Server Installation/trac: Unterschied zwischen den Versionen
Aus Opennet
(→Konfiguration) |
|||
Zeile 38: | Zeile 38: | ||
* Admin Nutzer für Projektumgebung: | * Admin Nutzer für Projektumgebung: | ||
− | |||
trac-admin /var/www/trac/ | trac-admin /var/www/trac/ | ||
− | > permission add | + | > permission add <adminname>.client.on TRAC_ADMIN |
> exit | > exit | ||
* Einbindung in Apache Webserver: | * Einbindung in Apache Webserver: | ||
− | + | WSGIScriptAlias /trac /var/www/trac/cgi-bin/trac.wsgi | |
− | + | Alias /trac/chrome/ /var/www/trac/htdocs/ | |
− | + | <Directory /var/www/trac/cgi-bin/trac.wsgi> | |
WSGIApplicationGroup %{GLOBAL} | WSGIApplicationGroup %{GLOBAL} | ||
Order deny,allow | Order deny,allow | ||
Allow from all | Allow from all | ||
− | + | </Directory> | |
− | + | ||
− | + | * Login in Apache Webserver (HTTP als HTTPS-Redirect) | |
− | + | Redirect permanent /login https://dev.opennet-initiative.de/login | |
− | + | ||
− | + | * Login in Apache Webserver (HTTPS mit Client-Zertifikat) | |
− | + | <Location "/login"> | |
+ | # client cert auth | ||
+ | SSLVerifyClient optional | ||
+ | SSLVerifyDepth 3 | ||
+ | # forward auth to cgi | ||
+ | SSLUserName SSL_CLIENT_S_DN_CN | ||
+ | # allow specific cert CN | ||
+ | SSLRequire %{SSL_CLIENT_S_DN_CN} in {"<adminname1>.client.on","<adminname2>.client.on"} | ||
+ | # client cert error handling | ||
+ | RewriteEngine on | ||
+ | RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS | ||
+ | RewriteRule .? - [F] | ||
+ | ErrorDocument 403 "You need a certificate issued by Opennet Client Sub-CA to access this site." | ||
+ | </Location> | ||
* Anlegen eines Git Repositories: | * Anlegen eines Git Repositories: | ||
Zeile 73: | Zeile 85: | ||
** Site Logo setzen, Wiki Startseite bearbeiten | ** Site Logo setzen, Wiki Startseite bearbeiten | ||
+ | === Betrieb === | ||
+ | |||
+ | * Nutzer anlegen: Anmeldung erfolgt über [[Opennet CA]] Zertifikate der Client Sub-CA. Login in Apache Config erlauben u. Rechtevergabe per ''trac-admin''. | ||
[[Kategorie:Server]] | [[Kategorie:Server]] |
Version vom 25. April 2014, 14:16 Uhr
Software zum Betrieb von trac Umgebung (Hilfsmittel für Entwickler).
Installation
- Installation trac (incl. subversion)
- Installation trac-git (git Plugin)
- Installation libapache2-mod-wsgi (Apache Modul)
- Vorbereitung Verzeichnisse: mkdir /var/www/trac
Konfiguration
- Anlegen einer neuen Projektumgebung:
trac-admin /var/www/trac/ initenv Project name [My Project]> Opennet Development Database connection string [sqlite:db/trac.db]> trac-admin /var/www/trac/ deploy /tmp/trac mv /tmp/trac/* /var/www/trac/ chown -R www-data:www-data /var/www/trac/
- Konfiguration der Projektumgebung in /var/www/trac/conf/trac.ini
[components] webadmin.* = enabled tracext.git.* = enabled [notifications] email_sender = SendmailEmailSender smtp_from = admin@opennet-initiative.de smtp_from_name = Opennet Development smtp_replyto = admin@opennet-initiative.de [project] descr = Opennet Development footer = <a href="http://www.opennet-iniative.de/">Opennet Initiative e.V.</a> icon = site/favicon.ico url = https://dev.opennet-initiative.de [header_logo] alt = Opennet Development link = / src = site/Opennet_logo_quer.gif
- Admin Nutzer für Projektumgebung:
trac-admin /var/www/trac/ > permission add <adminname>.client.on TRAC_ADMIN > exit
- Einbindung in Apache Webserver:
WSGIScriptAlias /trac /var/www/trac/cgi-bin/trac.wsgi Alias /trac/chrome/ /var/www/trac/htdocs/ <Directory /var/www/trac/cgi-bin/trac.wsgi> WSGIApplicationGroup %{GLOBAL} Order deny,allow Allow from all </Directory>
- Login in Apache Webserver (HTTP als HTTPS-Redirect)
Redirect permanent /login https://dev.opennet-initiative.de/login
- Login in Apache Webserver (HTTPS mit Client-Zertifikat)
<Location "/login"> # client cert auth SSLVerifyClient optional SSLVerifyDepth 3 # forward auth to cgi SSLUserName SSL_CLIENT_S_DN_CN # allow specific cert CN SSLRequire %{SSL_CLIENT_S_DN_CN} in {"<adminname1>.client.on","<adminname2>.client.on"} # client cert error handling RewriteEngine on RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS RewriteRule .? - [F] ErrorDocument 403 "You need a certificate issued by Opennet Client Sub-CA to access this site." </Location>
- Anlegen eines Git Repositories:
mkdir /var/git/<on_projectname> cd /var/git/<on_projectname> git update-server-info cd hooks mv post-update.sample post-update
- nun via Trac Admin Webinterface in Projektumgebung einbinden sowie:
trac-admin /var/www/trac/ changeset added "<on_projectname>" echo "exec trac-admin /var/www/trac/ changeset added \"<on_projectname>\"" >> /var/git/<on_projectname>/hooks/post-update
- sonstige Trac Nacharbeiten:
- Berechtigungen TICKET_CREATE u. TICKET_APPEND für Anonymous erlauben
- Site Logo setzen, Wiki Startseite bearbeiten
Betrieb
- Nutzer anlegen: Anmeldung erfolgt über Opennet CA Zertifikate der Client Sub-CA. Login in Apache Config erlauben u. Rechtevergabe per trac-admin.