CentOS搭建Nginx+Subversion环境

因为某种原因我们需要用Nginx作为Subversion的http前端，但目前没有现成的Nginx+Subversion搭配方式。
而Subversion提供Apache的http处理模块。现在我们通过nginx反向代理给Apache的方式来实现Nginx+Subversion的组合方式。

[root@nginx-apache-svn ~]# yum install httd subversion mod_dav_svn -y
#mod_dav_svn是Apache的svn模块

[root@nginx-apache-svn ~]# mkdir -p /home/svn
[root@nginx-apache-svn ~]# cd /home/svn/
[root@nginx-apache-svn svn]# svnadmin create work
[root@nginx-apache-svn svn]# chown -R apache.apache work
[root@nginx-apache-svn svn]# tree work/
work/
├── conf
│   ├── authz
│   ├── passwd
│   └── svnserve.conf
├── db
│   ├── current
│   ├── format
│   ├── fsfs.conf
│   ├── fs-type
│   ├── min-unpacked-rev
│   ├── rep-cache.db
│   ├── revprops
│   │   └── 0
│   │       └── 0
│   ├── revs
│   │   └── 0
│   │       └── 0
│   ├── transactions
│   ├── txn-current
│   ├── txn-current-lock
│   ├── txn-protorevs
│   ├── uuid
│   └── write-lock
├── format
├── hooks
│   ├── post-commit.tmpl
│   ├── post-lock.tmpl
│   ├── post-revprop-change.tmpl
│   ├── post-unlock.tmpl
│   ├── pre-commit.tmpl
│   ├── pre-lock.tmpl
│   ├── pre-revprop-change.tmpl
│   ├── pre-unlock.tmpl
│   └── start-commit.tmpl
├── locks
│   ├── db.lock
│   └── db-logs.lock
└── README.txt

10 directories, 28 files

[root@nginx-apache-svn svn]# htpasswd -c /home/svn/work/conf/passwdfile visitor
New password: visitor#用户名和密码都设为visitor
Re-type new password:visitor 
Adding password for user visitor

[root@nginx-apache-svn svn]# egrep -v "^#|^$" /etc/httpd/conf.d/subversion.conf 
LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
<Location /svn/work>
	DAV svn
	SVNPath /home/svn/work
	AuthType Basic
	AuthName "Authorization Realm"
　　　　　AuthUserFile /home/svn/work/conf/passwdfile
	AuthzSVNAccessFile /home/svn/work/conf/authz
	Require valid-user
</Location>

[root@nginx-apache-svn svn]# grep "^Listen" /etc/httpd/conf/httpd.conf 
Listen 81

[root@nginx-apache-svn svn]# service iptables stop && setenforce 0
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
[root@nginx-apache-svn svn]# getenforce
Permissive

[root@nginx-apache-svn svn]# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]
[root@nginx-apache-svn svn]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1310/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1389/master         
tcp        0      0 :::81                       :::*                        LISTEN      1632/httpd          
tcp        0      0 :::22                       :::*                        LISTEN      1310/sshd           
tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master         
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1143/dhclient  

[root@nginx-apache-svn src]# wget http://nginx.org/download/nginx-0.8.55.tar.gz
[root@nginx-apache-svn src]# pwd
/usr/local/src
[root@nginx-apache-svn src]# ls
nginx-0.8.55.tar.gz

[root@nginx-apache-svn nginx-0.8.55]# tar -xzvf nginx-0.8.55.tar.gz && cd nginx-0.8.55

[root@nginx-apache-svn nginx-0.8.55]# useradd -s /bin/false nginx
/bin/false是最严格的禁止login选项，一切服务都不能用。 
/sbin/nologin只是不允许login系统 

[root@nginx-apache-svn nginx-0.8.55]# yum install gcc  pcre-devel openssl-devel  -y

[root@nginx-apache-svn nginx-0.8.55]# ./configure --prefix=/app/server/nginx-0.8.55 \ 
--with-http_stub_status_module \ 
--with-http_gzip_static_module

[root@nginx-apache-svn nginx-0.8.55]# make && make install

[root@nginx-apache-svn server]# ls
nginx-0.8.55
[root@nginx-apache-svn server]# ln -sf nginx-0.8.55/ nginx && cd -

[root@nginx-apache-svn nginx-0.8.55]# ll /app/server/
total 4
lrwxrwxrwx. 1 root root   13 Jul 25 09:36 nginx -> nginx-0.8.55/
drwxr-xr-x. 6 root root 4096 Jul 25 09:35 nginx-0.8.55

server {
    listen       80;
    server_name localhost ;

    location /svn/work {
        proxy_pass  http://127.0.0.1:81/svn/work;
    }

    location / {
        return 404;
    }
}

[root@nginx-apache-svn conf]# pwd
/home/svn/work/conf

[root@nginx-apache-svn conf]# egrep -v "^$|^#" svnserve.conf 
[general]
anon-access = read
auth-access = write
password-db = /home/svn/work/conf/passwd
authz-db = /home/svn/work/conf/authz

[root@nginx-apache-svn conf]# which svnserve
/usr/bin/svnserve
[root@nginx-apache-svn conf]# /usr/bin/svnserve -d -r /home/svn

[root@nginx-apache-svn conf]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:3690                0.0.0.0:*                   LISTEN      4806/svnserve       
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1744/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1389/master         
tcp        0      0 :::81                       :::*                        LISTEN      1632/httpd          
tcp        0      0 :::22                       :::*                        LISTEN      1744/sshd           
tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master         
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1143/dhclient  

[root@nginx-apache-svn conf]# /app/server/nginx/sbin/nginx 
[root@nginx-apache-svn conf]# netstat -lnutp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:3690                0.0.0.0:*                   LISTEN      4806/svnserve       
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      4809/nginx          
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1744/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1389/master         
tcp        0      0 :::81                       :::*                        LISTEN      1632/httpd          
tcp        0      0 :::22                       :::*                        LISTEN      1744/sshd           
tcp        0      0 ::1:25                      :::*                        LISTEN      1389/master         
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               1143/dhclient       

[root@nginx-apache-svn work]# cat /home/svn/work/conf/authz 
### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to:
###  - a single user,
###  - a group of users defined in a special [groups] section,
###  - an alias defined in a special [aliases] section,
###  - all authenticated users, using the ‘$authenticated‘ token,
###  - only anonymous users, using the ‘$anonymous‘ token,
###  - anyone, using the ‘*‘ wildcard.
###
### A match can be inverted by prefixing the rule with ‘~‘. Rules can
### grant read (‘r‘) access, read-write (‘rw‘) access, or no access
### (‘‘).

[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]
# harry_and_sally = harry,sally
# harry_sally_and_joe = harry,sally,&joe

# [/foo/bar]
# harry = rw
# &joe = r
# * =
[/]
test=r
# [repository:/baz/fuz]
# @harry_and_sally = rw
# * = r