Difference between revisions of "Setup a SVN Server on a Shared Hosting"

From PaskvilWiki
Jump to: navigation, search
(Create the SSH keys)
 
Line 38: Line 38:
 
  ssh-keygen -t rsa
 
  ssh-keygen -t rsa
 
   
 
   
  # now transfer - scp/sftp - the '''mysvn_id_rsa'''.pub (and '''''only''''' this key -
+
  # now transfer - e.g. by scp - the '''mysvn_id_rsa'''.pub (and '''''only''''' this key -
 
  # not the private one!) to your hosting account and register it as a valid key:
 
  # not the private one!) to your hosting account and register it as a valid key:
 
   
 
   
 +
scp '''mysvn_id_rsa'''.pub '''user'''@'''my.host.com''':~
 +
ssh '''user'''@'''my.host.com'''
 
  cat '''mysvn_id_rsa'''.pub >> ~/.ssh/authorized_keys
 
  cat '''mysvn_id_rsa'''.pub >> ~/.ssh/authorized_keys
 +
exit
  
 
=== Setting Up the SVN on Local Machine ===
 
=== Setting Up the SVN on Local Machine ===
  
On your local machine, put the keys somewhere safe - typically in <tt>~/.ssh</tt> folder and make sure the folder is set to 700.
+
On your local machine, put the keys somewhere safe - typically in <tt>~/.ssh</tt> folder and make sure the folder is chmod'ed to 700.
  
 
SVN allows you to define named tunnels to use, with any protocol you want.
 
SVN allows you to define named tunnels to use, with any protocol you want.
Line 60: Line 63:
  
 
Due to security concerns, SSH does not see user's <tt>$PATH</tt> until the user is logged in.
 
Due to security concerns, SSH does not see user's <tt>$PATH</tt> until the user is logged in.
This means that the <tt>svnserve</tt> command won't work via SSH, as your ''svnserve'' executable is in your home.
+
This means that the <tt>svnserve</tt> command won't work via SSH, as your <tt>svnserve</tt> executable is in your home.
 
If you try to checkout the repository now, you'll get the following error:
 
If you try to checkout the repository now, you'll get the following error:
  
 
  bash: svnserve: command not found
 
  bash: svnserve: command not found
  
It's simple to overcome (and the reason why the created key should/can be used only for SVN connections) by updating the <tt>~/.ssh/authorized_keys</tt> file on your server, adding the following to the start of the line where your public key part is:
+
It's simple to overcome (and the reason why the created key should/can be used only for SVN connections) by updating the <tt>~/.ssh/authorized_keys</tt> file on your server, adding the following to the start of the line where your public key is:
  
 
  command="/'''home'''/'''user'''/bin/svnserve -t -r /'''home'''/'''user'''/svn/"
 
  command="/'''home'''/'''user'''/bin/svnserve -t -r /'''home'''/'''user'''/svn/"
Line 75: Line 78:
 
=== Using It All ===
 
=== Using It All ===
  
Now, once you [[Creating a SVN Repository|create some repositories]] on the server, or [[Moving a SVN Repository|move them from previous hosting]], you can check out - on your local machine - the <tt>/'''home'''/'''user'''/svn/repo</tt> like this:
+
Now, once you [[Creating a SVN Repository|create some repositories]] on the server, or [[Moving a SVN Repository|move them from previous hosting]], you can check out - on your local machine - the <tt>/'''home'''/'''user'''/svn/'''repo'''</tt> like this:
  
  svn co svn+'''mysvn'''://my.host.com/repo
+
  svn co svn+'''mysvn'''://'''my.host.com'''/'''repo'''
  
 
Note the ''mysvn'' named tunnel from the SVN config file; this way, on a single development machine, you can use as many different SSH keys and setups as you need.
 
Note the ''mysvn'' named tunnel from the SVN config file; this way, on a single development machine, you can use as many different SSH keys and setups as you need.
  
Also note what the <tt>-r</tt> parameter did - it specifies the SVN's fake root on server, i.e. starting point from which the <tt>svnserve</tt> should start looking for the repositories. This has two advantages:
+
Also note what the <tt>-r</tt> parameter did - it specifies the SVN's fake root on server, i.e. starting point from which the <tt>svnserve</tt> should start looking for the repositories - for the given key - you can change this on the per-key level. This has two advantages:
 
* makes your setup more secure - the <tt>svnserve</tt> cannot access files outside this folder,
 
* makes your setup more secure - the <tt>svnserve</tt> cannot access files outside this folder,
 
* makes your repository easier to use - in the above URL, the ''repo'' part translates to <tt>/'''home'''/'''user'''/svn/''repo''</tt>; without the <tt>-r</tt> parameter to <tt>svnserve</tt>, you'd have to use the full path:
 
* makes your repository easier to use - in the above URL, the ''repo'' part translates to <tt>/'''home'''/'''user'''/svn/''repo''</tt>; without the <tt>-r</tt> parameter to <tt>svnserve</tt>, you'd have to use the full path:
  
  svn co svn+'''mysvn'''://my.host.com/'''home'''/'''user'''/svn/repo
+
  svn co svn+'''mysvn'''://'''my.host.com'''/'''home'''/'''user'''/svn/repo

Latest revision as of 14:15, 28 June 2011

You'll need SSH access for this, so pick your hosting wisely!

I've setup mine on HostMonster.

In the code samples, things to customize to your liking are in bold.

Prepare SVN

On your hosting server, download the latest version of SVN (this was 1.6.17, as of writing), and build and install it.

cd ~/some/temp
wget http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
wget http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
tar xfz subversion-1.6.17.tar.gz
tar xfz subversion-deps-1.6.17.tar.gz
cd subversion-1.6.17/
./configure --prefix=$HOME --without-berkeley-db --with-editor=/usr/bin/vim --with-neon=$HOME --without-apxs --without-apache --without-neon
make && make install

At this point, you may delete all files in ~/some/temp, you're done with the SVN build.

The SVN binaries are now located in the ~/bin folder. This folder is typically already included in $PATH; you can verify it running

svn --version

Create the SSH keys

For ease of use, and security at the same time, you should use SSH keys for authentication.

The easiest way is to use passphrase-less keys, that you'll use only for the SVN access.

On your development machine:

# create the keys - choose where to put the keys, and enter empty passphrase;
# name the keys something like mysvn_id_rsa, so you can easily recognize them
# be sure to chmod 600 both keys afterwards; SSH even refuses to work with non-600 keys!

ssh-keygen -t rsa

# now transfer - e.g. by scp - the mysvn_id_rsa.pub (and only this key -
# not the private one!) to your hosting account and register it as a valid key:

scp mysvn_id_rsa.pub user@my.host.com:~
ssh user@my.host.com
cat mysvn_id_rsa.pub >> ~/.ssh/authorized_keys
exit

Setting Up the SVN on Local Machine

On your local machine, put the keys somewhere safe - typically in ~/.ssh folder and make sure the folder is chmod'ed to 700.

SVN allows you to define named tunnels to use, with any protocol you want.

Edit your ~/.subversion/config file, adding the following line under the [tunnels] section:

mysvn = ssh -i /home/user/.ssh/mysvn_id_rsa

Notice that you have to use a full path to the key, otherwise you'll get the following error:

Warning: Identity file ~/.ssh/mysvn_id_rsa not accessible: No such file or directory.

Setting Up the Server Side

Due to security concerns, SSH does not see user's $PATH until the user is logged in. This means that the svnserve command won't work via SSH, as your svnserve executable is in your home. If you try to checkout the repository now, you'll get the following error:

bash: svnserve: command not found

It's simple to overcome (and the reason why the created key should/can be used only for SVN connections) by updating the ~/.ssh/authorized_keys file on your server, adding the following to the start of the line where your public key is:

command="/home/user/bin/svnserve -t -r /home/user/svn/"

where /home/user/svn/ is the folder where you want to store your repositories. You can also find the path to svnserve using `which svnserve`.

Here you can see that "the only thing" that can be done with the key is to run the svnserve command.

Using It All

Now, once you create some repositories on the server, or move them from previous hosting, you can check out - on your local machine - the /home/user/svn/repo like this:

svn co svn+mysvn://my.host.com/repo

Note the mysvn named tunnel from the SVN config file; this way, on a single development machine, you can use as many different SSH keys and setups as you need.

Also note what the -r parameter did - it specifies the SVN's fake root on server, i.e. starting point from which the svnserve should start looking for the repositories - for the given key - you can change this on the per-key level. This has two advantages:

  • makes your setup more secure - the svnserve cannot access files outside this folder,
  • makes your repository easier to use - in the above URL, the repo part translates to /home/user/svn/repo; without the -r parameter to svnserve, you'd have to use the full path:
svn co svn+mysvn://my.host.com/home/user/svn/repo