Server Config

Apache2

 * port: www/apache2
 * make: make WITH_BERKELEYDB=db42 WITH_LDAP_MODULES=yes WITH_THREADS=yes

Subversion

 * port: devel/subversion-python
 * make: make -DWITH_MOD_DAV_SVN

Apache2 Subversion config
Basically you can take the following doc as reference:


 * http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4

Make sure you read the most recent version. (1.1 might be depricated)

The modules on FreeBSD can be found in /usr/local/libexec/apache2


 * ACLs: http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4.4.2

SSL & LDAP
To get https to work, you have to include the ssl.conf part from the Apache config file. It won't work without some lines in there. However, you can kill the vhost section in there. We replace that with our own version:

 # note that the DocumentRoot needs to be somewhere else than SVN!! # otherwise it will not work properly DocumentRoot "/usr/local/www" ServerName svn.bfh.ch       ServerAlias svn.bfh.ch        SSLEngine On        SSLCertificateFile /etc/ssl/certs/svn.pem

 DAV svn SVNParentPath /data/svn/staff

# anonymous access, is tried first and just works if we have a "* = r" pattern in the acl Satisfy Any Require valid-user

# auth users, where to find usernames & permissions AuthType Basic AuthName "BFH Subversion repository" AuthzSVNAccessFile /data/svn/conf/bfh.acl AuthLDAPEnabled on               AuthLDAPBindDN "cn=myuser,ou=myou,dc=example,dc=com" AuthLDAPBindPassword "blablabla" AuthLDAPAuthoritative on               AuthLDAPURL ldap://myserver.example.com/dc=example,dc=com?uid?sub?(objectClass=*) 

Mind the SSL* statements in there. If you included ssl.conf</tt> this should be the only thing needed to get it to work. When you get an error that PROPFIND</tt> doesn't work with https, you screwed something in the SSL config. At least it works just fine with plain http.

Next step is LDAP, instead of an AuthUserFile</tt> you can use a directory server. Adjust the AuthLDAP*</tt> variables to your need and it should work just fine. Note, that in this setup, we don't use ldaps. In case you want to do that you have to provide a trusted CA. Check the Apache docs for more information about that.

TRAC config
First install mod_python:


 * port: www/mod_python3</tt>
 * make: make</tt>

After the install, you will have a mod_python in /usr/local/libexec/apache2</tt>. Load this module in Apache2 according to the output you get during the install of the module.

Now install TRAC:
 * port: www/trac</tt>
 * make: make</tt>, enable both extensions

Next step is to configure mod_python for use with TRAC:
 * http://projects.edgewall.com/trac/wiki/TracModPython

Now create a TRAC project with

$ trac-admin /path/to/trac_project_env initenv

As it can be found at:
 * http://projects.edgewall.com/trac/wiki/TracInstall

To configure Apache2 for multiple TRAC projects, check:
 * http://projects.edgewall.com/trac/wiki/TracMultipleProjects

To enable CSS you have to do some more tweaking. By default, the CSS directory gets handled by mod_python as well, which leads to plain ugly HTML pages. You can change this with this:

<Location /trac> SetHandler none </Location>

Add this to your Apache config and reload the page, it should look much better now.

Most TRAC people recommend to use fsfs</tt> as backend for Subversion instead of bdb</tt>. You might read this document here and decide on your own:
 * http://svn.collab.net/repos/svn/trunk/notes/fsfs

If you decide to do so, simply initialize projects like this:

$ svnadmin create --fs-type=fsfs /path/to/svn_project_env

If your svnadmin</tt> hangs on FreeBSD, consult the manual, this blog entry and this description.

TRAC Hacks
There are quite some plugins for TRAC that can be very handy, for example:


 * WebAdmin
 * TicketDeletePlugin
 * Email Filter - Handle incoming emails

And more at http://trac-hacks.org