A few weeks ago, I showed you how to setup your very own linux server. Now, I'm going to show you how to add even more functionality.
Before We Begin...
This guide assumes that you've followed my previous tutorial, How to Setup a Dedicated Web Server for Free, or that you've got a similar server already set up.
What We're Going to Accomplish
In this tutorial, we're going to:
- Install a Subversion server, so that you can use version control for your projects.
- Add a system management application, more popularly known as Webmin, so that you can keep track of your server's status and get real-time updates.
A Quick Note
These steps can be accomplished while sitting at the computer and typing into the console, or for those who like to run a headless server, you may use SSH. I covered it in my previous guide, so if you're unfamiliar with the technology, head over there to get started using it. Now, without further ado, let's get started!
Download Subversion
While there are many version control systems, Subversion is one of the most popular. Subversion allows you to keep multiple versions of your code, allowing you to always revert back if you need a previous version. Let's download it!
First, you need to login to your server; I'm doing it over SSH, so my screenshots will show my terminal:
Now, type this in and hit enter:
sudo aptitude install subversion
It will ask you for your password; type it in and press enter. Also, it may ask you if you want to continue, press "y" and hit enter. Your server will now download and install the subversion server:
Once that's done, we need to set it up.
Setting Up Subversion
This next part can be kind of confusing. What we're going to do is create a new group, called "subversion" that will allow the Subversion server to securely write to your repositories in your web server, but nothing else. To do this, enter the following commands, replacing USERNAME with your actual username.
sudo addgroup subversion sudo usermod -a -G subversion USERNAME sudo usermod -a -G subversion www-data
In order, those commands: add a new group called "subversion," add your user account to the new group, and add the web server's user to the group.
Now, we need to create a place for your repositories. This can technically be put anywhere, but I always store it in /var:
sudo mkdir /var/svn
Finally, create the project folder and repository:
sudo mkdir /var/svn/project sudo svnadmin create /var/svn/project
And give the web server (and anyone in the subversion group) access:
sudo chown -R www-data:subversion /var/svn/project sudo chmod -R 770 /var/svn/project
So far, we've created the subversion group, created a place for our repositories, created a new repository called "project," and given the web server access to this project. The last thing we need to do is allow Apache to serve the repositories. To do this, we need to install a new Apache library, called libapache2-svn. By now, you should know how to do this:
sudo aptitude install libapache2-svn
After that's done, open up the Apache SVN configuration file:
sudo nano /etc/apache2/mods-available/dav_svn.conf
Scroll all the way to the bottom, and add the following:
<Location /svn> DAV svn SVNParentPath /var/svn SVNListParentPath On AuthType Basic AuthName "Subversion" AuthUserFile /etc/subversion/passwd Require valid-user </Location>
Save the file (Control-O and then enter) and close it (Control-X). (note for Mac and Linux users: regardless of your OS settings, it's still control, not command or super.)
Basically, what happened there was you told Apache that when the URL ends with "/svn", serve up a list of your subversion repositories which are located in "/var/svn". You then told it that you only want people listed in "/etc/subversion/passwd" to be able to see these repositories.
Now, to put these changes into effect, reload Apache's configuration:
sudo /etc/init.d/apache2 force-reload
After you've done that, open up your favorite web browser and browse to http://yourserveraddress/svn. It will ask you to login, but no matter what you put, you will get an internal server error:
Don't worry! This is because we haven't defined any users yet in /etc/subversion/passwd. Let's do that now:
sudo htpasswd -c /etc/subversion/passwd USERNAME
This will create a new entry for USERNAME with the password you specify. PLEASE do NOT use your normal account password as this password is sent insecurely, and in the odd event someone intercepts it, you don't want them to have root access to your machine. After you've done this, go back to that page (http://yourserveraddress/svn) and refresh it. It should now ask for your username and password again:
Put them in, and voila! You can now see all of your repositories (in this case, just project) and you're ready to use it for version control!
To add more users, run this command, replacing USERNAME with the new user's username.
sudo htpasswd /etc/subversion/passwd USERNAME
Setting Up Webmin for Server Management
Now that you have this fancy server doing all these different things, wouldn't it be nice to be able to manage it easily? Say hello to Webmin, an awesome web-based front-end for system configuration, monitoring, etc. It does some pretty sweet things, like sending a text message to your phone if your server goes down. The best part: It's completely free. So, let's install it!
First off, we need to download the latest Webmin debian package off their site. At the time this article was written, the current version is 1.450. So, run this command to download the file:
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.450_all.deb
However, before we can install it, we need to satisfy some dependencies (we need to install programs that Webmin uses):
sudo aptitude install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl
After that has finished, install Webmin using the file we just downloaded:
sudo dpkg -i webmin_1.450_all.deb
Now, let that finish, and once it's done, Webmin has been installed! Open up your favorite web browser, and browse to https://yourserveraddress:10000/ (notice that it's https). You should see the following page: (If it doesn't work, keep reading)
Log in using your normal details; the same details you use to login to the server.
For those of you who can't connect, (likely most of you), read the next section. For those who can, skip the next section.
Hold Up; I Can't Connect!
For those that can't connect, good. It means your firewall is doing it's job. However, in this case, we want access to port 10000, so we need to add a new firewall rule. These directions are explicitly for those who followed my previous guide. Open up your Shorewall rules file:
sudo nano /etc/shorewall/rules
Add this line right above where it says #LAST LINE:
ACCEPT net $FW tcp 10000
Save the file (Control-O and then enter) and close it (Control-X).
For comparison, here is AlexVillmann.com's firewall rules: (I have more rules than the one we're adding, but you get the picture)
Now, restart Shorewall:
sudo /etc/init.d/shorewall restart
Finally, go back to your web browser and browse back to Webmin (https://yourserveraddress:10000/) and it should work this time.
Congratulations! You've got Webmin all set up! There are a million things you can do with it, but all are outside of the scope of this article. Personally, I would just play around with it until it does the things you want it too. It's pretty self-explanitory, and for everything else, there is the Webmin Documentation. Have fun!
Wrapping Up
By following this guide, you've setup version control and a sweet web management application. I wish I could go into detail about Webmin, but that is an article all by itself. Anyway, I hope this helps you move forward in your linux server adventure!
For those who seek more information on the topics I've covered, here are some great links:
- Subscribe to the NETTUTS RSS Feed for more daily web development tuts and articles.
Related Posts
Check out some more great tutorials and articles that you might like
Plus Members
Source Files, Bonus Tutorials and
More for $9 a month for all TUTS+
sites in one subscription.
User Comments
( ADD YOURS )Zy March 2nd
Not bad
( )Sirwan March 2nd
not bad but expected a better Ubuntu logo.
( )Ethan:T March 2nd
Excellent! I can definitly use these on my server. I expected more apps in this tut though…
( )Volly March 2nd
Thanks for sharing your knowledge.
( )Very well structured article. *thumbs up*
Emil March 2nd
As far as i remember it is not a good idea to leave your webmin interface open to the web. It is a much better idea to access it through ssh tunneling.
( )Philo March 2nd
Well written article, thanks!
( )Kevin Martin March 2nd
Good job, I was looking for a good subversion tutorial, now i just need one for Trac
( )Phil Havens March 2nd
Can you explain the different rules in your Shorewall configuration? I have the same rules that were in the original server setup tutorial. With those settings I can access my server fine on my local network but I can’t access it remotely. I forwarded port 80 and 22 to my servers IP on my router and my modem and still no luck. When I use my external IP to access the server, I can get to it on my network, but other people can’t. So I’m pretty sure it’s a firewall configuration error.
( )M.A.Yoosuf March 2nd
Great Open-source Rocks, just i got a CD of Ubunthu 8.10 edition, i will try this with my old Desk top,
More Open source Please…….
( )Lamin Barrow March 2nd
Nice of you to post this here. We love ubuntu.
( )Zac March 2nd
Sweet. I just setup an Ubuntu server last night.
( )sx March 2nd
good timing….i wanted to setup a headless server with ssh.
( )Miguel Hernandez March 2nd
Just wondering why Subversion? There´s several other alternatives so wondering for what technical reasons Subversion was chosen.
Good tut tho.
( )Matt March 2nd
Please please don’t open up webmain to the public like that. If anything, I would recommend changing the webmin port. Change your firewall rules to only allow connections from source localhost and then tunnel in using `ssh -ND localhost:9989 user@server` and then change your settings in firefox to use socks5 proxy local host. This is a much much more secure way of running webmail
( )Gianluca March 2nd
Supergreat man! Thanks and keep these tuts going!
( )crysfel March 2nd
thanks you!! i’ll set up my subversion server!!
( )Alex Villmann March 2nd
Hey guys,
For those who are saying that Webmin should not be opened up to the public, I would say don’t worry about it. Seeing as how Webmin uses an encrypted connection and requires your (hopefully secure) login password, it’s not really that big of a risk; It’s only slightly more so than running SSH. And remember, Webmin’s intended purpose is remote management.
While it would be more secure to tunnel Webmin, it’s not as big of a deal opening it up to the web as people make it out to be. (although it’s good to be careful after the security vulnerability a few years ago.)
All in all, I would say if you want to use it, use it. I do. However, if you are really (I mean really) concerned about the security of your server, don’t run SSH, and don’t run Webmin.
( )Alex Villmann March 2nd
@Phil Havens: Does the computer you’re using as a server have one network interface or two? The firewall settings are slightly different for computers with two interfaces.
( )Paul Morales March 2nd
Excellent Tutorial! If you could post on how we can get a .com domain pointed to the server we created that would be great.
( )David Singer March 2nd
Ubuntu Rocks!
( )Chris Gunther March 2nd
Nice tutorial. Would like to see some more Linux server stuff on here.
( )Phil Havens March 2nd
@Alex Villmann The server has a RJ-45 and RJ-11. But I can access the servers IP from my network. Say my external IP is 68.244.13.139. If I type that into my browser I see my server. Same goes for when I type in the local IP 192.168.1.200.
( )Matt March 2nd
@Alex Villmann Webmin being a web application means it is vulnerable to script attacks such as XSS, something ssh can thawt with invalid logins or other programs such as Denyhosts or simply editing your hosts files.
As for SSL, has nothing to do with its vulnerable to security holes; It just means that if you sniff the network, the connection will be encrypted. Would still recommend setting up ACL’s. Like you said, if access to your machine means anything to you; you will probably do the most you can to thawt any attackers. Plus, its one more script you need to keep up with incase of any bugs. Just Value over convention.
( )Alex Villmann March 2nd
@Matt: Any application you open up to the web introduces security holes. While the nature of Webmin may make it more susceptible to attacks than say, Apache, it is still relatively safe to open up to the web.
While I agree that SSH tunneling is the way to go, I also understand that for some people, it’s not feasible. That is why I decided to show how to set it up in the way I did.
In addition, as far as I know, you can use ACLs and Hosts.deny to protect Webmin. The recent releases of it also thwart XSS very well, though it’s not immune to them.
Also, don’t misquote me, I stated that people who are really concerned with security should reconsider, not everyone. The nature of the program is to control your server remotely, and with that convenience always comes some risk.
( )Matt March 2nd
I don’t mean to be a pain. If I am I deeply apologize. Just past experiences with servers that people have put webmin on. Thought I would just voice some alternative options.
( )Jon March 3rd
Very Good..
( )Alex Villmann March 3rd
@Phil Havens: Which interface is connected to the web?
You could try changing the rules from accepting connections from the net to accepting all connections, regardless of the source.
To do this, change the “net” in your rules with “all”. That might alleviate the problem.
@Matt: It’s fine. I just don’t want people to be afraid of using Webmin, as it’s awesome for server management.
( )Phil Havens March 3rd
@Alex I’m using the RJ-45 interface as thats all I can use. But when I run ifconfig on the server I am only seeing one interface, eth0. But I changed all my firewall rules to all instead of net and still no change unfortunately.
( )iPad March 5th
Thanks about this! great tut!
( )Yizi March 5th
What do you do if you make a mistake, i can’t seem to be able to sort the SVN out, after i do all the moving directories so when i type [IP]/svn 404 error comes up. is there anyway i can clean remove SVN and do it again?
( )_ra March 9th
how do I open port on shorewall from my pc computer to mysql?
( )say my pc is on local lan with something like: 192.168.x.x and server is on the same subnet.
Matt Gifford March 19th
Great tutorial Alex, thank you
I’m having trouble with the SVN, and am receiving the following error when trying to view/open the project dir:
Could not open the requested SVN filesystem
Please could someone help? Any ideas?
By the way, I would love to see an extension on this series, and maybe the next tutorial could be installing Trac to blend with the svn repository? That would be perfect!
Many thanks
( )Rob March 26th
I just have to say Thank you and Great tutorial Alex.
Im new to linux and only have been playing with it for about 3 weeks and was not getting any where.
I tryed a few distros to no luck of getting what i wanted but then i found your tutorial on Ubuntu and away i went, now my server is up and running with the help from your tutorial’s and hey i even found out how to bind a domain to an ip address
Few more tutorial’s i would like to see by you since i find your are one of the easyest to follow and you put it in a way that us newbies can follow is
Installing and setting up a anti-virus
A teamspeak or vent servers
setup and run a e-mail server
install and setup ISPConfig
and how to add more web-page stuff, i.e. photo-albums and other web page add-ons.
Have these all running on one server would be cool and i know its asking alot but maybe some one can write them up like Alex does, easy for newbies to follow and understand.
Ohh and one more thing that i think would be good is to have these tutorial in a pdf format for download so we can follow them off line
Again thank you so much
( )Taylor Satula April 4th
I still have yet to do the first one but i might this week. This is the kind of thing that keeps me coming back to nettuts
( )Albert Pak May 18th
Just did this tutorial
Awesome 
Everything worked out 
( )nico May 19th
hi, thanks for this great tutorial!
( )does anybody know how to get apc work in this configuration?
Ram Sainath July 11th
Alex:
( )Once again my compliments and hats-off for a great tutorial especially for webmin. The explanation you provided about shorewall was what I needed and you made me find the proverbial needle in the haystack.
Jamal July 27th
Thanks a lot Alex for both tutorials. I would like to see more tuts from you in the future inshaAllah
( )Herri September 10th
This command: “sudo htpasswd /etc/subversion/passwd USERNAME” replaces the contents of the file, each time the command is run? The users have to added by hand if one wants to add another user. Is there a way to add a new user-password -pair without overwriting the existing pair?
( )เพชร September 22nd
I love ubuntu
( )ist October 23rd
I’m new on unix based os like ubuntu and I want to setup my own subversion server. So far this tutorial was the best. I’ve already tried other tutorial but didn’t my subversion server work correctly in SVNParentPath mode. Thanks!
( )