Repositories access control with apache mod dav svn and mod perl » History » Version 1
Nicolas Chuche, 2007-11-18 21:07
first release of mod_perl/mod_dav_svn authentication and access control
1 | 1 | Nicolas Chuche | h1. Repositories access control with apache mod dav svn and mod perl |
---|---|---|---|
2 | |||
3 | h2. overview |
||
4 | |||
5 | In this documentation, we will configure apache to delegate |
||
6 | authentication to mod_perl. It's tested on apache2 with mysql and |
||
7 | postgresql but should work with allmost every databases for which |
||
8 | there is a perl DBD module. |
||
9 | |||
10 | You need a Redmine re. 860 or later. If your Redmine is older than re .916, download "Redmine.pm":http://redmine.rubyforge.org/svn/trunk/extra/svn/Redmine.pm |
||
11 | |||
12 | You need to have a working apache on your SVN server and you must |
||
13 | install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the |
||
14 | DBD driver for you database as it should work on allmost all |
||
15 | databases). |
||
16 | |||
17 | On Debian/ubuntu you must do : |
||
18 | |||
19 | <pre> |
||
20 | aptitude install libapache2-svn libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl |
||
21 | </pre> |
||
22 | |||
23 | h2. enabling apache modules |
||
24 | |||
25 | On debian/ubuntu : |
||
26 | |||
27 | <pre> |
||
28 | a2enmod dav |
||
29 | a2enmod dav_svn |
||
30 | a2enmod perl |
||
31 | </pre> |
||
32 | |||
33 | h2. apache configuration |
||
34 | |||
35 | You need to copy "Redmine.pm" on your svn server and |
||
36 | add something like that to your apache configuration (for example in @/etc/APACHE_DIR/conf.d/@ |
||
37 | |||
38 | You must change the Redmine.pm path and database informations to fit your needs. |
||
39 | |||
40 | <pre> |
||
41 | PerlRequire /usr/local/apache/Redmine.pm |
||
42 | <Location /svn> |
||
43 | DAV svn |
||
44 | SVNParentPath "/var/svn" |
||
45 | |||
46 | AuthType Basic |
||
47 | AuthName redmine |
||
48 | Require valid-user |
||
49 | |||
50 | PerlAccessHandler Apache::Authn::Redmine::access_handler |
||
51 | PerlAuthenHandler Apache::Authn::Redmine::authen_handler |
||
52 | |||
53 | ## for mysql |
||
54 | PerlSetVar dsn DBI:mysql:database=databasename;host=my.db.server |
||
55 | ## for postgres |
||
56 | # PerlSetVar dsn DBI:Pg:dbname=databasename;host=my.db.server |
||
57 | |||
58 | PerlSetVar db_user redmine |
||
59 | PerlSetVar db_pass password |
||
60 | </Location> |
||
61 | |||
62 | # a private location in read only mode to allow Redmine browsing |
||
63 | <Location /svn-private> |
||
64 | DAV svn |
||
65 | SVNParentPath "/var/svn" |
||
66 | Order deny,allow |
||
67 | Deny from all |
||
68 | # only allow reading orders |
||
69 | <Limit GET PROPFIND OPTIONS REPORT> |
||
70 | Allow from redmine.server.ip |
||
71 | </Limit> |
||
72 | </Location> |
||
73 | </pre> |
||
74 | |||
75 | It will add add two Location directives, one /svn with authentication |
||
76 | and access control against the Redmine database for users and one |
||
77 | /svn-private in read-only with ip limitation for Redmine browsing. |
||
78 | |||
79 | And that's done. You can try to browse some public repository with : |
||
80 | <pre> |
||
81 | svn ls http://my.svn.server/svn/myproject |
||
82 | </pre> |
||
83 | |||
84 | If you try to browse some non public repository, it will ask you a password. |