unable to browse SVN, redmine auth is failing

Added by Eric Canales over 3 years ago

I get a 500 error when I browse to an SVN repository. I'm on Ubuntu 14.04. I get this in my apache logs:

[Tue Apr 29 18:40:15.764107 2014] [perl:error] [pid 29513] [client 192.168.1.44:58699] failed to resolve handler `Apache2::Authn::Redmine::authen_handler': Can't locate Apache2/Authn/Redmine/authen_handler.pm in @INC (you may need to install the Apache2::Authn::Redmine::authen_handler module) (@INC contains: /etc/perl /usr/local/lib/perl/5.18.2 /usr/local/share/perl/5.18.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 /usr/local/lib/site_perl . /etc/apache2) at (eval 27) line 2, <DATA> line 751.\n

The results of script/about:

root@host:/opt/redmine-2.5.1# RAILS_ENV=production script/about

sh: 1: darcs: not found
sh: 1: hg: not found
sh: 1: cvs: not found
sh: 1: bzr: not found
Environment:
  Redmine version                2.5.1.stable
  Ruby version                   2.0.0-p451 (2014-02-24) [x86_64-linux]
  Rails version                  3.2.17
  Environment                    production
  Database adapter               Mysql2
SCM:
  Subversion                     1.8.8
  Git                            1.9.1
  Filesystem
Redmine plugins:
  no plugin installed

Apache configuration:

<VirtualHost host:443>

    ### Begin Redmine config ###
    PassengerMinInstances 2
    PassengerMaxPoolSize 2
    RailsBaseURI /dev
    PassengerAppRoot /opt/redmine-2.5.1

    # Speeds up spawn time tremendously -- if your app is compatible.
    # RMagick seems to be incompatible with smart spawning
    RailsSpawnMethod smart

    # Keep the application instances alive longer. Default is 300 (seconds)
    PassengerPoolIdleTime 1000
    # Keep the spawners alive, which speeds up spawning a new Application
    # listener after a period of inactivity at the expense of memory.
    RailsAppSpawnerIdleTime 3600

    # Additionally keep a copy of the Rails framework in memory. If you're
    # using multiple apps on the same version of Rails, this will speed up
    # the creation of new RailsAppSpawners. This isn't necessary if you're
    # only running one or 2 applications, or if your applications use
    # different versions of Rails.
    PassengerMaxPreloaderIdleTime 0

    # Just in case you're leaking memory, restart a listener
    # after processing 5000 requests
    PassengerMaxRequests 5000

    # only check for restart.txt et al up to once every 5 seconds,
    # instead of once per processed request
    PassengerStatThrottleRate 5

    # If user switching support is enabled, then Phusion Passenger will by default run the web application as the owner if the file config/environment.rb (for Rails apps) or     config.ru (for Rack apps). This option allows you to override that behavior and explicitly set a user to run the web application as, regardless of the ownership of environment.rb/config.ru.
    PassengerUser www-data
    PassengerGroup www-data

    # By default, Phusion Passenger does not start any application instances until said web application is first accessed. The result is that the first visitor of said web application might experience a small delay as Phusion Passenger is starting the web application on demand. If that is undesirable, then this directive can be used to pre-started application instances during Apache startup.
    PassengerPreStart https://host/dev

    <Directory /opt/redmine-2.5.1/public/>
        Options +Indexes +FollowSymLinks -MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

     #/svn location for users
    PerlLoadModule Apache2::Redmine

    <Location /svn>
        DAV svn
        SVNParentPath "/mnt/nfs_share/Repositories/svn" 
        Order deny,allow
        Deny from all
        Satisfy any

        PerlAccessHandler Apache2::Authn::Redmine::access_handler
        PerlAuthenHandler Apache2::Authn::Redmine::authen_handler

        AuthType Basic
        AuthName "redmine SVN Repository" 

        #read-only access
        <Limit GET PROPFIND OPTIONS REPORT>
            Require valid-user
            Allow from 127.0.1.1
            Satisfy any
        </Limit>
        # write access
        <LimitExcept GET PROPFIND OPTIONS REPORT>
            Require valid-user
        </LimitExcept>

        ## for mysql
        RedmineDSN "DBI:mysql:database=redmine;host=db.host" 
        RedmineDbUser "redmine-user" 
        RedmineDbPass "password" 
        #Possible security tweaks:
        #Order deny,allow
        #Allow from localhost
        #Allow from my_domain.com
        #Deny from all
    </Location>

    # /git location for users
    # Git Smart HTTP configuration
    #From the Remine.pm patch file for git-smart-http:
    SetEnv GIT_PROJECT_ROOT /mnt/nfs_share/Repositories/git/
    SetEnv GIT_HTTP_EXPORT_ALL
    ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
    PerlLoadModule Apache2::Redmine
    <Location /git>
        Order allow,deny
        ## Sample configuration
        # Allow from 192.168.15.0/24 #Retrict Git access to local network
        Satisfy all

        AuthType Basic
        AuthName "git repositories" 
        Require valid-user

        PerlAccessHandler Apache2::Authn::Redmine::access_handler
        PerlAuthenHandler Apache2::Authn::Redmine::authen_handler
        ## for mysql
        RedmineDSN "DBI:mysql:database=redmine;host=db.host" 
        RedmineDbUser "redmine-user" 
        RedmineDbPass "password" 
        RedmineGitSmartHttp yes
    </Location>
    <Location /sys>
        Order deny,allow
        Allow from 127.0.1.1
        #Allow from localhost
        Deny from all
    </Location>

    AddOutputFilter DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    ### End Redmine config ###

    # The ServerName directive sets the request scheme, hostname and port that
    # the server uses to identify itself. This is used when creating
    # redirection URLs. In the context of virtual hosts, the ServerName
    # specifies what hostname must appear in the request's Host: header to
    # match this virtual host. For the default virtual host (this file) this
    # value is not decisive as it is used as a last resort host regardless.
    # However, you must set it for any further virtual host explicitly.
    #ServerName www.example.com

    ServerAdmin local@domain
    DocumentRoot /var/www

    RewriteEngine On

    <Directory /var/www>
         AllowOverride All
    </Directory>

    # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
    # error, crit, alert, emerg.
    # It is also possible to configure the loglevel for particular
    # modules, e.g.
    #LogLevel info ssl:warn

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateFile /keys/host-cert.pem
    SSLCertificateKeyFile /root/priv-keys/host-priv.pem
    SSLCACertificateFile /usr/local/share/ca-certificates/cacert.org/root.crt

    # For most configuration files from conf-available/, which are
    # enabled or disabled at a global level, it is possible to
    # include a line for only one particular virtual host. For example the
    # following line enables the CGI configuration for this host only
    # after it has been globally disabled with "a2disconf".
    #Include conf-available/serve-cgi-bin.conf

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Replies (7)

RE: unable to browse SVN, redmine auth is failing - Added by Martin Denizet (redmine.org team member) over 3 years ago

Hi Eric,
I think you are missing something like:

ln -s /opt/redmine/current/extra/svn/Redmine.pm /usr/lib/perl5/Apache2/

If you did link of copy your Redmine.pm to a folder such as /usr/lib/perl5/Apache/ (Note it's Apache and not Apache2) then you need to replace the path of the library to load to remove the 2 such as:

PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler

I hope it's clear enough,

Cheers,

RE: unable to browse SVN, redmine auth is failing - Added by Eric Canales over 3 years ago

Nope I have that linked properly already and calling it properly. I recall last time I installed redmine there was an issue with sha1_hex() call inside Redmine.pm on ubuntu, but I checked that and it seems to be ok. Is there some way to get a better error message?

RE: unable to browse SVN, redmine auth is failing - Added by Eric Canales over 3 years ago

I restarted apache and noticed this ssl error in the logs. Not sure if this is an actual problem as the site loads properly when I browse the site.

[Wed Apr 30 18:39:01.999391 2014] [mpm_prefork:notice] [pid 29491] AH00171: Graceful restart requested, doing restart
[Wed Apr 30 18:39:02.176052 2014] [so:warn] [pid 29491] AH01574: module passenger_module is already loaded, skipping
[ 2014-04-30 18:39:02.4069 4366/7fb430793780 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/local/rvm/gems/ruby-2.0.0-p451/wrappers/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '2', 'passenger_root' => '/usr/local/rvm/gems/ruby-2.0.0-p451/gems/passenger-4.0.41', 'passenger_version' => '4.0.41', 'pool_idle_time' => '1000', 'prestart_urls' => 'ubWU      cleared   vZGV2AA==', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.37', 'web_server_pid' => '29491', 'web_server_type' => 'apache', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2014-04-30 18:39:02.4152 4369/7f1b403ab780 agents/HelperAgent/Main.cpp:643 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.29491/generation-3/request
[ 2014-04-30 18:39:02.4276 4375/7f20f2f7d780 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.29491/generation-3/logging
[ 2014-04-30 18:39:02.4280 4366/7fb430793780 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
[Wed Apr 30 18:39:02.471176 2014] [mpm_prefork:notice] [pid 29491] AH00163: Apache/2.4.7 (Ubuntu) SVN/1.8.8 Phusion_Passenger/4.0.37 PHP/5.5.9-1ubuntu4 mod_scgi/1.13 OpenSSL/1.0.1f mod_perl/2.0.8 Perl/v5.18.2 configured -- resuming normal operations
[Wed Apr 30 18:39:02.471210 2014] [core:notice] [pid 29491] AH00094: Command line: '/usr/sbin/apache2'
/usr/local/rvm/gems/ruby-2.0.0-p451/gems/passenger-4.0.41/helper-scripts/prespawn:122:in `connect': SSL_connect returned=1 errno=0 state=unknown state: unknown protocol (OpenSSL::SSL::SSLError)
    from /usr/local/rvm/gems/ruby-2.0.0-p451/gems/passenger-4.0.41/helper-scripts/prespawn:122:in `connect'
    from /usr/local/rvm/gems/ruby-2.0.0-p451/gems/passenger-4.0.41/helper-scripts/prespawn:87:in `socket'
    from /usr/local/rvm/gems/ruby-2.0.0-p451/gems/passenger-4.0.41/helper-scripts/prespawn:91:in `head_request'
    from /usr/local/rvm/gems/ruby-2.0.0-p451/gems/passenger-4.0.41/helper-scripts/prespawn:153:in `<main>'

RE: unable to browse SVN, redmine auth is failing - Added by Eric Canales over 3 years ago

I've gone through everything again and the paths are correct according to every guide on the internet. Any other ideas?

RE: unable to browse SVN, redmine auth is failing - Added by Eric Canales over 3 years ago

Martin Denizet, you were right I just misunderstood your instructions. I did indeed have Redmine.pm linked in /usr/lib/perl5/Apache2/ but I did need to set the PerlAccessHandler as such:

PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler

Instead of Apache2. I thought I had already tested this but perhaps I did not or failed to reload Apache. Thanks for the help!

RE: unable to browse SVN, redmine auth is failing - Added by Martin Denizet (redmine.org team member) over 3 years ago

My explanation was not clear.
From my tests, if you put the link to Redmine.pm in an Apache2 Perl directory, you need to reference it in Apache conf with Apache2::Authn::Redmine::access_handler.
I forgot to also mention PerlLoadModule Apache2::Redmine.
Anyways I'm glad your problem is solved, you can endorse me on CoderWall if my input helped ;)
Cheers,

RE: unable to browse SVN, redmine auth is failing - Added by Bruno Medeiros over 1 year ago

On Ubuntu Apache 2.4 I created the link like this:

ln -s /opt/redmine/current/extra/svn/Redmine.pm /usr/share/perl5/Apache/Authn/Redmine.pm

Conf uses:

PerlLoadModule Apache::Authn::Redmine

(1-7/7)