The idea I had was to move my local subversion repositories to a dedicated server where I wanted to create virtual machines that are directly bridged to the internet. To give a little bit more security I also needed SSL encryption. Because IPv4 is getting to an end and the ip adresses are really expensive, I decided to use IPv6.
That’s where my journey started and where my horrible days begun. I try to show you what issues I had to face and which solutions I had to solve those issues.
First of all, because it’s an server that shall do nothing than serving my code, I decided to install Windows 2012 Server Core. That’s not the worst, but you are really forced to learn Powershell – which is the good side at this, because I think that I had a good learning curve.
Issue 1 – Accessing Apache:
First of all I installed the CollabNet Subversion Server which does include the Apache Server as well. The download can be found here (http://www.collab.net/downloads/subversion). The server installation was quite easy, but I did not manage to access it from another PC.
After all I found out, that the installation process did not create a proper firewall rule in order to access the SubVersion Repository. The following power shell lines did the trick:
new-netfirewallrule -DisplayName Apache -Name Apache -enabled 1 -profile any -protocol tcp -direction inbound -localport 80
new-netfirewallrule -DisplayName ApacheSSL -Name ApacheSSL -enabled 1 -profile any -protocol tcp -direction inbound -localport 443
But that’s not the only thing that needs to be done. Furthermore the httpd.conf in (C:\Program Files (x86)\CollabNet\Subversion Server\httpd\conf\httpd.conf) needs some adjustments.
The following lines must be included or commented in:
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
And add the end of the file the location section needs to be inserted:
<Location /svn/Repository>
DAV svn
SVNPath E:\SubVersion\Repository
AuthType Basic
AuthName "Subversion repository"
AuthUserFile E:\SubVersion\svn-users
Require valid-user
</Location>
As you may noticed, there’s also a svn-users file referenced that needs to be created. In order to create the svn-users file copy the htpasswd.exe from (C:\Program Files (x86)\CollabNet\Subversion Server\httpd\bin) to your subversion repository parent folder (e.g. e:\SubVersion). Than you can create the users with the following lines:
htpasswd -cm svn-users USER1
htpasswd -m USER2
Last but not least, we need a new subversion respository. This can be created with the following line of code:
svnadmin -create E:\SubVersion\Repository
After that I had to restart my service:
restart-service CollabnetSubVersionApache
If you made no mistake you should be able to access your new repository by typing the following URL to the browser:
http://SERVER/svn/Repository
Issue 2 – Create SSL Certificate:
The second problem was to create a self-signed SSL Certificate that can be used by the Apache installation. Therefore I first downloaded the OpenSSL from (http://slproweb.com/products/Win32OpenSSL.html) and than created a directory (C:\Program Files (x86)\CollabNet\Subversion Server\httpd\conf\ssl) where I created the key with the following powershell lines.
openssl req -new -out developer.csr -keyout developer.pem
openssl rsa -in developer.pem -out developer.key
openssl x509 -in developer.csr -out developer.cert -req -signkey developer.key -days 16000
openssl pkcs12 -export -in developer.cert -inkey developer.key -out developer.pfx
Remember to give a common name, because this is needed by Apache. The Key can now be referenced in the httpd-ssl.conf file in (C:\Program Files (x86)\CollabNet\Subversion Server\httpd\conf\extras\httpd-ssl.conf). So it looks like this:
SSLMutex default
SSLSessionCache none
SSLPassPhraseDialog builtin
Listen 443
<VirtualHost _default_:443>
ServerName localhost
DocumentRoot "C:\Program Files (x86)\CollabNet\Subversion Server\httpd\htdocs"
SSLEngine On
SSLCertificateFile "C:\Program Files (x86)\CollabNet\Subversion Server\httpd\conf\ssl\developer.cert"
SSLCertificateKeyFile "C:\Program Files (x86)\CollabNet\Subversion Server\httpd\conf\ssl\developer.key"
ErrorLog "C:\Program Files (x86)\CollabNet\Subversion Server\httpd\logs\ssl.log"
TransferLog "C:\Program Files (x86)\CollabNet\Subversion Server\httpd\logs\transfer.log"
</VirtualHost>
In order to get this file used by the Apache Server you have to include the following lines of code in your httpd.conf file (C:\Program Files (x86)\CollabNet\Subversion Server\httpd\conf\httpd.conf).
# Secure (SSL/TLS) connections
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf<
<Location /svn/Repository>
DAV svn
SVNPath E:\SubVersion\Repository
AuthType Basic
AuthName "Subversion repository"
AuthUserFile E:\SubVersion\svn-users
Require valid-user
SSLRequireSSL
</Location>
If you made no mistake (the second time) you should be able to access your repository by typing the following URL to the browser:
https://SERVER/svn/Repository
Sure, you’ll get a security warning, because of the self-signed certificate, but that doesn’t bother us. It should work anyway.
Issue 3 – Apache and IPv6:
I thought that to disable IPv4 should be sufficient in order to work solely with IPv6. But far wrong. You can disable IPv4 with the following command.
disable-netadapterbinding -Name Ethernet -ComponentId ms_tcpip
But from that point on, you are not longer able to access your Subversion repository. Even not with one of the shiny new URLs that you can type in your browser like:
https://[bfe80::b9d4:8109:6177:becb]/svn/Repository/
So I had been forced to reenable IPv4 protocol. And to search for a solution.
enable-netadapterbinding -Name Ethernet -ComponentId ms_tcpip
After googling around I found out, that the standard build of SubVersion for Windows has not been compiled with the IPv6 feature included. But this fact is stated nowhere. You have to learn it the hard way. After googling longer I found a binary compile at a japanese site that has been built including IPv6 support. Lucky about that finding, I installed the following download: http://win6.jp/Apache22/index.html
Important: Be carefull and get your config files saved before you overwrite the Apache installation at “C:\Program Files (x86)\CollabNet\Subversion Server\httpd\”. And don’t forget to stop the Apache Service, because otherwise you can’t exchange the files, because they are in use.
After this expirement you should be able to access your repository with IPv6 in Browser by typing the following URL.
https://[bfe80::b9d4:8109:6177:becb]/svn/Repository/
Issue 4 – TortoiseSVN Client and IPv6:
After all this research I thought that everything is fine. But far wrong. TortoiseSVN was the next candidate that failed as I tried to browse the subversion repository.
I googled around the whole afternoon, but the only suggestion I found, was to compile TortoiseSVN at your own (which needs a whole bunch of complicated tools to use) or to use the Nightly Build which should have IPv6 enabled. Sure I tried to install the NightlyBuild of TortiseSVN, but also with that I wasn’t able to access the repository with the IPv6 URL.
So all in all I gave up after two days of research. I guess the world has still too much IPv4 Adresses and the pressure has not been high enough for all the tool provider in order to implement support of IPv6 these days. So in my eyes, IPv6 is such messed up and not supported, it’s a shame. Perhaps I try it in 10 years again …
December 27, 2012 at 12:17 pm
Reblogged this on ytd2525.