安装 certbot 为免费证书做准备
yum install certbot python2-certbot-nginx
yum install svn
# 创建库svnadmin create /var/svn/data# 授权apache用户权限chown -R apache:apache /var/svn/
# 创建svn账户密码文件
touch /var/svn/conf/passwd
# 创建svn授权文件
touch /var/svn/conf/authz
# 把“用户名”改成你需要的名字就可以了,可以使用中文htpasswd /var/svn/conf/passwd 用户名
yum install httpdsystemctl enable httpd
# 注释掉httpd.conf的80端口监听vi /etc/httpd/conf/httpd.conf# Listen 80# 添加svn配置文件vi /etc/httpd/conf.d/w_svn_9001.confListen 127.0.0.1:9001<Location /svn/> DAV svn SVNParentPath /var/svn/data/ # 可以列出svn中项目文件夹 #SVNListParentPath on AuthType Basic AuthName "Subversion login:" # 指定密码文件 AuthUserFile /var/svn/conf/passwd # 指定权限文件 AuthzSVNAccessFile /var/svn/conf/authz Satisfy Any Require valid-user</Location>
yum install mod_dav_svn -y
查看模块安装结果
ls /etc/httpd/modules/ | grep svnmod_authz_svn.somod_dav_svn.so
systemctl start httpdsystemctl enable httpd
yum install nginx -y
# nginx.conf server { listen 80; listen [::]:80; server_name _; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name svn.andro.com; root /usr/share/nginx/html; ssl_certificate /etc/letsencrypt/live/svn.andro.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/svn.andro.com/privkey.pem; # managed by Certbot include /etc/nginx/default.d/*.conf; #location /svn { location / { proxy_pass http://127.0.0.1:9001; }}
备注:以上配置文件,ssl_certificate和ssl_certificate_key为自动配置好证书后的,前期没有证书的时候可以随便配置一个其他域名的证书用于nginx检测配置文件
# sudo certbot --nginxSaving debug log to /var/log/letsencrypt/letsencrypt.logPlugins selected: Authenticator nginx, Installer nginxWhich names would you like to activate HTTPS for?- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -1: svn.andro.com- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Select the appropriate numbers separated by commas and/or spaces, or leave inputblank to select all options shown (Enter ‘c‘ to cancel): 1Requesting a certificate for svn.andro.comPerforming the following challenges:http-01 challenge for svn.androidsec.comUsing default addresses 80 and [::]:80 ipv6only=on for authentication.Waiting for verification...Cleaning up challengesDeploying Certificate to VirtualHost /etc/nginx/nginx.confNo matching insecure server blocks listening on port 80 found.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Congratulations! You have successfully enabled https://svn.andro.com- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Subscribe to the EFF mailing list (email: li@leng.tech).IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/svn.andro.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/svn.andro.com/privkey.pem Your certificate will expire on 2021-10-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let‘s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
# crontab -l0 0,12 * * * python -c ‘import random; import time; time.sleep(random.random() * 3600)‘ && certbot renew -q