Repositories access control with apache mod dav svn and mod perl » History » Revision 5
Revision 4 (Jean-Philippe Lang, 2007-11-24 16:58) → Revision 5/47 (Thomas Lecavelier, 2007-12-22 18:00)
h1. Repositories access control with apache mod dav svn and mod perl
{{>TOC}}
h2. Overview
In this documentation, we will configure apache to delegate authentication to mod_perl. It's tested on apache2 with mysql and postgresql but should work with allmost every databases for which there is a perl DBD module.
You need Redmine r860 or later. If your Redmine is older than r916, download "Redmine.pm":http://redmine.rubyforge.org/svn/trunk/extra/svn/Redmine.pm
You need a working apache on your SVN server and you must install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the DBD driver for you database as it should work on allmost all databases).
On Debian/ubuntu you must do :
aptitude install libapache2-svn libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl libdigest-sha1-perl
h2. Enabling apache modules
On debian/ubuntu :
<pre>
a2enmod dav
a2enmod dav_svn
a2enmod perl
</pre>
h2. Apache configuration
You need to copy "Redmine.pm" on your SVN server and add something like that to your apache configuration (for example in @/etc/APACHE_DIR/conf.d/@)
You must change the Redmine.pm path and database informations to fit your needs.
<pre>
PerlRequire /usr/local/apache/Redmine.pm
<Location /svn>
DAV svn
SVNParentPath "/var/svn"
AuthType Basic
AuthName redmine
Require valid-user
PerlAccessHandler Apache::Authn::Redmine::access_handler
PerlAuthenHandler Apache::Authn::Redmine::authen_handler
## for mysql
PerlSetVar dsn DBI:mysql:database=databasename;host=my.db.server
## for postgres
# PerlSetVar dsn DBI:Pg:dbname=databasename;host=my.db.server
PerlSetVar db_user redmine
PerlSetVar db_pass password
</Location>
# a private location in read only mode to allow Redmine browsing
<Location /svn-private>
DAV svn
SVNParentPath "/var/svn"
Order deny,allow
Deny from all
# only allow reading orders
<Limit GET PROPFIND OPTIONS REPORT>
Allow from redmine.server.ip
</Limit>
</Location>
</pre>
It will add add two Location directives, one @/svn@ with authentication and access control against the Redmine database for users and one @/svn-private@ in read-only with IP limitation for Redmine browsing.
And that's done. You can try to browse some public repository with:
<pre>
svn ls http://my.svn.server/svn/myproject
</pre>
If you try to browse some non public repository, it will ask you a password.