apachesvnwebdav

enabling Subversion access via Apache web server and DAV on Ubuntu


I have an Ubuntu 20 running on a PC on my home network that I want to use as a Subversion server within my house on my local network. I have Apache web server installed as well as Subversion installed and I now want to add access through the Apache web server using the HTTP DAV protocol.

I intend to use Visual Studio with the Ankh plug-in on a Windows PC with the Subversion on the Ubuntu server for storing my source code repository.

What is the current way of modifying the Apache configuration so as to enable accessing Subversion using HTTP? The directions thus far that I have found seem to be a bit light on information, being nothing more than a series of commands to use, and for some reason they appear to be old.

It appears to me that since I'm supporting a single user on a local network, I need to:

After doing the above I should be able to access my Subversion repository using the Ankh plug-in for Visual Studio using a URL such as https://192.168.0.4/svn/, assuming my Ubuntu server is at IP address 192.168.0.4 on my local home network.

Where I currently am:

Versions of Apache and Subversion are:

rick@rick-MS-7B98:/etc/apache2/mods-enabled$ apache2 -version
Server version: Apache/2.4.41 (Ubuntu)
Server built:   2020-08-12T19:46:17

rick@rick-MS-7B98:/etc/apache2/mods-enabled$ svn --version
svn, version 1.13.0 (r1867053)
   compiled Mar 24 2020, 12:33:36 on x86_64-pc-linux-gnu

I have found in the folder /etc/apache2/mods-enabled a file dav_svn.conf which appears to be a configuration file for DAV access to Subversion through Apache. That file contains:

rick@rick-MS-7B98:/etc/apache2/mods-enabled$ cat dav_svn.conf
# dav_svn.conf - Example Subversion/Apache configuration
#
# For details and further options see the Apache user manual and
# the Subversion book.
#
# NOTE: for a setup with multiple vhosts, you will want to do this
# configuration in /etc/apache2/sites-available/*, not here.

# <Location URL> ... </Location>
# URL controls how the repository appears to the outside world.
# In this example clients access the repository as http://hostname/svn/
# Note, a literal /svn should NOT exist in your document root.
#<Location /svn>

  # Uncomment this to enable the repository
  #DAV svn

  # Set this to the path to your repository
  #SVNPath /var/lib/svn
  # Alternatively, use SVNParentPath if you have multiple repositories under
  # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).
  # You need either SVNPath or SVNParentPath, but not both.
  #SVNParentPath /var/lib/svn

  # Access control is done at 3 levels: (1) Apache authentication, via
  # any of several methods.  A "Basic Auth" section is commented out
  # below.  (2) Apache <Limit> and <LimitExcept>, also commented out
  # below.  (3) mod_authz_svn is a svn-specific authorization module
  # which offers fine-grained read/write access control for paths
  # within a repository.  (The first two layers are coarse-grained; you
  # can only enable/disable access to an entire repository.)  Note that
  # mod_authz_svn is noticeably slower than the other two layers, so if
  # you don't need the fine-grained control, don't configure it.

  # Basic Authentication is repository-wide.  It is not secure unless
  # you are using https.  See the 'htpasswd' command to create and
  # manage the password file - and the documentation for the
  # 'auth_basic' and 'authn_file' modules, which you will need for this
  # (enable them with 'a2enmod').
  #AuthType Basic
  #AuthName "Subversion Repository"
  #AuthUserFile /etc/apache2/dav_svn.passwd

  # To enable authorization via mod_authz_svn (enable that module separately):
  #<IfModule mod_authz_svn.c>
  #AuthzSVNAccessFile /etc/apache2/dav_svn.authz
  #</IfModule>

  # The following three lines allow anonymous read, but make
  # committers authenticate themselves.  It requires the 'authz_user'
  # module (enable it with 'a2enmod').
  #<LimitExcept GET PROPFIND OPTIONS REPORT>
    #Require valid-user
  #</LimitExcept>

#</Location>

Solution

  • The list of tasks needed to be done in order to allow Subversion repository access through the Apache web server are:

    First of all, make sure that all of the packages needed for enabling Subversion through Apache are installed. The libraries and modules needed are in the libapache2-mod-svn package that is installed with apt install.

    Only the .conf and .load files listed in /etc/apache2/mods-enabled will be processed when Apache starts up. Check that the necessary symbolic links of the dav* files (dav.load, dav_svn.load, and dav_svn.conf) located in /etc/apache2/mods-available are in the directory /etc/apache2/mods-enabled.

    The file dav_svn.conf specifies information about the Subversion repository the Apache server needs to find the correct directory and how to perform user authentication. The .load files instruct Apache as to which libraries need to be loaded to programmatically access the repository. The libraries needed are in the libapache2-mod-svn package that is installed with apt install.

    Note: while working on this at one point I ran into a problem with apt and dpkg errors after I attempted to remove and cleanup both Subversion and Apache installs in order to reinstall them. See “Unknown DAV provider: svn” when starting up Apache web server with Subversion server after reinstall which is a posting in to the askubuntu stackexchange that I did in order to ask for assistance.

    The dav_svn.conf file I am using is as follows:

    rick@rick-MS-7B98:/etc/apache2/mods-enabled$ cat dav_svn.conf
    # dav_svn.conf - Example Subversion/Apache configuration
    #
    # For details and further options see the Apache user manual and
    # the Subversion book.
    #
    # NOTE: for a setup with multiple vhosts, you will want to do this
    # configuration in /etc/apache2/sites-available/*, not here.
    
    # <Location URL> ... </Location>
    # URL controls how the repository appears to the outside world.
    # In this example clients access the repository as http://hostname/svn/
    # Note, a literal /svn should NOT exist in your document root.
    <Location /svn>
    
      # Uncomment this to enable the repository
      DAV svn
    
      # Set this to the path to your repository
      SVNPath /srv/svn
      # Alternatively, use SVNParentPath if you have multiple repositories under
      # under a single directory (/var/lib/svn/repo1, /var/lib/svn/repo2, ...).
      # You need either SVNPath or SVNParentPath, but not both.
      #SVNParentPath /var/lib/svn
    
      # Access control is done at 3 levels: (1) Apache authentication, via
      # any of several methods.  A "Basic Auth" section is commented out
      # below.  (2) Apache <Limit> and <LimitExcept>, also commented out
      # below.  (3) mod_authz_svn is a svn-specific authorization module
      # which offers fine-grained read/write access control for paths
      # within a repository.  (The first two layers are coarse-grained; you
      # can only enable/disable access to an entire repository.)  Note that
      # mod_authz_svn is noticeably slower than the other two layers, so if
      # you don't need the fine-grained control, don't configure it.
    
      # Basic Authentication is repository-wide.  It is not secure unless
      # you are using https.  See the 'htpasswd' command to create and
      # manage the password file - and the documentation for the
      # 'auth_basic' and 'authn_file' modules, which you will need for this
      # (enable them with 'a2enmod').
      AuthType Basic
      AuthName "Subversion Repository"
      AuthUserFile /etc/apache2/dav_svn.passwd
      Require valid-user
    
      # To enable authorization via mod_authz_svn (enable that module separately):
      #<IfModule mod_authz_svn.c>
      #AuthzSVNAccessFile /etc/apache2/dav_svn.authz
      #</IfModule>
    
      # The following three lines allow anonymous read, but make
      # committers authenticate themselves.  It requires the 'authz_user'
      # module (enable it with 'a2enmod').
      #<LimitExcept GET PROPFIND OPTIONS REPORT>
        #Require valid-user
      #</LimitExcept>
    
    </Location>
    

    Once I modified the file I then used the command sudo systemctl restart apache2 to restart the Apache2 web server and things were fine.

    I had to create the password file /etc/apache2/dav_svn.passwd which is specified in the AuthUserFile directive of the dav_svn.conf file.

    I am using the standard Subversion repository path of /srv/svn as specified in the SVNPath directive of the dav_svn.conf file. I used the command sudo svnadmin create /srv/svn to create the repository.

    Next I used the sudo svn mkdir command to make the directory tree of an existing Subversion repository (trunk, release, and branches) that I needed to duplicate in order to use svnadmin load to load a Subversion dump file into my new repository. See How do I export (and then import) a Subversion repository?

    Install new SSD for use through both samba and webDAV

    I wanted to add a new 500GB Samsung SSD to my Ubuntu 20.04 PC for additional file server space to allow sharing of files across my LAN using both samba to allow for a Windows network drive and a webDAV server accessed through the Apache2 web server running on the Ubuntu PC.

    The first thing I did was to install the new 500GB Samsung EVO 860 SSD into the box and power it up.

    Next I had to format the drive for Linux, create the mount point, and then make sure that it would be automatically mounted when Ubuntu started up by adding an entry into /etc/fstab.

    The mount point I selected was /srv/ssda and the folder to be shared between samba and webDAV was a folder public so the path to the share area would be /srv/ssda/public. I also decided to use ssda in the name of both the samba share, Ssda and the webDAV path, ssdadav.

    I picked /srv as the root rather than /mnt as I was already using a folder in /srv for a samba share.

    Next I modified the samba configuration file /etc/samba/smb.conf to add the definition for the new folder share underneath the existing samba file share I had previously created and restarted samba.

    [Ssda]
    path = /srv/ssda/public
    browsable =yes
    writable = yes
    guest ok = yes
    read only = no
    create mask = 644
    

    Next I modified the Apache2 configuration file /etc/apache2/sites-enabled/000-default.conf and added underneath the existing webDAV entry and additional webDAV entry with Alias and Directory directives using the same path as I used for the samba share. I restarted Apache.

        Alias /ssdadav /srv/ssda/public
    
        <Directory /srv/ssda/public>
            DAV On
        </Directory>
    

    At this point, I could sit at a Windows 10 PC and Map network drive... to the new SSD and create a simple text file there. Then open up a browser to the Apache server on the Ubuntu PC using a URL of http://192.168.0.4/ssdadav/ and see the text file in the file list and open it in the browser.