Repositories access control with apache mod dav svn and mod perl » History » Version 4

« Previous - Version 4/47 (diff) - Next » - Current version
Jean-Philippe Lang, 2007-11-24 16:58


Repositories access control with apache mod dav svn and mod perl

Overview

In this documentation, we will configure apache to delegate authentication to mod_perl. It's tested on apache2 with mysql and postgresql but should work with allmost every databases for which there is a perl DBD module.

You need Redmine r860 or later. If your Redmine is older than r916, download Redmine.pm

You need a working apache on your SVN server and you must install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the DBD driver for you database as it should work on allmost all databases).

On Debian/ubuntu you must do :

aptitude install libapache2-svn libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl

Enabling apache modules

On debian/ubuntu :

a2enmod dav
a2enmod dav_svn
a2enmod perl

Apache configuration

You need to copy "Redmine.pm" on your SVN server and add something like that to your apache configuration (for example in /etc/APACHE_DIR/conf.d/)

You must change the Redmine.pm path and database informations to fit your needs.

   PerlRequire /usr/local/apache/Redmine.pm
   <Location /svn>
     DAV svn
     SVNParentPath "/var/svn" 

     AuthType Basic
     AuthName redmine
     Require valid-user

     PerlAccessHandler Apache::Authn::Redmine::access_handler
     PerlAuthenHandler Apache::Authn::Redmine::authen_handler

     ## for mysql
     PerlSetVar dsn DBI:mysql:database=databasename;host=my.db.server
     ## for postgres
     # PerlSetVar dsn DBI:Pg:dbname=databasename;host=my.db.server

     PerlSetVar db_user redmine
     PerlSetVar db_pass password
  </Location>

  # a private location in read only mode to allow Redmine browsing
  <Location /svn-private>
    DAV svn
    SVNParentPath "/var/svn" 
    Order deny,allow
    Deny from all
    # only allow reading orders
    <Limit GET PROPFIND OPTIONS REPORT>
      Allow from redmine.server.ip
    </Limit>
  </Location>

It will add add two Location directives, one /svn with authentication and access control against the Redmine database for users and one /svn-private in read-only with IP limitation for Redmine browsing.

And that's done. You can try to browse some public repository with:

svn ls http://my.svn.server/svn/myproject

If you try to browse some non public repository, it will ask you a password.