Luigi is a passionate software developer working in Java since 2000. In 2001 he co-founded the Java User Group Torino, the first local JUG in Italy. Quickly after that, many other JUGs have born in Italy following JUG Torino's example. Since some years now, he is working as free lance software consultant between Italy, Germany, UK and Switzerland, on several industries. His personal interests include software, science fiction books and movies, traveling, photography and good food. Luigi is a DZone MVB and is not an employee of DZone and has posted 19 posts at DZone. You can read more from them at their website. View Full User Profile

Build your own development server with Apache, Subversion and Trac

09.15.2010
| 18311 views |
  • submit to reddit

Preface

This is one of the most appreciated articles coming from my blog; the original title is: Install Tutorial: Ubuntu 9.04, Apache with SSL, Subversion over HTTP / HTTPs, and Trac. Despite the fact that it's 1 year old now, I still receive appreciation comments; so I am pretty sure that following the instructions you'll have no big issues with the latests version available.

Trac is not very easy to install, as well as setting up Apache web server with https and integrating that with Subversion, and all together.
You may want to try to install this on a virtual machine, to make a "dry run", before releasing your development server in production. One thing that is missing for a developement server worthy of the name, is a continuous integration server. Of course, my choice would go to Hudson, which is also very easy to install and integrate with your favourite scm. Integrating Hudson with apache and trac would be a good extension of this tutorial, that I will probably write in a second time. And I would like also to write down how to set up a good environment to work with git and gitosis. It's in my todo list; in the meantime, this is a very good tutorial to start with gitosis: Hosting Git repositories, The Easy (and Secure) Way.

If you are looking for a Linux hosting, I suggest the one I am using, slicehost. An alternative to trac, could be Redmine, I used it a little bit for some experiments, and was very nice.

The good thing about this "installation tutorial" is that is modular: you can follow just the installation of the components you are interested about, and leave the things that you don't need, or replace them with something else. Hope you'll find it useful.

Introduction

This tutorial will guide you through installation of Apache, HTTPS, Subversion and Trac, in order to have an (almost) complete development environment for your team.

This article is divided in following steps

1. Installing Subversion
2. Installing Apache
3. Configuring Apache with SSL
4. Configuring Subversion with Apache (and SSL)
5. Installing Trac

You may choose for example to see how to install Apache and SSL, or having Apache plus subversion without Trac.
Steps are voluntary isolated, and will require more operations than, for instance, issuing an "apt-get install trac" that will download and install all the packages in one step; but this will hopefully allow the readers to choose picking one section and forget about unneeded components.
I'll not explain what Subversion is, or what SSL is, etc. Ask google, for this info: I just say that for your software project you may need a server with those tools ready for your team.

Requirements

You need Ubuntu 9.04, in my case I used the "server edition" 64bit, while installing I used the minimal server mode pressing F4 to have a system as lighter as possible. But possibly this tutorial should be valid for Debian and previous Ubuntu version; but I have not verified that: if you do, post a comment to report your experience.

Preparation

After installing your server you have to ensure that apt system is up to date with available software on the repositories. Type the following command:

$ sudo apt-get update

upgrading installed packages may be a good idea to do now:

$ sudo apt-get upgrade

Answer Yes if asked to download and install the upgrades.

1. Installing Subversion

From the command line type the command:

$ sudo apt-get install subversion

If everything went fine you should able to verify the Subversion version installed with following command:

$ svn --version
svn, version 1.5.4 (r33841)
   compiled Aug  7 2009, 02:02:06

Copyright (C) 2000-2008 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).

The following repository access (RA) modules are available:

* ra_neon : Module for accessing a repository via WebDAV protocol using Neon.
  - handles 'http' scheme
  - handles 'https' scheme
* ra_svn : Module for accessing a repository using the svn network protocol.
  - with Cyrus SASL authentication
  - handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
  - handles 'file' scheme

For now, let's stop here: how to create the Subversion repository, configure the users etc. Will be explained later in conjunction with Apache2 configuration. Maybe I'll write something on how to deal with svnserve, svnadmin, and user access control, in another article.

Later we will see how to create a repository, configure it with apache and HTTP basic authentication.

2. Installing Apache

To install apache 2 type the command:

$ sudo apt-get install apache2

When finished you should be able to connect with the browser at http://localhost and see the message "It works!". Or you may verify that at the command line installing and using curl:

$ sudo apt-get install curl
$ curl http://localhost
<html><body><h1>It works!</h1></body></html>

3. Configuring Apache with SSL

Now we want to configure apache to run HTTPs.
Following command will enable ssl Apache2 module with a2enmod (cryptic name for "Apache2 enable module":

$ sudo a2enmod ssl

The previous command will suggest you to restart apache to let it to reload the configuration; ignore that message for now.

We need to enable the HTTPS port (443). Edit /etc/apache2/ports.conf and ensure that port 443 is defined as follows:

$ sudo vi /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    NameVirtualHost *:443
    Listen 443
</IfModule>

I added the clause NameVirtualHost *:443 in the for SSL; this is not strictly necessary but it will be useful later if you want to have a VirtualHost for trac and other development services.

Now we need to configure the SSL site. Fortunately we have already the configuration file for that, we just need to enable it with a2ensite (cryptic name for "apache2 enable site")

$ sudo a2ensite default-ssl

Again, the above command will suggest to reload apache configuration to activate the changes. This time the suggestion is almost right. As we made several changes I prefer to restart apache with following command:

$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                                                              apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName

If everything went fine you should see the above warning. You can ignore it, unless you want to configure the ServerName for your server. But this is out of scope, so do a search on Google, or consult an Apache expert.

So, if everything went fine, now we should be able to connect to our server through SSL.
You can use firefox or curl, as before, but this time the URL will be https://localhost

$ curl -k https://localhost
<html><body><h1>It works!</h1></body></html>

the -k option is to ignore certification validation. Also firefox will complain that our certificate is invalid, but you can add it to exceptions and it will nomore bug you with those messages.

If everything went fine, now we should have Apache2, HTTP and HTTPs ready.

4. Configuring Subversion with Apache (and SSL)

First of all, we need to install the Subversion modules for Apache2.

$ sudo apt-get install libapache2-svn

They will be enabled by default. So you don't need to run a2enmod.

We only need to configure a repository. Let' say our project is called 'myproject'.

First of all, let's decide where our svn repositories will be created. I like /var/local/svn :

$ sudo mkdir /var/local/svn

Then let's create the repository using following procedure:

$ sudo mkdir /var/local/svn/myproject
$ sudo chown www-data:www-data /var/local/svn/myproject
$ sudo -u www-data svnadmin create /var/local/svn/myproject

Above commands will ensure that the user www-data (which is the apache user) can fully access the repository for reading and updating it.

We need to configure the repository in Apache. Edit /etc/apache2/mods-available/dav_svn.conf using:

$ sudo vi /etc/apache2/mods-available/dav_svn.conf

And add a section like the following one:

<Location /svn/myproject>
  DAV svn
  SVNPath /var/local/svn/myproject
  AuthType Basic
  AuthName "My Project Subversion Repository"

  AuthUserFile /etc/subversion/myproject.passwd
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
</Location>

In the above file we indicated that, at the location svn our repository should respond. And for updating the repository we want a valid user. As per above configuration anonymous consultation is allowed; but you can disable it commenting with a leading '#' the lines <LimitExcept ... and </LimitExcept> or just removing them as in following example:

<Location /svn/myproject>

  DAV svn
  SVNPath /var/local/svn/myproject
  AuthType Basic
  AuthName "My Project Subversion Repository"
  AuthUserFile /etc/subversion/myproject.passwd
  #<LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  #</LimitExcept>
</Location>

The above configuration indicates to Apache that even for consulting the repository we want a valid user.
But valid users need a password, and in fact we indicated a password file for our repository called /etc/subversion/myproject.passwd. So let's create a password file with a couple of users:

$ sudo htpasswd -c /etc/subversion/myproject.passwd luigi
$ sudo htpasswd /etc/subversion/myproject.passwd mario

The -c option indicates that the password file should be created as new; and it is only necessary for the first user. Be aware of the fact that -c overwrites the existing password file without asking anything. Personally I think this is a quite stupid behavior, but that's the way it is.

Now we should be ready.

Let's reload apache configuration to make the changes effective:

$ sudo /etc/init.d/apache2 reload

and let's test with the browser that our svn repository is now accessible through HTTP and HTTPs at following urls:

http://localhost/svn/myproject/

https://localhost/svn/myproject/

We can also use curl to verify it is working:

$ curl http://username:password@localhost/svn/myproject/
<html><head><title>myproject - Revision 0: /</title></head>
<body>
 <h2>myproject - Revision 0: /</h2>
 <ul>

 </ul>
 <hr noshade><em>Powered by <a href="http://subversion.tigris.org/">Subversion</a> version 1.5.4 (r33841).</em>
</body></html>
$ curl -k https://username:password@localhost/svn/myproject/
<html><head><title>myproject - Revision 0: /</title></head>
<body>
 <h2>myproject - Revision 0: /</h2>
 <ul>

 </ul>
 <hr noshade><em>Powered by <a href="http://subversion.tigris.org/">Subversion</a> version 1.5.4 (r33841).</em>
</body></html>

Now we can also download our project using svn

$ svn co https://localhost/svn/myproject myproject --username luigi

"luigi" is obviously my username, substitute it with yours.
The first time it will prompt for accepting the SSL certificate, answer to accept it permanently (p). Then it will optionally ask you for the password, type it.
We can also test that modifying the remote repository is working with:

$ svn mkdir -m "created the trunk for the project" https://localhost/svn/myproject/trunk --username luigi

It will answer: Committed revision 1. If so, we've done.

5. Installing Trac

To install trac files and required dependencies, type the following command:

$ sudo apt-get install trac
$ sudo apt-get install libapache2-mod-python

Let's create the directories for trac web folder:

$ sudo mkdir /var/local/trac
$ sudo chown www-data:www-data /var/local/trac

edit Apache configuration file for one of your enabled sites (in this example I modify the default http one, but you can choose to put trac on HTTPS modifying default-ssl)

$ sudo vi /etc/apache2/sites-enabled/000-default

and add the following lines at the end of the file, before the </VirtualHost> tag:

        <Location /projects>
                SetHandler mod_python
                PythonInterpreter main_interpreter
                PythonHandler trac.web.modpython_frontend
                PythonOption TracEnvParentDir /var/local/trac
                PythonOption TracUriRoot /projects
                PythonOption PYTHON_EGG_CACHE /tmp
        </Location>

        # use the following for one authorization for all projects
        # (names containing "-" are not detected):
        <LocationMatch "/projects/[[:alnum:]]+/login">

            AuthType Basic
            AuthName "trac"
            AuthUserFile /etc/trac/trac.passwd
            Require valid-user
        </LocationMatch>

Create a password file for trac users (if you want you can reuse or link the passwd file used for subversion repositories)

$ sudo htpasswd -c /etc/trac/trac.passwd luigi
$ sudo htpasswd  /etc/trac/trac.passwd mario
... continue this way for all your users.

Create the trac environment for your project:

$ sudo -u www-data trac-admin /var/local/trac/myproject initenv

It will ask you some questions related to your project. Here's my answers in blue

Project Name [My Project]> My Project
Database connection string [sqlite:db/trac.db]> [Just press Enter to accept the default]
Repository type [svn]>  [Just press Enter to accept the default]

Path to repository [/path/to/repos]> /var/local/svn/myproject

Now let's restart apache:

$ sudo /etc/init.d/apache2 restart

Check that trac works properly connecting the browser to http://localhost/projects or use curl to verify that the url is responding properly as we did before. This url should display a link to "My Project", click on it and you should see the project home page. Clicking on login the browser should ask you to provide username and password as recently defined with htpasswd command.

Last thing to do: add yourself as administrator for Trac. This will enable the Admin menu and allow to do much of the administration operations from the web, that you could also do at the command line with trac-admin tool.
Execute the following command:

$ sudo -u www-data trac-admin /var/local/trac/myproject permission add luigi TRAC_ADMIN

This will make the username 'luigi' administrator for the project.

You can tune additional configuration settings in Trac to enable email notification, change the project logo, etc. Everything you need to know is on Trac website. For the configuration check here: http://trac.edgewall.org/wiki/TracIni

Hope everything went fine. Enjoy your development!

Published at DZone with permission of Luigi Viggiano, author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Anuradha Gunasekara replied on Wed, 2010/09/15 - 11:48pm

I guess Subversion Edge dose have all apart from trac

Charlie Mordant replied on Thu, 2010/09/16 - 6:54am

Did the same on Fedora. 

I recommand mod_fcgid instead of mod_python for Trac, it's far faster. 

You can also use USVN in order to manage your svn authorizations (via web-interface) and Ldap for authentication (easy to plug with apache, works for track and svn). 

 I tested Agilo Agile plugin for track, but had many Issues to make it work with xmlrpc plugin (mylyn integration) and basic form authentication.

 For Frenchs (or frenchified) people, here are some tutorials :http://media.helloworld.is-an-engineer.com/index.php/GuideDeContructionPlateforme

You'll be able to set up and interact with:

  •  Mail server
  •  Ldap 
  •  Usvn
  •  Bugzilla
  •  Hudson 
  •  Mediawiki 
  •  Sonatype Nexus
  •  Hudson
  •  Sonar reporting
  • Xplanner

Juan Heyns replied on Wed, 2012/04/18 - 4:36am

I am building a deb package for ubuntu 12.04LTS, which does all this configuration if you install the package. The complete configuration will be done for you if you install the package. Additionally the package has scripts to manage users and projects allowing project based access for users. I have also managed to include jenkins in the setup. 

Ubuntu 12.04LTS is currently in beta I will release the first version of the taita package after the final release of the LTS. I hope this helps some other people struggling with setup and maintainance of development servers and I would like to invite patches to improve on what I have done. Please have a look at the source on SF.net.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.