目录
一个Subversion的版本库可以和客户端同时运行在同一个机器上,使用file:///
访问,但是一个典型的Subversion设置应该包括一个单独的服务器,可以被办公室的所有客户端访问—或者有可能是整个世界。
This chapter describes how to get your Subversion repository exposed outside its host machine for use by remote clients. We will cover Subversion's currently available server mechanisms, discussing the configuration and use of each. After reading this section, you should be able to decide which networking setup is right for your needs, as well as understand how to enable such a setup on your host computer.
Subversion was designed with an abstract network layer. This means that a repository can be programmatically accessed by any sort of server process, and the client “repository access” API allows programmers to write plug-ins that speak relevant network protocols. In theory, Subversion can use an infinite number of network implementations. In practice, there are only two servers at the time of this writing.
Apache is an extremely popular web server; using the mod_dav_svn module, Apache can access a repository and make it available to clients via the WebDAV/DeltaV protocol, which is an extension of HTTP. Because Apache is an extremely extensible server, it provides a number of features “for free,” such as encrypted SSL communication, logging, integration with a number of third-party authentication systems, and limited built-in web browsing of repositories.
In the other corner is svnserve: a small, lightweight server program that speaks a custom protocol with clients. Because its protocol is explicitly designed for Subversion and is stateful (unlike HTTP), it provides significantly faster network operations—but at the cost of some features as well. While it can use SASL to provide a variety of authentication and encryption options, it has no logging or built-in web browsing. It is, however, extremely easy to set up and is often the best option for small teams just starting out with Subversion.
第三个选择是使用SSH连接包裹的svnserve,尽管这个场景依然使用svnserve,它与传统的svnserve部署非常不同,SSH在多所有的通讯中使用加密方式,SSH也使用排他的认证,所以在服务器主机(svnserve与之不同,它包含了自己的私有用户帐号)上必须要有真实的系统帐户。最后,因为这些配置需要每个用户发起一个私有的临时svnserve进程,这与允许一组本地用户通过file://
协议访问等同(从访问许可的视点)。因此路径为基础的访问控制变得没有意义,因为每个用户都可以直接访问版本库。
表 6.1 “” provides a quick summary of the three typical server deployments.
表 6.1.
特性 | Apache + mod_dav_svn | svnserve | svnserve over SSH |
---|---|---|---|
认证选项 | HTTP(S) basic auth, X.509 certificates, LDAP, NTLM, or any other mechanism available to Apache httpd. | CRAM-MD5 by default; LDAP, NTLM, or any other mechanism available to SASL. | SSH |
用户帐号选项 | Private 'users' file, or other mechanisms available to Apache httpd (LDAP, SQL, etc.) | Private 'users' file, or other mechanisms available to SASL (LDAP, SQL, etc.). | System accounts. |
授权选项 | Read/write access can be granted over the whole repository, or specified per path. | Read/write access can be granted over the whole repository, or specified per path. | Read/write access only grantable over the whole repository. |
加密 | Available via optional SSL. | Available via optional SASL features. | Inherent in SSH connection. |
Logging | Full Apache logs of each HTTP request, with optional “高级” logging of general client operations. | No logging. | No logging. |
交互性 | Accessible by other WebDAV clients. | Talks only to svn clients. | Talks only to svn clients. |
Web浏览能力 | Limited built-in support, or via third-party tools such as ViewVC. | Only via third-party tools such as ViewVC. | Only via third-party tools such as ViewVC. |
Master-slave server replication | Transparent write-proxying available from slave to master. | Can only create read-only slave servers. | Can only create read-only slave servers. |
速度 | Somewhat slower. | Somewhat faster. | Somewhat faster. |
初始设置 | Somewhat complex. | Extremely simple. | Moderately simple. |