db = /var/www/html/svn/pro/conf/authz
[sasl]
 =============================================================================
[[email protected] ~]# egrep -v "(^$|^#)" /var/www/html/svn/app01/conf/svnserve.conf
[general]
anon-access = read
auth-access = write
password-db = /var/www/html/svn/pro/conf/passwd
authz-db = /var/www/html/svn/pro/conf/authz
[sasl]
[[email protected] ~]#

 这样就OK了可以对于不能的版库,有可以设不同的密码在各自的passwd中。

Linux中Subversion配置实例 2012-02/53109.htm

CentOS 6.2 SVN搭建 (YUM安装) 2013-10/91903.htm

Apache+SVN搭建SVN服务器 2013-03/81379.htm

Windows下SVN服务器搭建和使用 + 客户端重新设置密码 2013-05/85189p5.htm

Ubuntu Server 12.04 安装 SVN 并迁移 Virtual SVN数据 2013-05/84695.htm

Ubuntu Server搭建svn服务以及迁移方法 2013-05/84693.htm

Subversion的安装部署与用户验证配置  2016-07/133088.htm

Subversion (SVN) 的详细介绍请点这里
Subversion (SVN) 的下载地址请点这里

给我留言

Copyright © SEARU.ORG 保留所有权利.   Theme  Ality 网站地图 360网站安全检测平台

用户登录

分享到: