Login/Register
Why choose mod_dav_svn instead of svnserve & a repository browser?
Asked Answered
Solved apachesvntracmod-dav-svn
T

2

12

Please correct me if I am wrong about my understanding of mod_dav_svn, which is that it basically serves 2 purposes:

  1. Expose the SVN repository (on the filesystem) to clients, which can be either:
    • repository browsers (e.g. web)
    • the 'svn' command itself, which is a client command line program
  2. Act as a repository browser to make the repository viewable in a convenient way

Now for point 1, are my following assumptions correct?

  • Anytime a repository is exposed using mod_dav_svn, the http:// or https:// form of accessing the repository is used
  • If using svnserve, the svn:// form of accessing the repository is used
    • In this case, mod_dav_svn would serve no additional use

For point 2, if using Trac's repository browsing functionality, there is no additional use for the repository browsing functionality offered by mod_dav_svn?

Does mod_dav_svn serve any other purpose I haven't outlined here? Asked another way, is there any disadvantage to going with svnserve and Trac?

I ask because I get the impression that mod_dav_svn is very commonly used, so I wonder what I'm missing.

Therianthropic answered 3/6, 2011 at 13:46 Comment(0)
K
16

Forget Point #2: HTTP Browsing. That's just a slight bonus. It doesn't replace your need for something like Fisheye, ViewVC, or (my favorite) Sventon.

There are some disadvantages of using Apache's http for your Subversion server:

  • It's slower
  • It's harder to setup

Then, there are advantages:

  • It uses a standard port (80) that's not normally blocked by firewalls.
  • It can be integrated with LDAP and Active Directory
  • You can use HTTPS which will encrypt updates and checkouts (including user passwords).
  • You can have multiple repositories use the same Apache httpd instance. With svnserve, you can only do a single repository per instance and if you have multiple repositories on one system, you'll have to run each svnserve process on a non-standard port.

My personal take: If you are doing a corporate environment, the advantages of using the HTTP or HTTPS protocol way outweigh the disadvantages. If you are talking about a small repository and you and your friends, I run svnserve simply because of the lower overhead and easier setup. However, in those circumstances, I just use Github and not worry about it.

I run Subversion as my personal source control system on my machine, and I use svnserve in that instance.

Thanks, some follow up questions. 1) When I access a URL on my svn server as svn://server/repo, isn't that using port 80 as well? 2) If LDAP integration can't be done for svnserve, is the only way users can authenticate is if they're in the file referred to by password-db in svnserve.conf for svn:// or have a shell account for svn+ssh://? 3) Can't the same protection offered by https:// be offered by svn+ssh://, or is there a difference? (Sorry I can't put paragraphs here it submits every time I hit enter am I doing it right.) –

  1. It's using port 3690 by default. This can be changed when you run svnserve, but then your svn URL has to reflect that too.

  2. Pretty much true. Most places that use svnserve use the passwd file. However, since version 1.5, you can use SASL. However, I have never seen anyone use it.

  3. Yes, ssh+svn:// does offer encrypted packets. However, SSH can be tricky to implement. Basically, the svnserve process has to be spawned and run for that particular user. That means each user needs direct read/write access to the repository. You need to setup umask for each user and create a Subversion Unix group everyone belongs to. Then, since these users have direct access to the repository files, keep them from logging onto the repository server. The Online Manual has complete details. But, in the end, it only works on Unix servers and Unix clients. Windows clients don't have SSH on them, and would have to install that. I've tried it a few times, but https:// is much easier.

Knothole answered 3/6, 2011 at 17:8 Comment(4)
Thanks, some follow up questions. 1) When I access a URL on my svn server as svn://server/repo, isn't that using port 80 as well? 2) If LDAP integration can't be done for svnserve, is the only way users can authenticate is if they're in the file referred to by password-db in svnserve.conf for svn:// or have a shell account for svn+ssh://? 3) Can't the same protection offered by https:// be offered by svn+ssh://, or is there a difference? (Sorry I can't put paragraphs here it submits every time I hit enter am I doing it right.)Therianthropic
Thanks, so with regards to ports and firewalls: 4) In basic terms, is my understanding here correct of why non-80 port might cause problems: if I'm at a wireless access point and type svn://server/repo to my remote server, and that wireless router blocks all non-80 ports, the request won't go through because it uses port 3690? But if I start svnserve on the server at port 80, and I connect to svn://server:80/repo, it will work? 5) If I already have httpd running on port 80, would it not work, or would requests to port 80 be handed off to svnserve or httpd based on protocol of request?Therianthropic
The problem is usually corporate firewalls, and not personal systems. My local router, I can make an exception if needed (and most do allow svnserve through by default). However, corporate IT people can be quite limiting and it can be impossible to get them to make an exception. I guess you can run svnserve on port 80, but you have to be root because ports under 1024 are reserve for root access. HTTP gets around this somehow, so it's possible that you can get around it too.Knothole
I wouldn't recommend running svnserve on port 80 unless you're desperate and have no other option. If you did that, svnserve would receive all manner of traffic expecting port 80 to be the HTTP port, and I'm not sure how well it will handle that. Running svnserve and a HTTP server on the same port will definitely cause problems. It's best to avoid re-defining the standard ports if at all possible.Mikkimiko
U
2

The simplicity of svnserve makes it a no brainer for quick and dirty installs, especially if you are deploying on Windows.

However, the moment that you need to memorize a lot of passwords, and would wish that the Subversion repository use the same SSO mechanism that is used in the organization, using Apache's authentication mechanisms coupled with mod_dav_svn helps a lot.

Prior to Subversion 1.7, mod_dav_svn's performance was said to be atrocious and known to be slower than svnserve. Subversion 1.7 supposedly offers a faster and simpler HTTP protocol which should make mod_dav_svn use more palatable.

Unassuming answered 27/12, 2011 at 8:55 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.