##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
docs: fixed some build errors
marcink -
r2635:1a07b261 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,101 +1,101 b''
1 .. _sec-your-server:
1 .. _sec-sophos-umc:
2 2
3 3 Securing Your Server via Sophos UTM 9
4 4 -------------------------------------
5 5
6 6
7 7
8 8 Below is an example configuration for Sophos UTM 9 Webserver Protection::
9 9
10 10 Sophos UTM 9 Webserver Protection
11 11 Web Application Firewall based on apache2 modesecurity2
12 12 --------------------------------------------------
13 13 1. Firewall Profiles -> Firewall Profile
14 14 --------------------------------------------------
15 15 Name: RhodeCode (can be anything)
16 16 Mode: Reject
17 17 Hardening & Signing:
18 18 [ ] Static URL hardeninig
19 19 [ ] Form hardening
20 20 [x] Cookie Signing
21 21 Filtering:
22 22 [x] Block clients with bad reputation
23 23 [x] Common Threats Filter
24 24 [ ] Rigid Filtering
25 25 Skip Filter Rules:
26 26 960015
27 27 950120
28 28 981173
29 29 970901
30 30 960010
31 31 960032
32 32 960035
33 33 958291
34 34 970903
35 35 970003
36 36 Common Threat Filter Categories:
37 37 [x] Protocol violations
38 38 [x] Protocol anomalies
39 39 [x] Request limit
40 40 [x] HTTP policy
41 41 [x] Bad robots
42 42 [x] Generic attacks
43 43 [x] SQL injection attacks
44 44 [x] XSS attacks
45 45 [x] Tight security
46 46 [x] Trojans
47 47 [x] Outbound
48 48 Scanning:
49 49 [ ] Enable antivirus scanning
50 50 [ ] Block uploads by MIME type
51 51 --------------------------------------------------
52 52 2. Web Application Firewall -> Real Webservers
53 53 --------------------------------------------------
54 54 Name: RhodeCode (can be anything)
55 55 Host: Your RhodeCode-Server (UTM object)
56 56 Type: Encrypted (HTTPS)
57 57 Port: 443
58 58 --------------------------------------------------
59 59 3. Web Application Firewall -> Virual Webservers
60 60 --------------------------------------------------
61 61 Name: RhodeCode (can be anything)
62 62 Interface: WAN (your WAN interface)
63 63 Type: Encrypted (HTTPS) & redirect
64 64 Certificate: Wildcard or matching domain certificate
65 65 Domains (in case of Wildcard certificate):
66 66 rhodecode.yourcompany.com (match your DNS configuration)
67 67 gist.yourcompany.com (match your DNS & RhodeCode configuration)
68 68 Real Webservers for path '/':
69 69 [x] RhodeCode (created in step 2)
70 70 Firewall: RhodeCode (created in step 1)
71 71 --------------------------------------------------
72 72 4. Firewall Profiles -> Exceptions
73 73 --------------------------------------------------
74 74 Name: RhodeCode exceptions (can be anything)
75 75 Skip these checks:
76 76 [ ] Cookie signing
77 77 [ ] Static URL Hardening
78 78 [ ] Form hardening
79 79 [x] Antivirus scanning
80 80 [x] True file type control
81 81 [ ] Block clients with bad reputation
82 82 Skip these categories:
83 83 [ ] Protocol violations
84 84 [x] Protocol anomalies
85 85 [x] Request limits
86 86 [ ] HTTP policy
87 87 [ ] Bad robots
88 88 [ ] Generic attacks
89 89 [ ] SQL injection attacks
90 90 [ ] XSS attacks
91 91 [ ] Tight security
92 92 [ ] Trojans
93 93 [x] Outbound
94 94 Virtual Webservers:
95 95 [x] RhodeCode (created in step 3)
96 96 For All Requests:
97 97 Web requests matching this pattern:
98 98 /_channelstream/ws
99 99 /Repository1/*
100 100 /Repository2/*
101 101 /Repository3/* No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,317 +1,317 b''
1 1 # -*- coding: utf-8 -*-
2 2 #
3 3 # RhodeCode Enterprise documentation build configuration file, created by
4 4 # sphinx-quickstart on Tue Nov 4 11:48:37 2014.
5 5 #
6 6 # This file is execfile()d with the current directory set to its
7 7 # containing dir.
8 8 #
9 9 # Note that not all possible configuration values are present in this
10 10 # autogenerated file.
11 11 #
12 12 # All configuration values have a default; values that are commented out
13 13 # serve to show the default.
14 14
15 15 import sys
16 16 import os
17 17 import datetime
18 18 import sphinx_rtd_theme
19 19
20 20 # If extensions (or modules to document with autodoc) are in another directory,
21 21 # add these directories to sys.path here. If the directory is relative to the
22 22 # documentation root, use os.path.abspath to make it absolute, like shown here.
23 23 sys.path.insert(0, os.path.abspath('.'))
24 24 import common
25 25
26 26 # -- General configuration ------------------------------------------------
27 27
28 28 # If your documentation needs a minimal Sphinx version, state it here.
29 29 #needs_sphinx = '1.0'
30 30
31 31 # Add any Sphinx extension module names here, as strings. They can be
32 32 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
33 33 # ones.
34 34 extensions = [
35 35 'sphinx.ext.intersphinx',
36 36 'sphinx.ext.todo',
37 'sphinx.ext.pngmath'
37 'sphinx.ext.imgmath'
38 38 ]
39 39
40 40 intersphinx_mapping = {
41 41 'enterprise': ('https://docs.rhodecode.com/RhodeCode-Enterprise/', None),
42 42 'control': ('https://docs.rhodecode.com/RhodeCode-Control/', None),
43 43 }
44 44
45 45 if tags.has('dev'):
46 46 intersphinx_mapping.update({
47 47 'enterprise': ('https://ci.rhodecode.com/documentation/Momentum/', None),
48 48 'control': ('https://ci.rhodecode.com/documentation/Control/', None),
49 49 })
50 50
51 51
52 52 # Add any paths that contain templates here, relative to this directory.
53 53 templates_path = ['_templates']
54 54
55 55 # The suffix of source filenames.
56 56 source_suffix = '.rst'
57 57
58 58 # The encoding of source files.
59 59 #source_encoding = 'utf-8-sig'
60 60
61 61 # The master toctree document.
62 62 master_doc = 'index'
63 63
64 64 # The version info for the project you're documenting, acts as replacement for
65 65 # |version| and |release|, also used in various other places throughout the
66 66 # built documents.
67 67
68 68 # TODO: johbo: Move into common package for documentation utilities
69 69 def _get_version():
70 70 with open('../rhodecode/VERSION') as f:
71 71 return f.read().strip()
72 72
73 73 # The full version, including alpha/beta/rc tags.
74 74 release = _get_version()
75 75 # The short X.Y version.
76 76 version = '.'.join(release.split('.', 2)[:2]) # First two parts of release
77 77
78 78 # General information about the project.
79 79 project = u'RhodeCode Enterprise %s ' % _get_version()
80 80 copyright = u'2010-{now.year}, RhodeCode GmbH'.format(
81 81 now=datetime.datetime.today())
82 82
83 83
84 84 # The language for content autogenerated by Sphinx. Refer to documentation
85 85 # for a list of supported languages.
86 86 #language = None
87 87
88 88 rst_epilog = common.rst_epilog + """
89 89 .. |async| replace:: asynchronous
90 90 """
91 91
92 92 # There are two options for replacing |today|: either, you set today to some
93 93 # non-false value, then it is used:
94 94 #today = ''
95 95 # Else, today_fmt is used as the format for a strftime call.
96 96 #today_fmt = '%B %d, %Y'
97 97
98 98 # List of patterns, relative to source directory, that match files and
99 99 # directories to ignore when looking for source files.
100 100 exclude_patterns = [
101 101 # Special directories
102 102 '_build',
103 103 'result',
104 104
105 105 # Other RST files
106 106 'admin/rhodecode-backup.rst',
107 107 'auth/ldap-configuration-example.rst',
108 108 'issue-trackers/redmine.rst',
109 109 'known-issues/error-msg-guide.rst',
110 110 'tutorials/docs-build.rst',
111 111 'integrations/example-ext.py',
112 112 'collaboration/supported-workflows.rst',
113 113 ]
114 114
115 115
116 116 # The reST default role (used for this markup: `text`) to use for all
117 117 # documents.
118 118 #default_role = None
119 119
120 120 # If true, '()' will be appended to :func: etc. cross-reference text.
121 121 #add_function_parentheses = True
122 122
123 123 # If true, the current module name will be prepended to all description
124 124 # unit titles (such as .. function::).
125 125 #add_module_names = True
126 126
127 127 # If true, sectionauthor and moduleauthor directives will be shown in the
128 128 # output. They are ignored by default.
129 129 #show_authors = False
130 130
131 131 # The name of the Pygments (syntax highlighting) style to use.
132 132 pygments_style = 'sphinx'
133 133
134 134 # A list of ignored prefixes for module index sorting.
135 135 #modindex_common_prefix = []
136 136
137 137 # If true, keep warnings as "system message" paragraphs in the built documents.
138 138 keep_warnings = tags.has("dev")
139 139
140 140
141 141 # -- Options for HTML output ----------------------------------------------
142 142
143 143 # The theme to use for HTML and HTML Help pages. See the documentation for
144 144 # a list of builtin themes.
145 145 #html_theme = 'rctheme'
146 146 html_theme = 'sphinx_rtd_theme'
147 147
148 148 # Theme options are theme-specific and customize the look and feel of a theme
149 149 # further. For a list of options available for each theme, see the
150 150 # documentation.
151 151 #html_theme_options = {}
152 152 html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
153 153
154 154 # Add any paths that contain custom themes here, relative to this directory.
155 155 #html_theme_path = []
156 156
157 157 # The name for this set of Sphinx documents. If None, it defaults to
158 158 # "<project> v<release> documentation".
159 159 #html_title = None
160 160
161 161 # A shorter title for the navigation bar. Default is the same as html_title.
162 162 #html_short_title = None
163 163
164 164 # The name of an image file (relative to this directory) to place at the top
165 165 # of the sidebar.
166 166 #html_logo = None
167 167 html_sidebars = {
168 168 '**': ['globaltoc.html'],
169 169 }
170 170
171 171 # The name of an image file (within the static path) to use as favicon of the
172 172 # docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
173 173 # pixels large.
174 174 html_favicon = 'images/favicon.ico'
175 175
176 176 # Add any paths that contain custom static files (such as style sheets) here,
177 177 # relative to this directory. They are copied after the builtin static files,
178 178 # so a file named "default.css" will overwrite the builtin "default.css".
179 179 html_static_path = ['static/css/add.css']
180 180
181 181 # Add any extra paths that contain custom files (such as robots.txt or
182 182 # .htaccess) here, relative to this directory. These files are copied
183 183 # directly to the root of the documentation.
184 184 #html_extra_path = []
185 185
186 186 # If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
187 187 # using the given strftime format.
188 188 #html_last_updated_fmt = '%b %d, %Y'
189 189
190 190 # If true, SmartyPants will be used to convert quotes and dashes to
191 191 # typographically correct entities.
192 192 #html_use_smartypants = True
193 193
194 194 # Custom sidebar templates, maps document names to template names.
195 195 #html_sidebars = {}
196 196
197 197 # Additional templates that should be rendered to pages, maps page names to
198 198 # template names.
199 199 #html_additional_pages = {}
200 200
201 201 # If false, no module index is generated.
202 202 #html_domain_indices = True
203 203
204 204 # If false, no index is generated.
205 205 #html_use_index = True
206 206
207 207 # If true, the index is split into individual pages for each letter.
208 208 #html_split_index = False
209 209
210 210 # If true, links to the reST sources are added to the pages.
211 211 #html_show_sourcelink = True
212 212
213 213 # If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
214 214 #html_show_sphinx = True
215 215
216 216 # If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
217 217 #html_show_copyright = True
218 218
219 219 # If true, an OpenSearch description file will be output, and all pages will
220 220 # contain a <link> tag referring to it. The value of this option must be the
221 221 # base URL from which the finished HTML is served.
222 222 #html_use_opensearch = ''
223 223
224 224 # This is the file name suffix for HTML files (e.g. ".xhtml").
225 225 #html_file_suffix = None
226 226
227 227 # Output file base name for HTML help builder.
228 228 htmlhelp_basename = 'rhodecode-enterprise'
229 229
230 230
231 231 # -- Options for LaTeX output ---------------------------------------------
232 232
233 233 latex_elements = {
234 234 'classoptions': ',oneside',
235 235 'babel': '\\usepackage[english]{babel}',
236 236
237 237 # The paper size ('letterpaper' or 'a4paper').
238 238 #'papersize': 'letterpaper',
239 239
240 240 # The font size ('10pt', '11pt' or '12pt').
241 241 #'pointsize': '10pt',
242 242
243 243 # Additional stuff for the LaTeX preamble.
244 244 #'preamble': '',
245 245 }
246 246
247 247 # Grouping the document tree into LaTeX files. List of tuples
248 248 # (source start file, target name, title,
249 249 # author, documentclass [howto, manual, or own class]).
250 250 latex_documents = [
251 251 ('index', 'RhodeCodeEnterprise.tex', u'RhodeCode Enterprise',
252 252 u'RhodeCode GmbH', 'manual'),
253 253 ]
254 254
255 255 # The name of an image file (relative to this directory) to place at the top of
256 256 # the title page.
257 257 #latex_logo = None
258 258
259 259 # For "manual" documents, if this is true, then toplevel headings are parts,
260 260 # not chapters.
261 261 #latex_use_parts = False
262 262
263 263 # If true, show page references after internal links.
264 264 latex_show_pagerefs = True
265 265
266 266 # If true, show URL addresses after external links.
267 267 latex_show_urls = 'footnote'
268 268
269 269 # Documents to append as an appendix to all manuals.
270 270 #latex_appendices = []
271 271
272 272 # If false, no module index is generated.
273 273 #latex_domain_indices = True
274 274
275 275 # Mode for literal blocks wider than the frame. Can be
276 276 # overflow, shrink or truncate
277 277 pdf_fit_mode = "truncate"
278 278
279 279
280 280 # -- Options for manual page output ---------------------------------------
281 281
282 282 # One entry per manual page. List of tuples
283 283 # (source start file, name, description, authors, manual section).
284 284 man_pages = [
285 285 ('index', 'rhodecodeenterprise', u'RhodeCode Enterprise',
286 286 [u'RhodeCode GmbH'], 1)
287 287 ]
288 288
289 289 # If true, show URL addresses after external links.
290 290 #man_show_urls = False
291 291
292 292
293 293 # -- Options for Texinfo output -------------------------------------------
294 294
295 295 # Grouping the document tree into Texinfo files. List of tuples
296 296 # (source start file, target name, title, author,
297 297 # dir menu entry, description, category)
298 298 texinfo_documents = [
299 299 ('index', 'RhodeCodeEnterprise', u'RhodeCode Enterprise',
300 300 u'RhodeCode Docs Team', 'RhodeCodeEnterprise', 'RhodeCode Docs Project',
301 301 'Miscellaneous'),
302 302 ]
303 303
304 304 # Documents to append as an appendix to all manuals.
305 305 #texinfo_appendices = []
306 306
307 307 # If false, no module index is generated.
308 308 #texinfo_domain_indices = True
309 309
310 310 # How to display URL addresses: 'footnote', 'no', or 'inline'.
311 311 #texinfo_show_urls = 'footnote'
312 312
313 313 # If true, do not generate a @detailmenu in the "Top" node's menu.
314 314 #texinfo_no_detailmenu = False
315 315
316 316 # We want to see todo notes in case of a pre-release build of the documentation
317 317 todo_include_todos = tags.has("dev")
Show file before | Show file after | Hide comments
@@ -1,220 +1,220 b''
1 1 .. _hosted-solution:
2 2
3 3 Deploy |RCE| From a Hosted Server
4 4 =================================
5 5
6 6 If you wish to deploy your own |RCE| instance from something like a
7 7 `Digital Ocean`_ droplet, or a `hetzner`_ server use the following
8 8 instructions to get it setup.
9 9
10 10 I'm using an Ubuntu 14.04 image for the purposes of this
11 11 tutorial, but all other Unix environments will be pretty similar. You can
12 12 check out the full lists of supported platforms and versions in the
13 13 :ref:`system-overview-ref` section.
14 14
15 15
16 16 Create a Digital Ocean Droplet
17 17 ------------------------------
18 18
19 19 1. Sign into Digital Ocean.
20 20 2. Create a Droplet choosing Ubuntu 14.04 as your |os|.
21 21 3. (Optional) Add SSH keys if you have them set up.
22 22
23 23 Configure Your Server
24 24 ---------------------
25 25
26 26 Once you have your server created, you need to sign into it and set it up to
27 27 host |RCE|.
28 28
29 29 1. Open a terminal and sign into your server. Digital Ocean will mail you the
30 30 IP address. You'll need to change your password on the first login if you
31 31 don not have SSH keys set up.
32 32
33 33 .. code-block:: bash
34 34
35 35 $ ssh root@203.0.113.113
36 36
37 37 2. It is not advised to install |RCE| as the ``root`` user. So create a user
38 38 with sudo permissions and then carry out the rest of the steps from that user
39 39 account.
40 40
41 41 .. code-block:: bash
42 42
43 43 # Create a user with sudo permissions
44 44 root@rhodecode:~# sudo useradd -m -s /bin/bash -d /home/brian -U brian
45 45 root@rhodecode:~# sudo usermod -a -G sudo brian
46 46
47 47 # Set the password for that user
48 48 root@rhodecode:~# passwd brian
49 49 Enter new UNIX password:
50 50 Retype new UNIX password:
51 51 passwd: password updated successfully
52 52
53 53 # Switch to that user for the rest of the steps
54 54 root@rhodecode:~# su brian
55 55
56 56 # You should see your home dir change to what was set during installation
57 57 brian@rhodecode:~$ cd ~
58 58 brian@rhodecode:~$ pwd
59 59 /home/brian
60 60
61 61 Once you have this set up, you are ready to install |RCC|.
62 62
63 63 Install |RCC|
64 64 -------------
65 65
66 66 |RCC| will install and manage the package dependencies for your |RCE| instance.
67 67
68 68 1. Download the |RCC| installer from https://rhodecode.com/download/
69 69 2. Once downloaded to your computer, transfer the package to your server
70 70
71 71 .. note::
72 72
73 73 These steps happen on your computer, not on the server.
74 74
75 75 .. code-block:: bash
76 76
77 77 # Change to where the file is downloaded
78 78 $ cd Downloads/
79 79
80 80 # SFTP to your server
81 81 $ sftp brian@203.0.113.113
82 82
83 83 # Use mput to transfer the file
84 84 sftp> mput RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3
85 85 Uploading RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3 to /home/brian/RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3
86 86 RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d 100% 289MB 4.1MB/s 01:11
87 87 sftp> exit
88 88
89 89 The |RCC| installer is now on your server, and you can read the full
90 90 instructions here
91 :ref:`Install RhodeCode Control <control:rcc-install-ref>`,
91 :ref:`Install RhodeCode Control <control:rcc-linux-ref>` ,
92 92 but below is the example shortcut.
93 93
94 94 .. code-block:: bash
95 95
96 96 # Check that the script is uploaded to your home directory
97 97 $ ls -1
98 98 RhodeCode-installer-linux-391_b1a804c4d69b_d6c087d520e3
99 99
100 100 # Change the script permissions
101 101 $ chmod 755 RhodeCode-installer-linux*
102 102
103 103 # Run the installer and accept the prompts
104 104 $ ./RhodeCode-installer-linux-*
105 105
106 106 .. important::
107 107
108 108 Once finished, exit the terminal and sign in again. This is to refresh you
109 109 session to pick up the new commands.
110 110
111 111 Install |RCE|
112 112 -------------
113 113
114 114 Now that |RCC| is installed, you can install |RCE|. For the full
115 115 instructions, see
116 116 :ref:`Install RhodeCode Enterprise <control:rce-cli-install-ref>`,
117 117 but the below is an example shortcut.
118 118
119 119 .. code-block:: bash
120 120
121 121 # Install a VCS Server and follow the prompts
122 122 $ rccontrol install VCSServer --start-at-boot
123 123
124 124 Extracting VCSServer ...
125 125 Configuring RhodeCode VCS Server ...
126 126 Supervisord state is: RUNNING
127 127 Added process group vcsserver-1
128 128
129 129 # Install a RhodeCode Enterprise instance and follow the prompts
130 130 $ rccontrol install Enterprise --start-at-boot
131 131
132 132 Configuration of RhodeCode Enterprise passed.
133 133 Supervisord state is: RUNNING
134 134 Added process group enterprise-1
135 135
136 136 |RCE| is now installed on your server, and is running on the port displayed
137 137 by the ``rccontrol status`` command.
138 138
139 139 .. code-block:: bash
140 140
141 141 brian@rhodecode:~$ rccontrol status
142 142
143 143 - NAME: enterprise-1
144 144 - STATUS: RUNNING
145 145 - TYPE: Enterprise
146 146 - VERSION: 3.1.1
147 147 - URL: http://127.0.0.1:10002
148 148
149 149 - NAME: vcsserver-1
150 150 - STATUS: RUNNING
151 151 - TYPE: VCSServer
152 152 - VERSION: 1.1.1
153 153 - URL: http://127.0.0.1:10001
154 154
155 155 Serve |RCE| using Nginx
156 156 -----------------------
157 157
158 158 Now that |RCE| is running, you need to use Nginx or Apache to serve it to
159 159 users. For detailed instructions about setting up your webserver, see the
160 160 :ref:`rhodecode-admin-ref` section. But the below shortcut should help serve
161 161 it.
162 162
163 163 1. Install Nginx on your server.
164 164
165 165 .. code-block:: bash
166 166
167 167 # Install nginx
168 168 $ sudo apt-get install nginx
169 169
170 170 2. Create a virtual hosts file for RhodeCode Enterprise. Create
171 171 the file in this location :file:`/etc/nginx/sites-available`. In this demo
172 172 I have called it ``vcs.conf``
173 173
174 174 .. code-block:: bash
175 175
176 176 # Create the file
177 177 $ sudo vi /etc/nginx/sites-available/vcs.conf
178 178
179 179 Use the following example to create yours.
180 180
181 181 .. code-block:: nginx
182 182
183 183 server {
184 184 listen 80;
185 185 # Change to your IP, or a domain name if you've set that up
186 186 server_name 203.0.113.113 ;
187 187
188 188 location / {
189 189 # Set this line to match the RhodeCode Enterprise Instance URL
190 190 proxy_pass http://127.0.0.1:10002/;
191 191 proxy_set_header Host $Host;
192 192 proxy_buffering off;
193 193 # Setting this to a high number allows large repo pushes
194 194 client_max_body_size 4G;
195 195 }
196 196 }
197 197
198 198 3. Symlink the virtual hosts file to the ``sites-enabled`` folder,
199 199 and then restart Nginx.
200 200
201 201 .. code-block:: bash
202 202
203 203 # Symlink the virtual hosts file
204 204 $ ln -s /etc/nginx/sites-available/vcs.conf /etc/nginx/sites-enabled/vcs.conf
205 205
206 206 # You can also delete the Nginx default symlink
207 207 $ rm /etc/nginx/sites-enabled/default
208 208
209 209 # Restart Nginx
210 210 $ sudo /etc/init.d/nginx restart
211 211 * Restarting nginx nginx [ OK ]
212 212
213 213 Once restarted, you should see a clean |RCE| instance running on the IP
214 214 address, or the domain you have set up.
215 215
216 216 .. image:: ../images/clean-rce.png
217 217 :alt: A fresh RhodeCode Enterprise Instance
218 218
219 219 .. _Digital Ocean: https://www.digitalocean.com/
220 220 .. _hetzner: https://www.hetzner.de/en/
General Comments 0
You need to be logged in to leave comments. Login now