亚洲好骚综合-亚洲黄色录像-亚洲黄色网址-亚洲黄色网址大全-99久久99久久-99久久99久久精品国产

您的位置:軟件測試 > 開源軟件測試 > 開源配置管理工具 > SVN
Apache + SSL + Subversion
作者:網絡轉載 發布時間:[ 2012/12/20 16:30:19 ] 推薦標簽:

好像有一段時間沒有Update my blog了,沒辦法,近被Boss催的團團轉,暈的很,而且還有該死的畢業論文來添亂,哎~~

為了留下點紀念,把前兩天配置的Apache + SSL + Subversion的文檔奉獻出來,我發現網上大部分文檔都是在Windows下配置的,在Linux下的配置文檔很少;而且其中一個重要的問題是它們都沒有與SSL相結合,我ft,真正企業級的應用哪有不用SSL的,除非從一開始它想開源……

 
All By Our Smart Lili :)

Here are the steps we can follow, execut them in the order:

Step1:Install OpenSSL, Apache2 & Subversion

OpenSSL:

--------------------------------------------------------------------------------------

./config
make
make test
make install

--------------------------------------------------------------------------------------

Apache2:

--------------------------------------------------------------------------------------

./configure --enable-dav --enable-so --enable-deflate
  --enable-ssl --with-ssl=/usr/local/ssl

make clean
make
make install

--------------------------------------------------------------------------------------

Subversion

--------------------------------------------------------------------------------------

./configure --with-zlib --enable-ssl --with-ssl
--with-libs=/usr/local/ssl:/usr/local/ssl/lib:/usr/local/lib:/usr/lib:/lib
make clean
make
make install

--------------------------------------------------------------------------------------

Note: Strongly suggest using tar package, if using rpm package, you maybe get an error about an “Unrecognized URL scheme” when aclearcase/" target="_blank" >ccess  to subversion repository. One of the reasons is the dynamic linker/loader can’t find the plugins to load. So when we install subversion , “--enable-ssl --with-ssl” is necessary.

 

Step2:  create certificate

1.         # cd /usr/local/apache/conf

# mkdir ssl.crt

#cd ssl.crt

# cp /usr/local/openssl/ssl/misc/CA.sh

/usr/local/apache/conf/ssl.crt/CA.sh

    2. Create self-signed Certificate Authority certificate/private key.

# ./CA.sh –newca

You will be asked to input these information:

MILY: Verdana">Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:SICHUAN
Locality Name (eg, city) [Newbury]:CHENGDU

Organization Name (eg, company) [My Company Ltd]:CUIT
Organizational Unit Name (eg, section) []:ENG
Common Name (eg, your name or your server's hostname) []:MyServerName
Email Address []:someone@somewhere.net

Now in the directory /usr/local/apache/conf/ssl.crt/, a new directory ./demoCA is created. ../demoCA/private/cakey.pem is the private key and ../demoCA/cacert.pem is the certificate.

3.Create web server certificate request and private key, and to sign server certificate using CA private key.

# openssl genrsa -des3 -out server.key 1024

#openssl req -new -key server.key -out server.csr

You will be asked to input these information again:

Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:SICHUAN
Locality Name (eg, city) [Newbury]:CHENGDU

Organization Name (eg, company) [My Company Ltd]:CUIT
Organizational Unit Name (eg, section) []:ENG
Common Name (eg, your name or your server's hostname) []:192.168.?.?
Email Address []:someone@somewhere.com

Note: We must input server’s hostname or IP when asked input common name, it is very important.

# mv server.csr newreq.pem

# ./CA.sh –sign

Now we get a server certificate named newcert.pem, rename newcert.pem as server.crt:

#mv newcert.pem server.crt

4. Generate client certificate request and private key, and to sign client certificate using CA private key.

# openssl genrsa -des3 -out client.key 1024

# openssl req -new -key client.key -out client.csr

#openssl ca -in client.csr -out client.crt

#openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.pfx

 

Step3: Edit ssl.conf & httpd.conf

Ssl.conf:

I edit my ssl.conf as below:

---------------------------------------------------------------------------------

DocumentRoot https://192.168.?.?

ServerName 192.168.?.?:443

ServerAdmin someone@somewhere.com

Add the following lines or delete “#” before them:

SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/server.key

SSLCACertificatePath /usr/local/apache2/conf/ssl.crt/demoCA

SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/demoCA/cacert.pem

SSLVerifyClient require

SSLVerifyDepth  1

       --------------------------------------------------------------------------------

 

Httpd.conf:

Configurate the Apache httpd.conf file as below:

---------------------------------------------------------------------------------

Change from “Listen 80” à“Listen 127.0.0.1:80” to limit somebody access to server by http://192.168.?.?.

Add: “ServerAdmin someone@somewhere.com”

Add: “ServerName 192.168.?.?:443”

Change from “AllowOverride None” à “AllowOverride All”

Change from “” à“”

Change from “AccessFileName.htaccess” à“AccessFileName /home/mysvn/.htaccess”

Add :“NameVirtualHost 192.168.?.?:443”

Put the following lines into :

LoadModule dav_svn_module     modules/mod_dav_svn.so

LoadModule authz_svn_module   modules/mod_authz_svn.so

(If the two lines above already exist, please skip.)

VirtualHost 192.168.?.?:443>

DocumentRoot "/home/mysvn"

ServerName 192.168.?.?

ServerAdmin someone@somewhere.com

SSLEngine on

SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/demoCA/cacert.pem

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt

SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/server.key

DAV svn

SVNParentPath /home/mysvn

AuthzSVNAccessFile /home/mysvn/authz.conf

---------------------------------------------------------------------------------

 

Now we edit .htaccess as the following:

---------------------------------------------------------------------------------

AuthType Basic

AuthName "subversion repository"

AuthUserFile /home/mysvn/.htpasswd

Require valid-user

---------------------------------------------------------------------------------

.We can use “htpasswd –c /home/mysvn/.htpasswd user_name” to create user and password for the first time, “-c ” isn’t needed after that.

The file authz.conf can be used to limite user’s authority. Edit as below:

---------------------------------------------------------------------------------

[groups]

 

groupA = rchu, jhuang, mhsu, hma, jxu, tzheng, jlai, tho, lwei, sliu,

groupB = ipu,  ddong, aho, mmcgrew, jliu, jliang, khuang, vyang, azhou, kye

[xyz:/]

@groupA = rw

@groupB = rw

 

[t1:/]

@groupA = rw

 

[t2:/]

@groupB = rw

---------------------------------------------------------------------------------

So all people can checkout xyz, the numbers of groupA can checkout t1 , the numbers of groupB can checkout t2.

Use “/usr/local/apache2/bin/apachetl startssl ” to start apache, “/usr/local/apache2/bin/apachetl stop” to stop it.

That’s all.

Wish you good luck!

For protect our company information, all "?" can be replaced by any ip address like and so are emails.

軟件測試工具 | 聯系我們 | 投訴建議 | 誠聘英才 | 申請使用列表 | 網站地圖
滬ICP備07036474 2003-2017 版權所有 上海澤眾軟件科技有限公司 Shanghai ZeZhong Software Co.,Ltd
主站蜘蛛池模板: 国产亚洲视频在线播放大全 | 欧美黑人粗暴另类多交 | 被免费网站在线视频 | 丁香在线视频 | 99久久免费国产特黄 | 国产精品一区二区手机看片 | 国亚洲欧美日韩精品 | 国产成人a毛片在线 | 久久国产视频精品 | 欧美精品亚洲精品日韩专区 | 深夜福利免费观看 | 欧美在线视频网 | 欧美在线中文字幕 | 成片免费的禁v影片 | 一级黄色一级黄色 | 精品成人免费一区二区在线播放 | 99re热视频这里只有精品5 | 日韩一级二级 | 成人开心激情 | 被窝国产理论一二三影院 | 性感美女视频免费网站午夜 | 美女羞羞视频网站 | 天天摸日日添狠狠添婷婷 | 日韩香蕉视频 | 日日摸夜夜添欧美一区 | 又爽又黄又紧的免费视频 | 天天怕夜夜怕狠狠怕 | 免费大片在线观看www | 欧美网站色 | 亚洲地址一地址二地址三 | 日本中文字幕在线视频站 | 非洲精品性hd | 最近2019年中文字幕6 | 久久成人国产精品免费 | 亚洲国产91| 精品久久久久久亚洲精品 | 久久亚洲最大成人网4438 | 免费观看欧美性一级 | 日韩精品一区二区三区四区 | 在线看片黄 | 国产高清在线视频一区二区三区 |