How to setup Apache Subversion behind Apache HTTP Server on Debian using dav_svn and authz_svn


SSL Certificate

Request a SSL certificate for using Let’s Encrypt:

service apache2 stop
./letsencrypt-auto certonly --standalone -d
service apache2 start

You’ll find your certificate here:


Apache Modules

On Debian you have to install libapache2-mod-svn in order to use the required Apache modules dav_svn and authz_svn:

aptitude install libapache2-mod-svn
a2enmod ssl dav dav_svn authz_svn
service apache2 restart

Users and Permissions

Using htpasswd we create a file .htpasswd_users for mapping user names to BCrypt passwords. We then create another file for defining user and group permissions on global and repository level.

mkdir /opt/svn_authz
cd /opt/svn_authz
htpasswd -cB .htpasswd_users admin
htpasswd -B .htpasswd_users jane
nano user_permissions

An example user_permissions file might look like this:

group_repo1 = admin, linda, jerry
group_repo2 = admin, bob, jane

admin = rw

@group_repo1 = rw

@group_repo1 = r
@group_repo2 = rw

In this example the user admin has full access to all repositories, group_repo1 has full access to repo1 and read access to repo2 while group_repo2 has full access to repo2 and no access to any other repository.

Apache Site

Create the file /etc/apache2/sites-available/ A very basic configuration using svn_authz and SSL might look like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/
    SSLCertificateKeyFile /etc/letsencrypt/live/

  <Location />
    DAV svn
    SVNParentPath /opt/svn
    AuthType Basic
    AuthName "Subversion Repository"
    AuthUserFile /opt/svn_authz/.htpasswd_users
    Require valid-user
    <IfModule mod_authz_svn.c>
      AuthzSVNAccessFile /opt/svn_authz/user_permissions


Enable the new site and restart Apache:

service apache2 restart

Set Apache as the owner of the SVN parent directory:

chown -R www-data:www-data /opt/svn


Open in your browser. A basic authentication prompt should come up where you can now log in with one of your users. Logging in as admin should be successful while logging in as jane should not, as she lacks permission for repo1.