# Minimal Apache configuration file for subversion



## Carpetsmoker (Nov 13, 2010)

*Minimal Apache configuration file for subversion*
_Last Updated on 19 May 2010_ 

If you want to use subversion over HTTP you have little choice but to use Apache.

Somewhat unfortunately, Apache configuration is something of a mess and the default [font=mono]httpd.conf[/font] file is much much larger than needed, especially if you only want to use it for subversion access.

This is a â€œminimalâ€ Apache configuration file for use with subversion access with SSL. In many cases, the best approach is to â€œStart simple, add complexity when neededâ€. The default Apache configuration file is anything but â€œstart simpleâ€.

*httpd.conf*
Note: these directives are written for Apache 2.2 on FreeBSD. They _may_ or _may not_ work for other Apache versions. It _should_ work for other operating systems.


```
# Modules to load
  LoadModule alias_module libexec/apache22/mod_alias.so
  LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
  LoadModule auth_digest_module libexec/apache22/mod_auth_digest.so
  LoadModule authn_file_module libexec/apache22/mod_authn_file.so
  LoadModule authz_default_module libexec/apache22/mod_authz_default.so
  LoadModule authz_host_module libexec/apache22/mod_authz_host.so
  LoadModule authz_user_module libexec/apache22/mod_authz_user.so
  LoadModule dav_module libexec/apache22/mod_dav.so
  LoadModule deflate_module libexec/apache22/mod_deflate.so
  LoadModule ssl_module libexec/apache22/mod_ssl.so
  
  # SVN modules
  LoadModule dav_svn_module libexec/apache22/mod_dav_svn.so
  LoadModule authz_svn_module libexec/apache22/mod_authz_svn.so
  
  # ServerRoot: The top of the directory tree under which the server's
  # configuration, error, and log files are kept.
  # Do not add a slash at the end of the directory path.
  ServerRoot "/usr/local"
  
  # Only listen on one IP
  Listen 94.142.244.51:443
  
  # Make sure the Apache process can write to your SVN dir if you want to allow
  # files to be commited.
  User apache
  Group apache
  
  # We do not want to serve anything other than svn
  DocumentRoot "/var/empty/"
  
  # Do not fork a zillion times.
  StartServers 2
  MinSpareServers 1
  MaxSpareServers 2
  
  # The location of the error log file.
  ErrorLog "/var/log/httpd-error.log"
  
  # Control the number of messages logged to the error_log.
  # Possible values: debug, info, notice, warn, error, crit, alert, emerg.
  LogLevel warn
  
  # The default MIME type the server will use for a document
  DefaultType text/plain
  
  # Enable SSL.
  SSLEngine on
  
  # PEM encoded certificate, key is also loaded from this file.
  SSLCertificateFile "/usr/local/etc/ssl/svn.pem"
  
  <Location /svn>
          # This is a SVN dir
          DAV svn
          SVNParentPath /home/svn
  
          # Only allow from authenticated users
          AuthType Basic
  
          AuthName "Subversion repository"
          AuthUserFile /usr/local/etc/svn-auth-file
          Require valid-user
  
          # Allow from everyone.
          Order allow,deny
          Allow from all
  
          # Use compression
          SetOutputFilter DEFLATE
          SetInputFilter DEFLATE
  </Location>
```

The default configuration:


```
[/usr/local/etc/apache22]# wc -l httpd.conf extra/httpd-ssl.conf
       481 httpd.conf
       231 extra/httpd-ssl.conf
       712 total
  [/usr/local/etc/apache22]# grep -Ev '(^#|^$)' httpd.conf extra/httpd-ssl.conf | wc -l
       256
```

Compared to the above file:


```
[/usr/local/etc/apache22]# wc -l httpd.conf
        72 httpd.conf
  [/usr/local/etc/apache22]# grep -Ev '(^#|^$)' httpd.conf | wc -l
        41
```

*Additional setup*
You can generate a basic self-signed SSL certificate with:


```
$ openssl req -new -x509 -keyout svn.pem -out svn.pem -days 365 -nodes
```
When OpenSSL asks for your name, enter the serverâ€™s hostname, not your name.

It is recommended you chown it to the user you run the Apache server as (_[font=mono]apache[/font]_ in my case) and chmod the file to _[font=mono]400[/font]_.

The _[font=mono]AuthUserFile[/font]_ [font=mono]/usr/local/etc/svn-auth-file[/font] can be created/modified with the [font=mono]htpasswd[/font] command.


```
$ touch /usr/local/etc/svn-auth-file
  $ htpasswd -m /usr/local/etc/svn-auth-file lovecraft dunwich
```

On FreeBSD, you may also want to load the accf_data(9) and accf_http(9) modules, theyâ€™re supposed to increase performance. (Apache will warn you, but continue happily, if they are not loaded).

*Further reading*
svnbook chapter 6: httpd, the Apache HTTP Server
Official Apache documentation


----------

