Configuring Subversion to use Apache SSL

My plan was to create a subversion repository on a Linux box(CentOS) to support the configuration files I use with a virtual machine running Groundwork Open Source. This took much longer than I expected. This procedure was more complicated than usual since the latest version of CentOS requires you to create a self-signed certificate the old way since genkey and crypto-utils are no longer available.

The first step is to install subversion and configure Apache. I installed subversion and the Apache server module, mod_dav_svn, using the package manager. 

  1. I wanted one repository.
  2. I wanted to see the projects in it by typing http://myserver.com/repos/.

My initial stumbling block was figuring out where to put the repository. After fumbling around looking for a recommendation I settled on /usr/local/svn as a logical choice. So I opened a terminal window as root and created the repository, repos, with the following command:

svnadmin create /usr/local/svn/repos
chown -R apache.apache /usr/local/svn/repos

Next I imported a template directory structure with subdirectories for branches, tags, and trunk that I use for all projects.

svn import project1 file:///usr/local/svn/repos/project1 -m "Initial import"

To configure Apache to support subversion you need to edit the /etc/httpd/conf.d/subversion.conf file. The biggest problem I had with the example in the subversion manual was figuring out that I needed to use SVNPath statement rather than the SVNParentPath statement. These are the changed I made in this file.

  1. Change the location to /repos.
  2. Added the statement SVNPath /usr/local/svn/repos
  3. Followed the directions in the subversion manual to set up basic http authentication.

After restarting the httpd service you should be able to browse the repository using your web browser. The final step was to set up the web server to support SSL using a self-signed certificate. I found several tutorials out on the web. They all follow the same general procedure.

  1. Generate your private key
  2. Generate your Certificate Signing Request
  3. Generate a new key from your private key without a PassPhrase. You need this to start apache web server without prompting.
  4. Move the certificate and the insecure key over to the /etc/httpd/conf directory and change the permissions on the files so that root is the only one who can read them(i.e. chmod 400).
  5. Edit the /etc/httpd/conf.d/ssl.conf file and tell it to use the new certificate and key file.

The tutorial I used was at http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/.  The only change I made to this procedure was to add the “-new” parameter when I was creating a CSR. After restarting the httpd you should be able to browse your repository using https://myserver.com/repos/.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.