On 25.11.2016 11:11, Olaf van der Spek wrote: > Hi, > > Currently I'm running svnserve on a Debian VM on my PC. I'd like to > move it to a server on the internet but I don't get how to do this > securely. > Svnserve doesn't support encryption, right, so I can't expose it on a > public port directly. > I'm aware of Subversion via Apache but I don't run Apache and I don't > want to give the entire web server access to repos anyway. > I also don't want to give each SVN user a shell account.. > What's the proper way to do this?
Use stunnel in front of svnserve: https://www.stunnel.org/ HOWEVER: You'll also have to put stunnel on every _client_ machine because the Subversion client does not support encrypte svn:// protocol natively. Depending on the kinds of clients you support, that could be either very easy or extremely complex. > Wouldn't it be good if svnserve supported encryption directly? It would be a moderately nice-to-have feature, but given that stunnel exists, it's not necessary. In fact, it's better not to reinvent security features that are available in existing, mature software. -- Brane
