Apache+SVN部署

Apache+SVN部署

#1.安装依赖包
yum -y install expat-devel pcre pcre-devel openssl-devel

cd /server/tools/

#安装apr-1.7.0
wget https://mirrors.aliyun.com/apache/apr/apr-1.7.0.tar.gz
tar xf apr-1.7.0.tar.gz
cd apr-1.7.0/ && ./configure --prefix=/usr/local/apr && make && make install

#安装apr-util-1.6.1
wget https://mirrors.aliyun.com/apache/apr/apr-util-1.6.1.tar.gz
tar xf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1/ && ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/bin/apr-1-config && make && make install
yum install expat-devel

#安装sqlite-autoconf-3310100
wget https://www.sqlite.com/2020/sqlite-autoconf-3310100.tar.gz
tar xf sqlite-autoconf-3310100.tar.gz
cd sqlite-autoconf-3310100/ && ./configure && make && make install

#安装zlib-1.2.11
wget https://www.zlib.net/zlib-1.2.11tar.gz
tar xf zlib-1.2.11.tar.gz
cd zlib-1.2.11/ && ./configure && make && make install

#安装openssl-1.1.1d
wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
tar xf openssl-1.1.1d.tar.gz
cd openssl-1.1.1d/ && ./config --prefix=/usr/local/openssl -fPIC no-gost && make depend && make install

#安装scons
yum -y install scons

#安装serf-1.3.9
wget https://mirrors.aliyun.com/apache/serf/serf-1.3.9.tar.bz2
tar jxf serf-1.3.9.tar.bz2
scons PREFIX=/usr/local/serlf APR=/usr/local/apr/bin/apr-1-config APU=/usr/local/apr-util/bin/apu-1-config
echo "/usr/local/serlf/lib" >>/etc/ld.so.conf

#安装apche
wget https://mirrors.aliyun.com/apache/httpd/httpd-2.4.41.tar.gz
tar xf httpd-2.4.41.tar.gz 
cp -r apr-1.7.0 httpd-2.4.41/srclib/apr
cp -r apr-util-1.6.1 httpd-2.4.41/srclib/apr-util
cd httpd-2.4.41/
./configure --with-included-apr --prefix=/usr/local/svn/apache2 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-dav --enable-maintainer-mode --enable-rewrite --enable-ssl --with-ssl=/usr/local/openssl

#httpd安装中指定了--enable-ssl和--with-ssl=/usr/local/openssl/还是无法生效，httpd只在/usr/lib64查找libssl.so.1.0.0，因此安装完openssl之后需要做个软连接处理
ln -s /usr/local/openssl/lib/*.so.* /usr/lib64/
ln -s /usr/local/openssl/lib/*.so.* /usr/lib/


#安装svn
wget http://mirrors.tuna.tsinghua.edu.cn/apache/subversion/subversion-1.10.6.tar.gz
tar xf subversion-1.10.6.tar.gz
cd subversion-1.10.6/
./configure --prefix=/usr/local/svn/svn --with-apxs=/usr/local/svn/apache2/bin/apxs --with-apr=/usr/local/apr/bin/apr-1-config --with-apr-util=/usr/local/apr-util/bin/apu-1-config --with-lz4=internal --with-utf8proc=internal --enable-maintainer-mode --with-serf=/usr/local/serlf
make && make install

#创建svn根目录：
mkdir /data
svnadmin create /data/test

#http与svn的关联
#拷贝关联所需模块
cp /usr/local/svn/svn/libexec/mod_authz_svn.so /usr/local/svn/apache2/modules/
cp /usr/local/svn/svn/libexec/mod_dav_svn.so /usr/local/svn/apache2/modules/
#设置location，在/usr/local/apache2/conf/httpd.conf末尾添加如下内容
LoadModule dav_svn_module    modules/mod_dav_svn.so
LoadModule authz_svn_module  modules/mod_authz_svn.so
<Location />   # 定义访问是的路径；例如http://IP/svn
DAV svn
SVNParentPath /data   # SVN的库路径
SVNListParentPath on   # 允许列出目录
SVNAutoversioning on
SVNReposName "svn"    # 认证文件
AuthzSVNAccessFile /data/authz
AuthType Basic     # 基本认证
AuthName "svn repo auth"    # 认证提示信息
AuthUserFile /data/password   # 认证密码文件
Require valid-user   # 必须为有效的用户
</Location>

#创建用户　
htpasswd -c /data/password username
cp /data/repos/conf/authz /data/
cp /data/repos/conf/passwd /data/

#启动httpd 和 svn
/usr/local/svn/apache2/bin/apachectl start
svnserve -d -r /data/

配置私钥证书

openssl genrsa 2048 > /data/server.key
openssl req -new -key /data/server.key > /data/server.csr
Country Name=CN
State or Province Name=shandong
Locality Name=jinan
Organization Name=unicom
Common Name=svnserver
Email Address=<可省略>
A challenge password=<空，填写后启动httpd需输入密码>
An optionnal company name=可选公司名，不填
openssl req -x509 -days 36500 -key /data/server.key -in /data/server.csr > /data/server.crt
[ data]# cp /data/server.key /usr/local/apache/conf
[ data]# cp /data/server.crt /usr/local/apache/conf

设置http的支持ssl

[ data]# vim /usr/local/apache/conf/httpd.conf
#去掉Include conf/extra/httpd-ssl.conf前的#号
#确定httpd-ssl.conf配置中的证书与私钥指定正确
[ data]# vim /usr/local/apache/conf/extra/httpd-ssl.conf
#存在以下两行：
SSLCertificateFile "/usr/local/apache/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache/conf/server.key"
#修改svn对应的location
vim /usr/local/apache/conf/httpd.conf
#添加"SSLRequireSSL"至DAV svn的下一行

<Location />
DAV svn
SSLRequireSSL
SVNParentPath /data
SVNListParentPath on
SVNAutoversioning on
SVNReposName "svn"
AuthzSVNAccessFile /data/authz.conf
AuthType Basic
AuthName "svn repo auth"
AuthUserFile /data/passwd.conf
Require valid-user
</Location>