##// END OF EJS Templates
docs: added SAML documentation....
marcink -
r3290:ac4e4e5a default
parent child
Show More
@@ -0,0 +1,105
1 .. _config-saml-duosecurity-ref:
2
3
4 SAML 2.0 with Duo Security
5 --------------------------
6
7 **This plugin is available only in EE Edition.**
8
9 |RCE| supports SAML 2.0 Authentication with Duo Security provider. This allows
10 users to log-in to RhodeCode via SSO mechanism of external identity provider
11 such as Duo. The login can be triggered either by the external IDP, or internally
12 by clicking specific authentication button on the log-in page.
13
14
15 Configuration steps
16 ^^^^^^^^^^^^^^^^^^^
17
18 To configure Duo Security SAML authentication, use the following steps:
19
20 1. From the |RCE| interface, select
21 :menuselection:`Admin --> Authentication`
22 2. Activate the `Duo Security` plugin and select :guilabel:`Save`
23 3. Go to newly available menu option called `Duo Security` on the left side.
24 4. Check the `enabled` check box in the plugin configuration section,
25 and fill in the required SAML information and :guilabel:`Save`, for more details,
26 see :ref:`config-saml-duosecurity`
27
28
29 .. _config-saml-duosecurity:
30
31
32 Example SAML Duo Security configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
35 Example configuration for SAML 2.0 with Duo Security provider::
36
37 *option*: `enabled` => `True`
38 # Enable or disable this authentication plugin.
39
40 *option*: `cache_ttl` => `0`
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
43
44 *option*: `debug` => `True`
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
46
47 *option*: `entity_id` => `http://rc-app.com/dag/saml2/idp/metadata.php`
48 # Identity Provider entity/metadata URI.
49 # E.g. https://duo-gateway.com/dag/saml2/idp/metadata.php
50
51 *option*: `sso_service_url` => `http://rc-app.com/dag/saml2/idp/SSOService.php?spentityid=http://rc.local.pl/_admin/auth/duosecurity/saml-metadata`
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
53 # E.g. https://duo-gateway.com/dag/saml2/idp/SSOService.php?spentityid=<metadata_entity_id>
54
55 *option*: `slo_service_url` => `http://rc-app.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://rc-app.com/dag/module.php/duosecurity/logout.php`
56 # SLO (SingleLogout) endpoint URL of the IdP.
57 # E.g. https://duo-gateway.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://duo-gateway.com/_admin/saml/sign-out-endpoint
58
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
61
62 *option*: `name_id_format` => `sha-1`
63 # The format that specifies how the NameID is sent to the service provider.
64
65 *option*: `signature_algo` => `sha-256`
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
67
68 *option*: `digest_algo` => `sha-256`
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
70
71 *option*: `cert_dir` => `/etc/saml/`
72 # Optional directory to store service provider certificate and private keys.
73 # Expected certs for the SP should be stored in this folder as:
74 # * sp.key Private Key
75 # * sp.crt Public cert
76 # * sp_new.crt Future Public cert
77 #
78 # Also you can use other cert to sign the metadata of the SP using the:
79 # * metadata.key
80 # * metadata.crt
81
82 *option*: `user_id_attribute` => `PersonImmutableID`
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from DuoSecurity for example via duo_username
85
86 *option*: `username_attribute` => `User.username`
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
88
89 *option*: `email_attribute` => `User.email`
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
91
92
93 Below is example setup from DUO Administration page that can be used with above config.
94
95 .. image:: ../images/saml-duosecurity-service-provider-example.png
96 :alt: DUO Security SAML setup example
97 :scale: 50 %
98
99
100 Below is an example attribute mapping set for IDP provider required by the above config.
101
102
103 .. image:: ../images/saml-duosecurity-attributes-example.png
104 :alt: DUO Security SAML setup example
105 :scale: 50 % No newline at end of file
@@ -0,0 +1,18
1 .. _config-saml-generic-ref:
2
3
4 SAML 2.0 Authentication
5 -----------------------
6
7
8 **This plugin is available only in EE Edition.**
9
10 RhodeCode Supports standard SAML 2.0 SSO for the web-application part.
11
12 Please check for reference two example providers:
13
14 .. toctree::
15
16 auth-saml-duosecurity
17 auth-saml-onelogin
18
@@ -0,0 +1,106
1 .. _config-saml-onelogin-ref:
2
3
4 SAML 2.0 with One Login
5 -----------------------
6
7 **This plugin is available only in EE Edition.**
8
9 |RCE| supports SAML 2.0 Authentication with OneLogin provider. This allows
10 users to log-in to RhodeCode via SSO mechanism of external identity provider
11 such as OneLogin. The login can be triggered either by the external IDP, or internally
12 by clicking specific authentication button on the log-in page.
13
14
15 Configuration steps
16 ^^^^^^^^^^^^^^^^^^^
17
18 To configure OneLogin SAML authentication, use the following steps:
19
20 1. From the |RCE| interface, select
21 :menuselection:`Admin --> Authentication`
22 2. Activate the `OneLogin` plugin and select :guilabel:`Save`
23 3. Go to newly available menu option called `OneLogin` on the left side.
24 4. Check the `enabled` check box in the plugin configuration section,
25 and fill in the required SAML information and :guilabel:`Save`, for more details,
26 see :ref:`config-saml-onelogin`
27
28
29 .. _config-saml-onelogin:
30
31
32 Example SAML OneLogin configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
35 Example configuration for SAML 2.0 with OneLogin provider::
36
37 *option*: `enabled` => `True`
38 # Enable or disable this authentication plugin.
39
40 *option*: `cache_ttl` => `0`
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
43
44 *option*: `debug` => `True`
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
46
47 *option*: `entity_id` => `https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
48 # Identity Provider entity/metadata URI.
49 # E.g. https://app.onelogin.com/saml/metadata/<onelogin_connector_id>
50
51 *option*: `sso_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-post/sso/xxxxxx`
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
53 # E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>
54
55 *option*: `slo_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-redirect/slo/xxxxxx`
56 # SLO (SingleLogout) endpoint URL of the IdP.
57 # E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>
58
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
61
62 *option*: `name_id_format` => `sha-1`
63 # The format that specifies how the NameID is sent to the service provider.
64
65 *option*: `signature_algo` => `sha-256`
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
67
68 *option*: `digest_algo` => `sha-256`
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
70
71 *option*: `cert_dir` => `/etc/saml/`
72 # Optional directory to store service provider certificate and private keys.
73 # Expected certs for the SP should be stored in this folder as:
74 # * sp.key Private Key
75 # * sp.crt Public cert
76 # * sp_new.crt Future Public cert
77 #
78 # Also you can use other cert to sign the metadata of the SP using the:
79 # * metadata.key
80 # * metadata.crt
81
82 *option*: `user_id_attribute` => `PersonImmutableID`
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from OneLogin for example via Internal ID
85
86 *option*: `username_attribute` => `User.username`
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
88
89 *option*: `email_attribute` => `User.email`
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
91
92
93
94 Below is example setup that can be used with OneLogin SAML authentication that can be used with above config..
95
96 .. image:: ../images/saml-onelogin-config-example.png
97 :alt: OneLogin SAML setup example
98 :scale: 50 %
99
100
101 Below is an example attribute mapping set for IDP provider required by the above config.
102
103
104 .. image:: ../images/saml-onelogin-attributes-example.png
105 :alt: OneLogin SAML setup example
106 :scale: 50 % No newline at end of file
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
@@ -1,22 +1,22
1 .. _permissions-info-anon-ref:
1 .. _permissions-info-anon-ref:
2
2
3 Anonymous Users
3 Anonymous Users
4 ---------------
4 ---------------
5
5
6 By default, |RCM| provides |repo| access for registered users only. It can be
6 By default, |RCE| provides |repo| access for registered users only. It can be
7 configured to be **world-open** in terms of read and write permissions. This
7 configured to be **world-open** in terms of read and write permissions. This
8 configuration is called "Anonymous Access" and allows |RCM| to be used as a
8 configuration is called "Anonymous Access" and allows |RCE| to be used as a
9 public hub where unregistered users have access to your |repos|.
9 public hub where unregistered users have access to your |repos|.
10
10
11 Anonymous access is useful for open source projects, universities,
11 Anonymous access is useful for open source projects, universities,
12 or if running inside a restricted internal corporate network to serve
12 or if running inside a restricted internal corporate network to serve
13 documents to all employees. Anonymous users get the default user permission
13 documents to all employees. Anonymous users get the default user permission
14 settings that are applied across the whole |RCM| system.
14 settings that are applied across the whole |RCE| system.
15
15
16 To enable anonymous access to your |repos|, use the following steps:
16 To enable anonymous access to your |repos|, use the following steps:
17
17
18 1. From the |RCM| interface, select :menuselection:`Admin --> Permissions`.
18 1. From the |RCE| interface, select :menuselection:`Admin --> Permissions`.
19 2. On the Application tab, check the :guilabel:`Allow anonymous access` box.
19 2. On the Application tab, check the :guilabel:`Allow anonymous access` box.
20 3. Select :guilabel:`Save`.
20 3. Select :guilabel:`Save`.
21 4. To set the anonymous user access permissions, which are based on the
21 4. To set the anonymous user access permissions, which are based on the
22 default user settings, see :ref:`permissions-default-ref`.
22 default user settings, see :ref:`permissions-default-ref`.
@@ -1,241 +1,241
1 .. _admin-tricks:
1 .. _admin-tricks:
2
2
3 One-time Admin Tasks
3 One-time Admin Tasks
4 --------------------
4 --------------------
5
5
6 * :ref:`web-analytics`
6 * :ref:`web-analytics`
7 * :ref:`admin-tricks-license`
7 * :ref:`admin-tricks-license`
8 * :ref:`announcements`
8 * :ref:`announcements`
9 * :ref:`md-rst`
9 * :ref:`md-rst`
10 * :ref:`repo-stats`
10 * :ref:`repo-stats`
11 * :ref:`server-side-merge`
11 * :ref:`server-side-merge`
12 * :ref:`remap-rescan`
12 * :ref:`remap-rescan`
13 * :ref:`custom-hooks`
13 * :ref:`custom-hooks`
14 * :ref:`clear-repo-cache`
14 * :ref:`clear-repo-cache`
15 * :ref:`set-repo-pub`
15 * :ref:`set-repo-pub`
16 * :ref:`ping`
16 * :ref:`ping`
17
17
18 .. _web-analytics:
18 .. _web-analytics:
19
19
20 Adding Web Analytics
20 Adding Web Analytics
21 ^^^^^^^^^^^^^^^^^^^^
21 ^^^^^^^^^^^^^^^^^^^^
22
22
23 If you wish to add a Google Analytics, or any other kind of tracker to your
23 If you wish to add a Google Analytics, or any other kind of tracker to your
24 |RCE| instance you can add the necessary codes to the header or footer
24 |RCE| instance you can add the necessary codes to the header or footer
25 section of each instance using the following steps:
25 section of each instance using the following steps:
26
26
27 1. From the |RCE| interface, select
27 1. From the |RCE| interface, select
28 :menuselection:`Admin --> Settings --> Global`
28 :menuselection:`Admin --> Settings --> Global`
29 2. To add a tracking code to you instance, enter it in the header or footer
29 2. To add a tracking code to you instance, enter it in the header or footer
30 section and select **Save**
30 section and select **Save**
31
31
32 Use the example templates in the drop-down menu to set up your configuration.
32 Use the example templates in the drop-down menu to set up your configuration.
33
33
34 .. _admin-tricks-license:
34 .. _admin-tricks-license:
35
35
36 Licence Key Management
36 Licence Key Management
37 ^^^^^^^^^^^^^^^^^^^^^^
37 ^^^^^^^^^^^^^^^^^^^^^^
38
38
39 To manage your license key, go to
39 To manage your license key, go to
40 :menuselection:`Admin --> Settings --> License`.
40 :menuselection:`Admin --> Settings --> License`.
41 On this page you can see the license key details. If you need a new license,
41 On this page you can see the license key details. If you need a new license,
42 or have questions about your current one, contact support@rhodecode.com
42 or have questions about your current one, contact support@rhodecode.com
43
43
44 .. _announcements:
44 .. _announcements:
45
45
46 Server-wide Announcements
46 Server-wide Announcements
47 ^^^^^^^^^^^^^^^^^^^^^^^^^
47 ^^^^^^^^^^^^^^^^^^^^^^^^^
48
48
49 If you need to make a server-wide announcement to all users,
49 If you need to make a server-wide announcement to all users,
50 you can add a message to be displayed using the following steps:
50 you can add a message to be displayed using the following steps:
51
51
52 1. From the |RCE| interface, select
52 1. From the |RCE| interface, select
53 :menuselection:`Admin --> Settings --> Global`
53 :menuselection:`Admin --> Settings --> Global`
54 2. To add a message that will be displayed to all users,
54 2. To add a message that will be displayed to all users,
55 select :guilabel:`Server Announcement` from the drop-down menu and
55 select :guilabel:`Server Announcement` from the drop-down menu and
56 change the ``var message = "TYPE YOUR MESSAGE HERE";`` example line.
56 change the ``var message = "TYPE YOUR MESSAGE HERE";`` example line.
57 3. Select :guilabel:`Save`, and you will see the message once your page
57 3. Select :guilabel:`Save`, and you will see the message once your page
58 refreshes.
58 refreshes.
59
59
60 .. image:: ../images/server-wide-announcement.png
60 .. image:: ../images/server-wide-announcement.png
61 :alt: Server Wide Announcement
61 :alt: Server Wide Announcement
62
62
63 .. _md-rst:
63 .. _md-rst:
64
64
65
65
66 Suppress license warnings or errors
66 Suppress license warnings or errors
67 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
67 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
68
68
69 In case you're running on maximum allowed users, RhodeCode will display a
69 In case you're running on maximum allowed users, RhodeCode will display a
70 warning message on pages that you're close to the license limits.
70 warning message on pages that you're close to the license limits.
71 It's often not desired to show that all the time. Here's how you can suppress
71 It's often not desired to show that all the time. Here's how you can suppress
72 the license messages.
72 the license messages.
73
73
74 1. From the |RCE| interface, select
74 1. From the |RCE| interface, select
75 :menuselection:`Admin --> Settings --> Global`
75 :menuselection:`Admin --> Settings --> Global`
76 2. Select :guilabel:`Flash message filtering` from the drop-down menu.
76 2. Select :guilabel:`Flash message filtering` from the drop-down menu.
77 3. Select :guilabel:`Save`, and you will no longer see the license message
77 3. Select :guilabel:`Save`, and you will no longer see the license message
78 once your page refreshes.
78 once your page refreshes.
79
79
80 .. _admin-tricks-suppress-license-messages:
80 .. _admin-tricks-suppress-license-messages:
81
81
82
82
83 Markdown or RST Rendering
83 Markdown or RST Rendering
84 ^^^^^^^^^^^^^^^^^^^^^^^^^
84 ^^^^^^^^^^^^^^^^^^^^^^^^^
85
85
86 |RCE| can use `Markdown`_ or `reStructured Text`_ in commit message,
86 |RCE| can use `Markdown`_ or `reStructured Text`_ in commit message,
87 code review messages, and inline comments. To set the default to either,
87 code review messages, and inline comments. To set the default to either,
88 select your preference from the drop-down menu on the
88 select your preference from the drop-down menu on the
89 :menuselection:`Admin --> Settings --> Visual` page and select
89 :menuselection:`Admin --> Settings --> Visual` page and select
90 :guilabel:`Save settings`.
90 :guilabel:`Save settings`.
91
91
92 .. _repo-stats:
92 .. _repo-stats:
93
93
94 Enabling Repository Statistics
94 Enabling Repository Statistics
95 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
95 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
96
96
97 To enable |repo| statistics, use the following steps:
97 To enable |repo| statistics, use the following steps:
98
98
99 1. From the |RCE| interface, open
99 1. From the |RCE| interface, open
100 :menuselection:`Admin --> Repositories` and select
100 :menuselection:`Admin --> Repositories` and select
101 :guilabel:`Edit` beside the |repo| for which you wish to enable statistics.
101 :guilabel:`Edit` beside the |repo| for which you wish to enable statistics.
102 2. Check the :guilabel:`Enable statistics` box, and select :guilabel:`Save`
102 2. Check the :guilabel:`Enable statistics` box, and select :guilabel:`Save`
103
103
104 .. _server-side-merge:
104 .. _server-side-merge:
105
105
106 Enabling Server-side Merging
106 Enabling Server-side Merging
107 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
107 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
108
108
109 To enable server-side merging, use the following steps:
109 To enable server-side merging, use the following steps:
110
110
111 1. From the |RCE| interface, open :menuselection:`Admin --> Settings --> VCS`
111 1. From the |RCE| interface, open :menuselection:`Admin --> Settings --> VCS`
112 2. Check the :guilabel:`Server-side merge` box, and select
112 2. Check the :guilabel:`Server-side merge` box, and select
113 :guilabel:`Save Settings`
113 :guilabel:`Save Settings`
114
114
115 If you encounter slow performance with server-side merging enabled, check the
115 If you encounter slow performance with server-side merging enabled, check the
116 speed at which your server is performing actions. When server-side merging is
116 speed at which your server is performing actions. When server-side merging is
117 enabled, the following actions occurs on the server.
117 enabled, the following actions occurs on the server.
118
118
119 * A |pr| is created in the database.
119 * A |pr| is created in the database.
120 * A shadow |repo| is created as a working environment for the |pr|.
120 * A shadow |repo| is created as a working environment for the |pr|.
121 * On display, |RCE| checks if the |pr| can be merged.
121 * On display, |RCE| checks if the |pr| can be merged.
122
122
123 To check how fast the shadow |repo| creation is occurring on your server, use
123 To check how fast the shadow |repo| creation is occurring on your server, use
124 the following steps:
124 the following steps:
125
125
126 1. Log into your server and create a directory in your |repos| folder.
126 1. Log into your server and create a directory in your |repos| folder.
127 2. Clone a |repo| that is showing slow performance and time the action.
127 2. Clone a |repo| that is showing slow performance and time the action.
128
128
129 .. code-block:: bash
129 .. code-block:: bash
130
130
131 # One option is to use the time command
131 # One option is to use the time command
132 $ time hg clone SOURCE_REPO TARGET
132 $ time hg clone SOURCE_REPO TARGET
133
133
134 .. _remap-rescan:
134 .. _remap-rescan:
135
135
136 Remap and Rescan Repositories
136 Remap and Rescan Repositories
137 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
137 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
138
138
139 You may want to Remap and rescan the |repos| that |RCE| is managing to ensure
139 You may want to Remap and rescan the |repos| that |RCE| is managing to ensure
140 the system is always up-to-date. This is useful after importing, deleting,
140 the system is always up-to-date. This is useful after importing, deleting,
141 or carrying out general cleaning up operations. To do this use the
141 or carrying out general cleaning up operations. To do this use the
142 following steps:
142 following steps:
143
143
144 1. From the |RCE|, open
144 1. From the |RCE|, open
145 :menuselection:`Admin --> Settings --> Remap and rescan`
145 :menuselection:`Admin --> Settings --> Remap and rescan`
146 2. Click :guilabel:`Rescan Repositories`
146 2. Click :guilabel:`Rescan Repositories`
147
147
148 Check the additional options if needed:
148 Check the additional options if needed:
149
149
150 * :guilabel:`Destroy old data`: Useful for purging deleted repository
150 * :guilabel:`Destroy old data`: Useful for purging deleted repository
151 information from the database.
151 information from the database.
152 * :guilabel:`Invalidate cache for all repositories`: Use this to completely
152 * :guilabel:`Invalidate cache for all repositories`: Use this to completely
153 remap all |repos|. Useful when importing or migrating |repos| to ensure all
153 remap all |repos|. Useful when importing or migrating |repos| to ensure all
154 new information is picked up.
154 new information is picked up.
155
155
156 .. _custom-hooks:
156 .. _custom-hooks:
157
157
158 Adding Custom Hooks
158 Adding Custom Hooks
159 ^^^^^^^^^^^^^^^^^^^
159 ^^^^^^^^^^^^^^^^^^^
160
160
161 To add custom hooks to your instance, use the following steps:
161 To add custom hooks to your instance, use the following steps:
162
162
163 1. Open :menuselection:`Admin --> Settings --> Hooks`
163 1. Open :menuselection:`Admin --> Settings --> Hooks`
164 2. Add your custom hook details, you can use a file path to specify custom
164 2. Add your custom hook details, you can use a file path to specify custom
165 hook scripts, for example:
165 hook scripts, for example:
166 ``pretxnchangegroup.example`` with value ``python:/path/to/custom_hook.py:my_func_name``
166 ``pretxnchangegroup.example`` with value ``python:/path/to/custom_hook.py:my_func_name``
167 3. Select :guilabel:`Save`
167 3. Select :guilabel:`Save`
168
168
169 Also, see the |RC| Extensions section of the :ref:`rc-tools` guide. |RC|
169 Also, see the RhodeCode Extensions section of the :ref:`rc-tools` guide. RhodeCode
170 Extensions can be used to add additional hooks to your instance and comes
170 Extensions can be used to add additional hooks to your instance and comes
171 with a number of pre-built plugins if you chose to install them.
171 with a number of pre-built plugins if you chose to install them.
172
172
173 .. _clear-repo-cache:
173 .. _clear-repo-cache:
174
174
175 Clearing |repo| cache
175 Clearing |repo| cache
176 ^^^^^^^^^^^^^^^^^^^^^
176 ^^^^^^^^^^^^^^^^^^^^^
177
177
178 If you need to clear the cache for a particular |repo|, use the following steps:
178 If you need to clear the cache for a particular |repo|, use the following steps:
179
179
180 1. Open :menuselection:`Admin --> Repositories` and select :guilabel:`Edit`
180 1. Open :menuselection:`Admin --> Repositories` and select :guilabel:`Edit`
181 beside the |repo| whose cache you wish to clear.
181 beside the |repo| whose cache you wish to clear.
182 2. On the |repo| settings page, go to the :guilabel:`Caches` tab and select
182 2. On the |repo| settings page, go to the :guilabel:`Caches` tab and select
183 :guilabel:`Invalidate repository cache`.
183 :guilabel:`Invalidate repository cache`.
184
184
185 .. _set-lang:
185 .. _set-lang:
186
186
187 Changing Default Language
187 Changing Default Language
188 ^^^^^^^^^^^^^^^^^^^^^^^^^
188 ^^^^^^^^^^^^^^^^^^^^^^^^^
189
189
190 To change the default language of a |RCE| instance, change the language code
190 To change the default language of a |RCE| instance, change the language code
191 in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. To
191 in the :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. To
192 do this, use the following steps.
192 do this, use the following steps.
193
193
194 1. Open the :file:`rhodecode.ini` file and set the required language code.
194 1. Open the :file:`rhodecode.ini` file and set the required language code.
195
195
196 .. code-block:: ini
196 .. code-block:: ini
197
197
198 ## Optional Languages
198 ## Optional Languages
199 ## en(default), de, fr, it, ja, pl, pt, ru, zh
199 ## en(default), de, fr, it, ja, pl, pt, ru, zh
200 lang = de
200 lang = de
201
201
202 2. Restart the |RCE| instance and check that the language has been updated.
202 2. Restart the |RCE| instance and check that the language has been updated.
203
203
204 .. code-block:: bash
204 .. code-block:: bash
205
205
206 $ rccontrol restart enterprise-2
206 $ rccontrol restart enterprise-2
207 Instance "enterprise-2" successfully stopped.
207 Instance "enterprise-2" successfully stopped.
208 Instance "enterprise-2" successfully started.
208 Instance "enterprise-2" successfully started.
209
209
210 .. image:: ../images/language.png
210 .. image:: ../images/language.png
211
211
212 .. _set-repo-pub:
212 .. _set-repo-pub:
213
213
214 Setting Repositories to Publish
214 Setting Repositories to Publish
215 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
215 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
216
216
217 To automatically promote your local |repos| to public after pushing to |RCE|,
217 To automatically promote your local |repos| to public after pushing to |RCE|,
218 enable the :guilabel:`Set repositories as publishing` option on the
218 enable the :guilabel:`Set repositories as publishing` option on the
219 :menuselection:`Admin --> Settings --> VCS` page.
219 :menuselection:`Admin --> Settings --> VCS` page.
220
220
221 .. note::
221 .. note::
222
222
223 This option is enabled by default on most |RCE| versions, but if upgrading
223 This option is enabled by default on most |RCE| versions, but if upgrading
224 from a 1.7.x version it could be disabled on upgrade due to inheriting
224 from a 1.7.x version it could be disabled on upgrade due to inheriting
225 older default settings.
225 older default settings.
226
226
227 .. _ping:
227 .. _ping:
228
228
229 Pinging the |RCE| Server
229 Pinging the |RCE| Server
230 ^^^^^^^^^^^^^^^^^^^^^^^^
230 ^^^^^^^^^^^^^^^^^^^^^^^^
231
231
232 You can check the IP Address of your |RCE| instance using the
232 You can check the IP Address of your |RCE| instance using the
233 following URL: ``{instance-URL}/_admin/ping``.
233 following URL: ``{instance-URL}/_admin/ping``.
234
234
235 .. code-block:: bash
235 .. code-block:: bash
236
236
237 $ curl https://your.rhodecode.url/_admin/ping
237 $ curl https://your.rhodecode.url/_admin/ping
238 pong[rce-7880] => 203.0.113.23
238 pong[rce-7880] => 203.0.113.23
239
239
240 .. _Markdown: http://daringfireball.net/projects/markdown/
240 .. _Markdown: http://daringfireball.net/projects/markdown/
241 .. _reStructured Text: http://docutils.sourceforge.net/docs/index.html
241 .. _reStructured Text: http://docutils.sourceforge.net/docs/index.html
@@ -1,55 +1,55
1 .. _apache-wsgi-ref:
1 .. _apache-wsgi-ref:
2
2
3 Apache WSGI Configuration
3 Apache WSGI Configuration
4 ^^^^^^^^^^^^^^^^^^^^^^^^^
4 ^^^^^^^^^^^^^^^^^^^^^^^^^
5
5
6 |RCM| can also be set up with Apache under ``mod_wsgi``. To configure this
6 |RCE| can also be set up with Apache under ``mod_wsgi``. To configure this
7 use the following steps.
7 use the following steps.
8
8
9 1. Install ``mod_wsgi`` using the following command:
9 1. Install ``mod_wsgi`` using the following command:
10 ``aptitude install libapache2-mod-wsgi``.
10 ``aptitude install libapache2-mod-wsgi``.
11 2. Enable ``mod_wsgi`` using the following command: ``a2enmod wsgi``
11 2. Enable ``mod_wsgi`` using the following command: ``a2enmod wsgi``
12 3. Create a ``wsgi`` dispatch script, using the following examples.
12 3. Create a ``wsgi`` dispatch script, using the following examples.
13
13
14 .. code-block:: bash
14 .. code-block:: bash
15
15
16 WSGIDaemonProcess pylons \
16 WSGIDaemonProcess pylons \
17 threads=4 \
17 threads=4 \
18 # check the python virtual env location
18 # check the python virtual env location
19 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
19 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
20 # Check the install location
20 # Check the install location
21 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
21 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
22 WSGIPassAuthorization On
22 WSGIPassAuthorization On
23 # user=www-data group=www-data # Enable if running Apache as root
23 # user=www-data group=www-data # Enable if running Apache as root
24
24
25 .. note::
25 .. note::
26
26
27 Do not set ``processes=num`` in this configuration file. Running |RCE| in
27 Do not set ``processes=num`` in this configuration file. Running |RCE| in
28 multiprocess mode with Apache is not supported.
28 multiprocess mode with Apache is not supported.
29
29
30 The following is an example ``wsgi`` dispatch script.
30 The following is an example ``wsgi`` dispatch script.
31
31
32 .. code-block:: python
32 .. code-block:: python
33
33
34 import os
34 import os
35 os.environ["HGENCODING"] = "UTF-8"
35 os.environ["HGENCODING"] = "UTF-8"
36 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
36 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
37
37
38 # Set the current dir
38 # Set the current dir
39 os.chdir('/home/web/rhodecode/')
39 os.chdir('/home/web/rhodecode/')
40
40
41 import site
41 import site
42 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
42 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
43
43
44 from paste.deploy import loadapp
44 from paste.deploy import loadapp
45 from paste.script.util.logging_config import fileConfig
45 from paste.script.util.logging_config import fileConfig
46
46
47 fileConfig('/home/web/rhodecode/production.ini')
47 fileConfig('/home/web/rhodecode/production.ini')
48 application = loadapp('config:/home/web/rhodecode/production.ini')
48 application = loadapp('config:/home/web/rhodecode/production.ini')
49
49
50 .. note::
50 .. note::
51
51
52 When using `mod_wsgi` the same version of |hg| must be running in your
52 When using `mod_wsgi` the same version of |hg| must be running in your
53 system's |PY| environment and on |RCM|. To check the |RCM| version,
53 system's |PY| environment and on |RCE|. To check the |RCE| version,
54 on the interface go to
54 on the interface go to
55 :menuselection:`Admin --> Settings --> System Info`
55 :menuselection:`Admin --> Settings --> System Info`
@@ -1,74 +1,74
1 .. _config-files:
1 .. _config-files:
2
2
3 Configuration Files Overview
3 Configuration Files Overview
4 ============================
4 ============================
5
5
6 |RCE| and |RCC| have a number of different configuration files. The following
6 |RCE| and |RCC| have a number of different configuration files. The following
7 is a brief explanation of each, and links to their associated configuration
7 is a brief explanation of each, and links to their associated configuration
8 sections.
8 sections.
9
9
10 .. rst-class:: dl-horizontal
10 .. rst-class:: dl-horizontal
11
11
12 \- **rhodecode.ini**
12 \- **rhodecode.ini**
13 Default location:
13 Default location:
14 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
14 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
15
15
16 This is the main |RCE| configuration file and controls much of its
16 This is the main |RCE| configuration file and controls much of its
17 default behaviour. It is also used to configure certain customer
17 default behaviour. It is also used to configure certain customer
18 settings. Here are some of the most common reasons to make changes to
18 settings. Here are some of the most common reasons to make changes to
19 this file.
19 this file.
20
20
21 * :ref:`config-database`
21 * :ref:`config-database`
22 * :ref:`set-up-mail`
22 * :ref:`set-up-mail`
23 * :ref:`increase-gunicorn`
23 * :ref:`increase-gunicorn`
24 * :ref:`x-frame`
24 * :ref:`x-frame`
25
25
26 \- **mapping.ini**
26 \- **mapping.ini**
27 Default location:
27 Default location:
28 :file:`/home/{user}/.rccontrol/{instance-id}/mapping.ini`
28 :file:`/home/{user}/.rccontrol/{instance-id}/mapping.ini`
29
29
30 This file is used to control the |RCE| indexer. It comes configured
30 This file is used to control the |RCE| indexer. It comes configured
31 to index your instance. To change the default configuration, see
31 to index your instance. To change the default configuration, see
32 :ref:`advanced-indexing`.
32 :ref:`advanced-indexing`.
33
33
34 \- **vcsserver.ini**
34 \- **vcsserver.ini**
35 Default location:
35 Default location:
36 :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini`
36 :file:`/home/{user}/.rccontrol/{vcsserver-id}/vcsserver.ini`
37
37
38 The VCS Server handles the connection between your |repos| and |RCE|.
38 The VCS Server handles the connection between your |repos| and |RCE|.
39 See the :ref:`vcs-server` section for configuration options and more
39 See the :ref:`vcs-server` section for configuration options and more
40 detailed information.
40 detailed information.
41
41
42 \- **supervisord.ini**
42 \- **supervisord.ini**
43 Default location:
43 Default location:
44 :file:`/home/{user}/.rccontrol/supervisor/supervisord.ini`
44 :file:`/home/{user}/.rccontrol/supervisor/supervisord.ini`
45
45
46 |RCC| uses Supervisor to monitor and manage installed instances of
46 |RCC| uses Supervisor to monitor and manage installed instances of
47 |RCE| and the VCS Server. |RCC| will manage this file completely,
47 |RCE| and the VCS Server. |RCC| will manage this file completely,
48 unless you install |RCE| in self-managed mode. For more information,
48 unless you install |RCE| in self-managed mode. For more information,
49 see the :ref:`Supervisor Setup<control:supervisor-setup>` section.
49 see the :ref:`Supervisor Setup<control:supervisor-setup>` section.
50
50
51 \- **.rccontrol.ini**
51 \- **.rccontrol.ini**
52 Default location: :file:`/home/{user}/.rccontrol.ini`
52 Default location: :file:`/home/{user}/.rccontrol.ini`
53
53
54 This file contains the instances that |RCC| starts at boot, which is all
54 This file contains the instances that |RCC| starts at boot, which is all
55 by default, but for more information, see
55 by default, but for more information, see
56 the :ref:`Manually Start At Boot <control:set-start-boot>` section.
56 the :ref:`Manually Start At Boot <control:set-start-boot>` section.
57
57
58 \- **.rhoderc**
58 \- **.rhoderc**
59 Default location: :file:`/home/{user}/.rhoderc`
59 Default location: :file:`/home/{user}/.rhoderc`
60
60
61 This file is used by the |RCE| API when accessing an instance from a
61 This file is used by the |RCE| API when accessing an instance from a
62 remote machine. The API checks this file for connection and
62 remote machine. The API checks this file for connection and
63 authentication details. For more details, see the :ref:`config-rhoderc`
63 authentication details. For more details, see the :ref:`config-rhoderc`
64 section.
64 section.
65
65
66 \- **MANIFEST**
66 \- **MANIFEST**
67 Default location: :file:`/home/{user}/.rccontrol/cache/MANIFEST`
67 Default location: :file:`/home/{user}/.rccontrol/cache/MANIFEST`
68
68
69 |RCC| uses this file to source the latest available builds from the
69 |RCC| uses this file to source the latest available builds from the
70 secure |RC| download channels. The only reason to mess with this file
70 secure RhodeCode download channels. The only reason to mess with this file
71 is if you need to do an offline installation,
71 is if you need to do an offline installation,
72 see the :ref:`Offline Installation<control:offline-installer-ref>`
72 see the :ref:`Offline Installation<control:offline-installer-ref>`
73 instructions, otherwise |RCC| will completely manage this file.
73 instructions, otherwise |RCC| will completely manage this file.
74
74
@@ -1,50 +1,50
1 .. _glossary:
1 .. _glossary:
2
2
3 Glossary
3 Glossary
4 ========
4 ========
5
5
6 .. glossary::
6 .. glossary::
7
7
8 DVCS
8 DVCS
9 Distributed Version Control System, usually referring to |git| or |hg|.
9 Distributed Version Control System, usually referring to |git| or |hg|.
10
10
11 Extension
11 Extension
12 An extension extends the capabilities of, or the data available to,
12 An extension extends the capabilities of, or the data available to,
13 an existing software application.
13 an existing software application.
14
14
15 Full-text Search
15 Full-text Search
16 Indexing all files and |repos| managed by |RCE| and
16 Indexing all files and |repos| managed by |RCE| and
17 making this data searchable from the interface.
17 making this data searchable from the interface.
18
18
19 Gist
19 Gist
20 A note that can only be edited by the author and shared using its
20 A note that can only be edited by the author and shared using its
21 link within others. The sharing permissions can be set during
21 link within others. The sharing permissions can be set during
22 its creation.
22 its creation.
23
23
24 Gunicorn
24 Gunicorn
25 A Python WSGI HTTP Server used by |RCE|.
25 A Python WSGI HTTP Server used by |RCE|.
26
26
27 Hook
27 Hook
28 A hook intercepts function calls, messages, or events passed between
28 A hook intercepts function calls, messages, or events passed between
29 software components and can be used to trigger plugins, or their
29 software components and can be used to trigger plugins, or their
30 extensions.
30 extensions.
31
31
32 Horizontal scaling
32 Horizontal scaling
33 Adding more machines or workers into your pool of resources.
33 Adding more machines or workers into your pool of resources.
34
34
35 Instance
35 Instance
36 A single installed version of one of the |RC| products. It could
36 A single installed version of one of the RhodeCode products. It could
37 refer to |RCE| or the VCS server depending on the context.
37 refer to |RCE| or the VCS server depending on the context.
38
38
39 Plugin
39 Plugin
40 A Plugin is software that adds a specific feature to an existing
40 A Plugin is software that adds a specific feature to an existing
41 software application.
41 software application.
42
42
43 tmpfs
43 tmpfs
44 Temporary file storage kept in volatile memory instead of persistent
44 Temporary file storage kept in volatile memory instead of persistent
45 storage.
45 storage.
46
46
47 VCS Server
47 VCS Server
48 The VCS Server handles the abstraction layer between the
48 The VCS Server handles the abstraction layer between the
49 supported version control systems and RhodeCode Enterprise.
49 supported version control systems and RhodeCode Enterprise.
50
50
@@ -1,276 +1,276
1 .. _indexing-ref:
1 .. _indexing-ref:
2
2
3 Full-text Search
3 Full-text Search
4 ----------------
4 ----------------
5
5
6 By default |RC