Subversion repositories can be served by the Apache web server over the HTTP protocol (extended by WebDAV/DeltaV). The benefits of this system include high performance, fine-grained permission control, SSL support, alternative authentication modes and more. It is the solution of choice if your are behind a company firewall since it uses only standard HTTP or HTTPS connections. Repository content can also be accessed seamlessly from the web.
If you have not created any Subversion repositories yet, you can create one with svnadmin(1):
$ svnadmin create ~/my-repository/
To load the precompiled
mod_dav_svn into your web server, add the following line to your httpd.conf:
LoadModule dav_svn_module /usr/local/httpd/modules/mod_dav_svn.so
If you plan to use fine-grained permissions, add
mod_authz_svn.so in addition to
You can also use your own build of
mod_dav_svn. To compile it, grab the latest stable Subversion source release, unpack it to some temporary location and compile subversion using the following
If you do not already have your Apache server instance set up, follow these steps and pass the
--enable-dav option to
./configure. Rebuild and reinstall your Apache server as explained in the guide.
$ mkdir ~/subversion $ tar -xzf subversion-*.tar.gz $ rm -f subversion-*.tar.gz $ cd subversion-* $ ./configure --prefix=$HOME/subversion --with-apxs=$HOME/apache/bin/apxs \ --with-berkeley-db=/usr/local $ make && make install
Then, delete the source directory as well as the ~/subversion/ directory (which is not needed since we are only using the Apache modules):
$ rm -fR ~/subversion-* $ rm -fR ~/subversion
HTTP access to your repositories is defined using a
<Location> section in your httpd.conf.
<Location /myproject> DAV svn SVNPath /home/myself/myrepos/myproject AuthType Basic AuthName "My project" AuthUserFile /home/myself/private/myproject.htpasswd Order deny,allow <LimitExcept GET PROPFIND OPTIONS REPORT> Require valid-user </LimitExcept> </Location>
This entry would grant read-only access to everyone and write access to every user
AuthUserFile. You can use the htpasswd(1) utility to create or update this file, as described in the .htaccess how-to.
The next entry grants read/write access to users in the
AuthUserFile, and no access to anyone else.
<Location /myproject> DAV svn SVNPath /home/myself/myrepos/myproject AuthType Basic AuthName "My project" AuthUserFile /home/myself/private/myproject.pw Order deny,allow Require valid-user </Location>
The previous examples all define access on a per-repository basis. It is also possible to grant access from specific users to specific areas of the repository, using fine-grained permissions.
Using either a remote Subversion client or the standard svn(1) command from your shell, you can generate your working copy of the repository with the checkout command. If you are accessing public data over a read-only account, you can safely use a standard http URL:
$ svn co http://your-domain/myproject/
If you are accessing private data or using a read/write account, make sure to use an https URL:
$ svn co https://your-domain/myproject/
The contents of public repositories are also accessible from a web browser. Keep in mind that search engines will try to index any public data, so you may want to use a robots.txt file.
You can allow or deny specific users read/write privileges on specific items within a repository using AuthzSVNAccessFile. If you use this directive, make sure the
mod_authz_svn module is loaded.
<Location /repos> DAV svn SVNPath /home/myself/myrepos # Access Control via the authz module. AuthzSVNAccessFile /home/myself/private/myrepos.acl # Anonymous access is allowed. Prompt as needed. Satisfy Any Require valid-user AuthType Basic AuthName "My subversion repositories" AuthUserFile /home/myself/private/myrepos.pw </Location>
The file specified in
AuthzSVNAccessFile is a plain text file which defines fine-grained access lists. Note that all path names specified are relative to the
# # Allow anonymous read access to everything by default. # [/] * = r # # Grant alice and bob write access to all of /myproject1/. # [/myproject] * = r alice = rw bob = rw # # Grant carol and charlie write access to only /myproject/foo # [/myproject/foo] carol = rw charlie = rw