Difference between revisions of "Setup a SVN Server on a Shared Hosting"
(Created page with "You'll need SSH access for this, so pick your hosting wisely! I've setup mine on [http://www.hostmonster.com HostMonster]. In the code samples, things to customize to your liki...") |
|||
(2 intermediate revisions by one user not shown) | |||
Line 7: | Line 7: | ||
=== Prepare SVN === | === Prepare SVN === | ||
− | + | On your hosting server, download the latest version of SVN (this was 1.6.17, as of writing), and build and install it. | |
cd '''~/some/temp''' | cd '''~/some/temp''' | ||
Line 18: | Line 18: | ||
make && make install | make && make install | ||
− | At this point, you may delete all files in <tt>'''~/some/temp'''</tt>, you're done with the SVN | + | At this point, you may delete all files in <tt>'''~/some/temp'''</tt>, you're done with the SVN build. |
+ | |||
+ | The SVN binaries are now located in the <tt>~/bin</tt> folder. This folder is typically already included in <tt>$PATH</tt>; you can verify it running | ||
− | |||
svn --version | svn --version | ||
Line 28: | Line 29: | ||
The easiest way is to use passphrase-less keys, that you'll use ''only'' for the SVN access. | The easiest way is to use passphrase-less keys, that you'll use ''only'' for the SVN access. | ||
+ | |||
+ | On your development machine: | ||
# create the keys - choose where to put the keys, and enter empty passphrase; | # create the keys - choose where to put the keys, and enter empty passphrase; | ||
Line 35: | Line 38: | ||
ssh-keygen -t rsa | ssh-keygen -t rsa | ||
− | # now transfer - scp | + | # now transfer - e.g. by scp - the '''mysvn_id_rsa'''.pub (and '''''only''''' this key - |
# not the private one!) to your hosting account and register it as a valid key: | # not the private one!) to your hosting account and register it as a valid key: | ||
+ | scp '''mysvn_id_rsa'''.pub '''user'''@'''my.host.com''':~ | ||
+ | ssh '''user'''@'''my.host.com''' | ||
cat '''mysvn_id_rsa'''.pub >> ~/.ssh/authorized_keys | cat '''mysvn_id_rsa'''.pub >> ~/.ssh/authorized_keys | ||
+ | exit | ||
=== Setting Up the SVN on Local Machine === | === Setting Up the SVN on Local Machine === | ||
− | On your local machine, put the keys somewhere safe - typically in <tt>~/.ssh</tt> folder and make sure the folder is | + | On your local machine, put the keys somewhere safe - typically in <tt>~/.ssh</tt> folder and make sure the folder is chmod'ed to 700. |
SVN allows you to define named tunnels to use, with any protocol you want. | SVN allows you to define named tunnels to use, with any protocol you want. | ||
Line 57: | Line 63: | ||
Due to security concerns, SSH does not see user's <tt>$PATH</tt> until the user is logged in. | Due to security concerns, SSH does not see user's <tt>$PATH</tt> until the user is logged in. | ||
− | This means that the <tt>svnserve</tt> command won't work via SSH, as your | + | This means that the <tt>svnserve</tt> command won't work via SSH, as your <tt>svnserve</tt> executable is in your home. |
If you try to checkout the repository now, you'll get the following error: | If you try to checkout the repository now, you'll get the following error: | ||
bash: svnserve: command not found | bash: svnserve: command not found | ||
− | It's simple to overcome (and the reason why the created key should/can be used only for SVN connections) by updating the <tt>~/.ssh/authorized_keys</tt> file on your server, adding the following to the start of the line where your public key | + | It's simple to overcome (and the reason why the created key should/can be used only for SVN connections) by updating the <tt>~/.ssh/authorized_keys</tt> file on your server, adding the following to the start of the line where your public key is: |
command="/'''home'''/'''user'''/bin/svnserve -t -r /'''home'''/'''user'''/svn/" | command="/'''home'''/'''user'''/bin/svnserve -t -r /'''home'''/'''user'''/svn/" | ||
Line 72: | Line 78: | ||
=== Using It All === | === Using It All === | ||
− | Now, once you [[Creating a SVN Repository|create some repositories]] on the server, or [[Moving a SVN Repository|move them from previous hosting]], you can check out - on your local machine - the <tt>/'''home'''/'''user'''/svn/repo</tt> like this: | + | Now, once you [[Creating a SVN Repository|create some repositories]] on the server, or [[Moving a SVN Repository|move them from previous hosting]], you can check out - on your local machine - the <tt>/'''home'''/'''user'''/svn/'''repo'''</tt> like this: |
− | svn co svn+'''mysvn'''://my.host.com/repo | + | svn co svn+'''mysvn'''://'''my.host.com'''/'''repo''' |
Note the ''mysvn'' named tunnel from the SVN config file; this way, on a single development machine, you can use as many different SSH keys and setups as you need. | Note the ''mysvn'' named tunnel from the SVN config file; this way, on a single development machine, you can use as many different SSH keys and setups as you need. | ||
− | Also note what the <tt>-r</tt> parameter did - it specifies the SVN's fake root on server, i.e. starting point from which the <tt>svnserve</tt> should start looking for the repositories. This has two advantages: | + | Also note what the <tt>-r</tt> parameter did - it specifies the SVN's fake root on server, i.e. starting point from which the <tt>svnserve</tt> should start looking for the repositories - for the given key - you can change this on the per-key level. This has two advantages: |
* makes your setup more secure - the <tt>svnserve</tt> cannot access files outside this folder, | * makes your setup more secure - the <tt>svnserve</tt> cannot access files outside this folder, | ||
* makes your repository easier to use - in the above URL, the ''repo'' part translates to <tt>/'''home'''/'''user'''/svn/''repo''</tt>; without the <tt>-r</tt> parameter to <tt>svnserve</tt>, you'd have to use the full path: | * makes your repository easier to use - in the above URL, the ''repo'' part translates to <tt>/'''home'''/'''user'''/svn/''repo''</tt>; without the <tt>-r</tt> parameter to <tt>svnserve</tt>, you'd have to use the full path: | ||
− | svn co svn+'''mysvn'''://my.host.com/'''home'''/'''user'''/svn/repo | + | svn co svn+'''mysvn'''://'''my.host.com'''/'''home'''/'''user'''/svn/repo |
Latest revision as of 14:15, 28 June 2011
You'll need SSH access for this, so pick your hosting wisely!
I've setup mine on HostMonster.
In the code samples, things to customize to your liking are in bold.
Contents
Prepare SVN
On your hosting server, download the latest version of SVN (this was 1.6.17, as of writing), and build and install it.
cd ~/some/temp wget http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz wget http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz tar xfz subversion-1.6.17.tar.gz tar xfz subversion-deps-1.6.17.tar.gz cd subversion-1.6.17/ ./configure --prefix=$HOME --without-berkeley-db --with-editor=/usr/bin/vim --with-neon=$HOME --without-apxs --without-apache --without-neon make && make install
At this point, you may delete all files in ~/some/temp, you're done with the SVN build.
The SVN binaries are now located in the ~/bin folder. This folder is typically already included in $PATH; you can verify it running
svn --version
Create the SSH keys
For ease of use, and security at the same time, you should use SSH keys for authentication.
The easiest way is to use passphrase-less keys, that you'll use only for the SVN access.
On your development machine:
# create the keys - choose where to put the keys, and enter empty passphrase; # name the keys something like mysvn_id_rsa, so you can easily recognize them # be sure to chmod 600 both keys afterwards; SSH even refuses to work with non-600 keys! ssh-keygen -t rsa # now transfer - e.g. by scp - the mysvn_id_rsa.pub (and only this key - # not the private one!) to your hosting account and register it as a valid key: scp mysvn_id_rsa.pub user@my.host.com:~ ssh user@my.host.com cat mysvn_id_rsa.pub >> ~/.ssh/authorized_keys exit
Setting Up the SVN on Local Machine
On your local machine, put the keys somewhere safe - typically in ~/.ssh folder and make sure the folder is chmod'ed to 700.
SVN allows you to define named tunnels to use, with any protocol you want.
Edit your ~/.subversion/config file, adding the following line under the [tunnels] section:
mysvn = ssh -i /home/user/.ssh/mysvn_id_rsa
Notice that you have to use a full path to the key, otherwise you'll get the following error:
Warning: Identity file ~/.ssh/mysvn_id_rsa not accessible: No such file or directory.
Setting Up the Server Side
Due to security concerns, SSH does not see user's $PATH until the user is logged in. This means that the svnserve command won't work via SSH, as your svnserve executable is in your home. If you try to checkout the repository now, you'll get the following error:
bash: svnserve: command not found
It's simple to overcome (and the reason why the created key should/can be used only for SVN connections) by updating the ~/.ssh/authorized_keys file on your server, adding the following to the start of the line where your public key is:
command="/home/user/bin/svnserve -t -r /home/user/svn/"
where /home/user/svn/ is the folder where you want to store your repositories. You can also find the path to svnserve using `which svnserve`.
Here you can see that "the only thing" that can be done with the key is to run the svnserve command.
Using It All
Now, once you create some repositories on the server, or move them from previous hosting, you can check out - on your local machine - the /home/user/svn/repo like this:
svn co svn+mysvn://my.host.com/repo
Note the mysvn named tunnel from the SVN config file; this way, on a single development machine, you can use as many different SSH keys and setups as you need.
Also note what the -r parameter did - it specifies the SVN's fake root on server, i.e. starting point from which the svnserve should start looking for the repositories - for the given key - you can change this on the per-key level. This has two advantages:
- makes your setup more secure - the svnserve cannot access files outside this folder,
- makes your repository easier to use - in the above URL, the repo part translates to /home/user/svn/repo; without the -r parameter to svnserve, you'd have to use the full path:
svn co svn+mysvn://my.host.com/home/user/svn/repo