Fork me on GitHub

Installing Subversion on a Home Ubuntu Server

Article Index

This tutorial will describe how to install Subversion with SSL web access onto a home server. Subversion is a great way to keep track of a number of projects and have widespread access to all of your files. It doesn't matter if you are the only person that will be accessing the repository and don't need all of the version control features, it is still a great way to keep an eye on your projects and make sure you have your information wherever and whenever you need it.

This tutorial uses Ubuntu Server 8.04 with Apache2, OpenSSL, and WebDAV. It assumes that you have a properly setup server including Apache and OpenSSL, at least a little Linux knowledge, and access to the Linux command prompt with sudo access. This tutorial is geared toward the home Linux server and assumes that your ISP blocks all incoming ports below 1024.

9/1/2011 Update: This tutorial has also been tested on Ubuntu 10.04LTS and works without issue.

If you need information on setting up your Ubuntu Server, HowToForge is a great place to look. Checkout The Perfect Server - Ubuntu 8.04 for more information.

1. Install The Software

The first step in getting your Subversion server up and running is to install the necessary software.

sudo apt-get install subversion subversion-tools libapache2-svn

If you get any errors from the install, they will most likely be dependancy errors. Check through the message that you get, install any dependancies, and reissue the command. If you already have your server setup and running, you probably won't encounter any problems.

2. Add a group for subversion

Secondly, you need to add a group to the system for the subverion users. I called this group svnuser.

sudo addgroup svnuser

3. Add users to the subversion group

You will need to add any users that will have access to subversion to the subversion group. In order to make sure you have proper web access, you must also add the web user (www-data) to the subversion group.

sudo usermod -a –G svnuser www-data
sudo usermod -a –G svnuser user1

4. Create a place on the server for the repository

At this point, you have a decision to make.

First of all, subversion repositories are generally stored either at /srv/svn, /usr/local/svn, and /home/svn. For the purpose of this tutorial, I will put it at /usr/local/svn.

Secondly, you need to consider what domain you will be using to access the repository. I have a domain, we'll call it www.example.com, that is hosted on a commercial server. I'm going to point a DNS record under the subdomain svn to my home IP address. I have a dynamic IP address at home, but it hasn't changed in the last two years, so I'm comfortable doing this. If your home IP address changes more often, you may want to consider getting a dynamic host through a company like DynDNS. You can setup a domain like myhomesvn.dyndns.org, and access the repository through that domain.

For the purpose of this tutorial, I'm going to use the first option and assume that we are accessing the repository through the domain svn.example.com. Once you have settled on a name, issue the following command, replacing svn.example.com with the name you chose:

sudo mkdir –p /usr/local/svn/svn.example.com

5. Set the correct directory permissions

Set the correct permissions of the directory using the chmod command.

sudo chmod -R 2770 /usr/local/svn/svn.example.com

6. Create the svn repository

Use the svnadmin command to create the svn repository.

sudo svnadmin create /usr/local/svn/svn.example.com

7. Clear the password file and recreate it

Here, we delete the standard password file that svnadmin creates because it assumes that we will be using the svn protocol. In reality, we are using HTTP.

sudo rm /usr/local/svn/svn.example.com/conf/passwd
sudo touch /usr/local/svn/svn.example.com/conf/passwd

8. Set the ownership

We need to set the www-data user as the owner and the svnuser group as the user for the repository. We then make all the directories and files group writeable. Most errors that come up with subversion web access are due to ownership problems; i.e., the web server doesn't have permission to read from or write to those directories. These commands will ensure that the permissions are set correctly.

sudo chmod -R g+w /usr/local/svn/svn.example.com
sudo chown -R www-data:svnuser /usr/local/svn/svn.example.com

9. Setup the subversion authz file

This file will control who can access which repositories. You can get very specific, down to the directory, of who has access to what when you edit this file. I find that using groups is the most efficient way for me to control access to the repositories. Getting directory specific can put extra load on the server and, for general use, isn't necessary. For more information about this file and the things you can do with it, take a look at Path-Based Authorization.

You can edit the file by typing:

sudo vi /usr/local/svn/svn.example.com/conf/authz

Once in the file, add at least one group under the heading [groups] in the format groupname = user1, user2. After you have created a group, you can assign it either read (r), or read/write (rw) privileges.

For example, let's say you have three users with the following usernames: harry, robert, sally. Harry and Sally are developers that should have read/write access to the repository, while Robert is an intern that just needs to be able to see the repository. When you get done editing the authz file, it should look something like this

[groups]
developers = harry, sally
interns = robert

[/]
@developers = rw
@interns = r

If a user is not mentioned in this file, no access will be allowed. If you wanted all users that you setup to be able to read the repository without having to edit this file each time, you could add the following line under [/]

* = r

10. Setup the log files

First, create a directory for the logs. These should go with the Apache logs since we will be using Apache to access the repository.

sudo mkdir /var/log/apache2/svn.example.com

Next, add the log directory to the log rotate script.

sudo vi /etc/logrotate.d/apache2

Add the following lines to the file:

/var/log/apache2/svn.example.com/*.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
}

11. Generate a self-signed server key/certificate for Apache

If you have not yet generated a self-signed certificate, you need to do this for the SSL to work. Since you probably don't have a dedicated IP address for your home server, and you're more than likely to be using this for personal use, I assume you're not going to want to pay for an SSL certificate.

Although you will recieve a warning when you visit your repository through a web browser when using a self-signed certificate, it will still be an encrypted connection. That means your password won't be transmitted in plain text through the internet for everyone to grab. This is good.

If you aren't sure if you already have a certificate on you system, check for the directory /etc/apache2/ssl and look for a file called apache.pem. If you don't find it, you probably need to generate one. Granted, yours could be in a different location, but it won't hurt to have this one on the system if it is.

To generate the certificate enter the following commands (the second command which begins sudo openssl and ends apache.pem should go on a single line):

sudo mkdir /etc/apache2/ssl
sudo openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem

You will be asked a series of questions. Answer them to the best of your ability. There is only one that you should pay special attention to, the one that asks for Common Name (CN). You should enter than name of your server for that question. If you are unsure what the name of your server is, type the following command and make note of the output before you issue the openssl command:

hostname

Once you finish answering the questions, your certificate will be on the server.

12. Add the virtual host definition and configure Apache

For this tutorial, we'll assume the server is at internal IP address 192.168.1.100. You now need to choose a port number for your subversion repository.

Generally, since you are using SSL to access the server, you would put the repository on port 443. However, most residential ISPs block all incoming ports less than 1024, so we need to pick a different port. Personally, I chose 8088. You are welcome to choose whatever you like.

First, to make sure that apache will be listening on that port, you need to edit the ports configuration:

sudo vi /etc/apache2/ports.conf

Add the following line directly below the line Listen 443, replacing 8088 with the port number that you chose:

Listen 8088

Next, you need to create the Virtual Host file:

sudo vi /etc/apache2/sites-available/svn.example.com

The following text should go in the Virtual Host file, replacing the IP address with your server IP address and the port number with the port that you chose:

<VirtualHost 192.168.1.100:8088>
ServerName svn.example.com
<Location />
DAV svn

SVNPath /usr/local/svn/svn.example.com

AuthType Basic
AuthName "svn.example.com"
AuthUserFile /usr/local/svn/svn.example.com/conf/passwd
AuthzSVNAccessFile /usr/local/svn/svn.example.com/conf/authz

Require valid-user
</Location>
CustomLog /var/log/apache2/svn.example.com/access.log combined
ErrorLog /var/log/apache2/svn.example.com/error.log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
# Add this once there is a real (non self-signed) certificate.
# SSLCertificateKeyFile /etc/apache2/ssl/server.key
</VirtualHost>
<VirtualHost *>
ServerName svn.example.com
Redirect / https://svn.example.com:8088/
LogLevel warn
CustomLog /var/log/apache2/svn.example.com/access.log combined
ErrorLog /var/log/apache2/svn.example.com/error.log
</VirtualHost>

13. Enable the site and restart Apache

Before Apache will recognize the site and include it in the configuration, you must enable the site using the a2ensite command:

sudo a2ensite svn.example.com

Now you must restart Apache for the changes to take effect:

sudo /etc/init.d/apache2 restart

14. Create username/password combinations

Before users can access the repository, you must create username an password combinations for them in the subversion password file. To do this, issues the following command for each user that will have access to the repository.

sudo htpasswd /usr/local/svn/svn.example.com/conf/passwd username

15. Router and DNS Configuration

In order for you to get to your repository from outside your house, you need to setup the DNS record for the domain and some sort port forwarding or virtual server in your home router.

If you are using a service like DynDNS, you don't need to worry about changing any DNS records. If you are going to make the repository a subdomain of a domain that you are currently hosting on a commercial server, you need to create an 'A Record' DNS entry for the subdomain. Most hosts will allow you to easily do this. Through GoDaddy it is referred to as 'Total DNS,' while on WHM/C-Panel it is called 'DNS Zones.' The important thing is that you create an 'A' Record pointing to your external Home IP address. For instance, if your WAN IP address is 69.123.45.67 your record would take the form:

svn IN A 69.123.45.67

Next, you will need to setup port forwarding or a virtual server so that you can get to your repository. On Belkin routers this feature is under the Firewall section and is labeled Virtual Servers; on Linksys routers it is under Applications & Gaming and is labeled Port Range Forwarding. Refer to your router manual for exact instructions on how to do this. In your router configuration, you should set the port you chose for your repository to forward to the same port on your internal server. Routers generally take a port range, but since we only want one port the start and end number will be the same. For example, the setup in this tutorial would point incoming ports 8088-8088 to the private IP of 192.168.1.100 and Private Ports of 8088-8088.

16. Accessing your repository

You will now be able to access your subversion repository. You can gain access through either your web browser, or through a subversion client program such as TortoiseSVN. You will, more than likely, have to access the repository differently inside and outside your network. For instance, using the data from this tutorial, you would access the repository using the following addresses:

From inside your network: https://192.168.1.100:8080/

From outside your network: https://svn.example.com:8080/

If you wanted to use the same address both internally and externally, you could setup an internal DNS server (tutorial to come soon!), or change your Windows host file on the computers that would be accessing the repository to include the following line:

192.168.1.100 svn.example.com

17. Resources

For more information on Subversion: Subversion Book

For more information on Ubuntu: Ubuntu