Server Config: Difference between revisions
Some minor textual updates |
|||
| (11 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:Netlabs]] | |||
==FreeBSD== | ==FreeBSD== | ||
===Apache2=== | ===Apache2=== | ||
* port: <tt>www/apache2</tt> | * port: <tt>www/apache2</tt> | ||
* make: <tt>make WITH_BERKELEYDB=db42 WITH_LDAP_MODULES=yes</tt> | * make: <tt>make WITH_BERKELEYDB=db42 WITH_LDAP_MODULES=yes WITH_THREADS=yes</tt> | ||
===Subversion=== | ===Subversion=== | ||
| Line 15: | Line 16: | ||
* http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4 | * http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4 | ||
Make sure you read the most recent version | Make sure you read the most recent version. (1.1 might be depricated) | ||
The modules on FreeBSD can be found in <tt>/usr/local/libexec/apache2</tt> | The modules on FreeBSD can be found in <tt>/usr/local/libexec/apache2</tt> | ||
* ACLs: http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4.4.2 | * ACLs: http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-6-sect-4.4.2 | ||
====SSL & LDAP==== | |||
To get https to work, you have to include the ssl.conf part from the Apache config file. It won't work without some lines in there. However, you can kill the vhost section in there. We replace that with our own version: | |||
<pre> | |||
<VirtualHost *:443> | |||
# note that the DocumentRoot needs to be somewhere else than SVN!! | |||
# otherwise it will not work properly | |||
DocumentRoot "/usr/local/www" | |||
ServerName svn.bfh.ch | |||
ServerAlias svn.bfh.ch | |||
SSLEngine On | |||
SSLCertificateFile /etc/ssl/certs/svn.pem | |||
<Location /repos/staff> | |||
DAV svn | |||
SVNParentPath /data/svn/staff | |||
# anonymous access, is tried first and just works if we have a "* = r" pattern in the acl | |||
Satisfy Any | |||
Require valid-user | |||
# auth users, where to find usernames & permissions | |||
AuthType Basic | |||
AuthName "BFH Subversion repository" | |||
AuthzSVNAccessFile /data/svn/conf/bfh.acl | |||
AuthLDAPEnabled on | |||
AuthLDAPBindDN "cn=myuser,ou=myou,dc=example,dc=com" | |||
AuthLDAPBindPassword "blablabla" | |||
AuthLDAPAuthoritative on | |||
AuthLDAPURL ldap://myserver.example.com/dc=example,dc=com?uid?sub?(objectClass=*) | |||
</Location> | |||
</pre> | |||
Mind the <tt>SSL*</tt> statements in there. If you included <tt>ssl.conf</tt> this should be the only thing needed to get it to work. When you get an error that <tt>PROPFIND</tt> doesn't work with https, you screwed something in the SSL config. At least it works just fine with plain http. | |||
Next step is LDAP, instead of an <tt>AuthUserFile</tt> you can use a directory server. Adjust the <tt>AuthLDAP*</tt> variables to your need and it should work just fine. Note, that in this setup, we don't use ldaps. In case you want to do that you have to provide a trusted CA. Check the [http://httpd.apache.org/docs/2.0/mod/mod_ldap.html Apache docs] for more information about that. | |||
===TRAC config=== | ===TRAC config=== | ||
| Line 27: | Line 65: | ||
* make: <tt>make</tt> | * make: <tt>make</tt> | ||
After the install you will have a mod_python in <tt>/usr/local/libexec/apache2</tt>. Load this module in Apache2 according to the output you get during the install of the module. | After the install, you will have a mod_python in <tt>/usr/local/libexec/apache2</tt>. Load this module in Apache2 according to the output you get during the install of the module. | ||
Now install TRAC: | |||
* port: <tt>www/trac</tt> | |||
* make: <tt>make</tt>, enable both extensions | |||
Next step is to configure mod_python for use with TRAC: | |||
* http://projects.edgewall.com/trac/wiki/TracModPython | |||
Now create a TRAC project with | Now create a TRAC project with | ||
| Line 36: | Line 81: | ||
* http://projects.edgewall.com/trac/wiki/TracInstall | * http://projects.edgewall.com/trac/wiki/TracInstall | ||
To configure Apache2 for multiple TRAC projects check: | To configure Apache2 for multiple TRAC projects, check: | ||
* http://projects.edgewall.com/trac/wiki/TracMultipleProjects | * http://projects.edgewall.com/trac/wiki/TracMultipleProjects | ||
To enable CSS you have to do some more tweaking. By default, the CSS directory gets handled by mod_python as well, which leads to plain ugly HTML pages. You can change this with this: | |||
<Location /trac> | |||
SetHandler none | |||
</Location> | |||
Add this to your Apache config and reload the page, it should look much better now. | |||
Most TRAC people recommend to use <tt>fsfs</tt> as backend for Subversion instead of <tt>bdb</tt>. You might read this document here and decide on your own: | Most TRAC people recommend to use <tt>fsfs</tt> as backend for Subversion instead of <tt>bdb</tt>. You might read this document here and decide on your own: | ||
* http://svn.collab.net/repos/svn/trunk/notes/fsfs | * http://svn.collab.net/repos/svn/trunk/notes/fsfs | ||
If you decide to do so simply initialize projects like this: | If you decide to do so, simply initialize projects like this: | ||
$ svnadmin create --fs-type=fsfs /path/to/svn_project_env | $ svnadmin create --fs-type=fsfs /path/to/svn_project_env | ||
If your <tt>svnadmin</tt> hangs on FreeBSD, consult [http://svnbook.red-bean.com/en/1.0/apb.html#svn-ap-b-sect-1.2.14 the manual], this [http://www.rayners.org/2003/12/freebsd_and_subversion.php blog entry] and this [http://people.freebsd.org/~dougb/randomness.html description]. | |||
====TRAC Hacks==== | |||
There are quite some plugins for TRAC that can be very handy, for example: | |||
* [http://projects.edgewall.com/trac/wiki/WebAdmin WebAdmin] | |||
* [http://trac-hacks.org/wiki/TicketDeletePlugin TicketDeletePlugin] | |||
* [http://trac.edgewall.org/browser/trunk/contrib/emailfilter.py Email Filter] - Handle incoming emails | |||
And more at http://trac-hacks.org | |||
Latest revision as of 20:40, 29 December 2006
FreeBSD
Apache2
- port: www/apache2
- make: make WITH_BERKELEYDB=db42 WITH_LDAP_MODULES=yes WITH_THREADS=yes
Subversion
- port: devel/subversion-python
- make: make -DWITH_MOD_DAV_SVN
Apache2 Subversion config
Basically you can take the following doc as reference:
Make sure you read the most recent version. (1.1 might be depricated)
The modules on FreeBSD can be found in /usr/local/libexec/apache2
SSL & LDAP
To get https to work, you have to include the ssl.conf part from the Apache config file. It won't work without some lines in there. However, you can kill the vhost section in there. We replace that with our own version:
<VirtualHost *:443>
# note that the DocumentRoot needs to be somewhere else than SVN!!
# otherwise it will not work properly
DocumentRoot "/usr/local/www"
ServerName svn.bfh.ch
ServerAlias svn.bfh.ch
SSLEngine On
SSLCertificateFile /etc/ssl/certs/svn.pem
<Location /repos/staff>
DAV svn
SVNParentPath /data/svn/staff
# anonymous access, is tried first and just works if we have a "* = r" pattern in the acl
Satisfy Any
Require valid-user
# auth users, where to find usernames & permissions
AuthType Basic
AuthName "BFH Subversion repository"
AuthzSVNAccessFile /data/svn/conf/bfh.acl
AuthLDAPEnabled on
AuthLDAPBindDN "cn=myuser,ou=myou,dc=example,dc=com"
AuthLDAPBindPassword "blablabla"
AuthLDAPAuthoritative on
AuthLDAPURL ldap://myserver.example.com/dc=example,dc=com?uid?sub?(objectClass=*)
</Location>
Mind the SSL* statements in there. If you included ssl.conf this should be the only thing needed to get it to work. When you get an error that PROPFIND doesn't work with https, you screwed something in the SSL config. At least it works just fine with plain http.
Next step is LDAP, instead of an AuthUserFile you can use a directory server. Adjust the AuthLDAP* variables to your need and it should work just fine. Note, that in this setup, we don't use ldaps. In case you want to do that you have to provide a trusted CA. Check the Apache docs for more information about that.
TRAC config
First install mod_python:
- port: www/mod_python3
- make: make
After the install, you will have a mod_python in /usr/local/libexec/apache2. Load this module in Apache2 according to the output you get during the install of the module.
Now install TRAC:
- port: www/trac
- make: make, enable both extensions
Next step is to configure mod_python for use with TRAC:
Now create a TRAC project with
$ trac-admin /path/to/trac_project_env initenv
As it can be found at:
To configure Apache2 for multiple TRAC projects, check:
To enable CSS you have to do some more tweaking. By default, the CSS directory gets handled by mod_python as well, which leads to plain ugly HTML pages. You can change this with this:
<Location /trac> SetHandler none </Location>
Add this to your Apache config and reload the page, it should look much better now.
Most TRAC people recommend to use fsfs as backend for Subversion instead of bdb. You might read this document here and decide on your own:
If you decide to do so, simply initialize projects like this:
$ svnadmin create --fs-type=fsfs /path/to/svn_project_env
If your svnadmin hangs on FreeBSD, consult the manual, this blog entry and this description.
TRAC Hacks
There are quite some plugins for TRAC that can be very handy, for example:
- WebAdmin
- TicketDeletePlugin
- Email Filter - Handle incoming emails
And more at http://trac-hacks.org