Setup a SVN Server on a Shared Hosting

From PaskvilWiki
Jump to: navigation, search

You'll need SSH access for this, so pick your hosting wisely!

I've setup mine on HostMonster.

In the code samples, things to customize to your liking are in bold.

Prepare SVN

On your hosting server, download the latest version of SVN (this was 1.6.17, as of writing), and build and install it.

cd ~/some/temp
wget http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
wget http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
tar xfz subversion-1.6.17.tar.gz
tar xfz subversion-deps-1.6.17.tar.gz
cd subversion-1.6.17/
./configure --prefix=$HOME --without-berkeley-db --with-editor=/usr/bin/vim --with-neon=$HOME --without-apxs --without-apache --without-neon
make && make install

At this point, you may delete all files in ~/some/temp, you're done with the SVN build.

The SVN binaries are now located in the ~/bin folder. This folder is typically already included in $PATH; you can verify it running

svn --version

Create the SSH keys

For ease of use, and security at the same time, you should use SSH keys for authentication.

The easiest way is to use passphrase-less keys, that you'll use only for the SVN access.

On your development machine:

# create the keys - choose where to put the keys, and enter empty passphrase;
# name the keys something like mysvn_id_rsa, so you can easily recognize them
# be sure to chmod 600 both keys afterwards; SSH even refuses to work with non-600 keys!

ssh-keygen -t rsa

# now transfer - e.g. by scp - the mysvn_id_rsa.pub (and only this key -
# not the private one!) to your hosting account and register it as a valid key:

scp mysvn_id_rsa.pub user@my.host.com:~
ssh user@my.host.com
cat mysvn_id_rsa.pub >> ~/.ssh/authorized_keys
exit

Setting Up the SVN on Local Machine

On your local machine, put the keys somewhere safe - typically in ~/.ssh folder and make sure the folder is chmod'ed to 700.

SVN allows you to define named tunnels to use, with any protocol you want.

Edit your ~/.subversion/config file, adding the following line under the [tunnels] section:

mysvn = ssh -i /home/user/.ssh/mysvn_id_rsa

Notice that you have to use a full path to the key, otherwise you'll get the following error:

Warning: Identity file ~/.ssh/mysvn_id_rsa not accessible: No such file or directory.

Setting Up the Server Side

Due to security concerns, SSH does not see user's $PATH until the user is logged in. This means that the svnserve command won't work via SSH, as your svnserve executable is in your home. If you try to checkout the repository now, you'll get the following error:

bash: svnserve: command not found

It's simple to overcome (and the reason why the created key should/can be used only for SVN connections) by updating the ~/.ssh/authorized_keys file on your server, adding the following to the start of the line where your public key is:

command="/home/user/bin/svnserve -t -r /home/user/svn/"

where /home/user/svn/ is the folder where you want to store your repositories. You can also find the path to svnserve using `which svnserve`.

Here you can see that "the only thing" that can be done with the key is to run the svnserve command.

Using It All

Now, once you create some repositories on the server, or move them from previous hosting, you can check out - on your local machine - the /home/user/svn/repo like this:

svn co svn+mysvn://my.host.com/repo

Note the mysvn named tunnel from the SVN config file; this way, on a single development machine, you can use as many different SSH keys and setups as you need.

Also note what the -r parameter did - it specifies the SVN's fake root on server, i.e. starting point from which the svnserve should start looking for the repositories - for the given key - you can change this on the per-key level. This has two advantages:

  • makes your setup more secure - the svnserve cannot access files outside this folder,
  • makes your repository easier to use - in the above URL, the repo part translates to /home/user/svn/repo; without the -r parameter to svnserve, you'd have to use the full path:
svn co svn+mysvn://my.host.com/home/user/svn/repo