那你应该用什么服务器?什么最好?
显然,对这个问题没有正确的答案。每个团队都有不同的需要,不同的服务器都有各自的代价。Subversion 项目没有更加认可哪种服务,或认为哪个服务更加“正式”一点。
下面是你选择或者不选择某一个部署方式的原因。
设置快速简单。
网络协议是有状态的,比WebDAV快很多。
不需要在服务器创建系统帐号。
不会在网络传输密码。
By default, only one authentication method is available, the network protocol is not encrypted, and the server stores clear text passwords. (All these things can be changed by configuring SASL, but it's a bit more work to do.)
No advanced logging facilities.
没有内置的 WEB 浏览 (你必须自己单独安装 WEB 服务器,以及版本库浏览软件,来增加此功能)。
网络协议是有状态的,比 WebDAV 快很多。
你可以利用现有的SSH帐号和用户基础。
所有网络传输是加密的。
只有一个认证方法可以选择。
No advanced logging facilities.
需要用户在同一个系统组,或者使用共享 SSH 密钥。
如果使用不正确,会导致文件权限问题。
允许 Subversion 使用已经集成到 Apache 的多种用户认证系统。
不需要在服务器创建系统帐号。
完全的 Apache 日志。
网络传输可以通过SSL加密。
HTTP(S) 通常可以穿越公司防火墙。
内置通过浏览器访问版本库。
版本库可以作为网络磁盘加载,实现透明的版本控制(参见 第 2 节 “自动版本化”)。
比svnserve慢很多,因为HTTP是无状态的协议,需要更多的传递。
初始设置可能复杂
In general, the authors of this book recommend a vanilla svnserve installation for small teams just trying to get started with a Subversion server; it's the simplest to set up and has the fewest maintenance issues. You can always switch to a more complex server deployment as your needs change.
下面是一些常见的建议和小技巧,基于多年对用户的支持:
If you're trying to set up the simplest possible server for your group, a vanilla svnserve installation is the easiest, fastest route. Note, however, that your repository data will be transmitted in the clear over the network. If your deployment is entirely within your company's LAN or VPN, this isn't an issue. If the repository is exposed to the wide-open Internet, you might want to make sure that either the repository's contents aren't sensitive (e.g., it contains only open source code), or that you go the extra mile in configuring SASL to encrypt network communications.
If you need to integrate with existing legacy identity systems (LDAP, Active Directory, NTLM, X.509, etc.), you must use either the Apache-based server or svnserve configured with SASL.
If you've decided to use either Apache or stock svnserve, create a single svn user on your system and run the server process as that user. Be sure to make the repository directory wholly owned by the svn user as well. From a security point of view, this keeps the repository data nicely siloed and protected by operating system filesystem permissions, changeable by only the Subversion server process itself.
If you have an existing infrastructure that is heavily based on SSH accounts, and if your users already have system accounts on your server machine, it makes sense to deploy an svnserve-over-SSH solution. Otherwise, we don't widely recommend this option to the public. It's generally considered safer to have your users access the repository via (imaginary) accounts managed by svnserve or Apache, rather than by full-blown system accounts. If your deep desire for encrypted communication still draws you to this option, we recommend using Apache with SSL or svnserve with SASL encryption instead.
Do not be seduced by the simple idea of having all of
your users access a repository directly via file://
URLs. Even if the repository is readily available to everyone via a network
share, this is a bad idea. It removes any layers of protection between the
users and the repository: users can accidentally (or intentionally) corrupt
the repository database, it becomes hard to take the repository offline for
inspection or upgrade, and it can lead to a mess of file permission problems
(see 第 7 节 “支持多种版本库访问方法”). Note that this is
also one of the reasons we warn against accessing repositories via
svn+ssh://
URLs—from a security standpoint, it's
effectively the same as local users accessing via
file://
, and it can entail all the same problems if the
administrator isn't careful.