pmeerw's blog
pmeerw's blog
Goal is to set up private a SVN
and Mediawiki accessible via SSL
after user authentication only (on Ubuntu Linux).
For authentication, the existing system users/groups should be used for both services, i.e. users in group svn should be permitted to access the SVN repository, users in group wiki are allowed to see and edit the Wiki.
Securing MediaWiki can be done using the HttpAuth extension.
Here is the relevant configuration in LocalSettings.php:
session_start();
if ((!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['REMOTE_USER'])) || $_COOKIE['fpwiki_en_UserID']) {
require_once("$IP/extensions/HttpAuthPlugin.php");
$wgAuth = new HttpAuthPlugin();
$wgHooks['AutoAuthenticate'][] = array($wgAuth, 'autoAuthenticate');
}
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgShowIPinHeader = false;
$wgHooks['PersonalUrls'][] = 'DisableLogout';
function DisableLogout(&$personal_urls, $title) {
$personal_urls['logout'] = null;
return true;
}
Of course, access to the Wiki has to be controlled in Apache:
<Location /wiki>
SSLRequireSSL
AuthType Basic
AuthName "MediaWiki"
AuthBasicProvider external
AuthExternal pwauth
Require group wiki
</Location>
See my notes on the setup of mod_authnz_external for user authentication.
Don't forget to restrict access to /var/lib/mediawiki/config to localhost and specify parameters for mod_authnz_external so it finds pwauth
AddExternalAuth pwauth /usr/local/bin/pwauth SetExternalAuthMethod pwauth pipeConfiguration of SVN is rather simple: put the following in
/etc/apache2/mods-available/dav_svn.conf:
SSLRequireSSL
AuthType Basic
AuthName "Subversion Repositories"
AuthBasicProvider external
AuthExternal pwauth
Require group svn
Here are the relevant files. Use with care!
posted at: 21:33 | path: /configuration | permanent link
