box.matto.nl

home/

Viewvc with lighttpd on Debian Lenny

Viewvc deliveres a webview on your repository

Viewvc logo

viewvc is cgi-script written in python that gives you a view up on your repository in your favorite webbrowser.

Viewvc works with cvs and subversion.

Here you can see an example of viewvc in real life: http://viewvc.tigris.org/source/browse/viewvc/trunk/

Install lighttpd and viewvc on Debian Lenny

First apt-get install lighttpd and viewvc

apt-get install lighttpd viewvc

Configure lighttpd

Make viewvc available from your local network address space. Add the followint to your /etc/lighttpd/lighttpd.conf: 

$HTTP["remoteip"] =~ "192.168.1.*" {  
    alias.url += ( "/viewvc" => "/usr/lib/cgi-bin/viewvc.cgi" )
    $HTTP["url"] =~ "^/viewvc" {
        cgi.assign = ( "" => "" )
    }
}

Here the local network is 192.168.1.xxx. If your network is in another address space, then change accordingly.

Allow support for cgi

lighty-enable-mod cgi

Make your repository readable by lighttpd

chown -R www-data /srv/cvs

If your repository is not in /srv/cvs then change accordingly.

Configure viewvc

dpkg-reconfigure viewvc

Reload the lighttpd configuration

/etc/init.d/lighttpd force-reload

Test

Now point your browser to http://<ip-number>/viewvc

Add password protection

Create a plain text password file

vi /etc/lighttpd/lighttpd.password

and put a username and password in it.

username:secretpassword

Add this to the lighttpd.conf: 

auth.debug = 2
auth.backend = "plain"
auth.backend.plain.userfile = "/etc/lighttpd/lighttpd.password"

auth.require = ( "/viewvc" =>
    (
        "method" => "basic",
        "realm" => "Secured data",
        "require" => "user=<username>"
    )

Make the password-file owned by the lighttpd-user

chown www-data /etc/lighttpd/lighttpd.password

Keep the auth.debug level at 2 for debugging. When everything runs smooth, turn that into auth.debug = 0.

Restart lighttpd and test

/etc/init.d/lighttpd restart

Multiple users

Your passwordfile can have multiple users, each on it's own line.

username1:secretpassword1
username2:secretpassword2
username3:secretpassword3
...

Now choose one of the two options below.

Option 1: Several usernames in lighttpd.conf

Put several users in the conf-file, seperated by a pipe symbol

auth.require = ( "/viewvc" =>
    (
        "method" => "basic",
        "realm" => "Secured data",
        "require" => "user=<username1>|user=<username2>"
    )
)

Option 2: Just require a valid user

auth.require = ( "/viewvc" =>
    (
        "method" => "basic",
        "realm" => "Secured data",
        "require" => "valid-user"
    )
)

Setup a simple SSL configuration

Create a SSL certificate

mkdir /etc/lighttpd/certs
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
chown www-data lighttpd.pem
chmod 400 lighttpd.pem

Add the following lines to /etc/lighttpd/lighttpd.conf

$SERVER["socket"] == ":443" {
      ssl.engine = "enable" 
      ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" 
}

Restart lighttpd and test the https connection