Monday, September 8, 2008

Configuring svn, trac, SSL under Ubuntu

Been working on setting up subversion, with trac and SSL - currently for evaluation purposes.

I’m not a developer at all, and although I respect that you can build everything from src, prefer not to.

Normally CentOS is the linux distribution I use, but frankly, it’s a hell of a hassle getting the dependancies sorted - quicksilver et al. I do have something running under it, but not especially happy with it. May return to look at it again later.

So, instead I’ve taken a quick look at Ubuntu 8.04 for it - server not desktop edition, so no GUI. In general, the installation and configuration process for this leaves something to be desired. The following *appears* to get it working for me. I’m not claiming it to be optimal or even “correct”. I’m also not looking at configuration of trac and subversion, just getting them installed and available.

The webserver itself (for my purposes) will also require php support, so going to add a bunch more packages for that.

I wish to use SSL to support https

I’m going to place both subversion repositories and trac pages on a seperate disk under a /subversion mount.
/subversion/repos - subversion
/subversion/trac - trac

Subversion repositories will be available as
Trac as

Trac is anonymous browsing enabled, authentication required for the login option. Subversion should require login anyway - yes, there’s no point having login required in subversion if you allow anonymous for the “browse source” option in trac - this is a test setup. It’s easy to modify the necessary apache directives to require authentication for all of trac.

Standard http pages may still be served out of the default

Firewall enabled, and SSH, http/https only allowed

# Firewall - I like to work with firewalls on at the start/at all times:
sudo ufw enable
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# check it
sudo ufw status 

# get some packages
sudo apt-get install subversion libapache2-svn apache2 python2.4-pysqlite2 python-clearsilver python-subversion

# get trac and install it
tar -xzf trac-0.10.4.tar.gz
cd trac-0.10.4 
sudo python install

# get some more php related packages
sudo apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-imagick php5-mcrypt php5-memcache php5-mhash php5-mysql php5-pspell php5-snmp php5-sqlite php5-xmlrpc php5-xsl

# Ensure relevent modules are loaded
sudo a2enmod ssl
sudo a2enmod php5

# Bounce apache after any changes
sudo /etc/init.d/apache2 restart

# I like to test that pages are being served, and .php is supported at this point

# Deal with SSL.
sudo mkdir /etc/apache2/ssl
sudo apt-get install ssl-cert
sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
	follow the text based wizard

As I want access to be via https only for trac and the repositories, ie /svnrepos and /trac, amend /etc/apache2/sites-available/default as follows (following the end of the default VirtualHost directives) :

NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on

SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLProtocol all

ScriptAlias /trac /usr/share/trac/cgi-bin/trac.cgi

<Location "/trac">
        SetEnv  TRAC_ENV_PARENT_DIR "/subversion/trac"

<LocationMatch "/trac/[^/]+/login">
        AuthType Basic
        AuthName "Trac"
        AuthUserFile /etc/svn-auth-conf2
        Require valid-user

<Location /svnrepos>
        DAV svn
        SVNParentPath /subversion/repos
        AuthType Basic
        AuthName "Subversion"
        AuthUserFile /etc/svn-auth-conf2
        Require valid-user


# /etc/svn-auth-conf2 is the file storing passwords created with 
sudo htpasswd -c -m /etc/svn-auth-conf2 username

I’m doing all my testing under VMware ESXi, so adding a 2nd disk is easier from a resources perspective. See my principles post for my reasons on a 2nd disk - separate system from data. This 2nd disk will appear as a SCSI disk - in my case /dev/sdb.

Use fdisk to create a partition - again, just accepting the defaults, which as a partition will be /dev/sdb1, and format as ext3

# Create mount point - /subversion and my directories /subversion/repos and /subversion/trac
sudo mkdir /subversion
sudo mkdir /subversion/trac /subversion/repos

# Add entry to /etc/fstab to mount on reboot.

# I create my svn repository in /subversion/repos with :
sudo svnadmin create repositoryname
# I set permissions
sudo chown -R www-data.www-data repositoryname

# I create the trac layout with :
sudo trac-admin repositoryname initenv
# And answer the questions posed
# I set permissions with
sudo chown -R www-data.www-data repositoryname