Personal tools
You are here: Home Linux Version Control Apache v2.2 and Subversion v1.4 - A minimal mod-dav-svn configuration

Apache v2.2 and Subversion v1.4 - A minimal mod-dav-svn configuration

Howto install Apache v2.2, with Subversion v1.4, mod-dav-svn, ssl, and RepoStyle, on CentOS v5.2

The default Apache httpd configuration is large and complicated. The configuration presented here is a cut down configuration, with all other features disabled and removed. The resulting configuration should be understandable, easy to audit, and might be secure. This configuration is intended for a the single use of exposing a subversion repository.

For simplicity, the configuration disables the use of the 'conf.d' configuration include directory. The configuration uses SSL/TLS to maintain confidentiality of passwords and source in the repository. RepoStyle is used to provide a style sheet.

Install the Appache http and the modules:

# yum install httpd mod_dav_svn mod_ssl

As per the redbook recommendation, disabling svnserve so that there is a single method of access to the database files would be a good idea.

Filesystem layout

The files and directories are configured in the following locations:
+- /
  +- etc
  |  +- httpd
  |    +- conf
  |     +- httpd.conf
  |     +- svnauthz      
  |     +- svnpasswd     
  +- var
  | +- www
  |   +- html
  |     +- index.html
  |       +- repos-web   [see RepoStyle]
  +- srv
    +- subversion
      +- config          [this is the SVN repository]
        +- conf
        +- db
        +- ...


The Apache configuration is a series of trade offs. I was unable to get things exactly as I wanted. The first priorty for me was getting the URL's as a wanted, without an extra path element at the front. However I was unable to get 'SVNListParentPath' feature to work. Adding a trailing slash ('/') to the location didn't seem to help.  In the end, the easiest way around this was to use single repositories (using the 'SVNPath' directive), and a static index.html file to reference them.

To access the RepStyle XSLT style sheets, the strategy above allows easy access, without having to put the style sheets into one of the repositories. Apache didn't seem to allow the RepoStyle files to take precedence over the DAV location directives. Putting the files into the repository would required setting the SVN mime type keyword on the individual files.


RepoStyle provides a style sheet for the index and repository.


The following httpd configuration file is used:

ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/
Timeout 120
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15

LoadModule auth_basic_module  modules/
LoadModule auth_digest_module modules/
LoadModule authn_file_module  modules/
LoadModule authz_user_module  modules/
LoadModule authn_default_module modules/
LoadModule authz_host_module  modules/
LoadModule authz_owner_module modules/
LoadModule authz_default_module modules/

LoadModule log_config_module  modules/
LoadModule mime_magic_module  modules/
LoadModule mime_module        modules/
LoadModule deflate_module     modules/
LoadModule ssl_module         modules/
LoadModule dir_module         modules/

LoadModule dav_module         modules/
LoadModule dav_svn_module     modules/
LoadModule authz_svn_module   modules/

TypesConfig /etc/mime.types
MIMEMagicFile conf/magic

User svn
Group svn

Listen 443
UseCanonicalName Off

DocumentRoot "/var/www/html"
DirectoryIndex index.html

SSLEngine On
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLCertificateFile      /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile   /etc/pki/tls/private/localhost.key

<Location /config/>
  DAV svn
  # SVNParentPath /srv/subversion
  SVNPath /srv/subversion/config

  AuthzSVNAccessFile /etc/httpd/conf/svnauthz

  SVNListParentPath on
  SVNIndexXSLT "/repos-web/view/repos.xsl"

  # Require SSL connection for password protection.

  AuthType Basic
  AuthName "Ecru Subversion"
  AuthUserFile /etc/httpd/conf/svnpasswd
  Require valid-user

CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION 

Top level index.html

Given that the 'SVNListParentPath' support is not used, create a small top level index.html file to allow users to navigate to the repositories. This needs to be edited manually, given the names of the repository. The file is '/var/www/html/index.html':

     <title>Subversion server</title>
      <li><a href="config">config</a></li>

User management

Use htpasswd to add user accounts, using md5 to encrypt the password. The 'c' option creates a new file (only use for the first user).

# htpasswd -cm /etc/httpd/conf/svnpasswd greg
New password:
Re-type new password:

Add the user to the 'svnauthz' file to allow access.

greg = rw


The following are simple issues that may arise:

  • ensure selinux is configured correctly, or disabled. If the svn repositories are outside the normal apache directory structure then selinux will cause 'Permission denied' errors.
  • to get the 'SVNListParentPath' directive to work, ensure the svn dav '<Location ...>' directive has a trailing slash



yum installation

# yum install httpd mod_dav_svn mod_ssl

Dependencies Resolved

 Package                 Arch       Version          Repository        Size
 mod_dav_svn             x86_64     1.4.2-2.el5      base               70 k
 mod_ssl                 x86_64     1:2.2.3-11.el5_1.centos.3  base               85 k
Installing for dependencies:
 distcache               x86_64     1.4.5-14.1       base              121 k
 httpd                   x86_64     2.2.3-11.el5_1.centos.3  base              1.1 M
 mailcap                 noarch     2.1.23-1.fc6     base               14 k

Transaction Summary
Install      5 Package(s)
Update       0 Package(s)
Remove       0 Package(s)

Total download size: 1.4 M
Is this ok [y/N]:

Mod-dav-svn sample configuration

LoadModule dav_svn_module     modules/
LoadModule authz_svn_module   modules/

# Example configuration to enable HTTP access for a directory
# containing Subversion repositories, "/var/www/svn".  Each repository
# must be readable and writable by the 'apache' user.  Note that if
# SELinux is enabled, the repositories must be labelled with a context
# which httpd can write to; this will happen by default for
# directories created in /var/www.  Use "restorecon -R /var/www/svn"
# to label the repositories if upgrading from a previous release.

# To create a new repository "http://localhost/repos/stuff" using
# this configuration, run as root:
#   # cd /var/www/svn
#   # svnadmin create stuff
#   # chown -R apache.apache stuff

#<Location /repos>
#   DAV svn
#   SVNParentPath /var/www/svn
#   # Limit write permission to list of valid users.
#      # Require SSL connection for password protection.
#      # SSLRequireSSL
#      AuthType Basic
#      AuthName "Authorization Realm"
#      AuthUserFile /path/to/passwdfile
#      Require valid-user
#   </LimitExcept>
Document Actions