Serving Multiple SVN Repositories with Apache

Here are our requirements:

• SVN web server FQDN: scm1 ; scm1.dev.local
• SVN is served via SSL only
• Repositories access url: https://scm1/svn/project1, https://scm1.dev.local/svn/project2
• Access: public
• Policies: /var/lib/svn/conf/policies
• Root: /var/lib/svn/repos

Before we proceed please see:

• Apache with SSL (see here)
• Revision control with subversion (see here). You can skip settings related to security permissions, etc since the authentication/authorization will be managed by apache.

Once you get this done:

1. Install apache svn module:

   apt-get -y install libapache2-svn
   

2. Create base directory structure and establish security permissions:

   mkdir -p /var/lib/svn/{repos,conf/policies}
   chown -R root:www-data /var/lib/svn
   chmod -R g+rws,o= /var/lib/svn/repos
   find /var/lib/svn/repos -type d | xargs chmod g+x
   

3. Here is our site definition (file /etc/apache2/sites-available/scm1)

   NameVirtualHost *:443
   
   <VirtualHost *:80>
           ServerName scm1.dev.local
           DocumentRoot /var/www/
   
           ErrorLog ${APACHE_LOG_DIR}/error.log
           # Possible values include: debug, info, notice, warn, error, crit,
           # alert, emerg.
           LogLevel warn
           CustomLog ${APACHE_LOG_DIR}/access.log combined
   </VirtualHost>
   
   <IfModule mod_ssl.c>
   <VirtualHost *:443>
           ServerName scm1
           DocumentRoot /var/www/
   
           ErrorLog ${APACHE_LOG_DIR}/error.log
           LogLevel warn
           CustomLog ${APACHE_LOG_DIR}/svn-access.log combined
   
           SSLEngine on
           SSLCertificateFile /etc/ssl/certs/scm1-cert.pem
           SSLCertificateKeyFile /etc/ssl/private/scm1-key.pem
   
           Include /var/lib/svn/conf/default_policy.conf
           Include /var/lib/svn/conf/policies/*.conf
   </VirtualHost>
   <VirtualHost *:443>
           ServerName scm1.dev.local
           DocumentRoot /var/www/
   
           ErrorLog ${APACHE_LOG_DIR}/error.log
           LogLevel warn
           CustomLog ${APACHE_LOG_DIR}/svn-access.log combined
   
           SSLEngine on
           SSLCertificateFile /etc/ssl/certs/scm1.dev.local-cert.pem
           SSLCertificateKeyFile /etc/ssl/private/scm1.dev.local-key.pem
   
           # Disables all protocols other than TLS v1.0 and SSL v3.0
           SSLProtocol -all +TLSv1 +SSLv3
           # Use only HIGH and MEDIUM security cipher suites
           SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
   
           Include /var/lib/svn/conf/default_policy.conf
           Include /var/lib/svn/conf/policies/*.conf
   </VirtualHost>
   </IfModule>
   

4. Here is our default policy (file /var/lib/svn/conf/default_policy.conf):

   <Location /svn/>
           Dav svn
           SVNParentPath /var/lib/svn/repos
   
           SVNListParentPath On
           SVNAutoVersioning On
   
           <LimitExcept GET PROPFIND OPTIONS REPORT>
               Order deny,allow
               Deny from all
               Allow from 192.168.10.0/24
           </LimitExcept>
   </Location>
   

5. Reload apache so changes take place:

   /etc/init.d/apache2 reload
   

You should be able access all repositories located below /var/lib/svn/repos. Visit https://scm1/svn/project1. If you are using own certificate authority here is a way to eliminate a warning message that you will see while working with svn. Ensure the following line in file .subversion/servers:

[global]
ssl-authority-files = /etc/ssl/certs/cacert.pem

Read more here.