Enable HTTP and HTTPS access for Subversion
From SynologyWiki
This guide describes how to setup and configure an Apache2 server that allows authenticated access to the Subversion server. It assumes you followed the Step-by-step guide to installing Subversion.
Contents |
Install Apache 2 Server
Install Apache 2 Package
As you have already installed ipkg to install the Subversion server, you can type the following command to install the Apache 2 server. Issue:
ipkg install apache
ipkg might install some dependencies. Just let it happen.
Test installation
As the diskstation does already have an Apache server running for its admin web interface and (if you enabled it) the web station, the default HTTP port (80) is already in use. Therefore the additional server's port is set to 8000 per default. Thus, testing your installation is done by accessing http://<IP of your Diskstation>:8000/. You should see the message It works! if it worked.
If you get a message similar to Failed to connect make sure the server is running by issuing the following command:
/volume1/opt/sbin/apachectl start
Then try again. If the command above caused the output httpd (pid <Number>) already running, refer to the following section (Configure ports), as your Apache server seems to use a different default port.
Configure ports (optional)
As it might be desirable to have the newly installed Apache server use the default port for HTTP access, this section explains how to swap ports with the diskstation's internal Apache.
First open the configuration file of our new Apache server:
vi /volume1/opt/etc/apache2/httpd.conf
Search for the line Listen 8000 and change the port to 80 by moving to the end of the line and pressing x twice. Save the changes by typing :wq and pressing enter.
Now open the user configuration file of the diskstation's Apache server:
vi /usr/syno/apache/conf/httpd.conf-user
Search for the line Listen 80 and change the port to 8000 by moving to the end of the line, pressing a (append), add the two 0 and quit append mode by pressing ESC. Save the changes by typing :wq and pressing Enter.
| Note: The file /usr/syno/apache/conf/httpd.conf seems to have no effect, you can safely ignore it. But you should NEVER touch the /usr/syno/apache/conf/httpd.conf-sys file, as it configures the web administration interface, and you don't want that to get broken... |
To make sure both Apaches get restarted properly, just reboot the diskstation:
reboot
Enable SSL (optional)
To enable SSL, open the configuration file of our new Apache server again:
vi /volume1/opt/etc/apache2/httpd.conf
Now search for the line
#Include etc/apache2/extra/httpd-ssl.conf
and remove the asterisk (#) at the start (move the cursor over it and press x). Save and quit (:wq and Enter).
Now you have to provide an SSL server certificate and key. This guide will just use the ones that come with the diskstation. Therefore change to the config directory of our Apache server and create links to the diskstation's certificate files:
cd /volume1/opt/etc/apache2 ln -s /usr/syno/etc/ssl/ssl.crt/server.crt ln -s /usr/syno/etc/ssl/ssl.key/server.key
Now restart the Apache server:
/volume1/opt/sbin/apachectl restart
In case the server fails to restart due to missing certificate files, you will have to check the SSL configuration at /volume1/opt/etc/apache2/extra/httpd-ssl.conf to check where it looks for them. In doubt, specify the following lines (they should already exist, so replace them!) which point to the location where we just put the links to the diskstation's files to:
SSLCertificateFile "/opt/etc/apache2/server.crt" SSLCertificateKeyFile "/opt/etc/apache2/server.key"
| Note: You can change the HTTPS ports just as easy as the HTTP ports. Simply search for the Listen directives within the /volume1/opt/etc/apache2/extra/httpd-ssl.conf and /usr/syno/apache/conf/extra/httpd-ssl.conf-user files and change them accordingly. |
Configure Subversion access
The Apache server installed comes with the two additional modules required for Subversion access via HTTP(S), mod_dav and mod_dav_svn. It also provides a configuration template (located at /volume1/opt/etc/apache2/conf.d/mod_dav_svn.conf) for Subversion which we will use.
| Note: If the template is missing, just create the file from scratch. The guide will give you the full configuration file's content below. |
Enable Subversion
To enable the configuration template we have to edit the Apache server config once more:
vi /volume1/opt/etc/apache2/httpd.conf
Now we add the following block (move to the end of the file and press i to start editing) to include the configuration template:
# Subversion Include etc/apache2/conf.d/mod_dav_svn.conf
Now we have to add the repository. As it is located at /volume1/svn and thus cannot be reached by our Apache, we have to link to it from within our web folder. This is done by issuing the following commands:
cd /opt/share ln -s /volume1/svn
Now we edit the configuration template (vi /volume1/opt/etc/apache2/conf.d/mod_dav_svn.conf) and make it look like this (by adding the Location block at the end):
LoadModule dav_svn_module libexec/mod_dav_svn.so
LoadModule authz_svn_module libexec/mod_authz_svn.so
#
# Example configuration to enable HTTP access for a Subversion
# repository, "/home/svnroot".
#
#<Location /svn/repos>
# DAV svn
# SVNPath /home/svnroot
#
# # Limit write permission to list of valid users.
# <LimitExcept GET PROPFIND OPTIONS REPORT>
# # Require SSL connection for password protection.
# # SSLRequireSSL
#
# AuthType Basic
# AuthName "Authorization Realm"
# AuthUserFile /path/to/passwdfile
# Require valid-user
# </LimitExcept>
#</Location>
<Location /svn>
DAV svn
SVNParentPath /opt/share/svn
</Location>
Restart the Apache server to apply the changes:
/volume1/opt/sbin/apachectl restart
Now every repository that is located on the server can be reached by accessing http://<IP of your Diskstation>:8000/svn/<repo name>, for example http://192.168.0.100:8000/svn/test. This does also apply for the SSL connection, if configured.
Add password protection
As full access to our repositories should most likely not be given to everyone, this section describes how to add password protection. Therefore an htaccess file is required which contains the users allowed to access the repositories. The following shows the creation of a new htaccess file svn-auth-file, overwriting any existing one, and adds the user test. To add users to an existing file, change the -cm option to -m.
> /volume1/opt/sbin/apache-htpasswd -cm /volume1/opt/share/svn/svn-auth-file test New password: Re-type new password: Adding password for user test
Now we have to tell the Apache server to use the authentication(s) within the file. Therefore we update the Location block within the /volume1/opt/etc/apache2/conf.d/mod_dav_svn.conf file to look as follows:
<Location /svn>
DAV svn
SVNParentPath /opt/share/svn
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /opt/share/svn/svn-auth-file
Require valid-user
</Location>
This will require authentication with any of the users specified within the file to access the repository. If only write access should be restricted, we have to limit the Require valid-user option:
<Location /svn>
DAV svn
SVNParentPath /opt/share/svn
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /opt/share/svn/svn-auth-file
#Limit all except read-only HTTP request types
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
Restart the Apache server and test the result:
/volume1/opt/sbin/apachectl restart
Further reading
Now that your Subversion is accessible and (possibly) protected, you may want to tweak read/write permissions, maybe even on a repository / folder basis. See The Subversion Book for further details on that and anything else SVN.
Thanks
I'd like to thank
- Synology for making a product that is so nicely adjustable to one's personal needs, and
- Risto for his Step-by-step guide to installing Subversion which made my day :-)
--Boris59 19:15, 30 June 2009 (UTC)
