Install SVN WebDAV + SSL on Ubuntu (Apache)

Environment:
Ubuntu: 10.04

 

1) install svn, apache and modules:
sudo apt-get update
sudo apt-get install subversion
sudo apt-get install apache2  #default user and group is www-data (use commands "vipw" and "vigr" to check)
sudo apt-get install libapache2-svn  #install apache-svn module

2) enable ssl module for apache:
sudo a2enmod ssl  #go to this directory to check if it is enabled: /etc/apache2/mods-enabled

3) allow apache to support SSL port 443:
ensure apache port 443 is added to /etc/apache2/ports.conf by checking "Listen 443"

4) create a virtual host(vh) on apache (use the default vh as a template):
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mynewsite 

5) enable the vh site
sudo a2ensite mynewsite
sudo a2dissite default-ssl  #disable the default ssl vh

6) create a self-signed Apache SSL certificate with openssl:
generate key:
openssl genrsa -des3 -out server.key 1024

create CSR:
openssl req -new -key server.key -out server.csr

sign CSR:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

Note: a) The above procedure can also be done with the script make-ssl-cert with some path changed accordingly(advantage for using this script: a .pem file requires no passphrase input when starting apache):
sudo apt-get install ssl-cert
sudo mkdir /etc/apache2/ssl
sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem

b) To allow apache auto restart when boot up without interactive password entry. Use this method.

According to this link: https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html

In any case, you can choose to run your secure service without a passphrase by leaving out the -des3 switch in the generation phase or by issuing the following command at a terminal prompt:

openssl rsa -in server.key -out server.key.insecure

7) create a SVN repository: myproj:
sudo mkdir -p /var/local/svn

#to create more repositories further, run these commands for each new repository:
sudo svnadmin create /var/local/svn/myproj
sudo chown -R www-data:www-data /var/local/svn/myproj  #www-data is apache's default user and group
sudo chmod -R g+ws /var/local/svn/myproj

8) add two users for SVN DAV access:
sudo htpasswd -cm  /etc/apache2/dav_svn.passwd svnuser
sudo htpasswd -m  /etc/apache2/dav_svn.passwd ljsspace

9) configure the vh mynewsite: (sudo vi /etc/apache2/sites-available/mynewsite)

NameVirtualHost *:443
<virtualhost *:443>
        ServerAdmin ljsspace@csdn.net
    <Location /svnroot>
        DAV svn
        SVNParentPath /var/local/svn
        AuthType Basic
        AuthName "SVN Repository"
        AuthUserFile /etc/apache2/dav_svn.passwd        
        Require valid-user
        SSLRequireSSL
    </Location>

        CustomLog /var/log/apache2/ssl-access.log combined
        ErrorLog /var/log/apache2/ssl_error.log
 

        SSLEngine On
        SSLOptions +StrictRequire
        #SSLProtocol all
        #SSLCipherSuite HIGH:MEDIUM
        SSLCertificateFile    /etc/ssl/certs/server.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key
</virtualhost>

Note: a) this <Location> part can also be put into the file: /etc/apache2/mods-enabled/dav_svn.conf.
b) if there is no "Require valid-user", anonymous users can browser/read the repository but can't commit/write changes.

10)  restart apache:
sudo /etc/init.d/apache2 restart

11) test (login with svnuser or ljsspace that are created above):
https://localhost/svnroot/myproj/

12) to add more repositories, repeat step 7) only.