##// END OF EJS Templates
Change IRC channel and Twitter account; remove google group
Bradley M. Kuhn -
r4180:08af8038 kallithea-2.2.5-r...
parent child Browse files
Show More
@@ -1,42 +1,42 b''
1 1 language: python
2 2 python:
3 3 - "2.5"
4 4 - "2.6"
5 5 - "2.7"
6 6
7 7 env:
8 8 - TEST_DB=sqlite:////tmp/rhodecode_test.sqlite
9 9 - TEST_DB=mysql://root@127.0.0.1/rhodecode_test
10 10 - TEST_DB=postgresql://postgres@127.0.0.1/rhodecode_test
11 11
12 12 services:
13 13 - mysql
14 14 - postgresql
15 15
16 16 # command to install dependencies
17 17 before_script:
18 18 - mysql -e 'create database rhodecode_test;'
19 19 - psql -c 'create database rhodecode_test;' -U postgres
20 20 - git --version
21 21
22 22 before_install:
23 23 - sudo apt-get remove git
24 24 - sudo add-apt-repository ppa:pdoes/ppa -y
25 25 - sudo apt-get update -y
26 26 - sudo apt-get install git -y
27 27
28 28 install:
29 29 - pip install mysql-python psycopg2 mock unittest2
30 30 - pip install . --use-mirrors
31 31
32 32 # command to run tests
33 33 script: nosetests
34 34
35 35 notifications:
36 36 email:
37 37 - marcinkuz@gmail.com
38 irc: "irc.freenode.org#rhodecode"
38 irc: "irc.freenode.org#kallithea"
39 39
40 40 branches:
41 41 only:
42 42 - master
@@ -1,176 +1,172 b''
1 1 =========
2 2 RhodeCode
3 3 =========
4 4
5 5 About
6 6 -----
7 7
8 8 ``RhodeCode`` is a fast and powerful management tool for Mercurial_ and GIT_
9 9 with a built in push/pull server, full text search and code-review.
10 10 It works on http/https and has a built in permission/authentication system with
11 11 the ability to authenticate via LDAP or ActiveDirectory. RhodeCode also provides
12 12 simple API so it's easy integrable with existing external systems.
13 13
14 14 RhodeCode is similar in some respects to github_ or bitbucket_,
15 15 however RhodeCode can be run as standalone hosted application on your own server.
16 16 It is open source and donation ware and focuses more on providing a customized,
17 17 self administered interface for Mercurial_ and GIT_ repositories.
18 18 RhodeCode works on \*nix systems and Windows it is powered by a vcs_ library
19 19 that Lukasz Balcerzak and Marcin Kuzminski created to handle multiple
20 20 different version control systems.
21 21
22 22 RhodeCode uses `PEP386 versioning <http://www.python.org/dev/peps/pep-0386/>`_
23 23
24 24 Installation
25 25 ------------
26 26 Stable releases of RhodeCode are best installed via::
27 27
28 28 easy_install rhodecode
29 29
30 30 Or::
31 31
32 32 pip install rhodecode
33 33
34 34 Detailed instructions and links may be found on the Installation page.
35 35
36 36 Please visit http://packages.python.org/RhodeCode/installation.html for
37 37 more details
38 38
39 39 RhodeCode demo
40 40 --------------
41 41
42 42 http://demo.rhodecode.org
43 43
44 44 The default access is anonymous but you can login to an administrative account
45 45 using the following credentials:
46 46
47 47 - username: demo
48 48 - password: demo12
49 49
50 50 Source code
51 51 -----------
52 52
53 53 The latest sources can be obtained from https://kallithea-scm.org/repos/kallithea
54 54
55 55
56 56 MIRRORS:
57 57
58 58 Issue tracker and sources at bitbucket_
59 59
60 60 https://bitbucket.org/conservancy/kallithea
61 61
62 62
63 63
64 64 RhodeCode Features
65 65 ------------------
66 66
67 67 - Has its own middleware to handle mercurial_ and git_ protocol requests.
68 68 Each request is authenticated and logged together with IP address.
69 69 - Build for speed and performance. You can make multiple pulls/pushes simultaneous.
70 70 Proven to work with 1000s of repositories and users
71 71 - Supports http/https, LDAP, AD, proxy-pass authentication.
72 72 - Full permissions (private/read/write/admin) together with IP restrictions for each repository,
73 73 additional explicit forking, repositories group and repository creation permissions.
74 74 - User groups for easier permission management.
75 75 - Repository groups let you group repos and manage them easier. They come with
76 76 permission delegation features, so you can delegate groups management.
77 77 - Users can fork other users repos, and compare them at any time.
78 78 - Built in Gist functionality for sharing code snippets.
79 79 - Integrates easily with other systems, with custom created mappers you can connect it to almost
80 80 any issue tracker, and with an JSON-RPC API you can make much more
81 81 - Build in commit-api let's you add, edit and commit files right from RhodeCode
82 82 web interface using simple editor or upload binary files using simple form.
83 83 - Powerfull pull-request driven review system with inline commenting,
84 84 changeset statuses, and notification system.
85 85 - Importing and syncing repositories from remote locations for GIT_, Mercurial_ and SVN.
86 86 - Mako templates let's you customize the look and feel of the application.
87 87 - Beautiful diffs, annotations and source code browsing all colored by pygments.
88 88 Raw diffs are made in git-diff format for both VCS systems, including GIT_ binary-patches
89 89 - Mercurial_ and Git_ DAG graphs and yui-flot powered graphs with zooming and statistics
90 90 to track activity for repositories
91 91 - Admin interface with user/permission management. Admin activity journal, logs
92 92 pulls, pushes, forks, registrations and other actions made by all users.
93 93 - Server side forks. It is possible to fork a project and modify it freely
94 94 without breaking the main repository.
95 95 - rst and markdown README support for repositories.
96 96 - Full text search powered by Whoosh on the source files, commit messages, and file names.
97 97 Build in indexing daemons, with optional incremental index build
98 98 (no external search servers required all in one application)
99 99 - Setup project descriptions/tags and info inside built in db for easy, non
100 100 file-system operations.
101 101 - Intelligent cache with invalidation after push or project change, provides
102 102 high performance and always up to date data.
103 103 - RSS / Atom feeds, gravatar support, downloadable sources as zip/tar/gz
104 104 - Optional async tasks for speed and performance using celery_
105 105 - Backup scripts can do backup of whole app and send it over scp to desired
106 106 location
107 107 - Based on pylons / sqlalchemy / sqlite / whoosh / vcs
108 108
109 109
110 110 Incoming / Plans
111 111 ----------------
112 112
113 113 - Finer granular permissions per branch, or subrepo
114 114 - Web based merges for pull requests
115 115 - Tracking history for each lines in files
116 116 - Simple issue tracker
117 117 - SSH based authentication with server side key management
118 118 - Commit based built in wiki system
119 119 - More statistics and graph (global annotation + some more statistics)
120 120 - Other advancements as development continues (or you can of course make
121 121 additions and or requests)
122 122
123 123 License
124 124 -------
125 125
126 126 ``RhodeCode`` is released under the GPLv3 license.
127 127
128 128
129 129 Getting help
130 130 ------------
131 131
132 132 Listed bellow are various support resources that should help.
133 133
134 134 .. note::
135 135
136 136 Please try to read the documentation before posting any issues, especially
137 137 the **troubleshooting section**
138 138
139 - Join the `Google group <http://groups.google.com/group/rhodecode>`_ and ask
140 any questions.
141
142 139 - Open an issue at `issue tracker <https://bitbucket.org/conservancy/kallithea/issues>`_
143 140
144 - Join #rhodecode on FreeNode (irc.freenode.net)
145 or use http://webchat.freenode.net/?channels=rhodecode for web access to irc.
141 - Join #kallithea on FreeNode (irc.freenode.net)
142 or use http://webchat.freenode.net/?channels=kallithea for web access to irc.
146 143
147 - You can also follow me on twitter **@marcinkuzminski** where i often post some
148 news about RhodeCode
144 You can follow this project on Twitter, **@KallitheaSCM**.
149 145
150 146
151 147 Online documentation
152 148 --------------------
153 149
154 150 Online documentation for the current version of RhodeCode is available at
155 151 - http://packages.python.org/RhodeCode/
156 152 - http://rhodecode.readthedocs.org/en/latest/index.html
157 153
158 154 You may also build the documentation for yourself - go into ``docs/`` and run::
159 155
160 156 make html
161 157
162 158 (You need to have sphinx_ installed to build the documentation. If you don't
163 159 have sphinx_ installed you can install it via the command:
164 160 ``easy_install sphinx``)
165 161
166 162 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
167 163 .. _python: http://www.python.org/
168 164 .. _sphinx: http://sphinx.pocoo.org/
169 165 .. _mercurial: http://mercurial.selenic.com/
170 166 .. _bitbucket: http://bitbucket.org/
171 167 .. _github: http://github.com/
172 168 .. _subversion: http://subversion.tigris.org/
173 169 .. _git: http://git-scm.com/
174 170 .. _celery: http://celeryproject.org/
175 171 .. _Sphinx: http://sphinx.pocoo.org/
176 172 .. _vcs: http://pypi.python.org/pypi/vcs
@@ -1,746 +1,745 b''
1 1 .. _setup:
2 2
3 3 =====
4 4 Setup
5 5 =====
6 6
7 7
8 8 Setting up RhodeCode
9 9 --------------------
10 10
11 11 First, you will need to create a RhodeCode configuration file. Run the
12 12 following command to do this::
13 13
14 14 paster make-config RhodeCode production.ini
15 15
16 16 - This will create the file `production.ini` in the current directory. This
17 17 configuration file contains the various settings for RhodeCode, e.g proxy
18 18 port, email settings, usage of static files, cache, celery settings and
19 19 logging.
20 20
21 21
22 22 Next, you need to create the databases used by RhodeCode. I recommend that you
23 23 use postgresql or sqlite (default). If you choose a database other than the
24 24 default ensure you properly adjust the db url in your production.ini
25 25 configuration file to use this other database. RhodeCode currently supports
26 26 postgresql, sqlite and mysql databases. Create the database by running
27 27 the following command::
28 28
29 29 paster setup-rhodecode production.ini
30 30
31 31 This will prompt you for a "root" path. This "root" path is the location where
32 32 RhodeCode will store all of its repositories on the current machine. After
33 33 entering this "root" path ``setup-rhodecode`` will also prompt you for a username
34 34 and password for the initial admin account which ``setup-rhodecode`` sets
35 35 up for you.
36 36
37 37 setup process can be fully automated, example for lazy::
38 38
39 39 paster setup-rhodecode production.ini --user=marcink --password=secret --email=marcin@rhodecode.org --repos=/home/marcink/my_repos
40 40
41 41
42 42 - The ``setup-rhodecode`` command will create all of the needed tables and an
43 43 admin account. When choosing a root path you can either use a new empty
44 44 location, or a location which already contains existing repositories. If you
45 45 choose a location which contains existing repositories RhodeCode will simply
46 46 add all of the repositories at the chosen location to it's database.
47 47 (Note: make sure you specify the correct path to the root).
48 48 - Note: the given path for mercurial_ repositories **must** be write accessible
49 49 for the application. It's very important since the RhodeCode web interface
50 50 will work without write access, but when trying to do a push it will
51 51 eventually fail with permission denied errors unless it has write access.
52 52
53 53 You are now ready to use RhodeCode, to run it simply execute::
54 54
55 55 paster serve production.ini
56 56
57 57 - This command runs the RhodeCode server. The web app should be available at the
58 58 127.0.0.1:5000. This ip and port is configurable via the production.ini
59 59 file created in previous step
60 60 - Use the admin account you created above when running ``setup-rhodecode``
61 61 to login to the web app.
62 62 - The default permissions on each repository is read, and the owner is admin.
63 63 Remember to update these if needed.
64 64 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
65 65 well as edit more advanced options on users and repositories
66 66
67 67 Optionally users can create `rcextensions` package that extends RhodeCode
68 68 functionality. To do this simply execute::
69 69
70 70 paster make-rcext production.ini
71 71
72 72 This will create `rcextensions` package in the same place that your `ini` file
73 73 lives. With `rcextensions` it's possible to add additional mapping for whoosh,
74 74 stats and add additional code into the push/pull/create/delete repo hooks.
75 75 For example for sending signals to build-bots such as jenkins.
76 76 Please see the `__init__.py` file inside `rcextensions` package
77 77 for more details.
78 78
79 79
80 80 Using RhodeCode with SSH
81 81 ------------------------
82 82
83 83 RhodeCode currently only hosts repositories using http and https. (The addition
84 84 of ssh hosting is a planned future feature.) However you can easily use ssh in
85 85 parallel with RhodeCode. (Repository access via ssh is a standard "out of
86 86 the box" feature of mercurial_ and you can use this to access any of the
87 87 repositories that RhodeCode is hosting. See PublishingRepositories_)
88 88
89 89 RhodeCode repository structures are kept in directories with the same name
90 90 as the project. When using repository groups, each group is a subdirectory.
91 91 This allows you to easily use ssh for accessing repositories.
92 92
93 93 In order to use ssh you need to make sure that your web-server and the users
94 94 login accounts have the correct permissions set on the appropriate directories.
95 95 (Note that these permissions are independent of any permissions you have set up
96 96 using the RhodeCode web interface.)
97 97
98 98 If your main directory (the same as set in RhodeCode settings) is for example
99 99 set to **/home/hg** and the repository you are using is named `rhodecode`, then
100 100 to clone via ssh you should run::
101 101
102 102 hg clone ssh://user@server.com/home/hg/rhodecode
103 103
104 104 Using other external tools such as mercurial-server_ or using ssh key based
105 105 authentication is fully supported.
106 106
107 107 Note: In an advanced setup, in order for your ssh access to use the same
108 108 permissions as set up via the RhodeCode web interface, you can create an
109 109 authentication hook to connect to the rhodecode db and runs check functions for
110 110 permissions against that.
111 111
112 112 Setting up Whoosh full text search
113 113 ----------------------------------
114 114
115 115 Starting from version 1.1 the whoosh index can be build by using the paster
116 116 command ``make-index``. To use ``make-index`` you must specify the configuration
117 117 file that stores the location of the index. You may specify the location of the
118 118 repositories (`--repo-location`). If not specified, this value is retrieved
119 119 from the RhodeCode database. This was required prior to 1.2. Starting from
120 120 version 1.2 it is also possible to specify a comma separated list of
121 121 repositories (`--index-only`) to build index only on chooses repositories
122 122 skipping any other found in repos location
123 123
124 124 You may optionally pass the option `-f` to enable a full index rebuild. Without
125 125 the `-f` option, indexing will run always in "incremental" mode.
126 126
127 127 For an incremental index build use::
128 128
129 129 paster make-index production.ini
130 130
131 131 For a full index rebuild use::
132 132
133 133 paster make-index production.ini -f
134 134
135 135
136 136 building index just for chosen repositories is possible with such command::
137 137
138 138 paster make-index production.ini --index-only=vcs,rhodecode
139 139
140 140
141 141 In order to do periodical index builds and keep your index always up to date.
142 142 It's recommended to do a crontab entry for incremental indexing.
143 143 An example entry might look like this::
144 144
145 145 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
146 146
147 147 When using incremental mode (the default) whoosh will check the last
148 148 modification date of each file and add it to be reindexed if a newer file is
149 149 available. The indexing daemon checks for any removed files and removes them
150 150 from index.
151 151
152 152 If you want to rebuild index from scratch, you can use the `-f` flag as above,
153 153 or in the admin panel you can check `build from scratch` flag.
154 154
155 155
156 156 Setting up LDAP support
157 157 -----------------------
158 158
159 159 RhodeCode starting from version 1.1 supports ldap authentication. In order
160 160 to use LDAP, you have to install the python-ldap_ package. This package is
161 161 available via pypi, so you can install it by running
162 162
163 163 using easy_install::
164 164
165 165 easy_install python-ldap
166 166
167 167 using pip::
168 168
169 169 pip install python-ldap
170 170
171 171 .. note::
172 172 python-ldap requires some certain libs on your system, so before installing
173 173 it check that you have at least `openldap`, and `sasl` libraries.
174 174
175 175 LDAP settings are located in admin->ldap section,
176 176
177 177 Here's a typical ldap setup::
178 178
179 179 Connection settings
180 180 Enable LDAP = checked
181 181 Host = host.example.org
182 182 Port = 389
183 183 Account = <account>
184 184 Password = <password>
185 185 Connection Security = LDAPS connection
186 186 Certificate Checks = DEMAND
187 187
188 188 Search settings
189 189 Base DN = CN=users,DC=host,DC=example,DC=org
190 190 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
191 191 LDAP Search Scope = SUBTREE
192 192
193 193 Attribute mappings
194 194 Login Attribute = uid
195 195 First Name Attribute = firstName
196 196 Last Name Attribute = lastName
197 197 E-mail Attribute = mail
198 198
199 199 If your user groups are placed in a Organisation Unit (OU) structure the Search Settings configuration differs::
200 200
201 201 Search settings
202 202 Base DN = DC=host,DC=example,DC=org
203 203 LDAP Filter = (&(memberOf=CN=your user group,OU=subunit,OU=unit,DC=host,DC=example,DC=org)(objectClass=user))
204 204 LDAP Search Scope = SUBTREE
205 205
206 206 .. _enable_ldap:
207 207
208 208 Enable LDAP : required
209 209 Whether to use LDAP for authenticating users.
210 210
211 211 .. _ldap_host:
212 212
213 213 Host : required
214 214 LDAP server hostname or IP address. Can be also a comma separated
215 215 list of servers to support LDAP fail-over.
216 216
217 217 .. _Port:
218 218
219 219 Port : required
220 220 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
221 221
222 222 .. _ldap_account:
223 223
224 224 Account : optional
225 225 Only required if the LDAP server does not allow anonymous browsing of
226 226 records. This should be a special account for record browsing. This
227 227 will require `LDAP Password`_ below.
228 228
229 229 .. _LDAP Password:
230 230
231 231 Password : optional
232 232 Only required if the LDAP server does not allow anonymous browsing of
233 233 records.
234 234
235 235 .. _Enable LDAPS:
236 236
237 237 Connection Security : required
238 238 Defines the connection to LDAP server
239 239
240 240 No encryption
241 241 Plain non encrypted connection
242 242
243 243 LDAPS connection
244 244 Enable ldaps connection. It will likely require `Port`_ to be set to
245 245 a different value (standard LDAPS port is 636). When LDAPS is enabled
246 246 then `Certificate Checks`_ is required.
247 247
248 248 START_TLS on LDAP connection
249 249 START TLS connection
250 250
251 251 .. _Certificate Checks:
252 252
253 253 Certificate Checks : optional
254 254 How SSL certificates verification is handled - this is only useful when
255 255 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
256 256 while the other options are susceptible to man-in-the-middle attacks. SSL
257 257 certificates can be installed to /etc/openldap/cacerts so that the
258 258 DEMAND or HARD options can be used with self-signed certificates or
259 259 certificates that do not have traceable certificates of authority.
260 260
261 261 NEVER
262 262 A serve certificate will never be requested or checked.
263 263
264 264 ALLOW
265 265 A server certificate is requested. Failure to provide a
266 266 certificate or providing a bad certificate will not terminate the
267 267 session.
268 268
269 269 TRY
270 270 A server certificate is requested. Failure to provide a
271 271 certificate does not halt the session; providing a bad certificate
272 272 halts the session.
273 273
274 274 DEMAND
275 275 A server certificate is requested and must be provided and
276 276 authenticated for the session to proceed.
277 277
278 278 HARD
279 279 The same as DEMAND.
280 280
281 281 .. _Base DN:
282 282
283 283 Base DN : required
284 284 The Distinguished Name (DN) where searches for users will be performed.
285 285 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
286 286
287 287 .. _LDAP Filter:
288 288
289 289 LDAP Filter : optional
290 290 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
291 291 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
292 292 which LDAP objects are identified as representing Users for
293 293 authentication. The filter is augmented by `Login Attribute`_ below.
294 294 This can commonly be left blank.
295 295
296 296 .. _LDAP Search Scope:
297 297
298 298 LDAP Search Scope : required
299 299 This limits how far LDAP will search for a matching object.
300 300
301 301 BASE
302 302 Only allows searching of `Base DN`_ and is usually not what you
303 303 want.
304 304
305 305 ONELEVEL
306 306 Searches all entries under `Base DN`_, but not Base DN itself.
307 307
308 308 SUBTREE
309 309 Searches all entries below `Base DN`_, but not Base DN itself.
310 310 When using SUBTREE `LDAP Filter`_ is useful to limit object
311 311 location.
312 312
313 313 .. _Login Attribute:
314 314
315 315 Login Attribute : required
316 316 The LDAP record attribute that will be matched as the USERNAME or
317 317 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
318 318 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
319 319 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
320 320 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
321 321 ::
322 322
323 323 (&(LDAPFILTER)(uid=jsmith))
324 324
325 325 .. _ldap_attr_firstname:
326 326
327 327 First Name Attribute : required
328 328 The LDAP record attribute which represents the user's first name.
329 329
330 330 .. _ldap_attr_lastname:
331 331
332 332 Last Name Attribute : required
333 333 The LDAP record attribute which represents the user's last name.
334 334
335 335 .. _ldap_attr_email:
336 336
337 337 Email Attribute : required
338 338 The LDAP record attribute which represents the user's email address.
339 339
340 340 If all data are entered correctly, and python-ldap_ is properly installed
341 341 users should be granted access to RhodeCode with ldap accounts. At this
342 342 time user information is copied from LDAP into the RhodeCode user database.
343 343 This means that updates of an LDAP user object may not be reflected as a
344 344 user update in RhodeCode.
345 345
346 346 If You have problems with LDAP access and believe You entered correct
347 347 information check out the RhodeCode logs, any error messages sent from LDAP
348 348 will be saved there.
349 349
350 350 Active Directory
351 351 ''''''''''''''''
352 352
353 353 RhodeCode can use Microsoft Active Directory for user authentication. This
354 354 is done through an LDAP or LDAPS connection to Active Directory. The
355 355 following LDAP configuration settings are typical for using Active
356 356 Directory ::
357 357
358 358 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
359 359 Login Attribute = sAMAccountName
360 360 First Name Attribute = givenName
361 361 Last Name Attribute = sn
362 362 E-mail Attribute = mail
363 363
364 364 All other LDAP settings will likely be site-specific and should be
365 365 appropriately configured.
366 366
367 367
368 368 Authentication by container or reverse-proxy
369 369 --------------------------------------------
370 370
371 371 Starting with version 1.3, RhodeCode supports delegating the authentication
372 372 of users to its WSGI container, or to a reverse-proxy server through which all
373 373 clients access the application.
374 374
375 375 When these authentication methods are enabled in RhodeCode, it uses the
376 376 username that the container/proxy (Apache/Nginx/etc) authenticated and doesn't
377 377 perform the authentication itself. The authorization, however, is still done by
378 378 RhodeCode according to its settings.
379 379
380 380 When a user logs in for the first time using these authentication methods,
381 381 a matching user account is created in RhodeCode with default permissions. An
382 382 administrator can then modify it using RhodeCode's admin interface.
383 383 It's also possible for an administrator to create accounts and configure their
384 384 permissions before the user logs in for the first time.
385 385
386 386 Container-based authentication
387 387 ''''''''''''''''''''''''''''''
388 388
389 389 In a container-based authentication setup, RhodeCode reads the user name from
390 390 the ``REMOTE_USER`` server variable provided by the WSGI container.
391 391
392 392 After setting up your container (see `Apache's WSGI config`_), you'd need
393 393 to configure it to require authentication on the location configured for
394 394 RhodeCode.
395 395
396 396 In order for RhodeCode to start using the provided username, you should set the
397 397 following in the [app:main] section of your .ini file::
398 398
399 399 container_auth_enabled = true
400 400
401 401
402 402 Proxy pass-through authentication
403 403 '''''''''''''''''''''''''''''''''
404 404
405 405 In a proxy pass-through authentication setup, RhodeCode reads the user name
406 406 from the ``X-Forwarded-User`` request header, which should be configured to be
407 407 sent by the reverse-proxy server.
408 408
409 409 After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,
410 410 `Apache as subdirectory`_ or `Nginx virtual host example`_), you'd need to
411 411 configure the authentication and add the username in a request header named
412 412 ``X-Forwarded-User``.
413 413
414 414 For example, the following config section for Apache sets a subdirectory in a
415 415 reverse-proxy setup with basic auth::
416 416
417 417 <Location /<someprefix> >
418 418 ProxyPass http://127.0.0.1:5000/<someprefix>
419 419 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
420 420 SetEnvIf X-Url-Scheme https HTTPS=1
421 421
422 422 AuthType Basic
423 423 AuthName "RhodeCode authentication"
424 424 AuthUserFile /home/web/rhodecode/.htpasswd
425 425 require valid-user
426 426
427 427 RequestHeader unset X-Forwarded-User
428 428
429 429 RewriteEngine On
430 430 RewriteCond %{LA-U:REMOTE_USER} (.+)
431 431 RewriteRule .* - [E=RU:%1]
432 432 RequestHeader set X-Forwarded-User %{RU}e
433 433 </Location>
434 434
435 435 In order for RhodeCode to start using the forwarded username, you should set
436 436 the following in the [app:main] section of your .ini file::
437 437
438 438 proxypass_auth_enabled = true
439 439
440 440 .. note::
441 441 If you enable proxy pass-through authentication, make sure your server is
442 442 only accessible through the proxy. Otherwise, any client would be able to
443 443 forge the authentication header and could effectively become authenticated
444 444 using any account of their liking.
445 445
446 446 Integration with Issue trackers
447 447 -------------------------------
448 448
449 449 RhodeCode provides a simple integration with issue trackers. It's possible
450 450 to define a regular expression that will fetch issue id stored in commit
451 451 messages and replace that with an url to this issue. To enable this simply
452 452 uncomment following variables in the ini file::
453 453
454 454 issue_pat = (?:^#|\s#)(\w+)
455 455 issue_server_link = https://myissueserver.com/{repo}/issue/{id}
456 456 issue_prefix = #
457 457
458 458 `issue_pat` is the regular expression that will fetch issues from commit messages.
459 459 Default regex will match issues in format of #<number> eg. #300.
460 460
461 461 Matched issues will be replace with the link specified as `issue_server_link`
462 462 {id} will be replaced with issue id, and {repo} with repository name.
463 463 Since the # is striped `issue_prefix` is added as a prefix to url.
464 464 `issue_prefix` can be something different than # if you pass
465 465 ISSUE- as issue prefix this will generate an url in format::
466 466
467 467 <a href="https://myissueserver.com/example_repo/issue/300">ISSUE-300</a>
468 468
469 469 Hook management
470 470 ---------------
471 471
472 472 Hooks can be managed in similar way to this used in .hgrc files.
473 473 To access hooks setting click `advanced setup` on Hooks section of Mercurial
474 474 Settings in Admin.
475 475
476 476 There are 4 built in hooks that cannot be changed (only enable/disable by
477 477 checkboxes on previos section).
478 478 To add another custom hook simply fill in first section with
479 479 <name>.<hook_type> and the second one with hook path. Example hooks
480 480 can be found at *rhodecode.lib.hooks*.
481 481
482 482
483 483 Changing default encoding
484 484 -------------------------
485 485
486 486 By default RhodeCode uses utf8 encoding, starting from 1.3 series this
487 487 can be changed, simply edit default_encoding in .ini file to desired one.
488 488 This affects many parts in rhodecode including committers names, filenames,
489 489 encoding of commit messages. In addition RhodeCode can detect if `chardet`
490 490 library is installed. If `chardet` is detected RhodeCode will fallback to it
491 491 when there are encode/decode errors.
492 492
493 493
494 494 Setting Up Celery
495 495 -----------------
496 496
497 497 Since version 1.1 celery is configured by the rhodecode ini configuration files.
498 498 Simply set use_celery=true in the ini file then add / change the configuration
499 499 variables inside the ini file.
500 500
501 501 Remember that the ini files use the format with '.' not with '_' like celery.
502 502 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
503 503 the config file.
504 504
505 505 In order to start using celery run::
506 506
507 507 paster celeryd <configfile.ini>
508 508
509 509
510 510 .. note::
511 511 Make sure you run this command from the same virtualenv, and with the same
512 512 user that rhodecode runs.
513 513
514 514 HTTPS support
515 515 -------------
516 516
517 517 There are two ways to enable https:
518 518
519 519 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
520 520 recognize this headers and make proper https redirections
521 521 - Alternatively, change the `force_https = true` flag in the ini configuration
522 522 to force using https, no headers are needed than to enable https
523 523
524 524
525 525 Nginx virtual host example
526 526 --------------------------
527 527
528 528 Sample config for nginx using proxy::
529 529
530 530 upstream rc {
531 531 server 127.0.0.1:5000;
532 532 # add more instances for load balancing
533 533 #server 127.0.0.1:5001;
534 534 #server 127.0.0.1:5002;
535 535 }
536 536
537 537 ## gist alias
538 538 server {
539 539 listen 443;
540 540 server_name gist.myserver.com;
541 541 access_log /var/log/nginx/gist.access.log;
542 542 error_log /var/log/nginx/gist.error.log;
543 543
544 544 ssl on;
545 545 ssl_certificate gist.rhodecode.myserver.com.crt;
546 546 ssl_certificate_key gist.rhodecode.myserver.com.key;
547 547
548 548 ssl_session_timeout 5m;
549 549
550 550 ssl_protocols SSLv3 TLSv1;
551 551 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
552 552 ssl_prefer_server_ciphers on;
553 553
554 554 rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
555 555 rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
556 556 }
557 557
558 558 server {
559 559 listen 443;
560 560 server_name rhodecode.myserver.com;
561 561 access_log /var/log/nginx/rhodecode.access.log;
562 562 error_log /var/log/nginx/rhodecode.error.log;
563 563
564 564 ssl on;
565 565 ssl_certificate rhodecode.myserver.com.crt;
566 566 ssl_certificate_key rhodecode.myserver.com.key;
567 567
568 568 ssl_session_timeout 5m;
569 569
570 570 ssl_protocols SSLv3 TLSv1;
571 571 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
572 572 ssl_prefer_server_ciphers on;
573 573
574 574 ## uncomment root directive if you want to serve static files by nginx
575 575 ## requires static_files = false in .ini file
576 576 #root /path/to/installation/rhodecode/public;
577 577 include /etc/nginx/proxy.conf;
578 578 location / {
579 579 try_files $uri @rhode;
580 580 }
581 581
582 582 location @rhode {
583 583 proxy_pass http://rc;
584 584 }
585 585
586 586 }
587 587
588 588 Here's the proxy.conf. It's tuned so it will not timeout on long
589 589 pushes or large pushes::
590 590
591 591 proxy_redirect off;
592 592 proxy_set_header Host $host;
593 593 ## needed for container auth
594 594 #proxy_set_header REMOTE_USER $remote_user;
595 595 #proxy_set_header X-Forwarded-User $remote_user;
596 596 proxy_set_header X-Url-Scheme $scheme;
597 597 proxy_set_header X-Host $http_host;
598 598 proxy_set_header X-Real-IP $remote_addr;
599 599 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
600 600 proxy_set_header Proxy-host $proxy_host;
601 601 proxy_buffering off;
602 602 proxy_connect_timeout 7200;
603 603 proxy_send_timeout 7200;
604 604 proxy_read_timeout 7200;
605 605 proxy_buffers 8 32k;
606 606 client_max_body_size 1024m;
607 607 client_body_buffer_size 128k;
608 608 large_client_header_buffers 8 64k;
609 609
610 610
611 611 Apache virtual host reverse proxy example
612 612 -----------------------------------------
613 613
614 614 Here is a sample configuration file for apache using proxy::
615 615
616 616 <VirtualHost *:80>
617 617 ServerName hg.myserver.com
618 618 ServerAlias hg.myserver.com
619 619
620 620 <Proxy *>
621 621 Order allow,deny
622 622 Allow from all
623 623 </Proxy>
624 624
625 625 #important !
626 626 #Directive to properly generate url (clone url) for pylons
627 627 ProxyPreserveHost On
628 628
629 629 #rhodecode instance
630 630 ProxyPass / http://127.0.0.1:5000/
631 631 ProxyPassReverse / http://127.0.0.1:5000/
632 632
633 633 #to enable https use line below
634 634 #SetEnvIf X-Url-Scheme https HTTPS=1
635 635
636 636 </VirtualHost>
637 637
638 638
639 639 Additional tutorial
640 640 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
641 641
642 642
643 643 Apache as subdirectory
644 644 ----------------------
645 645
646 646 Apache subdirectory part::
647 647
648 648 <Location /<someprefix> >
649 649 ProxyPass http://127.0.0.1:5000/<someprefix>
650 650 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
651 651 SetEnvIf X-Url-Scheme https HTTPS=1
652 652 </Location>
653 653
654 654 Besides the regular apache setup you will need to add the following line
655 655 into [app:main] section of your .ini file::
656 656
657 657 filter-with = proxy-prefix
658 658
659 659 Add the following at the end of the .ini file::
660 660
661 661 [filter:proxy-prefix]
662 662 use = egg:PasteDeploy#prefix
663 663 prefix = /<someprefix>
664 664
665 665
666 666 then change <someprefix> into your chosen prefix
667 667
668 668 Apache's WSGI config
669 669 --------------------
670 670
671 671 Alternatively, RhodeCode can be set up with Apache under mod_wsgi. For
672 672 that, you'll need to:
673 673
674 674 - Install mod_wsgi. If using a Debian-based distro, you can install
675 675 the package libapache2-mod-wsgi::
676 676
677 677 aptitude install libapache2-mod-wsgi
678 678
679 679 - Enable mod_wsgi::
680 680
681 681 a2enmod wsgi
682 682
683 683 - Create a wsgi dispatch script, like the one below. Make sure you
684 684 check the paths correctly point to where you installed RhodeCode
685 685 and its Python Virtual Environment.
686 686 - Enable the WSGIScriptAlias directive for the wsgi dispatch script,
687 687 as in the following example. Once again, check the paths are
688 688 correctly specified.
689 689
690 690 Here is a sample excerpt from an Apache Virtual Host configuration file::
691 691
692 692 WSGIDaemonProcess pylons \
693 693 threads=4 \
694 694 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
695 695 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
696 696 WSGIPassAuthorization On
697 697
698 698 .. note::
699 699 when running apache as root please add: `user=www-data group=www-data`
700 700 into above configuration
701 701
702 702 .. note::
703 703 Running RhodeCode in multiprocess mode in apache is not supported,
704 704 make sure you don't specify `processes=num` directive in the config
705 705
706 706
707 707 Example wsgi dispatch script::
708 708
709 709 import os
710 710 os.environ["HGENCODING"] = "UTF-8"
711 711 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
712 712
713 713 # sometimes it's needed to set the curent dir
714 714 os.chdir('/home/web/rhodecode/')
715 715
716 716 import site
717 717 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
718 718
719 719 from paste.deploy import loadapp
720 720 from paste.script.util.logging_config import fileConfig
721 721
722 722 fileConfig('/home/web/rhodecode/production.ini')
723 723 application = loadapp('config:/home/web/rhodecode/production.ini')
724 724
725 725 Note: when using mod_wsgi you'll need to install the same version of
726 726 Mercurial that's inside RhodeCode's virtualenv also on the system's Python
727 727 environment.
728 728
729 729
730 730 Other configuration files
731 731 -------------------------
732 732
733 733 Some example init.d scripts can be found in init.d directory::
734 734
735 735 https://kallithea-scm.org/repos/kallithea/files/tip/init.d/
736 736
737 737 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
738 738 .. _python: http://www.python.org/
739 739 .. _mercurial: http://mercurial.selenic.com/
740 740 .. _celery: http://celeryproject.org/
741 741 .. _rabbitmq: http://www.rabbitmq.com/
742 742 .. _python-ldap: http://www.python-ldap.org/
743 743 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
744 744 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
745 745 .. _Issues tracker: https://bitbucket.org/conservancy/kallithea/issues
746 .. _google group rhodecode: http://groups.google.com/group/rhodecode
@@ -1,82 +1,78 b''
1 1 .. _troubleshooting:
2 2
3 3
4 4 ===============
5 5 Troubleshooting
6 6 ===============
7 7
8 8 :Q: **Missing static files?**
9 9 :A: Make sure either to set the `static_files = true` in the .ini file or
10 10 double check the root path for your http setup. It should point to
11 11 for example:
12 12 /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
13 13
14 14 |
15 15
16 16 :Q: **Can't install celery/rabbitmq?**
17 17 :A: Don't worry RhodeCode works without them too. No extra setup is required.
18 18 Try out great celery docs for further help.
19 19
20 20 |
21 21
22 22 :Q: **Long lasting push timeouts?**
23 23 :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
24 24 are caused by https server and not RhodeCode.
25 25
26 26 |
27 27
28 28 :Q: **Large pushes timeouts?**
29 29 :A: Make sure you set a proper max_body_size for the http server. Very often
30 30 Apache, Nginx or other http servers kill the connection due to to large
31 31 body.
32 32
33 33 |
34 34
35 35 :Q: **Apache doesn't pass basicAuth on pull/push?**
36 36 :A: Make sure you added `WSGIPassAuthorization true`.
37 37
38 38 |
39 39
40 40 :Q: **Git fails on push/pull?**
41 41 :A: Make sure you're using an wsgi http server that can handle chunked encoding
42 42 such as `waitress` or `gunicorn`
43 43
44 44 |
45 45
46 46 :Q: **How i use hooks in RhodeCode?**
47 47 :A: It's easy if they are python hooks just use advanced link in hooks section
48 48 in Admin panel, that works only for Mercurial. If you want to use githooks,
49 49 just install proper one in repository eg. create file in
50 50 `/gitrepo/hooks/pre-receive`. You can also use RhodeCode-extensions to
51 51 connect to callback hooks, for both Git and Mercurial.
52 52
53 53 |
54 54
55 55 :Q: **RhodeCode is slow for me, how can i make it faster?**
56 56 :A: See the :ref:`performance` section
57 57
58 58 |
59 59
60 60 :Q: **UnicodeDecodeError on Apache mod_wsgi**
61 61 :A: Please read: https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/#if-you-get-a-unicodeencodeerror
62 62
63 63 |
64 64
65 65 :Q: **Requests hanging on Windows**
66 66 :A: Please try out with disabled Antivirus software, there are some known problems with Eset Anitivirus. Make sure
67 67 you have installed latest windows patches (especially KB2789397)
68 68
69 69
70 For further questions search the `Issues tracker`_, or post a message in the
71 `google group rhodecode`_
72
73 70 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
74 71 .. _python: http://www.python.org/
75 72 .. _mercurial: http://mercurial.selenic.com/
76 73 .. _celery: http://celeryproject.org/
77 74 .. _rabbitmq: http://www.rabbitmq.com/
78 75 .. _python-ldap: http://www.python-ldap.org/
79 76 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
80 77 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
81 78 .. _Issues tracker: https://bitbucket.org/conservancy/kallithea/issues
82 .. _google group rhodecode: http://groups.google.com/group/rhodecode
General Comments 0
You need to be logged in to leave comments. Login now