爲了複製方便,我是在虛擬機Vmware最簡化安裝Centos 7.6進行實驗的。 不能連網的環境,也可以搭個yum源或用源碼去安裝
到官網去下載apache和svn及其依賴包:
https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.39.tar.bz2 #Apache,很火的Web服務器軟件
https://mirrors.tuna.tsinghua.edu.cn/apache/subversion/subversion-1.12.0.tar.bz2 #Subversion(簡稱SVN),版本管理軟件
https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.bz2 #apr中包含了一些通用的開發組件,apache依賴
https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-util-1.6.1.tar.bz2 #apr-util也是包含了一些常用的開發組件,apache/svn依賴
https://sqlite.org/2019/sqlite-autoconf-3280000.tar.gz #SQLite一款輕量級開源數據庫,svn依賴
https://www.openssl.org/source/openssl-1.1.1b.tar.gz #https加密用的,apache依賴
https://nchc.dl.sourceforge.net/project/scons/scons/3.0.5/scons-3.0.5.tar.gz #安裝新版serf需要用到
https://www.apache.org/dist/serf/serf-1.3.9.tar.bz2 #不是必要軟件,如需通過http/https協議訪問版本庫纔要安裝
Subversion有ra_dav(http,https)、ra_svn(svn原生協議)、ra_local(本地路徑)三種存取模塊,默認安裝了ra_svn和ra_local。如需svn支持ra_dav存儲模塊,需要我們自己在安裝svn前安裝serf(舊版本subversion的http/https客戶端基於neon,1.8版本後改用serf)。serf-1.3.0之前的版本,源碼安裝是“configure”配置->“make”編譯->"make install"安裝;但serf-1.3.0之後的版本安裝是用scons方式
方法一:
直接yum安裝svn和https及所依賴的模塊,然後進行相關配置配置
yum -y install subversion mod_dav_svn httpd httpd-devel openssl mod_ssl
openssl是一個函數庫,mod_ssl是apache的一個擴展模塊,該模塊依賴openssl。貌似新的apache自帶了ssl,不需另外安裝
方法二:
源碼安裝
1、安裝apr
[root@localhost ~]# mkdir -p /software/tools
[root@localhost ~]# cd /software/tools/
[root@localhost tools]# rz #從本機傳安裝包到虛擬機
rz waiting to receive.
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring apr-1.6.5.tar.bz2...
100% 835 KB 835 KB/sec 00:00:01 0 Errors
Transferring apr-util-1.6.1.tar.bz2...
100% 418 KB 418 KB/sec 00:00:01 0 Errors
Transferring httpd-2.4.39.tar.bz2...
100% 6865 KB 6865 KB/sec 00:00:01 0 Errors
Transferring openssl-1.1.1b.tar.gz...
100% 8021 KB 8021 KB/sec 00:00:01 0 Errors
Transferring sqlite-autoconf-3280000.tar.gz...
100% 2744 KB 2744 KB/sec 00:00:01 0 Errors
Transferring subversion-1.12.0.tar.bz2...
100% 8305 KB 8305 KB/sec 00:00:01 0 Errors
[root@localhost tools]# ls
apr-1.6.5.tar.bz2 apr-util-1.6.1.tar.bz2 httpd-2.4.39.tar.bz2 openssl-1.1.1b.tar.gz sqlite-autoconf-3280000.tar.gz subversion-1.12.0.tar.bz2
[root@localhost tools]# tar -jxf apr-1.6.5.tar.bz2
tar (child): bzip2: Cannot exec: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now #報錯,解壓依賴bzip2
[root@localhost tools]# yum update
[root@localhost tools]# yum install bzip2 -y #yum更新bzip2,或下載源碼安裝
......
[root@localhost tools]# tar -jxf apr-1.6.5.tar.bz2
[root@localhost tools]# cd apr-1.6.5
[root@localhost apr-1.6.5]# ./configure --prefix=/software/apr #configure命令生成Makefile,爲下一步的編譯做準備。prefix安裝軟件到指定路徑
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
Configuring APR library
Platform: x86_64-pc-linux-gnu
checking for working mkdir -p... yes
APR Version: 1.6.5
checking for chosen layout... apr
checking for gcc... no
checking for cc... no
checking for cl.exe... no
configure: error: in `/software/tools/apr-1.6.5':
configure: error: no acceptable C compiler found in $PATH #沒找到依賴的gcc
See `config.log' for more details
[root@localhost apr-1.6.5]# yum install gcc -y
...... #檢查結果沒報錯
[root@localhost apr-1.6.5]# ./configure --prefix=/software/apr
...... #檢查結果沒報錯
[root@localhost apr-1.6.5]# make #從Makefile中讀取指令,然後編譯。
...... #檢查結果沒報錯
[root@localhost apr-1.6.5]# make install #從Makefile中讀取指令安裝到指定的位置。
...... #檢查結果沒報錯
[root@localhost apr-1.6.5]# ls /software/apr #檢查下安裝目錄是否存在了
bin build-1 include lib
2、安裝apr-util
[root@localhost tools]# tar -jxf apr-util-1.6.1.tar.bz2
[root@localhost tools]# cd apr-util-1.6.1
[root@localhost apr-util-1.6.1]# ./configure --prefix=/software/apr-util --with-apr=/software/apr/ #--with-apr= 指定上一步安裝apr路徑
...... #檢查沒報錯
[root@localhost apr-util-1.6.1]# make
......
xml/apr_xml.c:35:19: fatal error: expat.h: No such file or directory #有報錯,缺少expat庫
#include <expat.h>
^
compilation terminated.
make[1]: *** [xml/apr_xml.lo] Error 1
make[1]: Leaving directory `/software/tools/apr-util-1.6.1'
make: *** [all-recursive] Error 1
[root@localhost apr-util-1.6.1]# yum install expat-devel -y
...... #檢查沒報錯
[root@localhost apr-util-1.6.1]# make
...... #檢查沒報錯
[root@localhost apr-util-1.6.1]# make install
...... #檢查沒報錯
[root@localhost apr-util-1.6.1]# ls /software/apr-util/ #檢查下安裝目錄是否存在了
bin include lib
[root@localhost apr-util-1.6.1]#
3、安裝sqlite
[root@localhost tools]# tar -zxf sqlite-autoconf-3280000.tar.gz
[root@localhost tools]# cd sqlite-autoconf-3280000
[root@localhost sqlite-autoconf-3280000]# ./configure --prefix=/software/sqlite
...... #檢查沒報錯
[root@localhost sqlite-autoconf-3280000]# make && make install
...... #檢查沒報錯
[root@localhost sqlite-autoconf-3280000]# ls /software/sqlite/ #檢查下安裝目錄是否存在了
bin include lib share
[root@localhost sqlite-autoconf-3280000]#
4、安裝openssl
[root@localhost tools]# tar -zxf openssl-1.1.1b.tar.gz
[root@localhost tools]# cd openssl-1.1.1b
[root@localhost openssl-1.1.1b]# yum remove openssl -y #幹掉自帶的舊ssl,重新安裝
......
[root@localhost openssl-1.1.1b]# rm -rf /etc/ssl #刪除舊ssl配置
[root@localhost openssl-1.1.1b]#./config shared --prefix=/software/ssl --openssldir=/software/ssl
Operating system: x86_64-whatever-linux2
You need Perl 5. #報錯,提示依賴Perl5
[root@localhost openssl-1.1.1b]# yum -y install perl* #yum或者下載源碼安裝
.....
[root@localhost openssl-1.1.1b]# perl -v #確認下是否安裝好
This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi
......
[root@localhost openssl-1.1.1b]# ./config shared --prefix=/software/ssl --openssldir=/software/ssl #shared生成動態鏈接庫,prefix 是安裝目錄,openssldir是配置文件目錄
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1b (0x1010102fL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
[root@localhost openssl-1.1.1b]# make && make install
...... #檢查沒報錯
[root@localhost openssl-1.1.1b]# ls /software/ssl/ #檢查下安裝目錄是否存在了
bin certs ct_log_list.cnf ct_log_list.cnf.dist include lib misc openssl.cnf openssl.cnf.dist private share
[root@localhost openssl-1.1.1b]# /software/ssl/bin/openssl version -a #檢查下
/software/ssl/bin/openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory #有報錯,找不到動態庫
[root@localhost openssl-1.1.1b]# ldd /software/ssl/bin/openssl #列出動態庫依賴關係
linux-vdso.so.1 => (0x00007ffe27de6000)
libssl.so.1.1 => not found #沒找到這個庫
libcrypto.so.1.1 => not found #沒找到這個庫
libdl.so.2 => /lib64/libdl.so.2 (0x00007f8348475000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f8348259000)
libc.so.6 => /lib64/libc.so.6 (0x00007f8347e8c000)
/lib64/ld-linux-x86-64.so.2 (0x00007f8348679000)
[root@localhost openssl-1.1.1b]# ls
ACKNOWLEDGEMENTS build.info configdata.pm crypto e_os.h include libcrypto.pc libssl.map LICENSE NOTES.ANDROID NOTES.VMS pod2htmd.tmp ssl VMS
apps CHANGES Configurations demos external INSTALL libcrypto.so libssl.pc Makefile NOTES.DJGPP NOTES.WIN README test
appveyor.yml config Configure doc FAQ libcrypto.a libcrypto.so.1.1 libssl.so ms NOTES.PERL openssl.pc README.ENGINE tools
AUTHORS config.com CONTRIBUTING engines fuzz libcrypto.map libssl.a libssl.so.1.1 NEWS NOTES.UNIX os-dep README.FIPS util
[root@localhost openssl-1.1.1b]# cp libssl.so.1.1 /usr/lib64/
[root@localhost openssl-1.1.1b]# cp libcrypto.so.1.1 /usr/lib64/ #把make生成的這2庫文件複製到/uer/lib64,或者ln -s軟連接過去
[root@localhost openssl-1.1.1b]# ldd /software/ssl/bin/openssl
linux-vdso.so.1 => (0x00007ffc209c5000)
libssl.so.1.1 => /lib64/libssl.so.1.1 (0x00007f534b5a1000)
libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f534b0ba000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f534aeb6000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f534ac9a000)
libc.so.6 => /lib64/libc.so.6 (0x00007f534a8cd000)
/lib64/ld-linux-x86-64.so.2 (0x00007f534b833000)
[root@localhost openssl-1.1.1b]# /software/ssl/bin/openssl version -a
OpenSSL 1.1.1b 26 Feb 2019 #結果正常了
built on: Mon May 20 08:28:50 2019 UTC
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/software/ssl"
ENGINESDIR: "/software/ssl/lib/engines-1.1"
Seeding source: os-specific
[root@localhost openssl-1.1.1b]#
5、安裝serf
[root@localhost tools]# tar -zxf scons-3.0.5.tar.gz
[root@localhost tools]# cd scons-3.0.5
[root@localhost scons-3.0.5]# ls
build CHANGES.txt engine LICENSE.txt MANIFEST PKG-INFO README.txt RELEASE.txt scons.1 sconsign.1 scons-time.1 script setup.cfg setup.py
[root@localhost scons-3.0.5]# python setup.py install #也可以用yum或者rpm方式去安裝
......
[root@localhost scons-3.0.5]# cd ..
[root@localhost tools]# tar -jxf serf-1.3.9.tar.bz2
[root@localhost tools]# cd serf-1.3.9
[root@localhost serf-1.3.9]# yum install openssl-devel zlib* -y #先安裝依賴
..... #檢查沒報錯
[root@localhost serf-1.3.9]# scons prefix=/software/serf APR=/software/apr/bin/apr-1-config APU=/software/apr-util/bin/apu-1-config
.....
[root@localhost serf-1.3.9]# scons install
scons: Reading SConscript files ...
Checking for GNU-compatible C compiler...(cached) yes
scons: done reading SConscript files.
scons: Building targets ...
Install file: "libserf-1.a" as "/usr/local/lib/libserf-1.a" #咿~安裝的路徑不對的,scons -h看了才知道上面的參數必須是大寫的
Install file: "libserf-1.so.1.3.0" as "/usr/local/lib/libserf-1.so.1.3.0"
Install file: "serf.h" as "/usr/local/include/serf-1/serf.h"
Install file: "serf_bucket_types.h" as "/usr/local/include/serf-1/serf_bucket_types.h"
Install file: "serf_bucket_util.h" as "/usr/local/include/serf-1/serf_bucket_util.h"
Install file: "serf-1.pc" as "/usr/local/lib/pkgconfig/serf-1.pc"
scons: done building targets.
[root@localhost serf-1.3.9]# scons PREFIX=/software/serf APR=/software/apr/bin/apr-1-config APU=/software/apr-util/bin/apu-1-config
......#檢查沒報錯
[root@localhost serf-1.3.9]# scons install
scons: Reading SConscript files ...
Checking for GNU-compatible C compiler...(cached) yes
scons: done reading SConscript files.
scons: Building targets ...
Install file: "libserf-1.a" as "/software/serf/lib/libserf-1.a"
Install file: "libserf-1.so.1.3.0" as "/software/serf/lib/libserf-1.so.1.3.0"
Install file: "serf.h" as "/software/serf/include/serf-1/serf.h"
Install file: "serf_bucket_types.h" as "/software/serf/include/serf-1/serf_bucket_types.h"
Install file: "serf_bucket_util.h" as "/software/serf/include/serf-1/serf_bucket_util.h"
Install file: "serf-1.pc" as "/software/serf/lib/pkgconfig/serf-1.pc"
scons: done building targets.
[root@localhost serf-1.3.9]# scons -c
..... #檢查沒報錯
[root@localhost serf-1.3.9]# ls /software/serf/ #檢查目錄是否存在
include lib
[root@localhost serf-1.3.9]#
6、安裝apache(把防火牆關掉或者開放相應的配置端口)
[root@localhost tools]# tar -jxf httpd-2.4.39.tar.bz2
[root@localhost tools]# cd httpd-2.4.39
[root@localhost httpd-2.4.39]# yum install pcre* -y #先裝依賴,或源碼安裝
[root@localhost httpd-2.4.39]# ./configure --prefix=/software/apache --with-apr=/software/apr --with-apr-util=/software/apr-util --with-ssl=/software/ssl --enable-ssl --enable-so --enable-dav --enable-rewrite
......
config.status: executing default commands
configure: summary of build options:
Server Version: 2.4.39
Install prefix: /software/apache
C compiler: gcc -std=gnu99
CFLAGS: -g -O2 -pthread
CPPFLAGS: -DLINUX -D_REENTRANT -D_GNU_SOURCE
LDFLAGS:
LIBS:
C preprocessor: gcc -E
[root@localhost httpd-2.4.39]# make && make install
...... #檢查沒報錯
Installing man pages and online manual
mkdir /software/apache/man
mkdir /software/apache/man/man1
mkdir /software/apache/man/man8
mkdir /software/apache/manual
make[1]: Leaving directory `/software/tools/httpd-2.4.39'
[root@localhost httpd-2.4.39]# ls /software/apache/
bin build cgi-bin conf error htdocs icons include logs man manual modules
[root@localhost httpd-2.4.39]# vi /software/apache/conf/httpd.conf
......
ServerName www.example.com:80 #把這行前面註釋“#”去掉
.....
[root@localhost httpd-2.4.39]# /software/apache/bin/httpd -t
Syntax OK
7、安裝svn
[root@localhost tools]# yum remove svn -y #刪除自帶的舊svn
......
[root@localhost tools]# tar -jxf subversion-1.12.0.tar.bz2
[root@localhost tools]# cd subversion-1.12.0
[root@localhost subversion-1.12.0]# yum install zlib* -y #依賴zlib,麼有就先先安裝,源碼安裝也ok
......
[root@localhost subversion-1.12.0]# ./configure --prefix=/software/svn --with-apr=/software/apr --with-apr-util=/software/apr-util --with-sqlite=/software/sqlite --with-apxs=/software/apache/bin/apxs --with-lz4=internal --with-utf8proc=internal --with-serf=/software/serf --with-apache-libexecdir=/software/apache/modules
...... #檢查沒報錯
[root@localhost subversion-1.12.0]# make && make install
libtool: error: error: cannot install 'mod_dav_svn.la' to a directory not ending in ...... 報個錯,make clean就一下好了
[root@localhost subversion-1.12.0]# make clean
[root@localhost subversion-1.12.0]# make && make install
...... #檢查沒報錯
[root@localhost subversion-1.12.0]# /software/svn/bin/svn --version
/software/svn/bin/svn: error while loading shared libraries: libserf-1.so.1: cannot open shared object file: No such file or directory #報錯,找不到serf庫文件
[root@localhost subversion-1.12.0]# ldd /software/svn/bin/svn
linux-vdso.so.1 => (0x00007ffc69bd0000)
libsvn_client-1.so.0 => /software/svn/lib/libsvn_client-1.so.0 (0x00007fc569c5a000)
libsvn_wc-1.so.0 => /software/svn/lib/libsvn_wc-1.so.0 (0x00007fc5699a0000)
libsvn_ra-1.so.0 => /software/svn/lib/libsvn_ra-1.so.0 (0x00007fc569792000)
libsvn_diff-1.so.0 => /software/svn/lib/libsvn_diff-1.so.0 (0x00007fc569579000)
libsvn_ra_local-1.so.0 => /software/svn/lib/libsvn_ra_local-1.so.0 (0x00007fc56936f000)
libsvn_repos-1.so.0 => /software/svn/lib/libsvn_repos-1.so.0 (0x00007fc56912f000)
libsvn_fs-1.so.0 => /software/svn/lib/libsvn_fs-1.so.0 (0x00007fc568f22000)
libsvn_fs_fs-1.so.0 => /software/svn/lib/libsvn_fs_fs-1.so.0 (0x00007fc568cce000)
libsvn_fs_x-1.so.0 => /software/svn/lib/libsvn_fs_x-1.so.0 (0x00007fc568a7a000)
libsvn_fs_util-1.so.0 => /software/svn/lib/libsvn_fs_util-1.so.0 (0x00007fc568876000)
libsvn_ra_svn-1.so.0 => /software/svn/lib/libsvn_ra_svn-1.so.0 (0x00007fc568656000)
libsvn_ra_serf-1.so.0 => /software/svn/lib/libsvn_ra_serf-1.so.0 (0x00007fc568421000)
libserf-1.so.1 => not found
libsvn_delta-1.so.0 => /software/svn/lib/libsvn_delta-1.so.0 (0x00007fc568202000)
libsvn_subr-1.so.0 => /software/svn/lib/libsvn_subr-1.so.0 (0x00007fc567f2b000)
libexpat.so.1 => /lib64/libexpat.so.1 (0x00007fc567d01000)
libz.so.1 => /lib64/libz.so.1 (0x00007fc567aeb000)
libsqlite3.so.0 => /software/sqlite/lib/libsqlite3.so.0 (0x00007fc5677df000)
libm.so.6 => /lib64/libm.so.6 (0x00007fc5674dd000)
libaprutil-1.so.0 => /software/apr-util/lib/libaprutil-1.so.0 (0x00007fc5672b3000)
libapr-1.so.0 => /software/apr/lib/libapr-1.so.0 (0x00007fc56707d000)
librt.so.1 => /lib64/librt.so.1 (0x00007fc566e75000)
libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fc566c3e000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fc566a22000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007fc56681e000)
libc.so.6 => /lib64/libc.so.6 (0x00007fc566451000)
/lib64/ld-linux-x86-64.so.2 (0x00007fc569ee9000)
libserf-1.so.1 => not found
libserf-1.so.1 => not found
libserf-1.so.1 => not found
libfreebl3.so => /lib64/libfreebl3.so (0x00007fc56624e000)
[root@localhost subversion-1.12.0]# vi /etc/ld.so.conf.d/svn-libs.conf #把serf庫路徑寫進去,讓svn自己找
[root@localhost subversion-1.12.0]# cat /etc/ld.so.conf.d/svn-libs.conf
/software/serf/lib
[root@localhost subversion-1.12.0]# ldconfig
[root@localhost subversion-1.12.0]# /software/svn/bin/svn --version
svn, version 1.12.0 (r1857323)
compiled May 20 2019, 23:28:24 on x86_64-unknown-linux-gnu
Copyright (C) 2019 The Apache Software Foundation.
This software consists of contributions made by many people;
see the NOTICE file for more information.
Subversion is open source software, see http://subversion.apache.org/
The following repository access (RA) modules are available:
* ra_svn : Module for accessing a repository using the svn network protocol.
- handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
- handles 'file' scheme
* ra_serf : Module for accessing a repository via WebDAV protocol using serf.
- using serf 1.3.9 (compiled with 1.3.9)
- handles 'http' scheme
- handles 'https' scheme #加上serf一起後可以看到已經支持http/https訪問了
The following authentication credential caches are available:
* GPG-Agent
[root@localhost subversion-1.12.0]#
[root@localhost subversion-1.12.0]# ll /software/apache/modules/ | grep svn
-rwxr-xr-x. 1 root root 70016 May 21 04:38 mod_authz_svn.so
-rwxr-xr-x. 1 root root 1006888 May 21 04:38 mod_dav_svn.so
[root@localhost httpd-2.4.39]# /software/apache/bin/httpd -t
httpd: Syntax error on line 153 of /software/apache/conf/httpd.conf: Cannot load /software/svn/libexec/mod_dav_svn.so into server: /software/svn/libexec/mod_dav_svn.so: undefined symbol: dav_do_find_liveprop #報錯加載不到,該路徑也有這文件。後來我直接刪除apache和svn目錄重新按上面步驟6/7重新安裝就ok
[root@localhost httpd-2.4.39]# vi /software/apache/conf/httpd.conf #加下面內容,配置apache支持svn
......
LoadModule dav_svn_module /software/svn/libexec/mod_dav_svn.so
LoadModule authz_svn_module /software/svn/libexec/mod_authz_svn.so
.......
<Location /svn>
DAV svn #mod_dav_svn,HTTP 1.1擴展,用來支持SVN
SVNParentPath /software/data/svn #svn的根目錄
AuthzSVNAccessFile /software/apache/conf/svnauthz #用戶權限配置文件,手動創建
AuthType Basic #認證類型
AuthName "Subversion repository" #輸入用戶名密碼時的提示信息
AuthUserFile /software/apache/conf/passwd #用戶密碼認證文件,手動創建
Require valid-user #只授權身份認證的用戶
</Location>
[root@localhost subversion-1.12.0]# mkdir -p /software/date/svn
[root@localhost subversion-1.12.0]# /software/apache/bin/httpd -t
Syntax OK
[root@localhost subversion-1.12.0]# /software/apache/bin/apachectl start
[root@localhost subversion-1.12.0]# ps -ef | grep http
root 877 1 2 04:43 ? 00:00:00 /software/apache/bin/httpd -k start
daemon 878 877 0 04:43 ? 00:00:00 /software/apache/bin/httpd -k start
daemon 879 877 1 04:43 ? 00:00:00 /software/apache/bin/httpd -k start
daemon 904 877 0 04:43 ? 00:00:00 /software/apache/bin/httpd -k start
daemon 953 877 0 04:43 ? 00:00:00 /software/apache/bin/httpd -k start
root 986 7280 0 04:44 pts/0 00:00:00 grep --color=auto http
8、添加svn http用戶
[root@localhost apache]# /software/apache/bin/htpasswd -cm /software/apache/conf/passwd test #第一個用戶加參數-c用於創建文件,後續加的用戶不要加-c,否則會覆蓋掉。-m指用md5加密
New password:
Re-type new password:
Adding password for user test
[root@localhost apache]# /software/apache/bin/htpasswd -m /software/apache/conf/passwd debug
New password:
Re-type new password:
Adding password for user debug
[root@localhost apache]# /software/apache/bin/htpasswd -m /software/apache/conf/passwd user1
New password:
Re-type new password:
Adding password for user user1
[root@localhost apache]# /software/apache/bin/htpasswd -m /software/apache/conf/passwd user2
New password:
Re-type new password:
Adding password for user user2
[root@localhost apache]# ll conf/
total 104
drwxr-xr-x. 2 root root 4096 May 21 04:21 extra
-rw-r--r--. 1 root root 18779 May 21 04:43 httpd.conf
-rw-r--r--. 1 root root 13077 May 21 04:21 magic
-rw-r--r--. 1 root root 60847 May 21 04:21 mime.types
drwxr-xr-x. 3 root root 37 May 21 04:21 original
-rw-r--r--. 1 root root 87 May 21 05:10 passwd #新建的用戶密碼認證文件
9、用戶權限分配及創建svn項目
[root@localhost apache]# vi /software/apache/conf/svnauthz
[root@localhost apache]# cat /software/apache/conf/svnauthz #配置文件不要有縮行出現,根據自己情況配置
[groups] #羣組設置
Admin=test,debug #羣組Admin,包含成員test,debug
Develop=user1,user2 #羣組Develop,包含成員user1,user2
[www:/] #倉庫www根目錄下的訪問權限
test=rw #www倉庫用戶test有讀寫權限
debug=r #www倉庫用戶debug有讀權限
@Develop=rw #www倉庫用戶組develop(包含用戶user1,user2)有讀寫權限
[/] #指在所有倉庫的根目錄下
*=r #*表示所有用戶都有讀權限
[root@localhost apache]# groupadd apache
[root@localhost apache]# useradd apache -g apache #創建用戶及用戶組,該用戶用在以後路徑權限設置、軟件編譯、apache和svn運行時的用戶
[root@localhost apache]# id apache
uid=1000(apache) gid=1000(apache) groups=1000(apache)
[root@localhost apache]# vi /software/apache/conf/httpd.conf #修改apache運行用戶/用戶組
......
User apache
Group apache
......
[root@localhost apache]# /software/svn/bin/svnadmin create /software/data/svn/www #創建倉庫
[root@localhost apache]# chown -R apache:apache /software/date/svn/
[root@localhost apache]# ll /software/date/
total 0
drwxr-xr-x. 2 apache apache 6 May 21 04:43 svn
[root@localhost apache]# ls /software/data/svn/www
conf db format hooks locks README.txt
[root@localhost apache]# /software/apache/bin/apachectl graceful #重啓下apache
[root@localhost apache]# ps -ef |grep http
root 877 1 0 04:43 ? 00:00:05 /software/apache/bin/httpd -k start
apache 52290 877 0 22:14 ? 00:00:00 /software/apache/bin/httpd -k start
apache 52291 877 0 22:14 ? 00:00:00 /software/apache/bin/httpd -k start
apache 52292 877 0 22:14 ? 00:00:00 /software/apache/bin/httpd -k start
apache 52332 877 0 22:14 ? 00:00:00 /software/apache/bin/httpd -k start
root 52400 7280 0 22:14 pts/0 00:00:00 grep --color=auto http
10、驗證下
方法一:
瀏覽器打開剛纔創建的www,輸入用戶/密碼後可以看到返回
方法二:
用svn客戶端軟件測試。這裏用TortoiseSVN試下。安裝後,右鍵“SVN Checkout”, 輸入地址,點ok後輸入賬號密碼
創建一個文件"test.txt", “SVN commit”上次到svn服務器,然後刪除本地這個文件,試下“SVN update”後可以下載下來
方法三:
[root@localhost mnt]# /software/svn/bin/svn checkout http://192.168.101.133/svn/www
Authentication realm: <http://192.168.101.133:80> Subversion repository
Password for 'root': ******
Authentication realm: <http://192.168.101.133:80> Subversion repository
Username: test
Password for 'test': ******
A www/test.txt
Checked out revision 1.
[root@localhost mnt]# ls www/
test.txt
[root@localhost mnt]#
11、配https訪問
[root@localhost certs]# pwd
/software/ssl/certs
[root@localhost certs]# /software/ssl/bin/openssl version -v
OpenSSL 1.1.1b 26 Feb 2019
[root@localhost certs]# /software/ssl/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout svn.key -out svn.crt
Can't open /software/ssl/ssl/openssl.cnf for reading, No such file or directory
140473038055232:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:72:fopen('/software/ssl/ssl/openssl.cnf','r') #有個報錯,沒找到配置,應該剛纔安裝openssl的時候沒指定好
140473038055232:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:79:
unable to find 'distinguished_name' in config
problems making Certificate Request
140473038055232:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:crypto/conf/conf_lib.c:270:
[root@localhost certs]# mkdir -p /software/ssl/ssl/
[root@localhost certs]# cp /software/ssl/openssl.cnf /software/ssl/ssl/openssl.cnf #把上面報錯的配置移到指定路徑吧
[root@localhost certs]# /software/ssl/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout svn.key -out svn.crt
Generating a RSA private key
.+++++
....................+++++
writing new private key to 'svn.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:gd
Locality Name (eg, city) []:fs
Organization Name (eg, company) [Internet Widgits Pty Ltd]:test
Organizational Unit Name (eg, section) []:test
Common Name (e.g. server FQDN or YOUR name) []:test
Email Address []:
[root@localhost certs]# ls
svn.crt svn.key
[root@localhost certs]# cd /software/apache/conf/
[root@localhost conf]# \cp -R /software/ssl/certs/ .
[root@localhost conf]# ls certs/
svn.crt svn.key
[root@localhost conf]# vim httpd.conf
......
Include conf/extra/httpd-ssl.conf #把這一行註釋去掉
......
[root@localhost conf]# vim extra/httpd-ssl.conf #下面配置根據自己情況修改哦
......
Listen 443
......
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/software/apache/htdocs"
ServerName www.example.com:443
ServerAdmin [email protected]
ErrorLog "/software/apache/logs/error_log"
TransferLog "/software/apache/logs/access_log"
......
SSLCertificateFile "/software/apache/conf/certs/svn.crt"
......
SSLCertificateKeyFile "/software/apache/conf/certs/svn.key"
......
[root@localhost extra]# /software/apache/bin/apachectl restart
[root@localhost extra]# netstat -tlnp #可以看到443端口出來了
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 7140/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7248/master
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::80 :::* LISTEN 877/httpd
tcp6 0 0 :::22 :::* LISTEN 7140/sshd
tcp6 0 0 ::1:25 :::* LISTEN 7248/master
tcp6 0 0 :::443 :::* LISTEN 877/httpd
[root@localhost extra]#
加https對於安全,減少被劫持、篡改的機會。當然https開頭的域名訪問會稍微慢一點,主要是證書驗證、多次握手、CPU消耗等原因。假如配svn只是給內網用戶使用,可以在apache配置里加上Deny from all ....Allow from “IP”允許部分IP去訪問......
生產環境要根據情況嚴格點哦,例如購買/按規範生成證書、啓動rewrite重定向,使用用戶HTTP訪問自動重定向爲HTTPS等操作。這裏我只是爲了簡單測試下https,一次性生成證書和很多配置使用默認的......
上面的安裝軟件後那些命令可以加到環境變量,然後直接使用命令......