30 Oct 2010

SVN, Apache and Snow Leopard Server: A Battle

Looking for instructions for Lion Server?? Check out the new post

Oh wow. This one is covered out there on the internet but I had a hard time getting subversion and apache and snow leopard server to work together properly and in a way that stuck. Hopefully this article will save you a few hours of pain and give you a long lasting, robust solution for hosting a subversion repository on Mac OS X Snow Leopard Server.

Lets talk about the goal. I wanted to have a repository for each of my software projects. I have a group of users in Open Directory whom I want to be able to access the repository. I have them all in a "developers" group. I also want to be able to check in and out from outside my home network.

I thought the best way to achieve this would be to set up Apache and subversion and access the repo using webDAV. Snow Leopard server comes with all these tools built in and I thought it would be a cinch to get going. It turns out that most of the battle is with Server Admin. Apple have a capable but lacking module in Server Admin to configure Apache and its simply called "web"

All the tabs are pretty self explanatory. But the key to getting this configured is the "Sites" section.

Lets step back a bit and talk about Apache, the web server in Snow Leopard Server. Apache is configured using plain text configuration files stored in /etc/apache2. These files contain instructions on how to set up the webserver and these instructions are known as directives. Now If you have a directive at the beginning of the file and then specify that directive later on, the later directive takes precedence. In this way web servers are usually configured to deny all requests from everybody and have access to nothing, and then later on are configured to allow only certain access to certain places and only for certain domain names.

What does this all have to do with apache and Snow Leopard Server? Well quite a lot. The Sites tab sets up all the websites you want to host on your web server. (Vhosts in apache parlance). Different websites can be served up by apache depending on what address you type into your address bar of your browser.

Now, basically Sites at the bottom of the list in Server Admin are overridden by sites at the top of the list, just as Apache directives at the start of a config file are overridden by the ones at the end. This means that if you have a Site set up for yourdomain.com and in the Server Aliases Panel you have *.yourdomain.com like so…
Here we have a new site with our domain name entered.
And here is the alias for all subdomains.
To host a subversion repo at http://repo.yourdomain.com you need to make a new Site with that hostname and drag it above the more generic wildcard site in the list.

Ta da.

Now to the fun part. In various how tos around the internet it suggests creating a realm in Server Admin and then editing the apache conf file in Terminal to enable subversion. This method will drive you nuts as Server Admin sets DAV off over and over again no matter how lightly you tread. So lets not bother with server admin any more, lets do something that it can't change every 5 minutes!

At this point you should have a Site for your new repo, and you should get something when you visit it in a web browser. I have all the Options turned off, nothing in the realms section, nothing in the Web Server Aliases section, nothing in the proxy section and I disabled all the Wiki, Calendar and Blog stuff in the last tab (this is a subversion server after all).

Now fire up terminal and enter the following command (again I prefer to use vim, but you may like pico or something else)

sudo vim /etc/apache2/subversion.conf

now press the "a" key and paste this in (CMD + V):

        <Location "/svn/">
                AuthType Basic
                        Require group  developers
                AuthName "svn_auth"
                SVNParentPath /Groups/developers/repos
                DAV svn

Couple of things you may want to change…
  • Require group developers - this line only allows access to the developers group in Open Directory. Change this to what you want. You can also have Require user someUser to only allow access to someUser.
  • SVNParentPath …. - This means the following directory is a directory containing several subversion repos and saves you having to set up several individually.
  • /Groups/developers/repos - flying in the dour face of convention, as I am only allowing access to the group "developers" I am choosing to store the repos in their group folder. Nice and accessible in the finder and it means server permissions are easier!
Ok. Now those are all set up to your liking lets save the file. Press "Esc" and then type ":wq".

What we have done is the same as making a realm in Server Admin, but outside of where Server Admin looks.

Now we need to configure our site we made in Server Admin to reference this file. Open it up.
vim /etc/apache2/sites/0000_any_80_repo.yoursite.com  (or something like that)

Just before the end of this file we'll insert the vital line
Include "/etc/apache2/subversion.conf"

(in vim, scroll down using arrow keys, then press o to Open a new line and type it in. Press esc, then type :wq to save)

Wicked. Now all we need to do is create our subversion repository (might as well stick in terminal)

cd /Groups/developers/repos/
svnadmin create subversionRepository

So that our webserver can access the directory, lets make it owned by the web server user _www. Its ok to do this as access for the developers group is determined in an ACL, not using POSIX permissions.

chown _www subversionRepository

In the finder it looks like this

Now all thats left to do is test the repo. You can try it out in your web browser.

Any questions, post a comment.

1 comment:

Yev said...

Hi, ran across your post, have been trying to setup, however when I add a Site to my configuration and later on try to access it via the browser I don't get anything as if the server knows nothing about the new site.

I only have a single entry in my Sites tab which is blank on port 80.

Do you have any ideas?