<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Overview</title><link rel="stylesheet" href="styles.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.73.2" /><link rel="start" href="index.html" title="Version Control with Subversion" /><link rel="up" href="svn.serverconfig.html" title="Chapter 6. Server Configuration" /><link rel="prev" href="svn.serverconfig.html" title="Chapter 6. Server Configuration" /><link rel="next" href="svn.serverconfig.choosing.html" title="Choosing a Server Configuration" /></head><body><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Overview</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="svn.serverconfig.html">Prev</a> </td><th width="60%" align="center">Chapter 6. Server Configuration</th><td width="20%" align="right"> <a accesskey="n" href="svn.serverconfig.choosing.html">Next</a></td></tr></table><hr /></div><div class="sect1" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="svn.serverconfig.overview"></a>Overview</h2></div></div></div><p>Subversion was designed with an abstract network layer. This means that a repository can be programmatically accessed by any sort of server process, and the client “<span class="quote">repository access</span>” API allows programmers to write plugins that speak relevant network protocols. In theory, Subversion can use an infinite number of network implementations. In practice, there are only two servers at the time of this writing.</p><p>Apache is an extremely popular webserver; using the <span class="command"><strong>mod_dav_svn</strong></span> module, Apache can access a repository and make it available to clients via the WebDAV/DeltaV protocol, which is an extension of HTTP. Because Apache is an extremely extensible web server, it provides a number of features “<span class="quote">for free</span>”, such as encrypted SSL communication, logging, integration with a number of third-party authentication systems, and limited built-in web browsing of repositories.</p><p>In the other corner is <span class="command"><strong>svnserve</strong></span>: a small, lightweight server program that speaks a custom protocol with clients. Because its protocol is explicitly designed for Subversion and is stateful (unlike HTTP), it provides significantly faster network operations—but at the cost of some features as well. While it can use SASL to provide a variety of authentication and encryption options, it has no logging or built-in web-browsing. It is, however, extremely easy to set up and is often the best option for small teams just starting out with Subversion.</p><p>A third option is to use <span class="command"><strong>svnserve</strong></span> tunneled over an SSH connection. Even though this scenario still uses <span class="command"><strong>svnserve</strong></span>, it differs quite a bit in features from a traditional <span class="command"><strong>svnserve</strong></span> deployment. SSH is used to encrypt all communication. SSH is also used exclusively to authenticate, so real system accounts are required on the server host (unlike vanilla <span class="command"><strong>svnserve</strong></span>, which has its own private user accounts.) Finally, because this setup requires that each user spawn a private, temporary <span class="command"><strong>svnserve</strong></span> process, it's equivalent (from a permissions point of view) to allowing a group of local users to all access the repository via <code class="literal">file://</code> URLs. Path-based access control has no meaning, since each user is accessing the repository database files directly.</p><p>Here's a quick summary of the three typical server deployments.</p><div class="table"><a id="svn.serverconfig.overview.tbl-1"></a><p class="title"><b>Table 6.1. Comparison of Subversion Server Options</b></p><div class="table-contents"><table summary="Comparison of Subversion Server Options" border="1"><colgroup><col /><col /><col /><col /></colgroup><thead><tr><th>Feature</th><th>Apache + mod_dav_svn</th><th>svnserve</th><th>svnserve over SSH</th></tr></thead><tbody><tr><td>Authentication options</td><td>HTTP(S) basic auth, X.509 certificates, LDAP, NTLM, or any other mechanism available to Apache httpd</td><td>CRAM-MD5 by default; LDAP, NTLM, or any other mechanism available to SASL</td><td>SSH</td></tr><tr><td>User account options</td><td>private 'users' file, or other mechanisms available to Apache httpd (LDAP, SQL, etc.)</td><td>private 'users' file, or other mechanisms available to SASL (LDAP, SQL, etc.)</td><td>system accounts</td></tr><tr><td>Authorization options</td><td>read/write access can be granted over whole repository, or specified per-path.</td><td>read/write access can be granted over whole repository, or specified per-path.</td><td>read/write access only grantable over whole repository</td></tr><tr><td>Encryption</td><td>via optional SSL</td><td>via optional SASL features</td><td>SSH tunneled</td></tr><tr><td>Logging</td><td>full Apache logs of each HTTP request, with optional “<span class="quote">high-level</span>” logging of general client operations</td><td>no logging</td><td>no logging</td></tr><tr><td>Interoperability</td><td>partially usable by other WebDAV clients</td><td>only talks to svn clients</td><td>only talks to svn clients</td></tr><tr><td>Web viewing</td><td>limited built-in support, or via 3rd-party tools such as ViewVC</td><td>only via 3rd-party tools such as ViewVC</td><td>only via 3rd-party tools such as ViewVC</td></tr><tr><td>Master-slave server replication</td><td>Transparent write-proxying available from slave to master</td><td>Can only create read-only slave servers</td><td>Can only create read-only slave servers</td></tr><tr><td>Speed</td><td>somewhat slower</td><td>somewhat faster</td><td>somewhat faster</td></tr><tr><td>Initial setup</td><td>somewhat complex</td><td>extremely simple</td><td>moderately simple </td></tr></tbody></table></div></div><br class="table-break" /></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="svn.serverconfig.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="svn.serverconfig.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="svn.serverconfig.choosing.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 6. Server Configuration </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Choosing a Server Configuration</td></tr></table></div></body></html>