CentOS搭建Nginx+Subversion环境(包括多个版本库的配置)

时间:2021-07-31 16:31:20

Apache Subversion(简称SVN,svn)

因为某种原因我们需要用Nginx作为Subversion的http前端,但目前没有现成的Nginx+Subversion搭配方式。

而Subversion提供Apache的http处理模块。现在我们通过nginx反向代理给Apache的方式来实现Nginx+Subversion的组合方式。

构建Apache+Subversion的环境:

[root@nginx-apache-svn ~]# yum install httd subversion mod_dav_svn -y

#mod_dav_svn是Apache的svn模块

建立SVN库:

[root@nginx-apache-svn ~]# mkdir -p /home/svn

[root@nginx-apache-svn ~]# cd /home/svn/

[root@nginx-apache-svn svn]# svnadmin create work

[root@nginx-apache-svn svn]# chown -R apache.apache work

[root@nginx-apache-svn svn]# tree work/

work/

├── conf

│   ├── authz

│   ├── passwd

│   └── svnserve.conf

├── db

│   ├── current

│   ├── format

│   ├── fsfs.conf

│   ├── fs-type

│   ├── min-unpacked-rev

│   ├── rep-cache.db

│   ├── revprops

│   │   └── 0

│   │       └── 0

│   ├── revs

│   │   └── 0

│   │       └── 0

│   ├── transactions

│   ├── txn-current

│   ├── txn-current-lock

│   ├── txn-protorevs

│   ├── uuid

│   └── write-lock

├── format

├── hooks

│   ├── post-commit.tmpl

│   ├── post-lock.tmpl

│   ├── post-revprop-change.tmpl

│   ├── post-unlock.tmpl

│   ├── pre-commit.tmpl

│   ├── pre-lock.tmpl

│   ├── pre-revprop-change.tmpl

│   ├── pre-unlock.tmpl

│   └── start-commit.tmpl

├── locks

│   ├── db.lock

│   └── db-logs.lock

└── README.txt

10 directories, 28 files

添加Subversion账号:(注意只是浏览项目的账户,并不能用它登录SVN)

[root@nginx-apache-svn svn]# htpasswd -c /home/svn/work/conf/passwdfile visitor

New password: visitor#用户名和密码都设为visitor

Re-type new password:visitor

Adding password for user visitor

修改/etc/httpd/conf.d/subversion.conf,内容如下:

<Location /svn/work>

        DAV svn

        SVNPath /home/svn/work

        AuthType Basic

        AuthName "Authorization Realm"

        AuthUserFile /home/svn/work/conf/passwdfile#注意这里的用户,只是通过识证的,通过认证,只能是通过http://ip/svn/项目,去浏览项目,不能跟svn/work/conf/passwd里的svn用户混淆了!

        AuthzSVNAccessFile /home/svn/work/conf/authz

        Require valid-user

</Location>

AuthzSVNAccessFile /home/svn/work/conf/authz特别注意这里也要添加认证用户和权限(不然会认证失败,本文章中是visitor)

修改Apache的端口:

[root@nginx-apache-svn svn]# grep "^Listen" /etc/httpd/conf/httpd.conf

Listen 81

[root@nginx-apache-svn svn]# service iptables stop && setenforce 0

iptables: Setting chains to policy ACCEPT: filter          [  OK  ]

iptables: Flushing firewall rules:                         [  OK  ]

iptables: Unloading modules:                               [  OK  ]

[root@nginx-apache-svn svn]# getenforce

Permissive

[root@nginx-apache-svn svn]# /etc/init.d/httpd start

Starting httpd:                                            [  OK  ]

[root@nginx-apache-svn svn]# netstat -lnutp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1310/sshd

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1389/master

tcp        0      0 :::81                       :::*                        LISTEN      1632/httpd

tcp        0      0 :::22                       :::*                        LISTEN      1310/sshd

tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master

udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1143/dhclient

使用Nginx反向代理

[root@nginx-apache-svn src]# wget http://nginx.org/download/nginx-0.8.55.tar.gz

[root@nginx-apache-svn src]# pwd

/usr/local/src

[root@nginx-apache-svn src]# ls

nginx-0.8.55.tar.gz

[root@nginx-apache-svn nginx-0.8.55]# tar -xzvf nginx-0.8.55.tar.gz && cd nginx-0.8.55

添加nginx账号:

[root@nginx-apache-svn nginx-0.8.55]# useradd -s /bin/false nginx

/bin/false是最严格的禁止login选项,一切服务都不能用。

/sbin/nologin只是不允许login系统

安装依赖包:

[root@nginx-apache-svn nginx-0.8.55]# yum install gcc  pcre-devel openssl-devel  -y

[root@nginx-apache-svn nginx-0.8.55]# ./configure --prefix=/app/server/nginx-0.8.55 \

--with-http_stub_status_module \

--with-http_gzip_static_module

[root@nginx-apache-svn nginx-0.8.55]# make && make install

[root@nginx-apache-svn nginx-0.8.55]# cd /app/server/

[root@nginx-apache-svn server]# ls

nginx-0.8.55

[root@nginx-apache-svn server]# ln -sf nginx-0.8.55/ nginx && cd -

[root@nginx-apache-svn nginx-0.8.55]# ll /app/server/

total 4

lrwxrwxrwx. 1 root root   13 Jul 25 09:36 nginx -> nginx-0.8.55/

drwxr-xr-x. 6 root root 4096 Jul 25 09:35 nginx-0.8.55

配置Nginx反向代理,修改/app/server/nginx/conf/nginx.conf:

server {

    listen       80;

    server_name localhost ;

    location /svn/work {

        proxy_pass  http://127.0.0.1:81/svn/work;

    }

    location / {

        return 404;

    }

}

配置SNV:

[root@nginx-apache-svn conf]# pwd

/home/svn/work/conf

[root@nginx-apache-svn conf]# egrep -v "^$|^#" svnserve.conf

[general]

anon-access = read

auth-access = write

password-db = /home/svn/work/conf/passwd

authz-db = /home/svn/work/conf/authz

[root@nginx-apache-svn conf]# which svnserve

/usr/bin/svnserve

[root@nginx-apache-svn conf]# /usr/bin/svnserve -d -r /home/svn

[root@nginx-apache-svn conf]# netstat -lnutp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name

tcp        0      0 0.0.0.0:3690                0.0.0.0:*                   LISTEN      4806/svnserve

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1744/sshd

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1389/master

tcp        0      0 :::81                       :::*                        LISTEN      1632/httpd

tcp        0      0 :::22                       :::*                        LISTEN      1744/sshd

tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master

udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1143/dhclient

[root@nginx-apache-svn conf]# /app/server/nginx/sbin/nginx

[root@nginx-apache-svn conf]# netstat -lnutp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name

tcp        0      0 0.0.0.0:3690                0.0.0.0:*                   LISTEN      4806/svnserve

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      4809/nginx

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1744/sshd

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1389/master

tcp        0      0 :::81                       :::*                        LISTEN      1632/httpd

tcp        0      0 :::22                       :::*                        LISTEN      1744/sshd

tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master

udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1143/dhclient

[root@nginx-apache-svn work]# cat /home/svn/work/conf/authz

### This file is an example authorization file for svnserve.

### Its format is identical to that of mod_authz_svn authorization

### files.

### As shown below each section defines authorizations for the path and

### (optional) repository specified by the section name.

### The authorizations follow. An authorization line can refer to:

###  - a single user,

###  - a group of users defined in a special [groups] section,

###  - an alias defined in a special [aliases] section,

###  - all authenticated users, using the '$authenticated' token,

###  - only anonymous users, using the '$anonymous' token,

###  - anyone, using the '*' wildcard.

###

### A match can be inverted by prefixing the rule with '~'. Rules can

### grant read ('r') access, read-write ('rw') access, or no access

### ('').

[aliases]

# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]

# harry_and_sally = harry,sally

# harry_sally_and_joe = harry,sally,&joe

# [/foo/bar]

# harry = rw

# &joe = r

# * =

[/]

visitor=r

# [repository:/baz/fuz]

# @harry_and_sally = rw

# * = r

svnserve -d -r /home/svn#注意启动的时候,一定不要:svnserve -d -r /home/svn/work

svn co svn://192.168.1.98/work work01#注意略径

真对/home/svn/work/conf/passwd是明文的不安全因素,可以考虑用vim passwd +X去加密passwd文件。(经测试这种方法行不通,无法认别,所以无法用VIM加密passwd文件!!!)

特别要注意关掉selinux:(否则重启会出现认证失败!!!)

[root@NGINX-APACHE-SVN ~]# getenforce

Disabled

================================================

可以配置多个版本库:

主要是两个文件:/var/http/conf.d/subversion.conf  和 /app/server/nginx/conf/nginx.conf

[root@NGINX-APACHE-SVN ~]# egrep -v "(^$|^#)" /etc/httpd/conf.d/subversion.conf

LoadModule dav_svn_module     modules/mod_dav_svn.so

LoadModule authz_svn_module   modules/mod_authz_svn.so

<Location /svn/pro>#(注意通过http:xxx.xxx.xxx.xxx/xxx访问多个代码库的时候,关键是配置下面的参数)

    DAV svn

    SVNPath /var/www/html/svn/pro

    AuthType Basic

    AuthName "Authorization Realm"

    AuthUserFile /var/www/html/svn/pro/conf/passwdfile #可以对不同的项目以不同的配置文件,设不同的密码,达到不同的代码组,不能看对方的代码

    AuthzSVNAccessFile /var/www/html/svn/pro/conf/authz

    Require valid-user

</Location>

<Location /svn/app01>

    DAV svn

    SVNPath /var/www/html/svn/app01

    AuthType Basic

    AuthName "Authorization Realm"

    AuthUserFile /var/www/html/svn/pro/conf/passwdfile

    AuthzSVNAccessFile /var/www/html/svn/pro/conf/authz

    Require valid-user

</Location>

多一个版本库就添加一个[Location].......[/Location]

vi /app/server/nginx/conf/nginx.conf

server {

        listen       80;

        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {

            root   html;

            index  index.html index.htm;

        }

	 location /svn/pro {

		proxy_pass http://127.0.0.1:81/svn/pro;

	}

	location /svn/app01 {

		proxy_pass http://127.0.0.1:81/svn/app01;

	}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html

        #

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        }

#多一个版本库 就多添加一个location /svn/xxxx {.......}

所有的版本库的svnserver.conf都用相同的这样更于管理:

[root@NGINX-APACHE-SVN ~]# egrep -v "(^$|^#)" /var/www/html/svn/pro/conf/svnserve.conf

[general]

anon-access = read

auth-access = write

password-db = /var/www/html/svn/pro/conf/passwd

authz-db = /var/www/html/svn/pro/conf/authz

[sasl]

 =============================================================================

[root@NGINX-APACHE-SVN ~]# egrep -v "(^$|^#)" /var/www/html/svn/app01/conf/svnserve.conf

[general]

anon-access = read

auth-access = write

password-db = /var/www/html/svn/pro/conf/passwd

authz-db = /var/www/html/svn/pro/conf/authz

[sasl]

[root@NGINX-APACHE-SVN ~]#

这样就OK了可以对于不能的版库,有可以设不同的密码在各自的passwd中。

相关文章