Repositories access control with apache mod dav svn and mod perl » History » Version 5
Thomas Lecavelier, 2007-12-22 18:00
Missing SHA1 dependency.
| 1 | 1 | Nicolas Chuche | h1. Repositories access control with apache mod dav svn and mod perl |
|---|---|---|---|
| 2 | |||
| 3 | 2 | Nicolas Chuche | {{>TOC}} |
| 4 | |||
| 5 | 4 | Jean-Philippe Lang | h2. Overview |
| 6 | 1 | Nicolas Chuche | |
| 7 | 3 | Jean-Philippe Lang | In this documentation, we will configure apache to delegate authentication to mod_perl. It's tested on apache2 with mysql and postgresql but should work with allmost every databases for which there is a perl DBD module. |
| 8 | 1 | Nicolas Chuche | |
| 9 | 3 | Jean-Philippe Lang | You need Redmine r860 or later. If your Redmine is older than r916, download "Redmine.pm":http://redmine.rubyforge.org/svn/trunk/extra/svn/Redmine.pm |
| 10 | 1 | Nicolas Chuche | |
| 11 | 4 | Jean-Philippe Lang | You need a working apache on your SVN server and you must install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the DBD driver for you database as it should work on allmost all databases). |
| 12 | 1 | Nicolas Chuche | |
| 13 | On Debian/ubuntu you must do : |
||
| 14 | |||
| 15 | 5 | Thomas Lecavelier | aptitude install libapache2-svn libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl libdigest-sha1-perl |
| 16 | 1 | Nicolas Chuche | |
| 17 | 4 | Jean-Philippe Lang | h2. Enabling apache modules |
| 18 | 1 | Nicolas Chuche | |
| 19 | On debian/ubuntu : |
||
| 20 | |||
| 21 | <pre> |
||
| 22 | a2enmod dav |
||
| 23 | a2enmod dav_svn |
||
| 24 | a2enmod perl |
||
| 25 | </pre> |
||
| 26 | |||
| 27 | 4 | Jean-Philippe Lang | h2. Apache configuration |
| 28 | 1 | Nicolas Chuche | |
| 29 | 4 | Jean-Philippe Lang | You need to copy "Redmine.pm" on your SVN server and add something like that to your apache configuration (for example in @/etc/APACHE_DIR/conf.d/@) |
| 30 | 1 | Nicolas Chuche | |
| 31 | You must change the Redmine.pm path and database informations to fit your needs. |
||
| 32 | |||
| 33 | <pre> |
||
| 34 | PerlRequire /usr/local/apache/Redmine.pm |
||
| 35 | <Location /svn> |
||
| 36 | DAV svn |
||
| 37 | SVNParentPath "/var/svn" |
||
| 38 | |||
| 39 | AuthType Basic |
||
| 40 | AuthName redmine |
||
| 41 | Require valid-user |
||
| 42 | |||
| 43 | PerlAccessHandler Apache::Authn::Redmine::access_handler |
||
| 44 | PerlAuthenHandler Apache::Authn::Redmine::authen_handler |
||
| 45 | |||
| 46 | ## for mysql |
||
| 47 | PerlSetVar dsn DBI:mysql:database=databasename;host=my.db.server |
||
| 48 | ## for postgres |
||
| 49 | # PerlSetVar dsn DBI:Pg:dbname=databasename;host=my.db.server |
||
| 50 | |||
| 51 | PerlSetVar db_user redmine |
||
| 52 | PerlSetVar db_pass password |
||
| 53 | </Location> |
||
| 54 | |||
| 55 | 4 | Jean-Philippe Lang | # a private location in read only mode to allow Redmine browsing |
| 56 | <Location /svn-private> |
||
| 57 | DAV svn |
||
| 58 | SVNParentPath "/var/svn" |
||
| 59 | Order deny,allow |
||
| 60 | Deny from all |
||
| 61 | # only allow reading orders |
||
| 62 | <Limit GET PROPFIND OPTIONS REPORT> |
||
| 63 | Allow from redmine.server.ip |
||
| 64 | </Limit> |
||
| 65 | </Location> |
||
| 66 | 1 | Nicolas Chuche | </pre> |
| 67 | |||
| 68 | 3 | Jean-Philippe Lang | It will add add two Location directives, one @/svn@ with authentication and access control against the Redmine database for users and one @/svn-private@ in read-only with IP limitation for Redmine browsing. |
| 69 | 1 | Nicolas Chuche | |
| 70 | 3 | Jean-Philippe Lang | And that's done. You can try to browse some public repository with: |
| 71 | 1 | Nicolas Chuche | <pre> |
| 72 | svn ls http://my.svn.server/svn/myproject |
||
| 73 | </pre> |
||
| 74 | |||
| 75 | If you try to browse some non public repository, it will ask you a password. |