我有一个重复的身份validation块为我的每个库,并想知道,如果有一种方法来重用块和优化我们的设置。
这个设置使我们能够浏览到code.domain.com来查看所有的存储库并浏览源代码(所有的存储库都可以读取)。
这是我目前的configuration:
<VirtualHost *:80> DocumentRoot /u01/subversion/repositories ServerName code.domain.com ServerAdmin [email protected] <Location /> Options Indexes MultiViews FollowSymLinks IncludesNoExec Order allow,deny Allow from all </Location> <Location /repoA> DAV svn SVNPath /u01/subversion/repositories/repoA SVNIndexXSLT "/share/svnxslt/svnindex.xsl" AuthzSVNAccessFile /u01/subversion/svnrepos.acl AuthName "Source Code Repository / Repertoire de code" AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative off AuthLDAPURL "ldap://domain.com?sAMAccountName" NONE AuthLDAPBindDN "bindDN" AuthLDAPBindPassword bindPwd Satisfy Any Require valid-user </Location> # duplicated Location for repoB, repoC, etc... </VirtualHost> 我发现这个 (并实现了),但是,我得到以下错误:
[Fri Jul 26 14:41:37 2013] [error] [client xxxx](25)设备不适当的ioctl:URI不包含存储库的名称。 [403,#190001]
configuration文件:
<VirtualHost *:80> DocumentRoot /u01/subversion/repositories ServerName code.domain.com ServerAdmin [email protected] <Location /> Options Indexes MultiViews FollowSymLinks IncludesNoExec Order allow,deny Allow from all DAV svn SVNParentPath /u01/subversion/repositories AuthBasicProvider ldap AuthzLDAPAuthoritative Off AuthLDAPURL "ldap://domain.com?sAMAccountName" NONE AuthLDAPBindDN "bindDN" AuthLDAPBindPassword "bindPwd" AuthType Basic AuthName "Use your sAMAccountName to connect. If you're unsure, write to [email protected]." </Location> <Location /repoA> SVNPath /u01/subversion/respositories/repoA Satisfy Any require valid-user </Location> # Other Locations for each repoB, repoC, etc... </VirtualHost>
最糟糕的情况是,我保持冗余configuration。
更新#1
几乎在那里…不能浏览域的根,但是 – 得到一个401错误…
<VirtualHost *:80> ServerName code.domain.com ServerAdmin [email protected] DocumentRoot /u01/subversion/repositories/ <Directory /u01/subversion/repositories/> Options Indexes MultiViews FollowSymLinks IncludesNoExec Order allow,deny allow from all </Directory> <Location /> AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative off AuthName "SVN Repository. Authorization required." AuthLDAPBindDN "bindDN" AuthLDAPBindPassword "bindPwd" AuthLDAPURL "ldap://domain.com?sAMAccountName" NONE AuthzSVNAccessFile /u01/subversion/svnrepos.acl SVNParentPath /u01/subversion/repositories Satisfy Any Require valid-user </Location> <Location /repoA> DAV svn SVNPath /u01/subversion/repositories/repoA SVNIndexXSLT /share/svnxslt/svnindex.xsl </Location> # Other Locations </VirtualHost>
更新#2
我只在浏览根目录时遇到这个错误: Directory index forbidden by Options directive: /u01/subversion/repositories/
但是,我看到Index指令存在于Directory指令的Option声明中。
更新#3(懒惰獾提出的解决scheme)
当我访问根目录时,我看到.xsl和.css文件,而不是存储库。 但是,/ svn /将列出回购,但最终目标是让/ svn /成为站点的根。
<VirtualHost *:80> ... # /u01/subversion-docs is where .xsl and .css reside DocumentRoot "/u01/subversion-docs" <Directory /> Options Indexes MultiViews FollowSymLinks IncludesNoExec AllowOverride None Order allow,deny Allow from all RewriteEngine on RewriteCond %{REQUEST_URI} ^/svn$ RewriteRule ^(.*/svn)$ %1/ [R=301,L] </Directory> <Location /svn/> DAV svn SVNListParentPath on SVNParentPath /u01/subversion/repositories SVNIndexXSLT "/svnindex.xsl" ... Satisfy Any require valid-user </Location> </VirtualHost>
我很抱歉,但是在深入之前 ,您必须阅读并记住一些ABC
<Location>可以处理任何数量的Subversion版本库(如果它们是通用目录的子版本) <Location>容器中的指令在<Location>path中被inheritance,如果没有明确地重新定义的话 如果你的生意任务是真的
使用通用的LPADauthentication和基于XSLT的基于path的授权的HTML页面模板来收集存储库
让我们将我的丑陋草稿(VisualSVN服务器默认configuration使用,不重要的部分跳过)转换为您的情况的function解决scheme
... ServerRoot SOME/PATH/TO/SERVER ... DocumentRoot "htdocs" ... <Directory /> Options FollowSymLinks AllowOverride None RewriteEngine on RewriteCond %{REQUEST_URI} ^/svn$ RewriteRule ^(.*/svn)$ %1/ [R=301,L] </Directory> ... <Location /svn/> DAV svn SVNListParentPath on SVNParentPath /PATH/TO/PARENT/OF/REPO/DIR SVNIndexXSLT "/svnindex.xsl" ... AuthName AuthType Basic AuthBasicProvider file AuthUserFile "...htpasswd" AuthzSVNAccessFile "...authz" Satisfy Any require valid-user ... </Location> ...
笔记
首先改变:基本authentication取代LDAP供电
<Location /svn/> DAV svn SVNListParentPath on SVNParentPath /PATH/TO/PARENT/OF/REPO/DIR SVNIndexXSLT "/svnindex.xsl" ... AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative off AuthName "SVN Repository. Authorization required." AuthLDAPBindDN "bindDN" AuthLDAPBindPassword "bindPwd" AuthLDAPURL "ldap://domain.com?sAMAccountName" NONE AuthzSVNAccessFile "...authz" Satisfy Any require valid-user ... </Location>
第二个变化:SVNParentPath
<Location /svn/> DAV svn SVNListParentPath on SVNParentPath /u01/subversion/repositories/ SVNIndexXSLT "/svnindex.xsl"
第三个改变:ServerRoot + DocumentRoot
以某种方式定义这些根,不要忘记将svnindex.xsl和所有其他需要的文件放在DocumentRoot中
第四个变化
将ACL添加到AuthzSVNAccessFile,将回收集合中的path写为[REPO:/PATH/IN/REPO]
我在生产环境中使用以下configuration
<VirtualHost *:80> ServerAdmin [email protected] ServerName svn.example.net DocumentRoot /vhosts/svn.example.net/ <Directory /vhosts/svn.example.net/> Options -Indexes AllowOverride None Order allow,deny allow from all </Directory> <Location /> AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative on AuthName "SVN Repository. Authorization required." AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off AuthLDAPBindDN uid=w3-ldap_reader,ou=system,ou=users,dc=example,dc=net AuthLDAPBindPassword 7654321 AuthLDAPURL ldap://127.0.0.1/dc=example,dc=net?uid?sub Require ldap-group cn=svn,ou=groups,dc=example,dc=net </Location> <Location /Soft> DAV svn SVNPath /svn/soft AuthzSVNAccessFile /etc/svn/svn-soft.conf SVNReposName "Software repository." SVNIndexXSLT "/svnindex.xsl" </Location> <Location /Education> DAV svn SVNPath /svn/education AuthzSVNAccessFile /etc/svn/svn-edu.conf SVNReposName "Education repository." SVNIndexXSLT "/svnindex.xsl" </Location> <Location /Vacation> DAV svn SVNPath /svn/vacation AuthzSVNAccessFile /etc/svn/svn-vacation.conf SVNReposName "Vacation repository." SVNIndexXSLT "/svnindex.xsl" </Location> <Location /NDA> DAV svn SVNPath /svn/NDA AuthzSVNAccessFile /etc/svn/svn-nda.conf SVNReposName "NDA repository." SVNIndexXSLT "/svnindex.xsl" </Location> </VirtualHost>
您可能想要使用包含。 仍然有一些冗余,但将允许您的大部分configuration设置在一个文件中。
真的取决于你的目标以及你维护这些文件的频率。
请参阅: http : //httpd.apache.org/docs/current/mod/core.html#include
我使用的一种技术是使用一个目录来保存所有的位置。 将这个目录包含在主Apacheconfiguration中。
Include /etc/httpd/conf/svn.d/*.conf
然后在svn.d / *。conf中为每个实例创build一个文件。 说,repoa.conf。
在repoa.conf中,我包含了另一个具有所有回购标准节的文件。
要添加一个新的回购,我只是将repoa.conf复制到repob.conf,更新path,重新启动。
不漂亮,但又快又简单。