Redesign to self-conf

Added iF.SVNAdmin stable-1.6.2

Fixing mfreiholz/iF.SVNAdmin#118

.dockerignore

@@ -0,0 +1,7 @@
+.github
+.git
+.DS_Store
+example
+iF.SVNAdmin/data
+README.md
+LICENSE

.gitignore

@@ -0,0 +1,3 @@
+data
+.DS_Store
+/*.svn

Dockerfile

@@ -12,36 +12,32 @@ RUN apk add --no-cache apache2 apache2-utils apache2-webdav mod_dav_svn &&\
 	apk add --no-cache wget unzip php7 php7-apache2 php7-session php7-json php7-ldap &&\
 	apk add --no-cache php7-xml &&\	
 	sed -i 's/;extension=ldap/extension=ldap/' /etc/php7/php.ini &&\
-	mkdir -p /run/apache2/ &&\
-	mkdir /home/svn/ &&\
-	mkdir /etc/subversion &&\
-	touch /etc/subversion/passwd &&\
-    wget --no-check-certificate https://github.com/mfreiholz/iF.SVNAdmin/archive/stable-1.6.2.zip &&\
-	unzip stable-1.6.2.zip -d /opt &&\
-	rm stable-1.6.2.zip &&\
-	mv /opt/iF.SVNAdmin-stable-1.6.2 /opt/svnadmin &&\
-	ln -s /opt/svnadmin /var/www/localhost/htdocs/svnadmin &&\
-	chmod -R 777 /opt/svnadmin/data
+	mkdir -p /run/apache2/
 
 # Solve a security issue (https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html)	
 RUN sed -i -e 's/^root::/root:!:/' /etc/shadow
 
-# Fixing https://github.com/mfreiholz/iF.SVNAdmin/issues/118
-ADD svnadmin/classes/util/global.func.php /opt/svnadmin/classes/util/global.func.php
+# Basicly from https://github.com/mfreiholz/iF.SVNAdmin/archive/stable-1.6.2.zip
+# + patches
+ADD svn-server/opt/default_data /opt/default_data
+ADD iF.SVNAdmin /opt/svnadmin
+RUN ln -s /opt/svnadmin /var/www/localhost/htdocs/svnadmin &&\
+	rm -rf /opt/svnadmin/data
 
 # Add services configurations
-ADD apache/ /etc/services.d/apache/
-ADD subversion/ /etc/services.d/subversion/
+ADD svn-server/etc/services.d/apache2/run /etc/services.d/apache2/run
+ADD svn-server/etc/services.d/subversion/run /etc/services.d/subversion/run
 
-# Add SVNAuth file
-ADD subversion-access-control /etc/subversion/subversion-access-control
-RUN chmod a+w /etc/subversion/* && chmod a+w /home/svn
+# default environment paths
+ENV SVN_SERVER_REPOSITORIES_URL=/svn
 
 # Add WebDav configuration
-ADD dav_svn.conf /etc/apache2/conf.d/dav_svn.conf
+ADD svn-server/etc/apache2/conf.d/dav_svn.conf /etc/apache2/conf.d/dav_svn.conf
 
 # Set HOME in non /root folder
-ENV HOME /home
+# ENV HOME /home
+
+# USER apache
 
 # Expose ports for http and custom protocol access
-EXPOSE 80 443 3690
+EXPOSE 80 3690

README.md

@@ -8,26 +8,32 @@ A complete tutorial on how to build this image, and how to run the container is
 # Running Commands
 To run the image, you can use the following command:
 ```
-docker run -d --name svn-server -p 80:80 -p 3690:3690 -v <hostpath>:/home/svn -v svn_config:/etc/subversion -v svnadmin_config:/opt/svnadmin/data elleflorio/svn-server
+docker run -d \
+    --name svn-server \
+    -p 80:80 \
+    -p 3690:3690 \
+    -v `pwd`/data:/data \
+    elleflorio/svn-server
 ```
-`/home/svn` stores your repositories and can use either bind mount or named volume. `/etc/subversion` stores subversion configuration and `/opt/svnadmin/data` stores SVNADMIN configuration and both **MUST** use named volume.
 
-# Configuration
-**You need to setup username and password** for the access via WebDav protocol. You can use the following command from your host machine:
-```
-docker exec -t svn-server htpasswd -b /etc/subversion/passwd <username> <password>
-```
-To verify that everything is up and running, open your browser and connect to `http://localhost/svn`. The system should ask you for the username and password, then it will show you an empty folder (no repos yet!).
+- `<data>/svnadmin` - will be keep all repositories in subfolder in data
+- `<data>/repositories` - will be keep all repositories in subfolder in data
+- `<data>/subversion` - configurations for subversion (passwd && subversion-access-control)
+
+In first start will be inited automaticly all default folders/files/password - to easy start.
+
+so:
+
+- http://localhost/svn - with repositories
+- http://localhost/svnadmin - configuration (login: `admin` / password: `admin` **Don't foget change this** )
+
+
+
 Check also that the custom protocol is working fine: go to your terminal and type `svn info svn://localhost:3690`. The system should connect to the server and tell you that is not able to find any repository.
 For further information on how to configure Subversion, please refer to the [official web page](https://subversion.apache.org/).
 
-# Alternative configuration via SVNADMIN
-the image provides a graphical ui using the [SVNADMIN](https://github.com/mfreiholz/iF.SVNAdmin) interface via `http://localhost/svnadmin`.
-You'll be prompted with a setup page, remember to test every step on the page then save the configuration.
-
-# How to contribute
-I'm super happy if you want to contribute! I do my best to keep this image updated and solve the issues that may arise, but I'm not much an operations guy, and I have very limited free time. :sweat_smile:
 
-If you find something that can be improved or the solution to some issue, just comment the issue to notify that you will handle it, and then submit a pull request. I will then merge it and publish the updated image in the Docker Hub. :wink:
+## TODO:
 
-Thank you! :smile:
+- fix to deny access `/svnadmin/data/`
+- fix access via `svn://` by port 3690 (some problem with access)

example/docker-compose.yml

@@ -0,0 +1,34 @@
+version: '3'
+
+services:
+  nginx0:
+    image: nginx:1.16
+    volumes:
+      - "./nginx_data/html/:/usr/share/nginx/html"
+      - "./nginx_data/conf_d:/etc/nginx/conf.d"
+      - "./nginx_data/logs:/var/log/nginx/"
+      - "./ssl:/etc/nginx/ssl"
+    restart: always
+    ports:
+      - "2234:80" # test port like a 2234
+      # - "443:443"
+    networks:
+      - example_svn_server_net
+  svn_server:
+    image: elleflorio/svn-server
+    environment:
+      - SVN_SERVER_REPOSITORIES_URL: /source/svn
+    ports:
+      - "8011:80" # test web port 
+      - "3690:3690" #  svn protocol!
+    volumes:
+      - "./svn/svnadmin_data:/opt/svnadmin/data:rw"
+      - "./svn/repo:/home/svn"
+      - "./svn/subversion-access-control:/etc/subversion/subversion-access-control"
+      - "./svn/passwd:/etc/subversion/passwd"
+    restart: always
+    networks:
+      - example_svn_server_net
+networks:
+    example_svn_server_net:
+    driver: bridge

example/nginx_node/conf_d/default.conf

@@ -0,0 +1,42 @@
+server {
+    listen       80;
+    server_name  localhost;
+
+    # fix security restricts
+    location /sources/svnadmin/data/ {
+        deny all;
+        return 403;
+    }
+
+    location /sources/svnadmin/ {
+        proxy_pass http://svn_server:80/svnadmin/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+
+    # location ^~ /sources/svn {
+    location /sources/ {
+        proxy_pass http://svn_server:80/sources/;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Real-IP $remote_addr;
+        client_max_body_size 1024m;
+    }
+
+    #error_page  404              /404.html;
+    # redirect server error pages to the static page /50x.html
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+}
+
+server {
+    listen              443 ssl;
+    server_name         localhost;
+    ssl_certificate     /etc/nginx/ssl/public.crt;
+    ssl_certificate_key /etc/nginx/ssl/private.key;
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+}

example/nginx_node/html/index.html

@@ -0,0 +1 @@
+<h1>Hello</h1>

iF.SVNAdmin/.gitignore

@@ -0,0 +1,3 @@
+/nbproject/
+.buildpath
+.project

iF.SVNAdmin/.htaccess

@@ -0,0 +1,3 @@
+<Files cli.php>
+  deny from all
+</Files>

iF.SVNAdmin/accesspathcreate.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * iF.SVNAdmin
+ * Copyright (c) 2010 by Manuel Freiholz
+ * http://www.insanefactory.com/
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2
+ * of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.
+ */
+include("include/config.inc.php");
+$appEngine->forwardInvalidModule(!$appEngine->isAccessPathEditActive());
+$appEngine->checkUserAuthentication(true, ACL_MOD_ACCESSPATH, ACL_ACTION_ADD);
+$appTR->loadModule("accesspathcreate");
+
+// Form request to create the user
+$create = check_request_var('create');
+if( $create )
+{
+	$appEngine->handleAction('create_accesspath');
+}
+
+// HTTP request parameters.
+$varRepoEnc = get_request_var("r");
+$varPathEnc = get_request_var("p");
+$varRepo = rawurldecode($varRepoEnc);
+$varPath = rawurldecode($varPathEnc);
+
+// Stick together the pre-value of the input field.
+$preFill = "";
+if( $varRepo != NULL )
+{
+  $preFill = $varRepo . ":/";
+  if( $varPath != NULL )
+    $preFill.= $varPath;
+}
+
+SetValue("DefaultAccessPath", $preFill);
+ProcessTemplate("accesspath/accesspathcreate.html.php");
+?>

iF.SVNAdmin/accesspathslist.php

@@ -0,0 +1,94 @@
+<?php
+/**
+ * iF.SVNAdmin
+ * Copyright (c) 2010 by Manuel Freiholz
+ * http://www.insanefactory.com/
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; version 2
+ * of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.
+ */
+include("include/config.inc.php");
+
+//
+// Authentication
+//
+
+if (!$appEngine->isProviderActive(PROVIDER_ACCESSPATH_VIEW))
+{
+	$appEngine->forwardError(ERROR_INVALID_MODULE);
+}
+
+$appEngine->checkUserAuthentication(true, ACL_MOD_ACCESSPATH, ACL_ACTION_VIEW);
+$appTR->loadModule("accesspathslist");
+
+//
+// Actions
+//
+
+// Form 'delete' request.
+if (check_request_var("delete"))
+{
+	$appEngine->handleAction("delete_accesspath");
+}
+else if (check_request_var("assign_projectmanager"))
+{
+	$appEngine->handleAction("assign_projectmanager");
+}
+
+//
+// View Data
+//
+
+$list = array();
+$users = array();
+
+try {
+	// All AccessPaths.
+	$list = $appEngine->getAccessPathViewProvider()->getPaths();
+	usort($list, array('\svnadmin\core\entities\AccessPath', "compare"));
+
+
+	// Filter access-paths for project-managers.
+	if ($appEngine->isAuthenticationActive())
+	{
+		$currentUsername = $appEngine->getSessionUsername();
+		if ($appEngine->getAclManager()->isUserAccessPathManager($currentUsername))
+		{
+			$list = $appEngine->getAclManager()->filterAccessPathsList($currentUsername, $list);
+		}
+
+		// Load list of users to create a combobox and assign them as project managers to paths.
+		if ($appEngine->isUserViewActive() && $appEngine->checkUserAuthentication(false, ACL_MOD_PROJECTMANAGER, ACL_ACTION_ASSIGN))
+		{
+			$users = $appEngine->getUserViewProvider()->getUsers(false);
+			usort($users, array('\svnadmin\core\entities\User', "compare"));
+		}
+
+		// Get the project managers of each path.
+		$listCount = count($list);
+		for ($i=0; $i<$listCount; $i++)
+		{
+			$managers = $appEngine->getAclManager()->getUsersOfAccessPath($list[$i]->path);
+	  		$list[$i]->managers = $managers;
+		}
+	}
+
+}
+catch (Exception $ex) {
+	$appEngine->addException($ex);
+}
+
+SetValue("UserList", $users);
+SetValue("AccessPathList", $list);
+ProcessTemplate("accesspath/accesspathlist.html.php");
+?>