Installation of Subversion on Ubuntu, with Apache, SSL, and BasicAuth.

I did it again! Yet another installation of Subversion for “standard” project development purposes, i.e. using Apache2, WebDAV, SSL, Basic Authentication. In case I do it again … and soon again, I recorded the installation howto logs.

NOTE: The target OS is Ubuntu Edgy 6.10, and Feisty. I use $NAME notation to refer to places to be substituted by the installation specific values

1. Install packages:
sudo apt-get install subversion libapache2-svn libapache-mod-dav apache2

2. Enable SSL:
sudo a2enmod ssl
sudo sh -c "echo 'Listen 443' >> /etc/apache2/ports.conf"

3. Generate Certificate:
Ubuntu < Feisty:
sudo apache2-ssl-certificate
Use the server name to be used for access the web server.

Ubuntu >= Feisty: (thanx Roderik)
sudo apt-get install ssl-cert
sudo mkdir /etc/apache2/ssl
sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

4. Create Virtual Host:
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/$SITENAME
sudo vim /etc/apache2/sites-available/$SITENAME

change:
NameVirtualHost *:443
<VirtualHost *:443>

add:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM

5. Enable the site:
sudo a2ensite $SITENAME
sudo /etc/init.d/apache2 restart

A warning that complaints about failure of server name determination can be fixed by adding ServerName $SERVERNAME to the main Apache config /etc/apache2/apache2.conf

6. Adding repository(ies):
The following setup assumes we want to host multiple repositories.
sudo mkdir /var/svn
sudo svnadmin create /var/svn/$REPOS
sudo chown -R www-data:www-data /var/svn/$REPOS
sudo chmod -R g+ws /var/svn/$REPOS

7. Adding Basic Authentication:
sudo htpasswd2 -c -m /etc/apache2/dav_svn.passwd $AUTH_USER

8. Enable and configure WebDAV and SVN:
Add to /etc/apache2/mods-available/dav_svn.conf
DAV svn
SVNParentPath /var/svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
SSLRequireSSL

and for non-anonymous access comment out:
#<LimitExcept GET PROPFIND OPTIONS REPORT>
#</LimitExcept>

(optionally the same configuration can be set for particular virtual host only, i.e. /etc/apache2/sites-available/$SITENAME)

9. Finalization: (guess what?)
sudo /etc/init.d/apache2 restart

Testing:
Web access:
lynx https://localhost/svn/$REPOS exposes the repository.
lynx http://localhost/svn/$REPOS says: eat my shorts , i.e. 403-forbidden.

An initial import:
svn import --username $AUTH_USER $A_FILE https://localhost/svn/$REPOS/testdir -m "Testing"

… and check-out:
svn co --username $AUTH_USER https://localhost/svn/$REPOS

To add a new repository just repeat the step 6 (without making the root directory of course).
If you wish to configure a single repository only, instead of point 6:
sudo svnadmin create /var/svn
sudo chown -R www-data:www-data /var/svn
sudo chmod -R g+ws /var/svn

and in /etc/apache2/mods-available/dav_svn.conf (step 8) use this instead of SVNParentPath:
SVNPath /var/svn

Above all, check the great SVN Book.

21 thoughts on “Installation of Subversion on Ubuntu, with Apache, SSL, and BasicAuth.”

  1. HI. I followed this guide, and when I try to access the repository via a web browser or terminal command, I get 500 Internal Server Error. Do you know where I went wrong or how to fix it? Thanks.

  2. Nice guide.

    Unfortunatelly on point 5 I get:
    $ sudo /etc/init.d/apache2 restart
    * Restarting web server apache2 apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName
    httpd (no pid file) not running
    apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName
    (98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
    no listening sockets available, shutting down
    Unable to open logs
    [fail]

    By memory I have no other services on port 443. When I will get back home I will check (so far I did from another location over SSH).

  3. Same error here.
    In step 2 you added Listen 443 to ports.conf
    I use Ubuntu 8.10 and it was already there! Removed the line again, working :)

  4. Hi

    Same Error

    and did what Number 5 said and Voila! it worked again only thing is I spent the entire days googling without scrolling down to check comments my life would have been sooo much easier

  5. This is the best how-to I have found for the subject.

    However, as with Dif and serAphim, I found that running Ubuntu Hardy Heron (8.04) you should not add “Listen 433″ to ports.conf, just leave ports.conf as it is.

    Further, you need to uncomment the lines at the start and end of the dav_svn.conf file, otherwise the server won’t start and gives a message like:

    Syntax error on line 16 of /etc/apache2/mods-enabled/dav_svn.conf:
    DAV not allowed here

  6. Excellent guide, many thanks!

    Managed to get everything working OK, but found I was getting an ‘Unable to configure RSA server private key’ error which was causing Apache to fail on startup.

    Solution was to comment out the ‘SSLCertificateKeyFile’ line located just underneath ‘SSLCertificateFile’.

  7. It’s 2009 and your HowTo is still working, somme few things have changed like libapache-mod-dav which is now inside of apache2, but for the rest, it’s PERFECT

    Easy to use, and to upgrade, great job.

  8. It’s 2009 and your HowTo is still working, somme few things have changed like libapache-mod-dav which is now inside of apache2, but for the rest, it’s PERFECT

    Easy to use, and to upgrade, great job.

  9. I also got the 500 Internal server error. Turns out the parent path to the svn repository was wrong. I’ve disabled the parent path and set the SVNPath to my (only) repository and now it works perfect! The correct url for me is:

    lynx https://localhost/svn/

  10. 2011.. except for some minor changes .. it’s still the best tutorial I’ve found on the web! great job!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>