Repositories access control with apache mod dav svn and mod perl » History » Version 9
Nicolas Chuche, 2008-12-15 12:58
1 | 7 | Nicolas Chuche | h1. Repositories access control with apache mod dav svn and mod perl |
---|---|---|---|
2 | 1 | Nicolas Chuche | |
3 | 2 | Nicolas Chuche | {{>TOC}} |
4 | |||
5 | 4 | Jean-Philippe Lang | h2. Overview |
6 | 1 | Nicolas Chuche | |
7 | 3 | Jean-Philippe Lang | In this documentation, we will configure apache to delegate authentication to mod_perl. It's tested on apache2 with mysql and postgresql but should work with allmost every databases for which there is a perl DBD module. |
8 | 1 | Nicolas Chuche | |
9 | 3 | Jean-Philippe Lang | You need Redmine r860 or later. If your Redmine is older than r916, download "Redmine.pm":http://redmine.rubyforge.org/svn/trunk/extra/svn/Redmine.pm |
10 | 1 | Nicolas Chuche | |
11 | 4 | Jean-Philippe Lang | You need a working apache on your SVN server and you must install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the DBD driver for you database as it should work on allmost all databases). |
12 | 1 | Nicolas Chuche | |
13 | On Debian/ubuntu you must do : |
||
14 | |||
15 | 5 | Thomas Lecavelier | aptitude install libapache2-svn libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl libdigest-sha1-perl |
16 | 1 | Nicolas Chuche | |
17 | 4 | Jean-Philippe Lang | h2. Enabling apache modules |
18 | 1 | Nicolas Chuche | |
19 | On debian/ubuntu : |
||
20 | |||
21 | <pre> |
||
22 | a2enmod dav |
||
23 | a2enmod dav_svn |
||
24 | a2enmod perl |
||
25 | </pre> |
||
26 | |||
27 | 8 | Nicolas Chuche | h2. Apache configuration for subversion repositories and redmine 0.7.X and before |
28 | 1 | Nicolas Chuche | |
29 | 4 | Jean-Philippe Lang | You need to copy "Redmine.pm" on your SVN server and add something like that to your apache configuration (for example in @/etc/APACHE_DIR/conf.d/@) |
30 | 1 | Nicolas Chuche | |
31 | You must change the Redmine.pm path and database informations to fit your needs. |
||
32 | |||
33 | <pre> |
||
34 | PerlRequire /usr/local/apache/Redmine.pm |
||
35 | <Location /svn> |
||
36 | DAV svn |
||
37 | SVNParentPath "/var/svn" |
||
38 | |||
39 | AuthType Basic |
||
40 | AuthName redmine |
||
41 | Require valid-user |
||
42 | |||
43 | PerlAccessHandler Apache::Authn::Redmine::access_handler |
||
44 | PerlAuthenHandler Apache::Authn::Redmine::authen_handler |
||
45 | |||
46 | ## for mysql |
||
47 | PerlSetVar dsn DBI:mysql:database=databasename;host=my.db.server |
||
48 | ## for postgres |
||
49 | # PerlSetVar dsn DBI:Pg:dbname=databasename;host=my.db.server |
||
50 | |||
51 | PerlSetVar db_user redmine |
||
52 | PerlSetVar db_pass password |
||
53 | </Location> |
||
54 | |||
55 | 4 | Jean-Philippe Lang | # a private location in read only mode to allow Redmine browsing |
56 | <Location /svn-private> |
||
57 | DAV svn |
||
58 | SVNParentPath "/var/svn" |
||
59 | Order deny,allow |
||
60 | Deny from all |
||
61 | # only allow reading orders |
||
62 | <Limit GET PROPFIND OPTIONS REPORT> |
||
63 | Allow from redmine.server.ip |
||
64 | </Limit> |
||
65 | </Location> |
||
66 | 1 | Nicolas Chuche | </pre> |
67 | |||
68 | 3 | Jean-Philippe Lang | It will add add two Location directives, one @/svn@ with authentication and access control against the Redmine database for users and one @/svn-private@ in read-only with IP limitation for Redmine browsing. |
69 | 1 | Nicolas Chuche | |
70 | 3 | Jean-Philippe Lang | And that's done. You can try to browse some public repository with: |
71 | 1 | Nicolas Chuche | <pre> |
72 | svn ls http://my.svn.server/svn/myproject |
||
73 | </pre> |
||
74 | |||
75 | If you try to browse some non public repository, it will ask you a password. |
||
76 | 8 | Nicolas Chuche | |
77 | h2. Apache configuration for subversion repositories and redmine after 0.7.X |
||
78 | |||
79 | There's some difference in Redmine.pm so configuration is different. Everything else in the previous part works. |
||
80 | |||
81 | 9 | Nicolas Chuche | You first need to copy or link Redmine.pm to /usr/lib/perl5/Apache/Redmine.pm, then you add this configuration to apache : |
82 | 8 | Nicolas Chuche | <pre> |
83 | 9 | Nicolas Chuche | PerlLoadModule Apache::Redmine |
84 | 8 | Nicolas Chuche | <Location /svn> |
85 | DAV svn |
||
86 | SVNParentPath "/var/svn" |
||
87 | |||
88 | AuthType Basic |
||
89 | AuthName redmine |
||
90 | Require valid-user |
||
91 | |||
92 | PerlAccessHandler Apache::Authn::Redmine::access_handler |
||
93 | PerlAuthenHandler Apache::Authn::Redmine::authen_handler |
||
94 | |||
95 | ## for mysql |
||
96 | RedmineDSN "DBI:mysql:database=databasename;host=my.db.server" |
||
97 | ## for postgres |
||
98 | # RedmineDSN "DBI:Pg:dbname=databasename;host=my.db.server" |
||
99 | |||
100 | RedmineDbUser "redmine" |
||
101 | RedmineDbPass "password" |
||
102 | </Location> |
||
103 | </pre> |
||
104 | |||
105 | h2. Apache configuration for after redmine 0.7.X and git access |
||
106 | |||
107 | Now that reposman.rb can create git repositories, you can use Redmine.pm to access them the same way than subversion. The configuration you need to add look like this : |
||
108 | |||
109 | <pre> |
||
110 | Alias /git /var/git |
||
111 | |||
112 | 9 | Nicolas Chuche | PerlLoadModule Apache::Redmine |
113 | 8 | Nicolas Chuche | <Location /git> |
114 | DAV on |
||
115 | |||
116 | AuthType Basic |
||
117 | Require valid-user |
||
118 | AuthName "Git" |
||
119 | |||
120 | PerlAccessHandler Apache::Authn::Redmine::access_handler |
||
121 | PerlAuthenHandler Apache::Authn::Redmine::authen_handler |
||
122 | |||
123 | RedmineDSN "DBI:mysql:database=redmine;host=localhost" |
||
124 | RedmineDbUser "redmine" |
||
125 | RedmineDbPass "password" |
||
126 | </Location> |
||
127 | |||
128 | Alias /git-private /var/git |
||
129 | |||
130 | <Location /git-private> |
||
131 | Order deny,allow |
||
132 | Deny from all |
||
133 | <Limit GET PROPFIND OPTIONS REPORT> |
||
134 | Options Indexes FollowSymLinks MultiViews |
||
135 | Allow from 127.0.0.1 |
||
136 | </Limit> |
||
137 | </Location> |
||
138 | </pre> |
||
139 | |||
140 | To verify that you can access repository through Redmine.pm, you can use curl : |
||
141 | <pre> |
||
142 | % curl --netrc --location http://localhost/git/ecookbook/HEAD |
||
143 | ref: refs/heads/master |
||
144 | </pre> |