nginx + http + svn

安装certbot

安装 certbot 为免费证书做准备

yum install certbot python2-certbot-nginx 安装 svn 安装svn yum install svn 创建svn库 # 创建库 svnadmin create /var/svn/data # 授权apache用户权限 chown -R apache:apache /var/svn/# 创建svn账户密码文件touch /var/svn/conf/passwd# 创建svn授权文件touch /var/svn/conf/authz 生成svn用户名密码 # 把“用户名”改成你需要的名字就可以了，可以使用中文 htpasswd /var/svn/conf/passwd 用户名 apache 配置 安装apache yum install httpd systemctl enable httpd 配置apache文件 # 注释掉httpd.conf的80端口监听 vi /etc/httpd/conf/httpd.conf # Listen 80 # 添加svn配置文件 vi /etc/httpd/conf.d/w_svn_9001.conf Listen 127.0.0.1:9001 <Location /svn/> DAV svn SVNParentPath /var/svn/data/ # 可以列出svn中项目文件夹 #SVNListParentPath on AuthType Basic AuthName "Subversion login:" # 指定密码文件 AuthUserFile /var/svn/conf/passwd # 指定权限文件 AuthzSVNAccessFile /var/svn/conf/authz Satisfy Any Require valid-user </Location> 安装apache的svn模块 yum install mod_dav_svn -y

查看模块安装结果

ls /etc/httpd/modules/ | grep svn mod_authz_svn.so mod_dav_svn.so 启动apache服务 systemctl start httpd systemctl enable httpd Nginx 配置 nginx 安装 yum install nginx -y 配置域名、重定向 # nginx.conf server { listen 80; listen [::]:80; server_name _; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name svn.andro.com; root /usr/share/nginx/html; ssl_certificate /etc/letsencrypt/live/svn.andro.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/svn.andro.com/privkey.pem; # managed by Certbot include /etc/nginx/default.d/*.conf; #location /svn { location / { proxy_pass http://127.0.0.1:9001; } }

备注：以上配置文件，ssl_certificate和ssl_certificate_key为自动配置好证书后的，前期没有证书的时候可以随便配置一个其他域名的证书用于nginx检测配置文件

nginx 生成证书 # sudo certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: svn.andro.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter ‘c‘ to cancel): 1 Requesting a certificate for svn.andro.com Performing the following challenges: http-01 challenge for svn.androidsec.com Using default addresses 80 and [::]:80 ipv6only=on for authentication. Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/nginx.conf No matching insecure server blocks listening on port 80 found. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://svn.andro.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Subscribe to the EFF mailing list (email: li@leng.tech). IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/svn.andro.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/svn.andro.com/privkey.pem Your certificate will expire on 2021-10-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let‘s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le 配置计划任务，自动更新ssl证书 # crontab -l 0 0,12 * * * python -c ‘import random; import time; time.sleep(random.random() * 3600)‘ && certbot renew -q

 

 

nginx + http + svn