This describes on how to install a plain Subversion server.
Optional behind an HTTPS Apache proxy.
Presuming LXC is already installed.
Create container type from selection out of list which is downloaded.
lxc-create -n svn -t download
For this example ubuntu, jammy, amd64 is selected.
Start the container.
lxc-start -n svn
Make the LXC-container run at start by changing or adding the following to
the file /var/lib/lxc/svn/config.
# Enable auto start of this container.
lxc.start.auto = 1
# Delay start this container 45 seconds from when the host starts.
lxc.start.delay = 45
To get hold of the containers console (root) execute the following.
lxc-attach -n svn
Install the needed packages for easy use of commend line (bash-completion) and an editor (joe) or any other.
apt install bash-completion mc joe
Make the shell use colors by modifying the .bashrc and uncomment the line #force_color_prompt=yes
and also at the end of the same file uncomment the lines.
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
. /etc/bash_completion
fi
Install Subversion required packages.
apt install subversion apache2 libapache2-mod-svn libsvn-dev
Create directory to hold the repositories.
mkdir -p /var/lib/svn/
Create an empty repository.
TODO: Directories as trunk, branches and tags is not described.
svnadmin create /var/lib/svn/myrepo
Enable the Apache modules.
a2enmod dav dav_svn
Edit the dav_svn.conf file.
editor /etc/apache2/mods-enabled/dav_svn.conf
Uncomment/edit until the content matches the one below.
<Location /svn>
DAV svn
SVNParentPath /var/lib/svn
SVNListParentPath on
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
Do not uncomment
Alias /svn /var/lib/svn
Restart the webserver.
apachectl restart
Add a user to the basic password file.
# Create an empty file.
touch /etc/apache2/dav_svn.passwd
# Add user and password.
htpasswd -m /etc/apache2/dav_svn.passwd <user-name>
Example config for placing the container behind a HTTPS proxy having an letsencrypt SSL certificate.
Define DOMAIN "my.domain.com"
Define BASE_DIR "/my/base/dir"
# Container ip and port.
Define IP_AND_PORT "10.0.3.12:80"
<IfModule ssl_module>
<VirtualHost *:443>
ServerName ${DOMAIN}
SSLEngine On
SSLCertificateFile "${BASE_DIR}/ssl-certs/${DOMAIN}-cert.pem"
SSLCertificateKeyFile "${BASE_DIR}/ssl-certs/${DOMAIN}-key.pem"
SSLCertificateChainFile "${BASE_DIR}/ssl-certs/${DOMAIN}-letsencrypt.pem"
# Prevent usage SSLv3 and SSLv2.
SSLProtocol All -SSLv2 -SSLv3
# Enable all relevant secure ciphers (and disable insecure ones)
SSLCipherSuite \
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:\
DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:\
ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:\
ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:\
AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLHonorCipherOrder on
# LogLevel debug
ErrorLog ${APACHE_LOG_DIR}/proxy-error.log
CustomLog ${APACHE_LOG_DIR}/proxy-access.log vhost_combined
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
# Important for making git-svn work when using 'dcommit' with moved files.
RequestHeader edit Destination ^https http early
<Location />
Order deny,allow
Allow from all
ProxyPass "http://${IP_AND_PORT}/"
ProxyPassReverse "http://${IP_AND_PORT}:80/"
</Location>
</VirtualHost>
</IfModule>
when using a nginx webserver add the following
for making git-svn work when using 'dcommit' with moved files.
set $fixed_destination $http_destination;
if ( $http_destination ~* ^https(.*)$ ) {
set $fixed_destination http$1;
}
proxy_set_header Destination $fixed_destination;
proxy_set_header Host $http_host;