##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

fixes #182
marcink -
r1286:0e0fb228 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,435 +1,435
1 1 .. _setup:
2 2
3 3 Setup
4 4 =====
5 5
6 6
7 7 Setting up RhodeCode
8 8 --------------------------
9 9
10 10 First, you will need to create a RhodeCode configuration file. Run the following
11 11 command to do this::
12 12
13 13 paster make-config RhodeCode production.ini
14 14
15 15 - This will create the file `production.ini` in the current directory. This
16 16 configuration file contains the various settings for RhodeCode, e.g proxy port,
17 17 email settings, usage of static files, cache, celery settings and logging.
18 18
19 19
20 20 Next, you need to create the databases used by RhodeCode. I recommend that you
21 21 use sqlite (default) or postgresql. If you choose a database other than the
22 22 default ensure you properly adjust the db url in your production.ini
23 23 configuration file to use this other database. Create the databases by running
24 24 the following command::
25 25
26 26 paster setup-app production.ini
27 27
28 28 This will prompt you for a "root" path. This "root" path is the location where
29 29 RhodeCode will store all of its repositories on the current machine. After
30 30 entering this "root" path ``setup-app`` will also prompt you for a username and password
31 31 for the initial admin account which ``setup-app`` sets up for you.
32 32
33 33 - The ``setup-app`` command will create all of the needed tables and an admin
34 34 account. When choosing a root path you can either use a new empty location, or a
35 35 location which already contains existing repositories. If you choose a location
36 36 which contains existing repositories RhodeCode will simply add all of the
37 37 repositories at the chosen location to it's database. (Note: make sure you
38 38 specify the correct path to the root).
39 39 - Note: the given path for mercurial_ repositories **must** be write accessible
40 40 for the application. It's very important since the RhodeCode web interface will
41 41 work without write access, but when trying to do a push it will eventually fail
42 42 with permission denied errors unless it has write access.
43 43
44 44 You are now ready to use RhodeCode, to run it simply execute::
45 45
46 46 paster serve production.ini
47 47
48 48 - This command runs the RhodeCode server. The web app should be available at the
49 49 127.0.0.1:5000. This ip and port is configurable via the production.ini
50 50 file created in previous step
51 51 - Use the admin account you created above when running ``setup-app`` to login to the web app.
52 52 - The default permissions on each repository is read, and the owner is admin.
53 53 Remember to update these if needed.
54 54 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
55 55 well as edit more advanced options on users and repositories
56 56
57 57 Try copying your own mercurial repository into the "root" directory you are
58 58 using, then from within the RhodeCode web application choose Admin >
59 59 repositories. Then choose Add New Repository. Add the repository you copied into
60 60 the root. Test that you can browse your repository from within RhodeCode and then
61 61 try cloning your repository from RhodeCode with::
62 62
63 63 hg clone http://127.0.0.1:5000/<repository name>
64 64
65 65 where *repository name* is replaced by the name of your repository.
66 66
67 67 Using RhodeCode with SSH
68 68 ------------------------
69 69
70 70 RhodeCode currently only hosts repositories using http and https. (The addition of
71 71 ssh hosting is a planned future feature.) However you can easily use ssh in
72 72 parallel with RhodeCode. (Repository access via ssh is a standard "out of
73 73 the box" feature of mercurial_ and you can use this to access any of the
74 74 repositories that RhodeCode is hosting. See PublishingRepositories_)
75 75
76 76 RhodeCode repository structures are kept in directories with the same name
77 77 as the project. When using repository groups, each group is a subdirectory.
78 78 This allows you to easily use ssh for accessing repositories.
79 79
80 80 In order to use ssh you need to make sure that your web-server and the users login
81 81 accounts have the correct permissions set on the appropriate directories. (Note
82 82 that these permissions are independent of any permissions you have set up using
83 83 the RhodeCode web interface.)
84 84
85 85 If your main directory (the same as set in RhodeCode settings) is for example
86 86 set to **/home/hg** and the repository you are using is named `rhodecode`, then
87 87 to clone via ssh you should run::
88 88
89 89 hg clone ssh://user@server.com/home/hg/rhodecode
90 90
91 91 Using other external tools such as mercurial-server_ or using ssh key based
92 92 authentication is fully supported.
93 93
94 94 Note: In an advanced setup, in order for your ssh access to use the same
95 95 permissions as set up via the RhodeCode web interface, you can create an
96 96 authentication hook to connect to the rhodecode db and runs check functions for
97 97 permissions against that.
98 98
99 99
100 100
101 101 Setting up Whoosh full text search
102 102 ----------------------------------
103 103
104 104 Starting from version 1.1 the whoosh index can be build by using the paster
105 105 command ``make-index``. To use ``make-index`` you must specify the configuration
106 106 file that stores the location of the index, and the location of the repositories
107 107 (`--repo-location`).
108 108
109 109 You may optionally pass the option `-f` to enable a full index rebuild. Without
110 110 the `-f` option, indexing will run always in "incremental" mode.
111 111
112 112 For an incremental index build use::
113 113
114 114 paster make-index production.ini --repo-location=<location for repos>
115 115
116 116 For a full index rebuild use::
117 117
118 118 paster make-index production.ini -f --repo-location=<location for repos>
119 119
120 120 - For full text search you can either put crontab entry for
121 121
122 122 In order to do periodical index builds and keep your index always up to date.
123 123 It's recommended to do a crontab entry for incremental indexing.
124 124 An example entry might look like this::
125 125
126 126 /path/to/python/bin/paster /path/to/rhodecode/production.ini --repo-location=<location for repos>
127 127
128 128 When using incremental mode (the default) whoosh will check the last
129 129 modification date of each file and add it to be reindexed if a newer file is
130 130 available. The indexing daemon checks for any removed files and removes them
131 131 from index.
132 132
133 133 If you want to rebuild index from scratch, you can use the `-f` flag as above,
134 134 or in the admin panel you can check `build from scratch` flag.
135 135
136 136
137 137 Setting up LDAP support
138 138 -----------------------
139 139
140 140 RhodeCode starting from version 1.1 supports ldap authentication. In order
141 141 to use LDAP, you have to install the python-ldap_ package. This package is available
142 142 via pypi, so you can install it by running
143 143
144 144 ::
145 145
146 146 easy_install python-ldap
147 147
148 148 ::
149 149
150 150 pip install python-ldap
151 151
152 152 .. note::
153 153 python-ldap requires some certain libs on your system, so before installing
154 154 it check that you have at least `openldap`, and `sasl` libraries.
155 155
156 156 ldap settings are located in admin->ldap section,
157 157
158 158 Here's a typical ldap setup::
159 159
160 160 Enable ldap = checked #controls if ldap access is enabled
161 161 Host = host.domain.org #actual ldap server to connect
162 162 Port = 389 or 689 for ldaps #ldap server ports
163 163 Enable LDAPS = unchecked #enable disable ldaps
164 164 Account = <account> #access for ldap server(if required)
165 165 Password = <password> #password for ldap server(if required)
166 166 Base DN = uid=%(user)s,CN=users,DC=host,DC=domain,DC=org
167 167
168 168
169 169 `Account` and `Password` are optional, and used for two-phase ldap
170 170 authentication so those are credentials to access your ldap, if it doesn't
171 171 support anonymous search/user lookups.
172 172
173 173 Base DN must have the %(user)s template inside, it's a place holder where your uid
174 174 used to login would go. It allows admins to specify non-standard schema for the
175 175 uid variable.
176 176
177 177 If all of the data is correctly entered, and `python-ldap` is properly
178 178 installed, then users should be granted access to RhodeCode with ldap accounts.
179 179 When logging in the first time a special ldap account is created inside
180 180 RhodeCode, so you can control the permissions even on ldap users. If such users
181 181 already exist in the RhodeCode database, then the ldap user with the same
182 182 username would be not be able to access RhodeCode.
183 183
184 184 If you have problems with ldap access and believe you have correctly entered the
185 185 required information then proceed by investigating the RhodeCode logs. Any
186 186 error messages sent from ldap will be saved there.
187 187
188 188
189 189
190 190 Setting Up Celery
191 191 -----------------
192 192
193 193 Since version 1.1 celery is configured by the rhodecode ini configuration files.
194 194 Simply set use_celery=true in the ini file then add / change the configuration
195 195 variables inside the ini file.
196 196
197 197 Remember that the ini files use the format with '.' not with '_' like celery.
198 198 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
199 199 the config file.
200 200
201 201 In order to start using celery run::
202 202
203 203 paster celeryd <configfile.ini>
204 204
205 205
206 206 .. note::
207 207 Make sure you run this command from the same virtualenv, and with the same user
208 208 that rhodecode runs.
209 209
210 210 HTTPS support
211 211 -------------
212 212
213 213 There are two ways to enable https:
214 214
215 215 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
216 216 recognize this headers and make proper https redirections
217 217 - Alternatively, set `force_https = true` in the ini configuration to force using
218 218 https, no headers are needed than to enable https
219 219
220 220
221 221 Nginx virtual host example
222 222 --------------------------
223 223
224 224 Sample config for nginx using proxy::
225 225
226 226 server {
227 227 listen 80;
228 228 server_name hg.myserver.com;
229 229 access_log /var/log/nginx/rhodecode.access.log;
230 230 error_log /var/log/nginx/rhodecode.error.log;
231 231 location / {
232 232 root /var/www/rhodecode/rhodecode/public/;
233 233 if (!-f $request_filename){
234 234 proxy_pass http://127.0.0.1:5000;
235 235 }
236 236 #this is important if you want to use https !!!
237 237 proxy_set_header X-Url-Scheme $scheme;
238 238 include /etc/nginx/proxy.conf;
239 239 }
240 240 }
241 241
242 242 Here's the proxy.conf. It's tuned so it will not timeout on long
243 243 pushes or large pushes::
244 244
245 245 proxy_redirect off;
246 246 proxy_set_header Host $host;
247 247 proxy_set_header X-Host $http_host;
248 248 proxy_set_header X-Real-IP $remote_addr;
249 249 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
250 250 proxy_set_header Proxy-host $proxy_host;
251 251 client_max_body_size 400m;
252 252 client_body_buffer_size 128k;
253 253 proxy_buffering off;
254 254 proxy_connect_timeout 3600;
255 255 proxy_send_timeout 3600;
256 256 proxy_read_timeout 3600;
257 257 proxy_buffer_size 16k;
258 258 proxy_buffers 4 16k;
259 259 proxy_busy_buffers_size 64k;
260 260 proxy_temp_file_write_size 64k;
261 261
262 262 Also, when using root path with nginx you might set the static files to false
263 263 in the production.ini file::
264 264
265 265 [app:main]
266 266 use = egg:rhodecode
267 267 full_stack = true
268 268 static_files = false
269 269 lang=en
270 270 cache_dir = %(here)s/data
271 271
272 272 In order to not have the statics served by the application. This improves speed.
273 273
274 274
275 275 Apache virtual host example
276 276 ---------------------------
277 277
278 278 Here is a sample configuration file for apache using proxy::
279 279
280 280 <VirtualHost *:80>
281 281 ServerName hg.myserver.com
282 282 ServerAlias hg.myserver.com
283 283
284 284 <Proxy *>
285 285 Order allow,deny
286 286 Allow from all
287 287 </Proxy>
288 288
289 289 #important !
290 290 #Directive to properly generate url (clone url) for pylons
291 291 ProxyPreserveHost On
292 292
293 293 #rhodecode instance
294 294 ProxyPass / http://127.0.0.1:5000/
295 295 ProxyPassReverse / http://127.0.0.1:5000/
296 296
297 297 #to enable https use line below
298 298 #SetEnvIf X-Url-Scheme https HTTPS=1
299 299
300 300 </VirtualHost>
301 301
302 302
303 303 Additional tutorial
304 304 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
305 305
306 306
307 307 Apache as subdirectory
308 308 ----------------------
309 309
310 310 Apache subdirectory part::
311 311
312 312 <Location /<someprefix> >
313 313 ProxyPass http://127.0.0.1:5000/<someprefix>
314 314 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
315 315 SetEnvIf X-Url-Scheme https HTTPS=1
316 316 </Location>
317 317
318 318 Besides the regular apache setup you will need to add the following to your .ini file::
319 319
320 320 filter-with = proxy-prefix
321 321
322 322 Add the following at the end of the .ini file::
323 323
324 324 [filter:proxy-prefix]
325 325 use = egg:PasteDeploy#prefix
326 326 prefix = /<someprefix>
327 327
328 328
329 329 then change <someprefix> into your choosen prefix
330 330
331 331 Apache's example WSGI+SSL config
332 332 --------------------------------
333 333
334 334 virtual host example::
335 335
336 336 <VirtualHost *:443>
337 337 ServerName hg.domain.eu:443
338 338 DocumentRoot /var/www
339 339
340 340 SSLEngine on
341 341 SSLCertificateFile /etc/apache2/ssl/hg.domain.eu.cert
342 342 SSLCertificateKeyFile /etc/apache2/ssl/hg.domain.eu.key
343 343 SSLCertificateChainFile /etc/apache2/ssl/ca.cert
344 344 SetEnv HTTP_X_URL_SCHEME https
345 345
346 346 Alias /css /home/web/virtualenvs/hg/lib/python2.6/site-packages/rhodecode/public/css
347 347 Alias /images /home/web/virtualenvs/hg/lib/python2.6/site-packages/rhodecode/public/images
348 348 Alias /js /home/web/virtualenvs/hg/lib/python2.6/site-packages/rhodecode/public/js
349 349
350 350 WSGIDaemonProcess hg user=web group=web processes=1 threads=10 display-name=%{GROUP} python-path=/home/web/virtualenvs/hg/lib/python2.6/site-packages
351 351
352 352 WSGIPassAuthorization On
353 353 WSGIProcessGroup hg
354 354 WSGIApplicationGroup hg
355 355 WSGIScriptAlias / /home/web/apache/conf/hg.wsgi
356 356
357 357 <Directory /home/web/apache/conf>
358 358 Order deny,allow
359 359 Allow from all
360 360 </Directory>
361 361 <Directory /var/www>
362 362 Order deny,allow
363 363 Allow from all
364 364 </Directory>
365 365
366 366 </VirtualHost>
367 367
368 368 <VirtualHost *:80>
369 369 ServerName hg.domain.eu
370 370 Redirect permanent / https://hg.domain.eu/
371 371 </VirtualHost>
372 372
373 373
374 374 HG.WSGI::
375 375
376 376 import os
377 377 os.environ["HGENCODING"] = "UTF-8"
378 378
379 379 from paste.deploy import loadapp
380 380 from paste.script.util.logging_config import fileConfig
381 381
382 382 fileConfig('/home/web/virtualenvs/hg/config/production.ini')
383 383 application = loadapp('config:/home/web/virtualenvs/hg/config/production.ini'
384 384
385 385
386 386 Other configuration files
387 387 -------------------------
388 388
389 389 Some example init.d scripts can be found here, for debian and gentoo:
390 390
391 https://rhodeocode.org/rhodecode/files/tip/init.d
391 https://rhodecode.org/rhodecode/files/tip/init.d
392 392
393 393
394 394 Troubleshooting
395 395 ---------------
396 396
397 397 :Q: **Missing static files?**
398 398 :A: Make sure either to set the `static_files = true` in the .ini file or
399 399 double check the root path for your http setup. It should point to
400 400 for example:
401 401 /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
402 402
403 403 |
404 404
405 405 :Q: **Can't install celery/rabbitmq**
406 406 :A: Don't worry RhodeCode works without them too. No extra setup is required.
407 407
408 408 |
409 409
410 410 :Q: **Long lasting push timeouts?**
411 411 :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
412 412 are caused by https server and not RhodeCode.
413 413
414 414 |
415 415
416 416 :Q: **Large pushes timeouts?**
417 417 :A: Make sure you set a proper max_body_size for the http server.
418 418
419 419 |
420 420
421 421 :Q: **Apache doesn't pass basicAuth on pull/push?**
422 422 :A: Make sure you added `WSGIPassAuthorization true`.
423 423
424 424 For further questions search the `Issues tracker`_, or post a message in the `google group rhodecode`_
425 425
426 426 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
427 427 .. _python: http://www.python.org/
428 428 .. _mercurial: http://mercurial.selenic.com/
429 429 .. _celery: http://celeryproject.org/
430 430 .. _rabbitmq: http://www.rabbitmq.com/
431 431 .. _python-ldap: http://www.python-ldap.org/
432 432 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
433 433 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
434 434 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
435 .. _google group rhodecode: http://groups.google.com/group/rhodecode No newline at end of file
435 .. _google group rhodecode: http://groups.google.com/group/rhodecode
General Comments 0
You need to be logged in to leave comments. Login now