Setting up subversion over ssl and nginx on debian

Subversion supports DAV protocol access only with Apache server. To get it running with nginx, apache has to be installed on the same system.

To start, install apache and svn support

apt-get install apache2 libapache2-svn

For apache and nginx web servers to coexist on the same computer and running at the same time, they would have to listen on the different ports. Standard ssl port is 443, lets set apache ssl to 8443. To prevent ports exposed to Internet, set apache to listen on port 8443 only localy.

Configure apache ports in /etc/apache2/ports.conf to be

Listen 127.0.0.1:8443

Activate SSL and the DAV modules on Apache

$ a2enmod ssl
$ a2enmod dav
$ a2enmod dav_svn

Restart apache

service apache2 restart

add DAV stuff

nano -w /etc/apache2/mods-available/dav_svn.conf

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule authz_svn_module modules/mod_authz_svn.so


# Example configuration:

       DAV svn
       SVNPath /var/svn/my_repos
       SVNListParentPath on

       AuthType Basic
       AuthName "Subversion repository"
       AuthUserFile /var/svn/conf/svnusers.conf
       Require valid-user
       SSLRequireSSL

}}}

Link default ssl configuration

cd /etc/apache2/sites-enabled
cp ../sites-available/default-ssl.conf svn-ssl.conf
nano -w svn-ssl.conf

And also set Listen 127.0.0.1:8443 in svn-ssl.conf

Create password files


htpasswd -cm /var/svn/conf/svnusers.conf user1
htpasswd -m /var/svn/conf/svnusers.conf user2

Check permissions. Debian apache should use www-data user and group. You can double check it in /etc/apache2/apache2.conf and /etc/apache2/envvars files, or just by doing ps aux | grep apache.

Make sure the same user/group are owners of the repository.

chown -R www-data:www-data /var/svn/

Restart apache and check if it works, for example with links

links https://127.0.0.1:8443/svn/my_repos

Create nginx conf file, or add proxy pass in existing config

server {
    listen 80;
    server_name svn.myserver.com;
    return 301 https://$host$request_uri;
}


server {
    listen       443 ssl;
    server_name  svn.myserver.com;

    ssl on;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    access_log /var/log/nginx/svn.access.log;
    error_log /var/log/nginx/svn.error.log;

    location / {
          proxy_pass   https://127.0.0.1:8443;
    }
}

Restart nginx and check in your web browser.

Migrating SVN repository to Git preserving history

After spending number of hours trying to move a simple single branch SVN repository to Git that can be accessed over https, here are the steps taken.
Assume my_svn_repository is defined by url https://127.0.0.1/svn/my_svn_repository.

First, a list of all svn committers is needed. Save the list in a file ./authors.txt

user1 = user1 <user1@someserver.com>
user2 = user2 <user2@someserver2.com>

Secondly, clone SVN repos

cd ~/tmp/git/
git svn clone https://127.0.0.1/svn/my_svn_repository --authors-file=./authors.txt git_temp_repository

Thirdly, clean svn:ignore properties

cd git_temp_repository
git svn show-ignore > .gitignore
git add .gitignore
git commit -m 'Cleaning svn:ignore properties'

In the step four, clone temp repository to a bare git repos:

git clone --bare ~/tmp/git/git_temp_repository my_git_repository.git

To setup nginx password protected server that serves only https, first install fcgiwrap

apt-get install fcgiwrap

and add config file:

server {
listen 80;
server_name git.myserver.com;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name git.myserver.com;

ssl on;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

access_log /var/log/nginx/git.access.log;
error_log /var/log/nginx/git.error.log;

auth_basic "Restricted";
auth_basic_user_file /etc/awstats/.htpasswd;

location ~ /git(/.*) {
fastcgi_pass unix:/var/run/fcgiwrap.socket;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
fastcgi_param GIT_HTTP_EXPORT_ALL "";
fastcgi_param GIT_PROJECT_ROOT /home/git/tmp/git;
fastcgi_param PATH_INFO $1;
fastcgi_param REMOTE_USER $remote_user;
}
}

On client

git -c http.sslVerify=false clone https://sasa@git.myserver.com/git/my_git_repository.git

http.sslVerify=false is used to allow self signed certificates during development.

Latex capacity exceeded

This latex code triggered Tex capacity exceed error:

\documentclass[10pt]{article}
\usepackage{pgfplots}

\pgfplotsset{my style/.append style={axis x line=middle, axis y line=middle, xlabel={$x$}, ylabel={$y$}, axis equal }}

\begin{document}
\begin{tikzpicture}
\begin{axis}[my style, xtick={-3,-2,...,3}, ytick={-3,-2,...,3}, xmin=-3, xmax=3, ymin=-3, ymax=3]
\end{axis}
\end{tikzpicture}
\end{document}

Fix was to edit config file

nano -w /usr/share/texmf-dist/web2c/texmf.cnf

and edit main_memory and pool_size parameters

fmtutil-sys --all