HowTo configure Redmine for advanced git integration » History » Version 25

Vladimir Skubriev, 2013-10-04 08:07

1 1 Felix Schäfer
h1. HowTo configure Redmine for advanced git integration
2 1 Felix Schäfer
3 3 Felix Schäfer
{{>TOC}}
4 3 Felix Schäfer
5 1 Felix Schäfer
h2. Scope
6 1 Felix Schäfer
7 21 Mr. DTTH
_Install on Centos 6.x_
8 21 Mr. DTTH
9 17 Mr. DTTH
This HowTo explains how to serve git repositories on apache through the http-based "git-smart-http protocol":http://progit.org/2010/03/04/smart-http.html introduced in git 1.6.6. 
10 1 Felix Schäfer
11 17 Mr. DTTH
The git-smart-http offers various advantages over ssh or git-based access: you can use redmine access control as-is, no need for extra ssh keys or whatnot, you can secure it through SSL as needed, and there's generally less problems with firewalls and https/https ports than exist with ssh and git ports. git-smart-http also doesn't have some of the drawbacks of its "dumb" predecessor, as it doesn't require any complex DAV setup.
12 1 Felix Schäfer
13 17 Mr. DTTH
This HowTo is mainly written from memory and was conducted on a setup which was already serving [[Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl|svn repositories integrated with redmine]], so it might be possible that I forgot some things or take them for granted. 
14 17 Mr. DTTH
15 17 Mr. DTTH
This is a wiki page, feel free to correct or amend anything you find lacking :-) You can also "drop me a line":/users/3866.
16 17 Mr. DTTH
17 7 Felix Schäfer
Another option to integrate grack with redmine is the "modified grack+redmine plugin":http://github.com/friflaj/redmine_grack or "any other grack modified for redmine":http://github.com/search?q=grack&type=Everything&repo=&langOverride=&start_value=1, though those ones lack documentation and I haven't tried them, so I can't say much about those.
18 1 Felix Schäfer
19 1 Felix Schäfer
h2. Prerequisites
20 1 Felix Schäfer
21 1 Felix Schäfer
* Apache with mod_perl (access control)
22 1 Felix Schäfer
* git (version at least 1.6.6)
23 1 Felix Schäfer
* A way to serve git-smart-http
24 10 Hallison Vasconcelos Batista
** mod_cgi (or mod_cgid) if you want to use the stock "git-http-backend":http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html
25 1 Felix Schäfer
** a rack server if you want to use "grack":http://github.com/schacon/grack (basically a rack wrapper around the right git commands) or
26 10 Hallison Vasconcelos Batista
"git-webby":http://git.io/BU7twg (another implementation based on grack but written in Sinatra).
27 1 Felix Schäfer
28 17 Mr. DTTH
You should already have a rack server to run redmine, and that's why I chose grack as the backend and which I will describe in this tutorial. 
29 1 Felix Schäfer
30 17 Mr. DTTH
Using the stock git-http-backend should be quite straightforward though (skip the [[HowTo_configure_Redmine_for_advanced_git_integration#Install-grack|grack installation]] part and get your install with the git-http-backend going (the "git-http-backend manpage":http://www.kernel.org/pub/software/scm/git/docs/git-http-backend.html has some examples), when that's done go on with the [[HowTo_configure_Redmine_for_advanced_git_integration#Access-control|access control]] part).
31 17 Mr. DTTH
32 20 Mr. DTTH
h2. Install Git
33 20 Mr. DTTH
34 20 Mr. DTTH
<pre><code class="bash">
35 20 Mr. DTTH
yum install git
36 20 Mr. DTTH
</code></pre>
37 20 Mr. DTTH
38 2 Felix Schäfer
h2. Install grack
39 1 Felix Schäfer
40 3 Felix Schäfer
h3. Get the sources
41 2 Felix Schäfer
42 19 Mr. DTTH
Fetch grack from its "github repository":http://github.com/schacon/grack, I checked out mine to @/var/www/grack@
43 1 Felix Schäfer
44 19 Mr. DTTH
<pre><code class="bash">
45 19 Mr. DTTH
cd /var/www
46 19 Mr. DTTH
git clone http://github.com/schacon/grack.git
47 19 Mr. DTTH
</code></pre>
48 1 Felix Schäfer
49 18 Mr. DTTH
And create a directory for repositories :
50 18 Mr. DTTH
51 18 Mr. DTTH
<pre><code class="bash">
52 1 Felix Schäfer
mkdir /opt/repositories
53 21 Mr. DTTH
mkdir /opt/repositories/git
54 18 Mr. DTTH
chown -R apache:apache /opt/repositories/git
55 18 Mr. DTTH
</code></pre>
56 18 Mr. DTTH
57 2 Felix Schäfer
h3. Configuration
58 2 Felix Schäfer
59 2 Felix Schäfer
Edit the @config.ru@ file and adapt it to your local configuration. @project_root@ must contain the path to the directory containing your git repositories, @git_path@ must obviously contain the path to the git, mine looks like this (on gentoo):
60 1 Felix Schäfer
61 21 Mr. DTTH
<pre><code class="bash">
62 21 Mr. DTTH
vi /var/www/grack/config.ru
63 21 Mr. DTTH
</code></pre>
64 21 Mr. DTTH
65 21 Mr. DTTH
And edit file :
66 21 Mr. DTTH
67 2 Felix Schäfer
<pre><code class="ruby">$LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__) + '/lib')
68 1 Felix Schäfer
69 2 Felix Schäfer
use Rack::ShowExceptions
70 1 Felix Schäfer
71 18 Mr. DTTH
require 'grack'
72 1 Felix Schäfer
73 18 Mr. DTTH
require 'git_adapter'
74 2 Felix Schäfer
75 18 Mr. DTTH
config = {
76 18 Mr. DTTH
  :project_root => "/opt/repositories/git",
77 2 Felix Schäfer
  :git_path => '/usr/bin/git',
78 2 Felix Schäfer
  :upload_pack => true,
79 1 Felix Schäfer
  :receive_pack => true,
80 1 Felix Schäfer
}
81 1 Felix Schäfer
82 21 Mr. DTTH
run GitHttp::App.new(config)
83 21 Mr. DTTH
</code></pre>
84 3 Felix Schäfer
85 24 Vladimir Skubriev
If you use the latest version of grack, then may be this config.ru file is usable
86 24 Vladimir Skubriev
87 24 Vladimir Skubriev
88 24 Vladimir Skubriev
<pre><code class="ruby">
89 24 Vladimir Skubriev
90 24 Vladimir Skubriev
$LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__) + '/lib')
91 24 Vladimir Skubriev
92 24 Vladimir Skubriev
use Rack::ShowExceptions
93 24 Vladimir Skubriev
94 24 Vladimir Skubriev
require 'grack'
95 24 Vladimir Skubriev
96 24 Vladimir Skubriev
require 'git_adapter'
97 24 Vladimir Skubriev
98 24 Vladimir Skubriev
config = {
99 24 Vladimir Skubriev
  :project_root => "/opt/repositories/git",
100 24 Vladimir Skubriev
  :git_path => '/usr/bin/git',
101 24 Vladimir Skubriev
  :upload_pack => true,
102 24 Vladimir Skubriev
  :receive_pack => true,
103 24 Vladimir Skubriev
  :adapter => Grack::GitAdapter,
104 24 Vladimir Skubriev
}
105 24 Vladimir Skubriev
106 24 Vladimir Skubriev
run Grack::App.new(config)
107 24 Vladimir Skubriev
108 24 Vladimir Skubriev
</code></pre>
109 24 Vladimir Skubriev
110 25 Vladimir Skubriev
Don't forget to install dependencies of grack
111 25 Vladimir Skubriev
<pre><code class="bash">
112 25 Vladimir Skubriev
$ cd /var/www/grack
113 25 Vladimir Skubriev
$ bundle install
114 25 Vladimir Skubriev
</code></pre>
115 25 Vladimir Skubriev
116 1 Felix Schäfer
h3. Integrate with Apache
117 1 Felix Schäfer
118 17 Mr. DTTH
You could obviously use any rack server you like at this point, but the access control mechanism @Redmine.pm@ is written for apache with mod_perl, so you will at least need to reverse proxy your rack server through apache. 
119 1 Felix Schäfer
120 17 Mr. DTTH
My rack server of choice is "passenger":http://modrails.com/ (solid performance, apache module, mostly simple configuration) and it is already configured on my system. 
121 17 Mr. DTTH
122 17 Mr. DTTH
As passenger installation and configuration is not within the scope of this HowTo, please refer to the "passenger documentation":http://modrails.com/documentation.html or to the passenger installation guide from your distribution.
123 17 Mr. DTTH
124 17 Mr. DTTH
There's a little more work to do here to get passenger to work with this, you will need to create the directories @public@ and @tmp@ in the grack directory. 
125 1 Felix Schäfer
126 1 Felix Schäfer
Please also be aware that in the standard configuration, passenger will run the grack application with the same user and group owning the @config.ru@ file. This user must have read- and write-access as needed to the git repositories!
127 1 Felix Schäfer
128 21 Mr. DTTH
Create directories 'public' and 'tmp' in /var/www/grack for apache :
129 21 Mr. DTTH
130 21 Mr. DTTH
<pre><code class="bash">
131 21 Mr. DTTH
cd /var/www/grack
132 21 Mr. DTTH
mkdir public
133 21 Mr. DTTH
mkdir tmp
134 21 Mr. DTTH
chown -R apache:apache /var/www/grack
135 21 Mr. DTTH
</code></pre>
136 21 Mr. DTTH
137 21 Mr. DTTH
Edit config file "/etc/httpd/conf/httpd.conf" for support multi virtualhost by remove comment :
138 21 Mr. DTTH
139 21 Mr. DTTH
<pre><code class="bash">
140 21 Mr. DTTH
NameVirtualHost *:80
141 21 Mr. DTTH
</code></pre>
142 21 Mr. DTTH
143 21 Mr. DTTH
Create a file virtualhost :
144 21 Mr. DTTH
145 21 Mr. DTTH
<pre><code class="bash">
146 21 Mr. DTTH
vi /etc/httpd/conf.d/git.conf
147 21 Mr. DTTH
</code></pre>
148 21 Mr. DTTH
149 22 Mr. DTTH
with text :
150 1 Felix Schäfer
151 22 Mr. DTTH
<pre><code class="apache">
152 22 Mr. DTTH
<VirtualHost *:80>
153 22 Mr. DTTH
    ServerName git.yourdomain.com
154 22 Mr. DTTH
    DocumentRoot "/var/www/grack/public"
155 22 Mr. DTTH
    <Directory "/var/www/grack/public">
156 1 Felix Schäfer
        Options None
157 1 Felix Schäfer
        AllowOverride None
158 22 Mr. DTTH
        <IfVersion < 2.3 >
159 1 Felix Schäfer
        Order allow,deny
160 1 Felix Schäfer
        Allow from all
161 22 Mr. DTTH
        </IfVersion>
162 22 Mr. DTTH
        <IfVersion >= 2.3>
163 22 Mr. DTTH
        Require all granted
164 22 Mr. DTTH
        </IfVersion>
165 22 Mr. DTTH
     </Directory>
166 22 Mr. DTTH
 </VirtualHost>
167 22 Mr. DTTH
</code></pre>
168 2 Felix Schäfer
169 22 Mr. DTTH
In controlpanel DNS record at domain name page, create a subdomain with name "git.yourdomain.com" and point to your IP server.
170 2 Felix Schäfer
171 22 Mr. DTTH
At this point, if you have a repository in "/opt/repositories/git/myrepo", you should be able to access it through "http://git.yourdomain.com/myrepo", for example :
172 2 Felix Schäfer
173 22 Mr. DTTH
Use a git client as Gitbash or TortoiseGit to clone repos :
174 22 Mr. DTTH
175 22 Mr. DTTH
<pre><code class="apache">
176 22 Mr. DTTH
git clone http://git.yourdomain.com/myrepo
177 22 Mr. DTTH
</code></pre>
178 22 Mr. DTTH
179 22 Mr. DTTH
If it successful, git on server and connection is very good!
180 3 Felix Schäfer
181 3 Felix Schäfer
h2. Access control
182 3 Felix Schäfer
183 3 Felix Schäfer
You now have a working git server, albeit with no access control. Currently, the shipped perl module for access control @Redmine.pm@ (in @extra/svn/@ in your redmine directory) does not support access control for the git-smart-http protocol, the patch in #4905 aims to implement that.
184 3 Felix Schäfer
185 11 Gregory Bartholomew
h3. Applying the patch
186 1 Felix Schäfer
187 23 Mr. DTTH
_If you are using Redmine >= 2.1.0, step over to Configuring Apache_
188 23 Mr. DTTH
189 3 Felix Schäfer
Download the latest (or better: correct) version of the patch from #4905 to your redmine directory. In the redmine directory, apply the patch: @patch -p1 < the-patch-file.patch@ should work (if it tells you stuff about being unable to apply a hunk, the patch is incompatible with your @Redmine.pm@ version, if it says other stuff, try @patch -p0 < the-patch-file.patch@ or @patch Redmine.pm < the-patch-file.patch@, if it still borks, ask for advice on #4905).
190 1 Felix Schäfer
191 1 Felix Schäfer
-You will possibly still need to edit the file from here, because the current version of the patch only works for repositories served from @http://git.myhost.com/git/myrepo@ though the above example uses @http://git.myhost.com/myrepo@.- This step isn't needed anymore, the patch has been updated to take the information from the @Location@ block from apache into account.
192 8 Felix Schäfer
193 3 Felix Schäfer
h3. Configuring Apache
194 17 Mr. DTTH
195 3 Felix Schäfer
You now have to make Apache aware of your new authentication module (if you already had done this step for subversion integration, you can go to the @Location@ directives directly). 
196 17 Mr. DTTH
197 17 Mr. DTTH
Copy or link @Redmine.pm@ (from your @extra/svn/@ directory) to @/usr/lib/perl5/Apache/Redmine.pm@ (ubuntu) or wherever your distribution puts its apache perl modules (e.g. gentoo puts them in @/usr/lib64/perl5/vendor_perl/5.8.8/Apache/@, fedora puts them in @/usr/lib64/perl5/vendor_perl/Apache/@).
198 3 Felix Schäfer
199 1 Felix Schäfer
Having done that, reload apache to make sure everything in the patching phase went well (if not, remove the link or the file create in the step just before and restart apache to get apache back up, try to find the error in your Redmine.pm file). Now edit your vhost configuration to look somewhat like (same as above but with more stuff):
200 1 Felix Schäfer
201 23 Mr. DTTH
<pre><code class="bash">
202 23 Mr. DTTH
vi /etc/httpd/conf.d/git.conf
203 23 Mr. DTTH
</code></pre>
204 1 Felix Schäfer
205 23 Mr. DTTH
with :
206 1 Felix Schäfer
207 23 Mr. DTTH
<pre><code class="bash">
208 1 Felix Schäfer
209 23 Mr. DTTH
<VirtualHost *:80>
210 23 Mr. DTTH
211 23 Mr. DTTH
    ServerName git.yourdomain.com
212 23 Mr. DTTH
213 23 Mr. DTTH
    DocumentRoot "/var/www/grack/public"
214 23 Mr. DTTH
215 23 Mr. DTTH
    <Directory "/var/www/grack/public">
216 23 Mr. DTTH
217 1 Felix Schäfer
        Options None
218 23 Mr. DTTH
219 1 Felix Schäfer
        AllowOverride None
220 23 Mr. DTTH
221 23 Mr. DTTH
        <IfVersion < 2.3 >
222 23 Mr. DTTH
223 1 Felix Schäfer
        Order allow,deny
224 23 Mr. DTTH
225 1 Felix Schäfer
        Allow from all
226 1 Felix Schäfer
227 23 Mr. DTTH
        </IfVersion>
228 1 Felix Schäfer
229 23 Mr. DTTH
        <IfVersion >= 2.3>
230 1 Felix Schäfer
231 23 Mr. DTTH
        Require all granted
232 1 Felix Schäfer
233 23 Mr. DTTH
        </IfVersion>
234 1 Felix Schäfer
235 23 Mr. DTTH
     </Directory>
236 23 Mr. DTTH
237 23 Mr. DTTH
     PerlLoadModule Apache::Redmine
238 23 Mr. DTTH
    <Directory "/var/www/grack/public">
239 23 Mr. DTTH
240 23 Mr. DTTH
        Options None
241 23 Mr. DTTH
242 23 Mr. DTTH
        AllowOverride None
243 23 Mr. DTTH
244 23 Mr. DTTH
        <IfVersion < 2.3 >
245 23 Mr. DTTH
246 23 Mr. DTTH
        Order allow,deny
247 23 Mr. DTTH
248 23 Mr. DTTH
        Allow from all
249 23 Mr. DTTH
250 23 Mr. DTTH
        </IfVersion>
251 23 Mr. DTTH
252 23 Mr. DTTH
        <IfVersion >= 2.3>
253 23 Mr. DTTH
254 23 Mr. DTTH
        Require all granted
255 23 Mr. DTTH
256 23 Mr. DTTH
        </IfVersion>
257 23 Mr. DTTH
258 23 Mr. DTTH
     </Directory>
259 23 Mr. DTTH
260 23 Mr. DTTH
     
261 23 Mr. DTTH
     <Location "/">
262 23 Mr. DTTH
263 23 Mr. DTTH
       AuthType Basic
264 23 Mr. DTTH
265 23 Mr. DTTH
       AuthName "Redmine git repositories"
266 23 Mr. DTTH
267 23 Mr. DTTH
       Require valid-user
268 23 Mr. DTTH
269 23 Mr. DTTH
       PerlAccessHandler Apache::Authn::Redmine::access_handler
270 23 Mr. DTTH
       PerlAuthenHandler Apache::Authn::Redmine::authen_handler
271 23 Mr. DTTH
   
272 23 Mr. DTTH
       RedmineDSN "DBI:mysql:database=your_database;host=localhost:3306"
273 23 Mr. DTTH
274 23 Mr. DTTH
       RedmineDbUser "user_database"
275 23 Mr. DTTH
       RedmineDbPass "password_database"       
276 23 Mr. DTTH
       RedmineGitSmartHttp yes
277 23 Mr. DTTH
     </Location>
278 23 Mr. DTTH
279 23 Mr. DTTH
 </VirtualHost>
280 23 Mr. DTTH
</code></pre>
281 23 Mr. DTTH
282 23 Mr. DTTH
Restart your apache, and everything should be good and well :-)
283 13 Gregory Bartholomew
284 13 Gregory Bartholomew
h2. Known issues
285 13 Gregory Bartholomew
286 13 Gregory Bartholomew
If you are using the stock git-http-backend directly under apache and you are finding errors like "Request not supported: '/git/your-git-repo'" in your apache error log, you may need to add "SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER" to the to the list of environment variables that you are setting in your apache configuration.  
287 13 Gregory Bartholomew
288 13 Gregory Bartholomew
Unfortionately, this setting may cause redmine to borke.  If so, you will need to set the variable for only the requests that are passed through git-http-backend.  One way to accomplish this is with mod_rewrite.  Below is a sample apache configuration from a Fedora 17 system that uses git-http-backend and mod_rewrite.
289 13 Gregory Bartholomew
290 13 Gregory Bartholomew
In httpd.conf:
291 13 Gregory Bartholomew
292 13 Gregory Bartholomew
<pre><code class="apache">Listen xxx.xxx.xxx.xxx:80
293 13 Gregory Bartholomew
<VirtualHost xxx.xxx.xxx.xxx:80>
294 13 Gregory Bartholomew
   DocumentRoot /var/www/redmine/public
295 13 Gregory Bartholomew
   ServerName servername.domain:80
296 13 Gregory Bartholomew
   Include conf/servername.conf
297 13 Gregory Bartholomew
</VirtualHost>
298 13 Gregory Bartholomew
299 13 Gregory Bartholomew
Listen xxx.xxx.xxx.xxx:443
300 13 Gregory Bartholomew
<VirtualHost xxx.xxx.xxx.xxx:443>
301 13 Gregory Bartholomew
   DocumentRoot /var/www/redmine/public
302 13 Gregory Bartholomew
   ServerName servername.domain:443
303 13 Gregory Bartholomew
   Include conf/servername.conf
304 13 Gregory Bartholomew
   Include conf/ssl.conf
305 13 Gregory Bartholomew
</VirtualHost></code></pre>
306 13 Gregory Bartholomew
307 13 Gregory Bartholomew
In servername.conf:
308 13 Gregory Bartholomew
309 13 Gregory Bartholomew
<pre><code class="apache">PerlLoadModule Apache::Authn::Redmine
310 13 Gregory Bartholomew
311 13 Gregory Bartholomew
SetEnv GIT_PROJECT_ROOT /git-1/repositories
312 13 Gregory Bartholomew
SetEnv GIT_HTTP_EXPORT_ALL
313 13 Gregory Bartholomew
314 13 Gregory Bartholomew
<IfModule mod_rewrite.c>
315 13 Gregory Bartholomew
   RewriteEngine On
316 15 Gregory Bartholomew
317 15 Gregory Bartholomew
   RewriteCond %{HTTPS} ^off$
318 15 Gregory Bartholomew
   RewriteCond %{REQUEST_URI} !^/git-private/
319 13 Gregory Bartholomew
   RewriteRule ^.*$ https://servername.domain$0 [R=301,L]
320 13 Gregory Bartholomew
   RewriteRule ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /git-1/repositories/$1 [L]
321 13 Gregory Bartholomew
   RewriteRule ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /git-1/repositories/$1 [L]
322 13 Gregory Bartholomew
   RewriteRule ^/git/(.*)$ /usr/libexec/git-core/git-http-backend/$1 [E=REMOTE_USER:$REDIRECT_REMOTE_USER,H=cgi-script,L]
323 13 Gregory Bartholomew
</IfModule>
324 13 Gregory Bartholomew
325 13 Gregory Bartholomew
<Directory /usr/libexec/git-core>
326 13 Gregory Bartholomew
   <Files "git-http-backend">
327 13 Gregory Bartholomew
      Options +ExecCGI
328 13 Gregory Bartholomew
   </Files>
329 13 Gregory Bartholomew
</Directory>
330 13 Gregory Bartholomew
331 13 Gregory Bartholomew
<Location /git>
332 13 Gregory Bartholomew
   AuthType Basic
333 14 Gregory Bartholomew
   AuthName "CAMPUS"
334 13 Gregory Bartholomew
   AuthBasicProvider external
335 13 Gregory Bartholomew
   AuthExternal pwauth
336 13 Gregory Bartholomew
   Require valid-user
337 13 Gregory Bartholomew
338 13 Gregory Bartholomew
   PerlAccessHandler Apache::Authn::Redmine::access_handler
339 13 Gregory Bartholomew
   PerlAuthenHandler Apache::Authn::Redmine::authen_handler
340 13 Gregory Bartholomew
 
341 13 Gregory Bartholomew
   RedmineDSN "DBI:mysql:database=redmine;host=localhost" 
342 13 Gregory Bartholomew
   RedmineDbUser "redmine" 
343 13 Gregory Bartholomew
   # RedmineDbPass "password"
344 13 Gregory Bartholomew
   RedmineGitSmartHttp yes
345 13 Gregory Bartholomew
</Location>
346 13 Gregory Bartholomew
347 13 Gregory Bartholomew
Alias /git-private /git-1/repositories
348 13 Gregory Bartholomew
349 13 Gregory Bartholomew
<Location /git-private>
350 13 Gregory Bartholomew
   Order deny,allow
351 13 Gregory Bartholomew
   Deny from all
352 13 Gregory Bartholomew
   <Limit GET PROPFIND OPTIONS REPORT>
353 13 Gregory Bartholomew
      Options Indexes FollowSymLinks MultiViews
354 13 Gregory Bartholomew
      Allow from 127.0.0.1
355 13 Gregory Bartholomew
      Allow from localhost
356 13 Gregory Bartholomew
   </Limit>
357 13 Gregory Bartholomew
</Location>
358 13 Gregory Bartholomew
359 13 Gregory Bartholomew
<Directory "/var/www/redmine/public">
360 13 Gregory Bartholomew
   RailsEnv production
361 13 Gregory Bartholomew
   RailsBaseURI /
362 13 Gregory Bartholomew
363 13 Gregory Bartholomew
   Options -MultiViews
364 13 Gregory Bartholomew
   AllowOverride All
365 13 Gregory Bartholomew
</Directory></code></pre>
366 13 Gregory Bartholomew
367 13 Gregory Bartholomew
In conf/ssl.conf:
368 13 Gregory Bartholomew
369 13 Gregory Bartholomew
<pre><code class="apache">LogLevel warn
370 13 Gregory Bartholomew
SSLEngine on
371 13 Gregory Bartholomew
SSLProtocol all -SSLv2
372 13 Gregory Bartholomew
SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
373 13 Gregory Bartholomew
SSLCertificateFile /etc/pki/tls/certs/your-server.crt
374 13 Gregory Bartholomew
SSLCertificateKeyFile /etc/pki/tls/private/your-server.key
375 13 Gregory Bartholomew
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
376 13 Gregory Bartholomew
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
377 13 Gregory Bartholomew
378 13 Gregory Bartholomew
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
379 13 Gregory Bartholomew
    SSLOptions +StdEnvVars
380 13 Gregory Bartholomew
</Files>
381 13 Gregory Bartholomew
<Directory "/var/www/cgi-bin">
382 13 Gregory Bartholomew
    SSLOptions +StdEnvVars
383 13 Gregory Bartholomew
</Directory>
384 1 Felix Schäfer
385 1 Felix Schäfer
SetEnvIf User-Agent ".*MSIE.*" \
386 1 Felix Schäfer
         nokeepalive ssl-unclean-shutdown \
387 13 Gregory Bartholomew
         downgrade-1.0 force-response-1.0
388 13 Gregory Bartholomew
</code></pre>
389 13 Gregory Bartholomew
390 13 Gregory Bartholomew
In conf.d/ssl.conf:
391 13 Gregory Bartholomew
392 17 Mr. DTTH
<pre><code class="apache">LoadModule ssl_module modules/mod_ssl.so
393 17 Mr. DTTH
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
394 17 Mr. DTTH
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
395 13 Gregory Bartholomew
SSLSessionCacheTimeout  300
396 15 Gregory Bartholomew
SSLMutex default
397 13 Gregory Bartholomew
SSLRandomSeed startup file:/dev/urandom  256
398 13 Gregory Bartholomew
SSLRandomSeed connect builtin
399 1 Felix Schäfer
SSLCryptoDevice builtin
400 1 Felix Schäfer
</code></pre>
401 1 Felix Schäfer
402 1 Felix Schäfer
You will also need to have the perl modules Net::LDAP, Authen::Simple, and Authen::Simple::LDAP installed.  The first two are available in Fedora's default package repositories.  
403 1 Felix Schäfer
404 1 Felix Schäfer
The third must be installed after the other two and it must be obtained directly from cpan.  Below are the commands that I used to install these packages on Fedora 17.
405 1 Felix Schäfer
406 1 Felix Schäfer
yum -y install gcc make perl-LDAP perl-Authen-Simple
407 1 Felix Schäfer
cpan
408 1 Felix Schäfer
cpan> install Authen::Simple::LDAP