I access SVN repositories via
http://svn.example.com/repo1
http://svn.example.com/repo2
...
with the following Apache configuration
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
<VirtualHost xxx.xxx.xxx.xxx>
ServerName svn.example.com
<Location />
DAV svn
SVNParentPath /path/to/svn/repositories
AuthzSVNAccessFile /path/to/svn/conf/auth_policy
Satisfy Any
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /path/to/svn/conf/passwdfile
Require valid-user
</Location>
</VirtualHost>
I would like to prevent web crawlers from indexing the public repositories, but I cannot figure out how to properly set up the configuration to serve robots.txt from http://svn.example.com/robots.txt.
I have found a thread "stopping webcrawlers using robots.txt" from 2006, but it didn't help me solve the problem (Ryan's suggestion for redirection didn't work).
EDIT: I would prefer to keep the repositories at the top level rather than moving them to http://svn.example.com/something/reponame.
Don't put your Subversion repositories' virtual directory in the root of your server:
Wrong
<Location />
DAV svn
SVNParentPath /path/to/svn/repositories
Right
<Location /svn>
DAV svn
SVNParentPath /path/to/svn/repositories
Instead of your repository root being http://svn.example.com, it will be http://svn.exmaple.com/svn. This frees up http://svn.example.com to be a true document root which means you can add some documentation about your site, and put in a robots.txt file under http://svn.example.com/robots.txt.
Now, a well behaved robot will see the robot.txt file and not index your Subversion repository.
Related
i know duplicate questions about my topic.
but other answer is not helping me.
below is my conf file(i show only changed conf compared to the default conf)
httpd.conf
<Directory />
AllowOverride none
#Require all denied (default)
Require all granted (change)
</Directory>
10-subversion.conf
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule dontdothat_module modules/mod_dontdothat.so
Alias /test /home/svn/test
<Location /test>
DAV svn
SVNParentPath /home/svn/test
SVNListParentPath On
AuthType Basic
AuthName "SVN Repository"
</Location>
In test folder, it has repositry like repo1, repo2.
Below all works well in web browser.
http://127.0.0.1/test
http://127.0.0.1/test/repo1
http://127.0.0.1/test/repo1/trunk
http://127.0.0.1/test/repo1/tags
But in tortoise work not one link below:
http://127.0.0.1/test/repo1
this link show error below:
redirect cycel detected for URL 'http://127.0.0.1/test/repo1'
other link(/test, /test/repo1/tags, /test/repo2/trunk) works well.
how can i solve this error?
AuthType Basic
->
AuthType None
I solved it..
I goggoled a lot about the feature to have multipe repositorie in different location on a server with apache2.
All describe to modify /etc/apache2/mods-available/dav_svn.conf as below:
# Subversion - team A
<Location "/a">
DAV svn
SVNPath /svn/team-a
SVNIndexXSLT "/svnindex.xsl"
</Location>
# Subversion - team B
<Location "/b">
DAV svn
SVNPath /svn/team-b
SVNIndexXSLT "/svnindex.xsl"
</Location>
I tried to modify mine, but it does not work. Below my config:
<Location /Repo1>
DAV svn
SVNParentPath /home/xxx/repositories/Repo1/
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/svn-users
</Location>
<Location /Repo2>
DAV svn
SVNParentPath /home/xxx/repositories/Repo2/
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/svn-users
</Location>
With this config none of two repositories work. If I enable 1 per time, the single repo works.
As you can see I want root repositories in different path: each root has different subrepositories.
SVNParentPath != SVNPath
SVNParentPath is parent-dir of all repos for location, but not repo
At the end it was a problem on rabbit SVN.
Using terminal all is ok.
Reinstalling RabbitSVN all is working well.
I am trying to set up an SVN server on a Linux server, but I am facing the issue in setting up the server:
Below is the configuration I did:
<Location /svn>
DAV svn
SVNParentPath /home/subver/public_html/svn
AuthType Basic
AuthName "Subversion repositories"
AuthUserFile /etc/svn-auth-users
Require valid-user
</Location>
When I try to checkout from my local machine I am getting this error:
Redirect cycle detected for URL 'http:///svn'
Never place repositories physically under ordinary web-root - it's extremely bad and insecure and error-full idea
SVNParentPath /home/subver/public_html/svn + <Location /svn> is your problem. If public_html is web-root of "just Apache" (and it seems so) you have real subdirectory /svn, which you try to redefine with "virtual" Location under the same path and get permanent redirect between these two locations: real and virtual, as expected by any good Apache-admin
Move repositories outside web-space (YOU MUST DO IT), change SVNParentPath accordingly to new location.
Lame and lazy solution, source of future big headache - use another path, than /svn, for Location container
I set up SVN on Ubuntu using the tutorial How to set up a Subversion (SVN) server on GNU/Linux - Ubuntu, but when I try access the repository from other machine using CMD it says Access to /SVN is forbidden.
I changed the permission of the folder and tried other methods to resolve the issue like configuration of the Apache server, but that did not solve my problem.
How can I fix this problem?
Apache can read and write the repository, but its user (www-data) needs to be given ownership of it:
sudo chown -R www-data:www-data /var/svn/repositories/your_repo
To be able to authenticate users who access the repository a password file is needed:
sudo htpasswd -c /etc/subversion/passwd your_user_name
Enter a password for the user your_user_name. For additional users repeat the command without the -c option to make sure the existing file is appended to rather than replaced.
Then edit the Apache configuration file:
sudo gedit /etc/apache2/apache2.conf
Add the following to the end of the file:
#svn users
<Location /svn>
DAV svn
SVNParentPath /var/svn/repositories/
SVNListParentPath On
AuthType Basic
AuthName "Test"
AuthUserFile /etc/subversion/passwd
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
Save the configuration file and restart Apache:
sudo /etc/init.d/apache2 restart
The test repository can now be accessed via:
http://localhost/svn/your_repo
Make sure you have your virtual host set up like this for Apache:
<VirtualHost *:80>
DocumentRoot /home/svn/html
ServerName svn.domainname
ErrorLog logs/svn.domain.com-error_log
CustomLog logs/svn.domain.com-access_log common
<Directory "/home/svn/html">
Order allow,deny
Allow from all
AllowOverride all
</Directory>
<Location /repos>
DAV svn
SVNParentPath /home/svn/repos
Require valid-user
SVNListParentPath on
AuthType Basic
AuthName "Your Super SVN"
AuthUserFile /home/svn/svn-passwords-file-to-be-used-only-when-AuthType-is-used
AuthzSVNAccessFile /home/svn/svn-repos-acl-file-but-optional
</Location>
</VirtualHost>
And make sure Apache can access the repos folder mentioned in SVNParentPath. This issue is mostly because of permissions. Try chmod -R 0777 repos-folder and try again.
This might help someone if they are troubleshooting a setup that had previously been working. Today the new guy at our company inadvertently introduced a typo in the file used by AuthzSVNAccessFile and that caused all of us to experience the dreaded E175013
I am setting up SVN on a Red Hat Linux machine. My scenario is that I have two projects in the same directory:
/var/www/svn/proj1
/var/www/svn/proj2
My subversion.conf has the following configurations:
<Location /svn/proj1>
DAV svn
SVNPath /var/www/svn/proj1
AuthzSVNAccessFile /etc/svn_proj1-acl-conf
AuthType Basic
AuthName "Subversion repos"
AuthUserFile /etc/svn-auth-conf
Require valid-user
</Location>
<Location /svn/proj2/>
DAV svn
SVNParentPath /var/www/svn/proj2
SVNListParentPath on
AuthzSVNAccessFile /etc/svn_proj2-acl-conf
AuthType Basic
AuthName "Subversion repos"
AuthUserFile /etc/svn-auth-conf
Require valid-user
</Location>
For project1 my URL http://www.example.com/svn/proj1 works pretty good, but for project2 I need to add trailing slash in the end of URL, http://www.example.com/svn/proj2/ or else it doesn't return with a user/password window.
If I remove the trailing slash from the location directive,
<Location /svn/proj2>
then it starts giving a 403 Forbidden error, no matter if I use a slash or not in the browser.
I am using it with TortoiseSVN, but project2 isn't working at all.
What should I look at in configurations?
Confused. Confused. Confused...
But, I'm easily confused...
You have two projects. The first one you use:
SVNPath /var/www/svn/proj1
and the second you use:
SVNParentPath /var/www/svn/proj2
Why is one SVNPath and the other SVNParentPath? There's a difference. You specify SVNPath when you refer to a particular repository. You use SVNParentPath when you refer to a directory that contains multiple repositories.
So, exactly what is your setup? I have a feeling that they both should be SVNPath.
By the way, I notice you have the same user list, but separate AuthzSVNAccessFile access files. Are you merely stopping people from committing, or are you preventing people from reading particular files and directories?
Normal practice is to allow users to see all files, but to prevent commit access. In that case, you may want to do that outside of Apache httpd, using my pre-commit hook. This allows you to do two things:
Turn off directory checking access which speeds up Subversion.
Change commit permissions without restarting Apache httpd.
You can then configure both directories in a single configuration:
<Location /svn>
DAV svn
SVNParentPath /var/www/svn
SVNListParentPath on
AuthType Basic
AuthName "Subversion repos"
AuthUserFile /etc/svn-auth-conf
SVNPathAuthz off
Require valid-user
</Location>
Of course, if you're using AuthzPath to prevent read access, you have to use the AuthzSVNAccessFile parameter. But, it makes things more complex, and it slows you down. I usually recommend against it unless users aren't suppose to be able to peek at each other repos (which is quite rare).
And, one more thing... Do your users have LDAP or Windows Active Directory accounts? If so, you can use that to determine Subversion repository access:
LoadModule authnz_ldap_module modules/authnz_ldap.so
<Location /svn>
DAV svn
SVNParentPath /var/www/svn
SVNListParentPath on
AuthType basic
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://windomain.mycorp.com:3268/dc=mycorp,dc=com?sAMAccountName" NONE
AuthLDAPBindDN "CN=svn_user,OU=Users,DC=mycorp,DC=com"
AuthLDAPBindPassword "swordfish"
Require ldap-group CN=developers,CN=Users,DC=mycorp,DC=com
</Location>
This way, if a user has a Windows account (or is in your LDAP database), and that user is in the developers group, they automatically have access to your Subversion repositories (note the SVNParentPath for both repos and any future ones). This way, you're not constantly adding and subtracting users out of your SVN AUthorization file. Plus, you're not constantly retrieving forgotten passwords.
Now, that's all your Windows administrator's responsibility. It's magic. I made your task their job. User doesn't have Subversion access? No longer your problem. More time to play Angry Birds.
One more tiny thing: I have a feeling you don't want to place your repository under /var/www for the simple reason that might be your document root. If you're not careful, you might be granting direct access to your Subversion repository directory.
You're better off putting them elsewhere and changing the SVNParentPath.
The Location and SVNParentPath directive should have the same trailing slash rule: either with or without.
So it should be:
<Location /svn/proj2/> <--- Here trailing slash (or not)
[..]
SVNPath /var/www/svn/proj2/ <--- Here same like Location
[...]
</Location>