Apache 2.4 git, subversion and public projects

Added by Thimios Dimopulos about 7 years ago

I am running Redmine 2.6 on Apache 2.4 service subversion and git repositories.

The authentication works for both subversion and git, but I cannot get anonymous read only access for public projects to work. If I add the "Satisfy any" directive and enable the access_compat apache module, then I do get anonymous access, but no authentication is performed any more.

Does anyone have a working installation serving both subversion and git repositories on apache 2.4 with proper authentication and public project support? Could you share your apache configuration with me?

Here is my conf and environment info:


<VirtualHost *:443>
    SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/apache.pem
    SSLCertificateKeyFile /etc/apache2/ssl/dev.key
    SSLCertificateChainFile /etc/apache2/ssl/chain.txt

    DocumentRoot /var/www/RedmineInstallations/production/public
    LogLevel warn
    ErrorLog /var/log/redmine/production/error.log
        CustomLog /var/log/redmine/production/access.log combined
    RailsEnv production

        <Directory /var/www/RedmineInstallations/production/public>
                Options FollowSymLinks
                AllowOverride None
                Require all granted
        </Directory>

    # Secure repository management web service
    <Location /sys>
              Require host localhost
    </Location>

    PerlLoadModule Apache::Redmine

    # Enable Subversion logging
    CustomLog /var/log/redmine/production/svn.log "%t %u %{SVN-ACTION}e" env=SVN-ACTION

    SetEnv GIT_PROJECT_ROOT /opt/nfs-share/redmine/gitrepositories
    SetEnv GIT_HTTP_EXPORT_ALL

    ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
    <Location /git>
        Options ExecCGI FollowSymLinks
            AddHandler cgi-script cgi

            PerlAccessHandler Apache::Authn::Redmine::access_handler
            PerlAuthenHandler Apache::Authn::Redmine::authen_handler

        AuthType Basic
        AuthName "wantedpixel.com git repositories" 
        Require valid-user

        RedmineDSN "DBI:mysql:database=redmineprod;host=127.0.0.1" 
        RedmineDbUser "redmineprod" 
        RedmineDbPass "xxxxxx" 
        RedmineGitSmartHttp yes
    </location>

    <Location /svn>
        DAV svn
        # this must be the path you give to reposman with -s,--svn-dir argument
        SVNParentPath "/opt/nfs-share/redmine/repositories" 

        # Repository Display Name
        SVNReposName "Subversion Repository" 

        # If a client tries to svn update which involves updating many files,
             # the update request might result in an error Server sent unexpected
        # return value (413 Request  Entity Too Large) in response to REPORT
             # request,because the size of the update request exceeds the limit
             # allowed by the server. You can avoid this error by disabling the
             # request size limit by adding the line LimitXMLRequestBody 0
             # between the <Location...> and </Location> lines. 
             LimitXMLRequestBody 0

        # Only check Authentication for root path, nor again for recursive
             # folder.
             # Redmine core does only permit access on repository level, so this
             # doesn't hurt security. On the other hand it does boost performance
             # a lot!
             SVNPathAuthz off

        PerlAccessHandler Apache::Authn::Redmine::access_handler
             PerlAuthenHandler Apache::Authn::Redmine::authen_handler
             AuthType Basic
             AuthName "wantedpixel.com Subversion Repository" 
        Require valid-user

        #read-only access    
             <Limit GET PROPFIND OPTIONS REPORT>
                <RequireAny>   
            Require valid-user
                    Require ip 127.0.0.1
            </RequireAny>
                 #Satisfy any
             </Limit>

        # write access
             <LimitExcept GET PROPFIND OPTIONS REPORT>
                      Require valid-user
             </LimitExcept> 

        ## for mysql
        RedmineDSN "DBI:mysql:database=redmineprod;host=127.0.0.1" 

        RedmineDbUser "redmineprod" 
        RedmineDbPass "xxxxxxx" 
    </Location>
</VirtualHost>

Environment:
  Redmine version                2.6.0.stable.13759
  Ruby version                   2.1.3-p242 (2014-09-19) [i686-linux]
  Rails version                  3.2.21
  Environment                    production
  Database adapter               Mysql2
SCM:
  Subversion                     1.8.8
  Mercurial                      2.8.2
  Git                            2.2.2
  Filesystem                     
Redmine plugins:
  readme_at_repositories         0.2.1
  redmine_code_review            0.6.3
  redmine_embedded               0.0.2
  redmine_latex_mathjax          0.1.0
  redmine_scm                    0.5.0b
  redmine_video_macros           0.2.0
  redmine_wiki_extensions        0.6.4

Replies (3)

RE: Apache 2.4 git, subversion and public projects - Added by Sasha Harutyunyan over 6 years ago

Any update on this ? i have a same issue :(

RE: Apache 2.4 git, subversion and public projects - Added by Thimios Dimopulos about 5 years ago

In case others are interested, here is my current solution:

Redmine 3.2.0.stable.15067

Server Version: Apache/2.4.7 (Ubuntu) SVN/1.8.8 OpenSSL/1.0.1f

<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/apache.pem
        SSLCertificateKeyFile /etc/apache2/ssl/dev.key
    SSLCertificateChainFile /etc/apache2/ssl/chain.txt
    ServerAdmin thimios@wantedpixel.com

    DocumentRoot /var/www/production/public
    LogLevel warn
    ErrorLog /var/log/redmine/production/error.log
        CustomLog /var/log/redmine/production/access.log combined
    RailsEnv production

        <Directory /var/www/production/public>
                Options FollowSymLinks
                AllowOverride None
                Require all granted
        </Directory>

    # Secure repository management web service
    <Location /sys>
              Require host localhost
    </Location>

    PerlLoadModule Apache::Authn::Redmine
        PerlLoadModule Authen::Simple::LDAP

    # Enable Subversion logging
    CustomLog /var/log/redmine/production/svn.log "%t %u %{SVN-ACTION}e" env=SVN-ACTION

    SetEnv GIT_PROJECT_ROOT /opt/redmine/gitrepositories
    SetEnv GIT_HTTP_EXPORT_ALL

    ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
    <Location /git>
        Options ExecCGI FollowSymLinks
            AddHandler cgi-script cgi

            PerlAccessHandler Apache::Authn::Redmine::access_handler
            PerlAuthenHandler Apache::Authn::Redmine::authen_handler

        AuthType Basic
        AuthName "Redmine git repositories" 
        Require valid-user

        RedmineDSN "DBI:mysql:database=redmine;host=127.0.0.1" 
        RedmineDbUser "username" 
        RedmineDbPass "password" 
        RedmineGitSmartHttp yes
    </location>

    <Location /svn>
        DAV svn
        # this must be the path you give to reposman with -s,--svn-dir argument
        SVNParentPath "/opt/redmine/repositories" 

        # Repository Display Name
        SVNReposName "Subversion Repository" 

        # If a client tries to svn update which involves updating many files,
             # the update request might result in an error Server sent unexpected
        # return value (413 Request  Entity Too Large) in response to REPORT
             # request,because the size of the update request exceeds the limit
             # allowed by the server. You can avoid this error by disabling the
             # request size limit by adding the line LimitXMLRequestBody 0
             # between the <Location...> and </Location> lines. 
             LimitXMLRequestBody 0

        # Only check Authentication for root path, nor again for recursive
             # folder.
             # Redmine core does only permit access on repository level, so this
             # doesn't hurt security. On the other hand it does boost performance
             # a lot!
             SVNPathAuthz off

        PerlAccessHandler Apache::Authn::Redmine::access_handler
             PerlAuthenHandler Apache::Authn::Redmine::authen_handler
             AuthType Basic
             AuthName "Subversion Repository" 
        AuthUserFile /dev/null

        #read-only access    
             <Limit GET PROPFIND OPTIONS REPORT>
                <RequireAny>   
            Require valid-user
                    Require ip 127.0.0.1
            </RequireAny>
             </Limit>

        # write access
             <LimitExcept GET PROPFIND OPTIONS REPORT>
                      Require valid-user
             </LimitExcept> 

        ## for mysql
        RedmineDSN "DBI:mysql:database=redmine;host=127.0.0.1" 

        RedmineDbUser "username" 
        RedmineDbPass "password" 
    </Location>
</VirtualHost>

RE: Apache 2.4 git, subversion and public projects - Added by Joern Koerner over 4 years ago

Hi

I've the same problem and a nearly identical config but in your config I cannot see finally what's the the trick you got the public git repository working.

Thanks in advance

(1-3/3)