Difference between revisions of "Setup a SVN Server on a Shared Hosting"
(Created page with "You'll need SSH access for this, so pick your hosting wisely! I've setup mine on [http://www.hostmonster.com HostMonster]. In the code samples, things to customize to your liki...") |
(No difference)
|
Revision as of 14:05, 28 June 2011
You'll need SSH access for this, so pick your hosting wisely!
I've setup mine on HostMonster.
In the code samples, things to customize to your liking are in bold.
Contents
Prepare SVN
Download the latest version (as of writing of this, 1.6.17), and build/install it.
cd ~/some/temp wget http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz wget http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz tar xfz subversion-1.6.17.tar.gz tar xfz subversion-deps-1.6.17.tar.gz cd subversion-1.6.17/ ./configure --prefix=$HOME --without-berkeley-db --with-editor=/usr/bin/vim --with-neon=$HOME --without-apxs --without-apache --without-neon make && make install
At this point, you may delete all files in ~/some/temp, you're done with the SVN setup.
The SVN binaries are now located in the ~/bin folder. This folder is typically already included in $PATH; you can verify it using
svn --version
Create the SSH keys
For ease of use, and security at the same time, you should use SSH keys for authentication.
The easiest way is to use passphrase-less keys, that you'll use only for the SVN access.
# create the keys - choose where to put the keys, and enter empty passphrase; # name the keys something like mysvn_id_rsa, so you can easily recognize them # be sure to chmod 600 both keys afterwards; SSH even refuses to work with non-600 keys! ssh-keygen -t rsa # now transfer - scp/sftp - the mysvn_id_rsa.pub (and only this key - # not the private one!) to your hosting account and register it as a valid key: cat mysvn_id_rsa.pub >> ~/.ssh/authorized_keys
Setting Up the SVN on Local Machine
On your local machine, put the keys somewhere safe - typically in ~/.ssh folder and make sure the folder is set to 700.
SVN allows you to define named tunnels to use, with any protocol you want.
Edit your ~/.subversion/config file, adding the following line under the [tunnels] section:
mysvn = ssh -i /home/user/.ssh/mysvn_id_rsa
Notice that you have to use a full path to the key, otherwise you'll get the following error:
Warning: Identity file ~/.ssh/mysvn_id_rsa not accessible: No such file or directory.
Setting Up the Server Side
Due to security concerns, SSH does not see user's $PATH until the user is logged in. This means that the svnserve command won't work via SSH, as your svnserve executable is in your home. If you try to checkout the repository now, you'll get the following error:
bash: svnserve: command not found
It's simple to overcome (and the reason why the created key should/can be used only for SVN connections) by updating the ~/.ssh/authorized_keys file on your server, adding the following to the start of the line where your public key part is:
command="/home/user/bin/svnserve -t -r /home/user/svn/"
where /home/user/svn/ is the folder where you want to store your repositories. You can also find the path to svnserve using `which svnserve`.
Here you can see that "the only thing" that can be done with the key is to run the svnserve command.
Using It All
Now, once you create some repositories on the server, or move them from previous hosting, you can check out - on your local machine - the /home/user/svn/repo like this:
svn co svn+mysvn://my.host.com/repo
Note the mysvn named tunnel from the SVN config file; this way, on a single development machine, you can use as many different SSH keys and setups as you need.
Also note what the -r parameter did - it specifies the SVN's fake root on server, i.e. starting point from which the svnserve should start looking for the repositories. This has two advantages:
- makes your setup more secure - the svnserve cannot access files outside this folder,
- makes your repository easier to use - in the above URL, the repo part translates to /home/user/svn/repo; without the -r parameter to svnserve, you'd have to use the full path:
svn co svn+mysvn://my.host.com/home/user/svn/repo