Since I’m starting some real work on my final school project, I want to install a Ubuntu development server here at home. I have a Pentium 4 box here that will perform that task.
In this first part I will show you how to install Subversion over WebDAV. All of this will be done in such a way that it’s easy to serve multiple projects at once.
In future parts I will tell you more about installing Trac, FastCGI (with Apache) to host Rails applications and how to use Capistrano to deploy your app properly.
For now, let’s get cracking at Subversion.
First off, I installed Ubuntu 6.10 on my server. Because I don’t need a graphical user interface, I have installed Ubuntu in text-only mode.
Open up to the universe
The first thing I always do when I install a Ubuntu box is to enable the universe package repositories. This is rather easy.
Edit /etc/apt/sources.list and uncomment all the Universe related lines. Also, comment out your install disk. Here’s what my /etc/apt/sources.list looks like:
# deb cdrom:[Ubuntu 6.10 _Edgy Eft_ - Release i386 (20061025)]/ edgy main restricted deb http://nl.archive.ubuntu.com/ubuntu/ edgy main restricted deb-src http://nl.archive.ubuntu.com/ubuntu/ edgy main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://nl.archive.ubuntu.com/ubuntu/ edgy-updates main restricted deb-src http://nl.archive.ubuntu.com/ubuntu/ edgy-updates main restricted ## Uncomment the following two lines to add software from the 'universe' ## repository. ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## universe WILL NOT receive any review or updates from the Ubuntu security ## team. deb http://nl.archive.ubuntu.com/ubuntu/ edgy universe deb-src http://nl.archive.ubuntu.com/ubuntu/ edgy universe ## Uncomment the following two lines to add software from the 'backports' ## repository. ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. # deb http://nl.archive.ubuntu.com/ubuntu/ edgy-backports main restricted universe multiverse # deb-src http://nl.archive.ubuntu.com/ubuntu/ edgy-backports main restricted universe multiverse deb http://security.ubuntu.com/ubuntu edgy-security main restricted deb-src http://security.ubuntu.com/ubuntu edgy-security main restricted deb http://security.ubuntu.com/ubuntu edgy-security universe deb-src http://security.ubuntu.com/ubuntu edgy-security universe
The next step is to make sure all software present is up-to-date. There are already a few updates available so run these two commands:
sudo apt-get update sudo apt-get dist-upgrade
Getting SSH up and running
Because I have a MacBook, I’d like to use it to do my work. To do so I need to install the OpenSSH server on my server so I can access it over the network.
sudo apt-get install ssh
This will install ssh and the OpenSSH server. It also generates everything you need automatically like RSA keys and all that.
Now, try to login wiht SSH from your desktop machine.
Since I want to use Subversion of WebDAV I will need to install Apache first. I’ll grab a vanilla copy of Apache from Ubuntu here.
sudo apt-get install apache2
If that’s finished you should see a placeholder when you access your server with a browser. Check this now.
Subversion is also easily installed.
sudo apt-get install subversion subversion-tools
Next we should setup a location for our Subversion repositories. I choose to put them in /var/lib/svn. Create this directory now:
sudo mkdir -p /var/lib/svn
I also create a repository now and create a basic Subversion structure there. In my case the project is called ‘colt’.
sudo mkdir -p /var/lib/svn/colt sudo svnadmin create /var/lib/svn/colt sudo svn mkdir file:///var/lib/svn/colt/trunk -m "Trunk" sudo svn mkdir file:///var/lib/svn/colt/tags -m "Tags" sudo svn mkdir file:///var/lib/svn/colt/branches -m "Branches"
Note that you need to sudo the svn commands because only root has write access to your repository currently.
WebDAV for SVN
Okay. You are already at revision 3 on your repository. Good work! Now let’s make sure that you repositories are accessable over the web. First, we install libapache2-svn. This packages includes WebDAV support for SVN.
sudo apt-get install libapache2-svn
Next I open up /etc/apache2/mods-available/dav_svn.conf. This file contains configuration for the WebDAV and SubVersion modules we just installed.
Here I enable basic HTTP authentication, which is good enough for my local network. I also enable DAV by uncommenting “DAV svn”.
You need to take special care of the “SVNPath” variable here. We don’t host just one repository. We host several and /var/lib/svn is the parent directory of all our repositories. E.g. ‘colt’ is a sub directory that resides in /var/lib/svn. To make Apache understand this we need to change “SVNPath” to “SVNParentPath”. This enables all sub directories to be independent repositories.
Note: The authentication file we use here can be recycled later when we install Trac! Handy-Dandy, isn’t it?
I made my configuration look like this:
# dav_svn.conf - Example Subversion/Apache configuration # # For details and further options see the Apache user manual and # the Subversion book. # <location URL> ... </location> # URL controls how the repository appears to the outside world. # In this example clients access the repository as http://hostname/svn/ <location /svn> # Uncomment this to enable the repository, DAV svn # Set this to the path to your repository SVNParentPath /var/lib/svn # The following allows for basic http authentication. Basic authentication # should not be considered secure for any particularly rigorous definition of # secure. # to create a passwd file # # rm -f /etc/apache2/dav_svn.passwd # # htpasswd2 -c /etc/apache2/dav_svn.passwd dwhedon # New password: # Re-type new password: # Adding password for user dwhedon # # # Uncomment the following 3 lines to enable Basic Authentication AuthType Basic AuthName "Subversion Repository Access" AuthUserFile /etc/apache2/dav_svn.passwd # Uncomment the following line to enable Authz Authentication # AuthzSVNAccessFile /etc/apache2/dav_svn.authz # The following three lines allow anonymous read, but make # committers authenticate themselves. <limitexcept GET PROPFIND OPTIONS REPORT> Require valid-user </limitexcept> </location>
Now kick Apache to reload and you should be able to access your repository over the web! Try http://example.com/svn/colt.
Reading of the repository is okay without authentication. But writing needs to be protected. We need to create a password file for this. This is easy and is already explained in /etc/apache2/mods-available/dav_svn.conf:
sudo htpasswd2 -c /etc/apache2/dav_svn.passwd ariejan
Go ahead, add as many users as you need.
Apache, Subversion and the world
Before you start using Subversion, make sure you make the repositories owned by Apache. Apache is the one who wil access the repositories physically. This is really easy:
sudo chown -R www-data.www-data /var/lib/svn
When you access your repository for write actions now, you will recieve the following message:
Authentication realm: <http ://example.com:80> Subversion Repository Access Password for 'ariejan':
Alright sparky! Subversion access is ready for you now! Next time I’ll tell you how to integrate Trac with your hot new Subversion repositories.
All users in you passwd file can write to all repositories. I’ve not yet found a way to prevent this, since I don’t need that functionality right now. If you know more about this, please let me know.
Subversion repositories are always readable by anonymous people. You should remove the LimitExcept block from dav_svn.conf to make sure all users authenticated themselves before accessing your repository.
If you add more repositories, you always have to chown them to your apache’s user and group. After that you can use them through WebDAV.