Repositories access control with apache mod dav svn and mod perl » History » Version 2
Nicolas Chuche, 2007-11-18 21:13
TOC
1 | 1 | Nicolas Chuche | h1. Repositories access control with apache mod dav svn and mod perl |
---|---|---|---|
2 | |||
3 | 2 | Nicolas Chuche | {{>TOC}} |
4 | |||
5 | 1 | Nicolas Chuche | h2. overview |
6 | |||
7 | In this documentation, we will configure apache to delegate |
||
8 | authentication to mod_perl. It's tested on apache2 with mysql and |
||
9 | postgresql but should work with allmost every databases for which |
||
10 | there is a perl DBD module. |
||
11 | |||
12 | You need a Redmine re. 860 or later. If your Redmine is older than re .916, download "Redmine.pm":http://redmine.rubyforge.org/svn/trunk/extra/svn/Redmine.pm |
||
13 | |||
14 | You need to have a working apache on your SVN server and you must |
||
15 | install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the |
||
16 | DBD driver for you database as it should work on allmost all |
||
17 | databases). |
||
18 | |||
19 | On Debian/ubuntu you must do : |
||
20 | |||
21 | <pre> |
||
22 | aptitude install libapache2-svn libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl |
||
23 | </pre> |
||
24 | |||
25 | h2. enabling apache modules |
||
26 | |||
27 | On debian/ubuntu : |
||
28 | |||
29 | <pre> |
||
30 | a2enmod dav |
||
31 | a2enmod dav_svn |
||
32 | a2enmod perl |
||
33 | </pre> |
||
34 | |||
35 | h2. apache configuration |
||
36 | |||
37 | You need to copy "Redmine.pm" on your svn server and |
||
38 | add something like that to your apache configuration (for example in @/etc/APACHE_DIR/conf.d/@ |
||
39 | |||
40 | You must change the Redmine.pm path and database informations to fit your needs. |
||
41 | |||
42 | <pre> |
||
43 | PerlRequire /usr/local/apache/Redmine.pm |
||
44 | <Location /svn> |
||
45 | DAV svn |
||
46 | SVNParentPath "/var/svn" |
||
47 | |||
48 | AuthType Basic |
||
49 | AuthName redmine |
||
50 | Require valid-user |
||
51 | |||
52 | PerlAccessHandler Apache::Authn::Redmine::access_handler |
||
53 | PerlAuthenHandler Apache::Authn::Redmine::authen_handler |
||
54 | |||
55 | ## for mysql |
||
56 | PerlSetVar dsn DBI:mysql:database=databasename;host=my.db.server |
||
57 | ## for postgres |
||
58 | # PerlSetVar dsn DBI:Pg:dbname=databasename;host=my.db.server |
||
59 | |||
60 | PerlSetVar db_user redmine |
||
61 | PerlSetVar db_pass password |
||
62 | </Location> |
||
63 | |||
64 | # a private location in read only mode to allow Redmine browsing |
||
65 | <Location /svn-private> |
||
66 | DAV svn |
||
67 | SVNParentPath "/var/svn" |
||
68 | Order deny,allow |
||
69 | Deny from all |
||
70 | # only allow reading orders |
||
71 | <Limit GET PROPFIND OPTIONS REPORT> |
||
72 | Allow from redmine.server.ip |
||
73 | </Limit> |
||
74 | </Location> |
||
75 | </pre> |
||
76 | |||
77 | It will add add two Location directives, one /svn with authentication |
||
78 | and access control against the Redmine database for users and one |
||
79 | /svn-private in read-only with ip limitation for Redmine browsing. |
||
80 | |||
81 | And that's done. You can try to browse some public repository with : |
||
82 | <pre> |
||
83 | svn ls http://my.svn.server/svn/myproject |
||
84 | </pre> |
||
85 | |||
86 | If you try to browse some non public repository, it will ask you a password. |