docker安装svn(基于ubuntu/apache/https)
一、拉取镜像
[dock@c78-mini-template ~]$ docker pull ubuntu
二、启动容器
[dock@c78-mini-template ~]$ docker run -itd --name ubuntu-svn ubuntu /bin/bash
三、更新国内源
vi sources.list
deb http://mirrors.163.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.163.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.163.com/ubuntu/ focal-backports main restricted universe multiverse
# 替换源
docker cp sources.list ubuntu-svn:/etc/apt/sources.list
四、容器安装相关组件
docker exec -it svn bash
# 容器内操作:
apt-get update
apt-get upgrade
apt-get install apache2 vim net-tools subversion libapache2-mod-svn libsvn-dev
cat <<! >> /etc/apache2/apache2.conf
ServerName localhost:80
!
service apache2 restart
五、创建svn仓库(容器内操作)
mkdir -p /var/lib/svn/
svnadmin create /var/lib/svn/repos
chown -R www-data:www-data /var/lib/svn
chmod -R 775 /var/lib/svn
六、创建web用户
touch /etc/apache2/dav_svn.passwd
htpasswd -m /etc/apache2/dav_svn.passwd admin
htpasswd -m /etc/apache2/dav_svn.passwd qchj
七、配置
cat <<! > /etc/apache2/mods-enabled/dav_svn.conf
Alias /svn /var/lib/svn
<Location /svn>
DAV svn
SVNParentPath /var/lib/svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/dav_svn.passwd
Require valid-user
</Location>
!
八、SSL证书制作
root@b34905547f5a:/# openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/apache.pem -out /etc/ssl/private/apache.pem -nodes -days 3650
Generating a RSA private key
...................................................................+++++
.................+++++
writing new private key to '/etc/ssl/private/apache.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GX
Locality Name (eg, city) []:NN
Organization Name (eg, company) [Internet Widgits Pty Ltd]:abc
Organizational Unit Name (eg, section) []:asc
Common Name (e.g. server FQDN or YOUR name) []:khaz
Email Address []:a@b.com
root@b34905547f5a:/# openssl genrsa -des3 1024 >server.key
Generating RSA private key, 1024 bit long modulus (2 primes)
.......+++++
.......................+++++
e is 65537 (0x010001)
Enter pass phrase:
Verifying - Enter pass phrase:
root@b34905547f5a:/# openssl req -new -key server.key > server.csr
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:GX
Locality Name (eg, city) []:NN
Organization Name (eg, company) [Internet Widgits Pty Ltd]:abc
Organizational Unit Name (eg, section) []:abc
Common Name (e.g. server FQDN or YOUR name) []:abc
Email Address []:a@b.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456
An optional company name []:123
root@b34905547f5a:/#
九、apache SSL配置
# 开启SSL模块
a2enmod ssl
# 启用SSL站点
a2ensite default-ssl
cat <<! > /etc/apache2/sites-enabled/default-ssl
ServerName b34905547f5a
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateChainFile /etc/ssl/certs/server-ca.crt
!
# 提交镜像
docker commit svn svn-ubuntu-server:1.0.0
十、svn配置
docker run -itd -v /data/myrepo:/var/lib/svn/repos -v /etc/localtime:/etc/localtime --restart=always -p 443:443 -p 3690:3690 -p 80:80 --name svn svn-ubuntu-server:1.0.0 /bin/bash
docker exec -it svn bash
cd /var/lib/svn
root@54aa02ac085e:/var/lib/svn# service apache2 restart
root@54aa02ac085e:/var/lib/svn# svnserve -d -r repos
这里是直接挂载了配置好的svn数据和配置。实际配置方法:
svnadmin create repos
cd repos/conf
1、配置svnserve.conf
root@54aa02ac085e:/var/lib/svn/repos/conf# cat svnserve.conf
### This file controls the configuration of the svnserve daemon, if you
### use it to allow access to this repository. (If you only allow
### access through http: and/or file: URLs, then this file is
### irrelevant.)
### Visit http://subversion.apache.org/ for more information.
[general]
### The anon-access and auth-access options control access to the
### repository for unauthenticated (a.k.a. anonymous) users and
### authenticated users, respectively.
### Valid values are "write", "read", and "none".
### Setting the value to "none" prohibits both reading and writing;
### "read" allows read-only access, and "write" allows complete
### read/write access to the repository.
### The sample settings below are the defaults and specify that anonymous
### users have read-only access to the repository, while authenticated
### users have read and write access to the repository.
anon-access = none #这里注意一开始不能有空格,这里改为none
auth-access = write
### The password-db option controls the location of the password
### database file. Unless you specify a path starting with a /,
### the file's location is relative to the directory containing
### this configuration file.
### If SASL is enabled (see below), this file will NOT be used.
### Uncomment the line below to use the default password file.
password-db = passwd
### The authz-db option controls the location of the authorization
### rules for path-based access control. Unless you specify a path
### starting with a /, the file's location is relative to the
### directory containing this file. The specified path may be a
### repository relative URL (^/) or an absolute file:// URL to a text
### file in a Subversion repository. If you don't specify an authz-db,
### no path-based access control is done.
### Uncomment the line below to use the default authorization file.
authz-db = authz
### The groups-db option controls the location of the file with the
### group definitions and allows maintaining groups separately from the
### authorization rules. The groups-db file is of the same format as the
### authz-db file and should contain a single [groups] section with the
### group definitions. If the option is enabled, the authz-db file cannot
### contain a [groups] section. Unless you specify a path starting with
### a /, the file's location is relative to the directory containing this
### file. The specified path may be a repository relative URL (^/) or an
### absolute file:// URL to a text file in a Subversion repository.
### This option is not being used by default.
# groups-db = groups
...(略)
# min-encryption = 0
# max-encryption = 256
2、配置passwd
root@54aa02ac085e:/var/lib/svn/repos/conf# cat passwd
### This file is an example password file for svnserve.
### Its format is similar to that of svnserve.conf. As shown in the
### example below it contains one section labelled [users].
### The name and password for each user follow, one account per line.
[users]
# harry = harryssecret
# sally = sallyssecret
admin = f62D78E1826b00EC!
3、配置authz
root@54aa02ac085e:/var/lib/svn/repos/conf# cat authz
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
### - a single user,
### - a group of users defined in a special [groups] section,
### - an alias defined in a special [aliases] section,
### - all authenticated users, using the '$authenticated' token,
### - only anonymous users, using the '$anonymous' token,
### - anyone, using the '*' wildcard.
###
### A match can be inverted by prefixing the rule with '~'. Rules can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe
# [/foo/bar]
# harry = rw
# &joe = r
# * =
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r
[/]
hwt = rw
十一、检查使用情况
访问https://ip/svn/repos
浙公网安备 33010602011771号