Repositories access control with apache mod dav svn and mod perl » History » Version 1
Nicolas Chuche, 2007-11-18 21:07
first release of mod_perl/mod_dav_svn authentication and access control
| 1 | 1 | Nicolas Chuche | h1. Repositories access control with apache mod dav svn and mod perl |
|---|---|---|---|
| 2 | |||
| 3 | h2. overview |
||
| 4 | |||
| 5 | In this documentation, we will configure apache to delegate |
||
| 6 | authentication to mod_perl. It's tested on apache2 with mysql and |
||
| 7 | postgresql but should work with allmost every databases for which |
||
| 8 | there is a perl DBD module. |
||
| 9 | |||
| 10 | You need a Redmine re. 860 or later. If your Redmine is older than re .916, download "Redmine.pm":http://redmine.rubyforge.org/svn/trunk/extra/svn/Redmine.pm |
||
| 11 | |||
| 12 | You need to have a working apache on your SVN server and you must |
||
| 13 | install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the |
||
| 14 | DBD driver for you database as it should work on allmost all |
||
| 15 | databases). |
||
| 16 | |||
| 17 | On Debian/ubuntu you must do : |
||
| 18 | |||
| 19 | <pre> |
||
| 20 | aptitude install libapache2-svn libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl |
||
| 21 | </pre> |
||
| 22 | |||
| 23 | h2. enabling apache modules |
||
| 24 | |||
| 25 | On debian/ubuntu : |
||
| 26 | |||
| 27 | <pre> |
||
| 28 | a2enmod dav |
||
| 29 | a2enmod dav_svn |
||
| 30 | a2enmod perl |
||
| 31 | </pre> |
||
| 32 | |||
| 33 | h2. apache configuration |
||
| 34 | |||
| 35 | You need to copy "Redmine.pm" on your svn server and |
||
| 36 | add something like that to your apache configuration (for example in @/etc/APACHE_DIR/conf.d/@ |
||
| 37 | |||
| 38 | You must change the Redmine.pm path and database informations to fit your needs. |
||
| 39 | |||
| 40 | <pre> |
||
| 41 | PerlRequire /usr/local/apache/Redmine.pm |
||
| 42 | <Location /svn> |
||
| 43 | DAV svn |
||
| 44 | SVNParentPath "/var/svn" |
||
| 45 | |||
| 46 | AuthType Basic |
||
| 47 | AuthName redmine |
||
| 48 | Require valid-user |
||
| 49 | |||
| 50 | PerlAccessHandler Apache::Authn::Redmine::access_handler |
||
| 51 | PerlAuthenHandler Apache::Authn::Redmine::authen_handler |
||
| 52 | |||
| 53 | ## for mysql |
||
| 54 | PerlSetVar dsn DBI:mysql:database=databasename;host=my.db.server |
||
| 55 | ## for postgres |
||
| 56 | # PerlSetVar dsn DBI:Pg:dbname=databasename;host=my.db.server |
||
| 57 | |||
| 58 | PerlSetVar db_user redmine |
||
| 59 | PerlSetVar db_pass password |
||
| 60 | </Location> |
||
| 61 | |||
| 62 | # a private location in read only mode to allow Redmine browsing |
||
| 63 | <Location /svn-private> |
||
| 64 | DAV svn |
||
| 65 | SVNParentPath "/var/svn" |
||
| 66 | Order deny,allow |
||
| 67 | Deny from all |
||
| 68 | # only allow reading orders |
||
| 69 | <Limit GET PROPFIND OPTIONS REPORT> |
||
| 70 | Allow from redmine.server.ip |
||
| 71 | </Limit> |
||
| 72 | </Location> |
||
| 73 | </pre> |
||
| 74 | |||
| 75 | It will add add two Location directives, one /svn with authentication |
||
| 76 | and access control against the Redmine database for users and one |
||
| 77 | /svn-private in read-only with ip limitation for Redmine browsing. |
||
| 78 | |||
| 79 | And that's done. You can try to browse some public repository with : |
||
| 80 | <pre> |
||
| 81 | svn ls http://my.svn.server/svn/myproject |
||
| 82 | </pre> |
||
| 83 | |||
| 84 | If you try to browse some non public repository, it will ask you a password. |