Repositories access control with apache mod dav svn and mod perl » History » Revision 2
Revision 1 (Nicolas Chuche, 2007-11-18 21:07) → Revision 2/47 (Nicolas Chuche, 2007-11-18 21:13)
h1. Repositories access control with apache mod dav svn and mod perl
{{>TOC}}
h2. overview
In this documentation, we will configure apache to delegate
authentication to mod_perl. It's tested on apache2 with mysql and
postgresql but should work with allmost every databases for which
there is a perl DBD module.
You need a Redmine re. 860 or later. If your Redmine is older than re .916, download "Redmine.pm":http://redmine.rubyforge.org/svn/trunk/extra/svn/Redmine.pm
You need to have a working apache on your SVN server and you must
install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the
DBD driver for you database as it should work on allmost all
databases).
On Debian/ubuntu you must do :
<pre>
aptitude install libapache2-svn libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl
</pre>
h2. enabling apache modules
On debian/ubuntu :
<pre>
a2enmod dav
a2enmod dav_svn
a2enmod perl
</pre>
h2. apache configuration
You need to copy "Redmine.pm" on your svn server and
add something like that to your apache configuration (for example in @/etc/APACHE_DIR/conf.d/@
You must change the Redmine.pm path and database informations to fit your needs.
<pre>
PerlRequire /usr/local/apache/Redmine.pm
<Location /svn>
DAV svn
SVNParentPath "/var/svn"
AuthType Basic
AuthName redmine
Require valid-user
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
## for mysql
PerlSetVar dsn DBI:mysql:database=databasename;host=my.db.server
## for postgres
# PerlSetVar dsn DBI:Pg:dbname=databasename;host=my.db.server
PerlSetVar db_user redmine
PerlSetVar db_pass password
</Location>
# a private location in read only mode to allow Redmine browsing
<Location /svn-private>
DAV svn
SVNParentPath "/var/svn"
Order deny,allow
Deny from all
# only allow reading orders
<Limit GET PROPFIND OPTIONS REPORT>
Allow from redmine.server.ip
</Limit>
</Location>
</pre>
It will add add two Location directives, one /svn with authentication
and access control against the Redmine database for users and one
/svn-private in read-only with ip limitation for Redmine browsing.
And that's done. You can try to browse some public repository with :
<pre>
svn ls http://my.svn.server/svn/myproject
</pre>
If you try to browse some non public repository, it will ask you a password.