How to setup a Ubuntu development server - Part 1
Since I’m starting some real work on my final school project, I want to install a Ubuntu development server here at home. I have a Pentium 4 box here that will perform that task.
In this first part I will show you how to install Subversion over WebDAV. All of this will be done in such a way that it’s easy to serve multiple projects at once.
In future parts I will tell you more about installing Trac, FastCGI (with Apache) to host Rails applications and how to use Capistrano to deploy your app properly.
For now, let’s get cracking at Subversion.
First off, I installed Ubuntu 6.10 on my server. Because I don’t need a graphical user interface, I have installed Ubuntu in text-only mode.
Open up to the universe
The first thing I always do when I install a Ubuntu box is to enable the universe package repositories. This is rather easy.
Edit /etc/apt/sources.list and uncomment all the Universe related lines. Also, comment out your install disk. Here’s what my /etc/apt/sources.list looks like:
1# deb cdrom:[Ubuntu 6.10 _Edgy Eft_ - Release i386 (20061025)]/ edgy main restricted
2
3deb http://nl.archive.ubuntu.com/ubuntu/ edgy main restricted
4deb-src http://nl.archive.ubuntu.com/ubuntu/ edgy main restricted
5
6## Major bug fix updates produced after the final release of the
7## distribution.
8deb http://nl.archive.ubuntu.com/ubuntu/ edgy-updates main restricted
9deb-src http://nl.archive.ubuntu.com/ubuntu/ edgy-updates main restricted
10
11## Uncomment the following two lines to add software from the 'universe'
12## repository.
13## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
14## team, and may not be under a free licence. Please satisfy yourself as to
15## your rights to use the software. Also, please note that software in
16## universe WILL NOT receive any review or updates from the Ubuntu security
17## team.
18deb http://nl.archive.ubuntu.com/ubuntu/ edgy universe
19deb-src http://nl.archive.ubuntu.com/ubuntu/ edgy universe
20
21## Uncomment the following two lines to add software from the 'backports'
22## repository.
23## N.B. software from this repository may not have been tested as
24## extensively as that contained in the main release, although it includes
25## newer versions of some applications which may provide useful features.
26## Also, please note that software in backports WILL NOT receive any review
27## or updates from the Ubuntu security team.
28# deb http://nl.archive.ubuntu.com/ubuntu/ edgy-backports main restricted universe multiverse
29# deb-src http://nl.archive.ubuntu.com/ubuntu/ edgy-backports main restricted universe multiverse
30
31
32deb http://security.ubuntu.com/ubuntu edgy-security main restricted
33deb-src http://security.ubuntu.com/ubuntu edgy-security main restricted
34deb http://security.ubuntu.com/ubuntu edgy-security universe
35deb-src http://security.ubuntu.com/ubuntu edgy-security universe
The next step is to make sure all software present is up-to-date. There are already a few updates available so run these two commands:
1sudo apt-get update
2sudo apt-get dist-upgrade
That’s it.
Getting SSH up and running
Because I have a MacBook, I’d like to use it to do my work. To do so I need to install the OpenSSH server on my server so I can access it over the network.
1sudo apt-get install ssh
This will install ssh and the OpenSSH server. It also generates everything you need automatically like RSA keys and all that.
Now, try to login wiht SSH from your desktop machine.
Apache
Since I want to use Subversion of WebDAV I will need to install Apache first. I’ll grab a vanilla copy of Apache from Ubuntu here.
1sudo apt-get install apache2
If that’s finished you should see a placeholder when you access your server with a browser. Check this now.
Getting Subversion
Subversion is also easily installed.
1sudo apt-get install subversion subversion-tools
Next we should setup a location for our Subversion repositories. I choose to put them in /var/lib/svn. Create this directory now:
1sudo mkdir -p /var/lib/svn
I also create a repository now and create a basic Subversion structure there. In my case the project is called ‘colt’.
1sudo mkdir -p /var/lib/svn/colt
2sudo svnadmin create /var/lib/svn/colt
3sudo svn mkdir file:///var/lib/svn/colt/trunk -m "Trunk"
4sudo svn mkdir file:///var/lib/svn/colt/tags -m "Tags"
5sudo svn mkdir file:///var/lib/svn/colt/branches -m "Branches"
Note that you need to sudo the svn commands because only root has write access to your repository currently.
WebDAV for SVN
Okay. You are already at revision 3 on your repository. Good work! Now let’s make sure that you repositories are accessable over the web. First, we install libapache2-svn. This packages includes WebDAV support for SVN.
1sudo apt-get install libapache2-svn
Next I open up /etc/apache2/mods-available/dav_svn.conf. This file contains configuration for the WebDAV and SubVersion modules we just installed.
Here I enable basic HTTP authentication, which is good enough for my local network. I also enable DAV by uncommenting “DAV svn”.
You need to take special care of the “SVNPath” variable here. We don’t host just one repository. We host several and /var/lib/svn is the parent directory of all our repositories. E.g. ‘colt’ is a sub directory that resides in /var/lib/svn. To make Apache understand this we need to change “SVNPath” to “SVNParentPath”. This enables all sub directories to be independent repositories.
Note: The authentication file we use here can be recycled later when we install Trac! Handy-Dandy, isn’t it?
I made my configuration look like this:
1# dav_svn.conf - Example Subversion/Apache configuration
2#
3# For details and further options see the Apache user manual and
4# the Subversion book.
5
6# <location URL> ... </location>
7# URL controls how the repository appears to the outside world.
8# In this example clients access the repository as http://hostname/svn/
9<location /svn>
10
11 # Uncomment this to enable the repository,
12 DAV svn
13
14 # Set this to the path to your repository
15 SVNParentPath /var/lib/svn
16
17 # The following allows for basic http authentication. Basic authentication
18 # should not be considered secure for any particularly rigorous definition of
19 # secure.
20
21 # to create a passwd file
22 # # rm -f /etc/apache2/dav_svn.passwd
23 # # htpasswd2 -c /etc/apache2/dav_svn.passwd dwhedon
24 # New password:
25 # Re-type new password:
26 # Adding password for user dwhedon
27 # #
28
29 # Uncomment the following 3 lines to enable Basic Authentication
30 AuthType Basic
31 AuthName "Subversion Repository Access"
32 AuthUserFile /etc/apache2/dav_svn.passwd
33
34 # Uncomment the following line to enable Authz Authentication
35 # AuthzSVNAccessFile /etc/apache2/dav_svn.authz
36
37 # The following three lines allow anonymous read, but make
38 # committers authenticate themselves.
39
40 <limitexcept GET PROPFIND OPTIONS REPORT>
41 Require valid-user
42 </limitexcept>
43
44</location>
Now kick Apache to reload and you should be able to access your repository over the web! Try http://example.com/svn/colt.
Authentication
Reading of the repository is okay without authentication. But writing needs to be protected. We need to create a password file for this. This is easy and is already explained in /etc/apache2/mods-available/dav_svn.conf:
1sudo htpasswd2 -c /etc/apache2/dav_svn.passwd ariejan
Go ahead, add as many users as you need.
Apache, Subversion and the world
Before you start using Subversion, make sure you make the repositories owned by Apache. Apache is the one who wil access the repositories physically. This is really easy:
1sudo chown -R www-data.www-data /var/lib/svn
When you access your repository for write actions now, you will recieve the following message:
1Authentication realm: <http ://example.com:80> Subversion Repository Access
2Password for 'ariejan':
Alright sparky! Subversion access is ready for you now! Next time I’ll tell you how to integrate Trac with your hot new Subversion repositories.
Notes
All users in you passwd file can write to all repositories. I’ve not yet found a way to prevent this, since I don’t need that functionality right now. If you know more about this, please let me know.
Subversion repositories are always readable by anonymous people. You should remove the LimitExcept block from dav_svn.conf to make sure all users authenticated themselves before accessing your repository.
If you add more repositories, you always have to chown them to your apache’s user and group. After that you can use them through WebDAV.