溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章主要介紹Linux下如何配置svn的https訪問,文中介紹的非常詳細,具有一定的參考價值,感興趣的小伙伴們一定要看完!
Apache Subversion 通常被縮寫成 SVN,是一個開放源代碼的版本控制系統,Subversion 在 2000 年由 CollabNet Inc 開發,現在發展成為 Apache 軟件基金會的一個項目,同樣是一個豐富的開發者和用戶社區的一部分。 SVN相對于的RCS、CVS,采用了分支管理系統,它的設計目標就是取代CVS。互聯網上免費的版本控制服務多基于Subversion。
[root@localhost ~]# yum install -y subversion
[root@localhost ~]# svn使用“svn help”得到用法。 [root@localhost ~]# svn help[root@localhost ~]# svn --version[root@localhost ~]# svnadmin help...
先創建目錄(這里目錄可以隨意,我為了方便自己管理就起了 /wfq)
[root@localhost /]# mkdir /wfq/svn/project
然后創建倉庫,倉庫目錄指定為剛才創建的目錄
[root@localhost /]# svnadmin create /wfq/svn/project
因為我們創建文件夾時使用root權限創建的所以我們需要修改組權限,防止因為權限不夠而svn操作失敗
[root@localhost /]# chown -R apache:apache /wfq/svn/project
進入到該目錄中就會發現生成了很多文件,文件中svn中最主要的配置就在conf目錄中
[root@localhost /]# cd /wfq/svn/project/[root@localhost project]# ll總用量 8 drwxr-xr-x. 2 root root 54 1月 19 02:12 conf drwxr-sr-x. 6 root root 233 1月 19 02:12 db -r--r--r--. 1 root root 2 1月 19 02:12 format drwxr-xr-x. 2 root root 231 1月 19 02:12 hooks drwxr-xr-x. 2 root root 41 1月 19 02:12 locks -rw-r--r--. 1 root root 229 1月 19 02:12 README.txt [root@localhost project]# cd conf/[root@localhost conf]# ll總用量 12 -rw-r--r--. 1 root root 1080 1月 19 02:12 authz -rw-r--r--. 1 root root 309 1月 19 02:12 passwd -rw-r--r--. 1 root root 3090 1月 19 02:12 svnserve.conf
conf–|
–| authz —svn的權限配置
–| passwd —svn的密碼配置(注意:因為我們要使用httpd 所以這里的密碼驗證文件不是密碼文件所以不可以用)
–| svnserve.conf —svn的基本配置文件
1.命令方式啟動(有缺陷)
關閉svn
[root@localhost ssl]# ps -ef|grep svnserveroot 1438 1 0 19:06 ? 00:00:00 /usr/bin/svnserve --daemon --pid-file=/run/svnserve/svnserve.pid -r /wfq/svn root 1493 1137 0 19:23 pts/0 00:00:00 grep --color=auto svnserve [root@localhost ssl]#kill -9 1438
啟動指定目錄
[root@localhost ssl]# svnserve -d -r /wfq/svn/[root@localhost ssl]# ps -ef|grep svnserveroot 1509 1 0 19:24 ? 00:00:00 svnserve -d -r /wfq/svn/ root 1511 1137 0 19:24 pts/0 00:00:00 grep --color=auto svnserve [root@localhost ssl]# systemctl restart httpd
這種方式有點缺點就是不能 使用下面這幾個命令來控制svn服務
[root@localhost ssl]# systemctl start svnserve[root@localhost ssl]# systemctl restart svnserve[root@localhost ssl]# systemctl stop svnserve[root@localhost ssl]# systemctl status svnserve
2.修改默認的啟動目錄
將OPTIONS=”-r /wfq/svn”變量修改未上面創建的根目錄
[root@localhost ssl]# vi /etc/sysconfig/svnserve# OPTIONS is used to pass command-line arguments to svnserve.## Specify the repository location in -r parameter:OPTIONS="-r /wfq/svn"
重啟
[root@localhost ssl]# systemctl restart svnserve[root@localhost ssl]# systemctl restart httpd
httpd模塊 是Apache超文本傳輸協議(HTTP)服務器的主程序。被設計為一個獨立運行的后臺進程,它會建立一個處理請求的子進程或線程的池。
mod_dav_svn 配置指令 模塊 是通過 Apache HTTP 服務器提供 Subversion 版本庫服務的配置說明。
[root@localhost project]# yum install -y httpd mod_dav_svn
創建密碼文件 htpasswd 命令中 最后面的是用戶名,然后輸入密碼回車,再次確認密碼回車就會創建好文件
如果要追加用戶的話就使用 -m 命令 去掉c命令否則會覆蓋了
使用命令查看后則會發現已創建該用戶
[root@localhost /]# htpasswd -cm /wfq/svn/project/conf/http-auth bugwfqNew password: Re-type new password: Adding password for user bugwfq [root@localhost /]# vi /wfq/svn/project/conf/http-authbugwfq:$apr1$0FjoVFII$Zb4G0C8/r3ooQKPmcJHCi/ ~ ~ ~
進入到 conf/authz 文件中配置權限詳細配置方式請參考 配置詳解
[root@localhost /]# vi /wfq/svn/project/conf/authz### This file is an example authorization file for svnserve.### Its format is identical to that of mod_authz_svn authorization### files.### As shown below each section defines authorizations for the path and### (optional) repository specified by the section name.### The authorizations follow. An authorization line can refer to:### - a single user,### - a group of users defined in a special [groups] section,### - an alias defined in a special [aliases] section,### - all authenticated users, using the '$authenticated' token,### - only anonymous users, using the '$anonymous' token,### - anyone, using the '*' wildcard.###### A match can be inverted by prefixing the rule with '~'. Rules can### grant read ('r') access, read-write ('rw') access, or no access### ('').[aliases]# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average[groups]# harry_and_sally = harry,sally# harry_sally_and_joe = harry,sally,&joeadmin = bugwfq #配置用戶組 admin 組內成員 admin= zs,ls,ww# [/foo/bar]# harry = rw# &joe = r# * =[/]
@admin = rw #所屬組權限配置 r讀w寫# [repository:/baz/fuz]"/wfq/svn/project/conf/authz" 37L, 1113C written去掉 下面幾個配置前面的#號
[root@localhost /]# vi /wfq/svn/project/conf/svnserve.conf### This file controls the configuration of the svnserve daemon, if you### use it to allow access to this repository. (If you only allow### access through http: and/or file: URLs, then this file is### irrelevant.)### Visit http://subversion.apache.org/ for more information.[general]### The anon-access and auth-access options control access to the### repository for unauthenticated (a.k.a. anonymous) users and### authenticated users, respectively.### Valid values are "write", "read", and "none".### Setting the value to "none" prohibits both reading and writing;### "read" allows read-only access, and "write" allows complete### read/write access to the repository.### The sample settings below are the defaults and specify that anonymous### users have read-only access to the repository, while authenticated### users have read and write access to the repository.anon-access = read auth-access = write### The password-db option controls the location of the password### database file. Unless you specify a path starting with a /,### the file's location is relative to the directory containing### this configuration file.### If SASL is enabled (see below), this file will NOT be used.### Uncomment the line below to use the default password file.password-db = http-auth### The authz-db option controls the location of the authorization### rules for path-based access control. Unless you specify a path### starting with a /, the file's location is relative to the the### directory containing this file. If you don't specify an### authz-db, no path-based access control is done.### Uncomment the line below to use the default authorization file.authz-db = authz### This option specifies the authentication realm of the repository.### If two repositories have the same authentication realm, they should### have the same password database, and vice versa. The default realm"/wfq/svn/project/conf/svnserve.conf" 61L, 3085C written
服務目錄:/etc/httpd/ 主配置文件:/etc/httpd/conf/httpd.conf
SVNParentPath /wfq/svn ##為根project 的上級目錄 AuthUserFile /wfq/svn/project/conf/httppasswd ##密碼文件位置 AuthzSVNAccessFile /wfq/svn/project/conf/authz ##權限配置
[root@localhost /]# vi /etc/httpd/conf/httpd.conf... ServerName locahost:80DAV svn SVNListParentPath on SVNParentPath /wfq/svn AuthType Basic AuthName "Subversion repositories"AuthUserFile /wfq/svn/project/conf/httppasswd AuthzSVNAccessFile /wfq/svn/project/conf/authz Require valid-user SVNAutoversioning on ModMimeUsePathInfo on... [root@localhost /]#
[root@localhost /]# cd /wfq/svn/[root@localhost svn]# chown -R apache. project/[root@localhost svn]# ll總用量 0 drwxr-xr-x. 6 apache apache 86 1月 19 02:12 project [root@localhost svn]# ll project/總用量 8 drwxr-xr-x. 2 apache apache 71 1月 19 03:21 conf drwxr-sr-x. 6 apache apache 233 1月 19 02:12 db -r--r--r--. 1 apache apache 2 1月 19 02:12 format drwxr-xr-x. 2 apache apache 231 1月 19 02:12 hooks drwxr-xr-x. 2 apache apache 41 1月 19 02:12 locks -rw-r--r--. 1 apache apache 229 1月 19 02:12 README.txt [root@localhost svn]#
重啟httpd
[root@localhost svn]# systemctl restart httpdJob for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
查看啟動失敗原因
[root@localhost svn]# systemctl status httpd● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 六 2019-01-19 03:57:46 CST; 1min 30s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 1952 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 1951 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=0/SUCCESS)
Main PID: 1951 (code=exited, status=0/SUCCESS)
1月 19 03:57:46 localhost.localdomain systemd[1]: Starting The Apache HTTP Server...
1月 19 03:57:46 localhost.localdomain httpd[1951]: httpd (pid 1600) already running
1月 19 03:57:46 localhost.localdomain kill[1952]: kill: cannot find process ""1月 19 03:57:46 localhost.localdomain systemd[1]: httpd.service: control process exited, code=exited status=1
1月 19 03:57:46 localhost.localdomain systemd[1]: Failed to start The Apache HTTP Server.
1月 19 03:57:46 localhost.localdomain systemd[1]: Unit httpd.service entered failed state.
1月 19 03:57:46 localhost.localdomain systemd[1]: httpd.service failed.查看日志
[root@localhost svn]# vi /var/log/httpd/error_log[Sat Jan 19 02:40:38.937489 2019] [core:notice] [pid 1599] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [Sat Jan 19 02:40:38.938439 2019] [suexec:notice] [pid 1599] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Jan 19 02:40:38.954448 2019] [auth_digest:notice] [pid 1600] AH01757: generating secret for digest authentication ... [Sat Jan 19 02:40:38.965269 2019] [lbmethod_heartbeat:notice] [pid 1600] AH02282: No slotmem from mod_heartmonitor [Sat Jan 19 02:40:38.992931 2019] [mpm_prefork:notice] [pid 1600] AH00163: Apache/2.4.6 (CentOS) SVN/1.7.14 configured -- resuming normal operations [Sat Jan 19 02:40:38.992970 2019] [core:notice] [pid 1600] AH00094: Command line: 'httpd'
原來是本地80端口忘開了,這里為了方便直接關閉防火墻
[root@localhost /]# systemctl stop firewalld.service[root@localhost /]# systemctl disable firewalld.service
然后接著重啟發現雖然成功了,但是訪問的時候報了500
The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
然后我查看了下錯誤日志
[Sat Jan 19 04:42:55.749505 2019] [authn_file:error] [pid 2207] (13)Permission denied: [client 192.168.4.208:10890] AH01620: Could not open password file: /wfq/svn/project/conf/httppasswd [Sun Jan 20 03:43:02.936928 2019] [mpm_prefork:notice] [pid 2202] AH00171: Graceful restart requested, doing restart
發現是新裝的系統SELinux未關閉,授權沒有生效。
有兩種處理方案:
1.永久關閉selinux并重啟系統
[root@localhost ~]# vi /etc/selinux/config
將SELINUX=enforcing修改為SELINUX=disabled
重啟系統reboot命令 應用相關設置
參考文章:linux 關閉selinux
2.命令方式直接修改SVN目錄的權限配置
chcon -R -h -t httpd_sys_content_t /wfq/svn/project
然后訪問地址http://ip/svn/project 輸入設置的賬號和密碼 看到該界面就說明訪問成功了
SSL數字證書
1.下載openssl與mod_ssl模塊
[root@localhost ~]# yum install -y openssl mod_ssl
2.生成key和證書
[root@localhost ~]# mkdir /etc/httpd/conf/ssl/[root@localhost ~]# cd /etc/httpd/conf/ssl/[root@localhost ssl]# ll總用量 0 [root@localhost ssl]# openssl genrsa -des3 -out server.key 1024Generating RSA private key, 1024 bit long modulus ............++++++ ...............++++++ e is 65537 (0x10001) Enter pass phrase for server.key: Verifying - Enter pass phrase for server.key: 生成csr [root@localhost ssl]# openssl req -new -key server.key > server.csrEnter pass phrase for server.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN #國家名稱(2個字母代碼)State or Province Name (full name) []:gd #省份Locality Name (eg, city) [Default City]:sz #城市Organization Name (eg, company) [Default Company Ltd]:xx #公司名稱Organizational Unit Name (eg, section) []:xx #公司部門Common Name (eg, your name or your server's hostname) []:bugwfq #主機名 Email Address []:bugwfq@163.com #郵件地址 Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:123456 #密碼 An optional company name []:bugwfq #可選的公司名稱 ... #生成證書 [root@localhost ssl]# openssl req -x509 -days 2048 -key server.key -in server.csr > server.crt Enter pass phrase for server.key: [root@localhost ssl]# ll 總用量 12 -rw-r--r-- 1 root root 997 1月 21 23:27 server.crt -rw-r--r-- 1 root root 729 1月 21 23:26 server.csr -rw-r--r-- 1 root root 963 1月 21 23:22 server.key
如果使用的阿里云服務器,并且有域名則找到對應的域名管理,開啟ssl證書然后下載apache 對應的證書
會生成以下幾個文件
將這些文件放到 /etc/httpd/conf/ssl 目錄下
\1. 打開/etc/httpd/conf/httpd.conf 配置文件配置以下信息
[root@localhost /]# vi /etc//httpd/conf/httpd.conf...# Load config files in the "/etc/httpd/conf.d" directory, if any.... LoadModule ssl_module modules/mod_ssl.so Mutex default ssl-cache SSLRandomSeed startup builtinSSLSessionCache none SSLCertificateFile conf/ssl/server.crt SSLCertificateKeyFile conf/ssl/server.key#SSLCertificateChainFile conf/ssl/X_X_X_chain.crt #如果是openssl 生產的可以不配,如果是正規機構配置的可以放上去...DAV svn ... ModMimeUsePathInfo on SSLRequireSSL #配置該行,
2.重啟httpd
[root@localhost /]# systemctl restart httpd
然后訪問對應的地址 https://xxx.xxx.xxx.xxx/svn/project
因為我使用openssl 生成得,所以雖然證書可以了,但是只適用于開發環境,上面還會出現證書不安全的提示
(需要在電腦上手動安裝證書 在這里就不提了)
如果我們從專門得證書機構申請證書就不會出現提示(下面這個是我自己阿里云申請配置的)
因為默認是http請求
所以我們要把http請求重定向到https的請求方式
1.修改配置文件
打開/etc/httpd/conf/httpd.conf 配置文件配置以下信息
1).添加mod_rewrite.so模塊
... LoadModule ssl_module modules/mod_ssl.s 我添加在了這一行下面 LoadModule rewrite_module modules/mod_rewrite.so ...
2.配置重定向規則
...
我配置在了 標簽上方
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]...3.重啟httpd
[root@localhost ssl]# systemctl restart httpd
搞定
有時候可能回遇到不同情況要多看日志或啟動信息去解決,配置文件的配置可能每個電腦上配置的方式會有所差異
在配置的時候盡量多摸索,多查詢網上其他資料。
在這里附上我用到的一些命令
svnserve -d -r /路徑 #指定目錄啟動其中 -d 表示守護進程-r 表示在后臺執行 /路徑 為svn的安裝目錄ps -ef|grep svnserve #這里是采取linux殺死進程的方式關閉SVNkill -9 pid #殺死進程, 此4967為進程號systemctl start 服務名 #啟動服務 httpd/svnserve/........systemctl stop 服務名 #關閉服務 httpd/svnserve/........systemctl restart 服務名 #重啟服務 httpd/svnserve/........systemctl status 服務名 #服務的狀態查看 可以查詢錯誤
以上是“Linux下如何配置svn的https訪問”這篇文章的所有內容,感謝各位的閱讀!希望分享的內容對大家有幫助,更多相關知識,歡迎關注億速云行業資訊頻道!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
