##// END OF EJS Templates
Added two headers into example nginx proxy conf that allows container auth...
marcink -
r4073:2c82dd8b default
parent child Browse files
Show More
@@ -1,743 +1,746 b''
1 .. _setup:
1 .. _setup:
2
2
3 =====
3 =====
4 Setup
4 Setup
5 =====
5 =====
6
6
7
7
8 Setting up RhodeCode
8 Setting up RhodeCode
9 --------------------
9 --------------------
10
10
11 First, you will need to create a RhodeCode configuration file. Run the
11 First, you will need to create a RhodeCode configuration file. Run the
12 following command to do this::
12 following command to do this::
13
13
14 paster make-config RhodeCode production.ini
14 paster make-config RhodeCode production.ini
15
15
16 - This will create the file `production.ini` in the current directory. This
16 - This will create the file `production.ini` in the current directory. This
17 configuration file contains the various settings for RhodeCode, e.g proxy
17 configuration file contains the various settings for RhodeCode, e.g proxy
18 port, email settings, usage of static files, cache, celery settings and
18 port, email settings, usage of static files, cache, celery settings and
19 logging.
19 logging.
20
20
21
21
22 Next, you need to create the databases used by RhodeCode. I recommend that you
22 Next, you need to create the databases used by RhodeCode. I recommend that you
23 use postgresql or sqlite (default). If you choose a database other than the
23 use postgresql or sqlite (default). If you choose a database other than the
24 default ensure you properly adjust the db url in your production.ini
24 default ensure you properly adjust the db url in your production.ini
25 configuration file to use this other database. RhodeCode currently supports
25 configuration file to use this other database. RhodeCode currently supports
26 postgresql, sqlite and mysql databases. Create the database by running
26 postgresql, sqlite and mysql databases. Create the database by running
27 the following command::
27 the following command::
28
28
29 paster setup-rhodecode production.ini
29 paster setup-rhodecode production.ini
30
30
31 This will prompt you for a "root" path. This "root" path is the location where
31 This will prompt you for a "root" path. This "root" path is the location where
32 RhodeCode will store all of its repositories on the current machine. After
32 RhodeCode will store all of its repositories on the current machine. After
33 entering this "root" path ``setup-rhodecode`` will also prompt you for a username
33 entering this "root" path ``setup-rhodecode`` will also prompt you for a username
34 and password for the initial admin account which ``setup-rhodecode`` sets
34 and password for the initial admin account which ``setup-rhodecode`` sets
35 up for you.
35 up for you.
36
36
37 setup process can be fully automated, example for lazy::
37 setup process can be fully automated, example for lazy::
38
38
39 paster setup-rhodecode production.ini --user=marcink --password=secret --email=marcin@rhodecode.org --repos=/home/marcink/my_repos
39 paster setup-rhodecode production.ini --user=marcink --password=secret --email=marcin@rhodecode.org --repos=/home/marcink/my_repos
40
40
41
41
42 - The ``setup-rhodecode`` command will create all of the needed tables and an
42 - The ``setup-rhodecode`` command will create all of the needed tables and an
43 admin account. When choosing a root path you can either use a new empty
43 admin account. When choosing a root path you can either use a new empty
44 location, or a location which already contains existing repositories. If you
44 location, or a location which already contains existing repositories. If you
45 choose a location which contains existing repositories RhodeCode will simply
45 choose a location which contains existing repositories RhodeCode will simply
46 add all of the repositories at the chosen location to it's database.
46 add all of the repositories at the chosen location to it's database.
47 (Note: make sure you specify the correct path to the root).
47 (Note: make sure you specify the correct path to the root).
48 - Note: the given path for mercurial_ repositories **must** be write accessible
48 - Note: the given path for mercurial_ repositories **must** be write accessible
49 for the application. It's very important since the RhodeCode web interface
49 for the application. It's very important since the RhodeCode web interface
50 will work without write access, but when trying to do a push it will
50 will work without write access, but when trying to do a push it will
51 eventually fail with permission denied errors unless it has write access.
51 eventually fail with permission denied errors unless it has write access.
52
52
53 You are now ready to use RhodeCode, to run it simply execute::
53 You are now ready to use RhodeCode, to run it simply execute::
54
54
55 paster serve production.ini
55 paster serve production.ini
56
56
57 - This command runs the RhodeCode server. The web app should be available at the
57 - This command runs the RhodeCode server. The web app should be available at the
58 127.0.0.1:5000. This ip and port is configurable via the production.ini
58 127.0.0.1:5000. This ip and port is configurable via the production.ini
59 file created in previous step
59 file created in previous step
60 - Use the admin account you created above when running ``setup-rhodecode``
60 - Use the admin account you created above when running ``setup-rhodecode``
61 to login to the web app.
61 to login to the web app.
62 - The default permissions on each repository is read, and the owner is admin.
62 - The default permissions on each repository is read, and the owner is admin.
63 Remember to update these if needed.
63 Remember to update these if needed.
64 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
64 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
65 well as edit more advanced options on users and repositories
65 well as edit more advanced options on users and repositories
66
66
67 Optionally users can create `rcextensions` package that extends RhodeCode
67 Optionally users can create `rcextensions` package that extends RhodeCode
68 functionality. To do this simply execute::
68 functionality. To do this simply execute::
69
69
70 paster make-rcext production.ini
70 paster make-rcext production.ini
71
71
72 This will create `rcextensions` package in the same place that your `ini` file
72 This will create `rcextensions` package in the same place that your `ini` file
73 lives. With `rcextensions` it's possible to add additional mapping for whoosh,
73 lives. With `rcextensions` it's possible to add additional mapping for whoosh,
74 stats and add additional code into the push/pull/create/delete repo hooks.
74 stats and add additional code into the push/pull/create/delete repo hooks.
75 For example for sending signals to build-bots such as jenkins.
75 For example for sending signals to build-bots such as jenkins.
76 Please see the `__init__.py` file inside `rcextensions` package
76 Please see the `__init__.py` file inside `rcextensions` package
77 for more details.
77 for more details.
78
78
79
79
80 Using RhodeCode with SSH
80 Using RhodeCode with SSH
81 ------------------------
81 ------------------------
82
82
83 RhodeCode currently only hosts repositories using http and https. (The addition
83 RhodeCode currently only hosts repositories using http and https. (The addition
84 of ssh hosting is a planned future feature.) However you can easily use ssh in
84 of ssh hosting is a planned future feature.) However you can easily use ssh in
85 parallel with RhodeCode. (Repository access via ssh is a standard "out of
85 parallel with RhodeCode. (Repository access via ssh is a standard "out of
86 the box" feature of mercurial_ and you can use this to access any of the
86 the box" feature of mercurial_ and you can use this to access any of the
87 repositories that RhodeCode is hosting. See PublishingRepositories_)
87 repositories that RhodeCode is hosting. See PublishingRepositories_)
88
88
89 RhodeCode repository structures are kept in directories with the same name
89 RhodeCode repository structures are kept in directories with the same name
90 as the project. When using repository groups, each group is a subdirectory.
90 as the project. When using repository groups, each group is a subdirectory.
91 This allows you to easily use ssh for accessing repositories.
91 This allows you to easily use ssh for accessing repositories.
92
92
93 In order to use ssh you need to make sure that your web-server and the users
93 In order to use ssh you need to make sure that your web-server and the users
94 login accounts have the correct permissions set on the appropriate directories.
94 login accounts have the correct permissions set on the appropriate directories.
95 (Note that these permissions are independent of any permissions you have set up
95 (Note that these permissions are independent of any permissions you have set up
96 using the RhodeCode web interface.)
96 using the RhodeCode web interface.)
97
97
98 If your main directory (the same as set in RhodeCode settings) is for example
98 If your main directory (the same as set in RhodeCode settings) is for example
99 set to **/home/hg** and the repository you are using is named `rhodecode`, then
99 set to **/home/hg** and the repository you are using is named `rhodecode`, then
100 to clone via ssh you should run::
100 to clone via ssh you should run::
101
101
102 hg clone ssh://user@server.com/home/hg/rhodecode
102 hg clone ssh://user@server.com/home/hg/rhodecode
103
103
104 Using other external tools such as mercurial-server_ or using ssh key based
104 Using other external tools such as mercurial-server_ or using ssh key based
105 authentication is fully supported.
105 authentication is fully supported.
106
106
107 Note: In an advanced setup, in order for your ssh access to use the same
107 Note: In an advanced setup, in order for your ssh access to use the same
108 permissions as set up via the RhodeCode web interface, you can create an
108 permissions as set up via the RhodeCode web interface, you can create an
109 authentication hook to connect to the rhodecode db and runs check functions for
109 authentication hook to connect to the rhodecode db and runs check functions for
110 permissions against that.
110 permissions against that.
111
111
112 Setting up Whoosh full text search
112 Setting up Whoosh full text search
113 ----------------------------------
113 ----------------------------------
114
114
115 Starting from version 1.1 the whoosh index can be build by using the paster
115 Starting from version 1.1 the whoosh index can be build by using the paster
116 command ``make-index``. To use ``make-index`` you must specify the configuration
116 command ``make-index``. To use ``make-index`` you must specify the configuration
117 file that stores the location of the index. You may specify the location of the
117 file that stores the location of the index. You may specify the location of the
118 repositories (`--repo-location`). If not specified, this value is retrieved
118 repositories (`--repo-location`). If not specified, this value is retrieved
119 from the RhodeCode database. This was required prior to 1.2. Starting from
119 from the RhodeCode database. This was required prior to 1.2. Starting from
120 version 1.2 it is also possible to specify a comma separated list of
120 version 1.2 it is also possible to specify a comma separated list of
121 repositories (`--index-only`) to build index only on chooses repositories
121 repositories (`--index-only`) to build index only on chooses repositories
122 skipping any other found in repos location
122 skipping any other found in repos location
123
123
124 You may optionally pass the option `-f` to enable a full index rebuild. Without
124 You may optionally pass the option `-f` to enable a full index rebuild. Without
125 the `-f` option, indexing will run always in "incremental" mode.
125 the `-f` option, indexing will run always in "incremental" mode.
126
126
127 For an incremental index build use::
127 For an incremental index build use::
128
128
129 paster make-index production.ini
129 paster make-index production.ini
130
130
131 For a full index rebuild use::
131 For a full index rebuild use::
132
132
133 paster make-index production.ini -f
133 paster make-index production.ini -f
134
134
135
135
136 building index just for chosen repositories is possible with such command::
136 building index just for chosen repositories is possible with such command::
137
137
138 paster make-index production.ini --index-only=vcs,rhodecode
138 paster make-index production.ini --index-only=vcs,rhodecode
139
139
140
140
141 In order to do periodical index builds and keep your index always up to date.
141 In order to do periodical index builds and keep your index always up to date.
142 It's recommended to do a crontab entry for incremental indexing.
142 It's recommended to do a crontab entry for incremental indexing.
143 An example entry might look like this::
143 An example entry might look like this::
144
144
145 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
145 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
146
146
147 When using incremental mode (the default) whoosh will check the last
147 When using incremental mode (the default) whoosh will check the last
148 modification date of each file and add it to be reindexed if a newer file is
148 modification date of each file and add it to be reindexed if a newer file is
149 available. The indexing daemon checks for any removed files and removes them
149 available. The indexing daemon checks for any removed files and removes them
150 from index.
150 from index.
151
151
152 If you want to rebuild index from scratch, you can use the `-f` flag as above,
152 If you want to rebuild index from scratch, you can use the `-f` flag as above,
153 or in the admin panel you can check `build from scratch` flag.
153 or in the admin panel you can check `build from scratch` flag.
154
154
155
155
156 Setting up LDAP support
156 Setting up LDAP support
157 -----------------------
157 -----------------------
158
158
159 RhodeCode starting from version 1.1 supports ldap authentication. In order
159 RhodeCode starting from version 1.1 supports ldap authentication. In order
160 to use LDAP, you have to install the python-ldap_ package. This package is
160 to use LDAP, you have to install the python-ldap_ package. This package is
161 available via pypi, so you can install it by running
161 available via pypi, so you can install it by running
162
162
163 using easy_install::
163 using easy_install::
164
164
165 easy_install python-ldap
165 easy_install python-ldap
166
166
167 using pip::
167 using pip::
168
168
169 pip install python-ldap
169 pip install python-ldap
170
170
171 .. note::
171 .. note::
172 python-ldap requires some certain libs on your system, so before installing
172 python-ldap requires some certain libs on your system, so before installing
173 it check that you have at least `openldap`, and `sasl` libraries.
173 it check that you have at least `openldap`, and `sasl` libraries.
174
174
175 LDAP settings are located in admin->ldap section,
175 LDAP settings are located in admin->ldap section,
176
176
177 Here's a typical ldap setup::
177 Here's a typical ldap setup::
178
178
179 Connection settings
179 Connection settings
180 Enable LDAP = checked
180 Enable LDAP = checked
181 Host = host.example.org
181 Host = host.example.org
182 Port = 389
182 Port = 389
183 Account = <account>
183 Account = <account>
184 Password = <password>
184 Password = <password>
185 Connection Security = LDAPS connection
185 Connection Security = LDAPS connection
186 Certificate Checks = DEMAND
186 Certificate Checks = DEMAND
187
187
188 Search settings
188 Search settings
189 Base DN = CN=users,DC=host,DC=example,DC=org
189 Base DN = CN=users,DC=host,DC=example,DC=org
190 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
190 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
191 LDAP Search Scope = SUBTREE
191 LDAP Search Scope = SUBTREE
192
192
193 Attribute mappings
193 Attribute mappings
194 Login Attribute = uid
194 Login Attribute = uid
195 First Name Attribute = firstName
195 First Name Attribute = firstName
196 Last Name Attribute = lastName
196 Last Name Attribute = lastName
197 E-mail Attribute = mail
197 E-mail Attribute = mail
198
198
199 If your user groups are placed in a Organisation Unit (OU) structure the Search Settings configuration differs::
199 If your user groups are placed in a Organisation Unit (OU) structure the Search Settings configuration differs::
200
200
201 Search settings
201 Search settings
202 Base DN = DC=host,DC=example,DC=org
202 Base DN = DC=host,DC=example,DC=org
203 LDAP Filter = (&(memberOf=CN=your user group,OU=subunit,OU=unit,DC=host,DC=example,DC=org)(objectClass=user))
203 LDAP Filter = (&(memberOf=CN=your user group,OU=subunit,OU=unit,DC=host,DC=example,DC=org)(objectClass=user))
204 LDAP Search Scope = SUBTREE
204 LDAP Search Scope = SUBTREE
205
205
206 .. _enable_ldap:
206 .. _enable_ldap:
207
207
208 Enable LDAP : required
208 Enable LDAP : required
209 Whether to use LDAP for authenticating users.
209 Whether to use LDAP for authenticating users.
210
210
211 .. _ldap_host:
211 .. _ldap_host:
212
212
213 Host : required
213 Host : required
214 LDAP server hostname or IP address. Can be also a comma separated
214 LDAP server hostname or IP address. Can be also a comma separated
215 list of servers to support LDAP fail-over.
215 list of servers to support LDAP fail-over.
216
216
217 .. _Port:
217 .. _Port:
218
218
219 Port : required
219 Port : required
220 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
220 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
221
221
222 .. _ldap_account:
222 .. _ldap_account:
223
223
224 Account : optional
224 Account : optional
225 Only required if the LDAP server does not allow anonymous browsing of
225 Only required if the LDAP server does not allow anonymous browsing of
226 records. This should be a special account for record browsing. This
226 records. This should be a special account for record browsing. This
227 will require `LDAP Password`_ below.
227 will require `LDAP Password`_ below.
228
228
229 .. _LDAP Password:
229 .. _LDAP Password:
230
230
231 Password : optional
231 Password : optional
232 Only required if the LDAP server does not allow anonymous browsing of
232 Only required if the LDAP server does not allow anonymous browsing of
233 records.
233 records.
234
234
235 .. _Enable LDAPS:
235 .. _Enable LDAPS:
236
236
237 Connection Security : required
237 Connection Security : required
238 Defines the connection to LDAP server
238 Defines the connection to LDAP server
239
239
240 No encryption
240 No encryption
241 Plain non encrypted connection
241 Plain non encrypted connection
242
242
243 LDAPS connection
243 LDAPS connection
244 Enable ldaps connection. It will likely require `Port`_ to be set to
244 Enable ldaps connection. It will likely require `Port`_ to be set to
245 a different value (standard LDAPS port is 636). When LDAPS is enabled
245 a different value (standard LDAPS port is 636). When LDAPS is enabled
246 then `Certificate Checks`_ is required.
246 then `Certificate Checks`_ is required.
247
247
248 START_TLS on LDAP connection
248 START_TLS on LDAP connection
249 START TLS connection
249 START TLS connection
250
250
251 .. _Certificate Checks:
251 .. _Certificate Checks:
252
252
253 Certificate Checks : optional
253 Certificate Checks : optional
254 How SSL certificates verification is handled - this is only useful when
254 How SSL certificates verification is handled - this is only useful when
255 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
255 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
256 while the other options are susceptible to man-in-the-middle attacks. SSL
256 while the other options are susceptible to man-in-the-middle attacks. SSL
257 certificates can be installed to /etc/openldap/cacerts so that the
257 certificates can be installed to /etc/openldap/cacerts so that the
258 DEMAND or HARD options can be used with self-signed certificates or
258 DEMAND or HARD options can be used with self-signed certificates or
259 certificates that do not have traceable certificates of authority.
259 certificates that do not have traceable certificates of authority.
260
260
261 NEVER
261 NEVER
262 A serve certificate will never be requested or checked.
262 A serve certificate will never be requested or checked.
263
263
264 ALLOW
264 ALLOW
265 A server certificate is requested. Failure to provide a
265 A server certificate is requested. Failure to provide a
266 certificate or providing a bad certificate will not terminate the
266 certificate or providing a bad certificate will not terminate the
267 session.
267 session.
268
268
269 TRY
269 TRY
270 A server certificate is requested. Failure to provide a
270 A server certificate is requested. Failure to provide a
271 certificate does not halt the session; providing a bad certificate
271 certificate does not halt the session; providing a bad certificate
272 halts the session.
272 halts the session.
273
273
274 DEMAND
274 DEMAND
275 A server certificate is requested and must be provided and
275 A server certificate is requested and must be provided and
276 authenticated for the session to proceed.
276 authenticated for the session to proceed.
277
277
278 HARD
278 HARD
279 The same as DEMAND.
279 The same as DEMAND.
280
280
281 .. _Base DN:
281 .. _Base DN:
282
282
283 Base DN : required
283 Base DN : required
284 The Distinguished Name (DN) where searches for users will be performed.
284 The Distinguished Name (DN) where searches for users will be performed.
285 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
285 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
286
286
287 .. _LDAP Filter:
287 .. _LDAP Filter:
288
288
289 LDAP Filter : optional
289 LDAP Filter : optional
290 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
290 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
291 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
291 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
292 which LDAP objects are identified as representing Users for
292 which LDAP objects are identified as representing Users for
293 authentication. The filter is augmented by `Login Attribute`_ below.
293 authentication. The filter is augmented by `Login Attribute`_ below.
294 This can commonly be left blank.
294 This can commonly be left blank.
295
295
296 .. _LDAP Search Scope:
296 .. _LDAP Search Scope:
297
297
298 LDAP Search Scope : required
298 LDAP Search Scope : required
299 This limits how far LDAP will search for a matching object.
299 This limits how far LDAP will search for a matching object.
300
300
301 BASE
301 BASE
302 Only allows searching of `Base DN`_ and is usually not what you
302 Only allows searching of `Base DN`_ and is usually not what you
303 want.
303 want.
304
304
305 ONELEVEL
305 ONELEVEL
306 Searches all entries under `Base DN`_, but not Base DN itself.
306 Searches all entries under `Base DN`_, but not Base DN itself.
307
307
308 SUBTREE
308 SUBTREE
309 Searches all entries below `Base DN`_, but not Base DN itself.
309 Searches all entries below `Base DN`_, but not Base DN itself.
310 When using SUBTREE `LDAP Filter`_ is useful to limit object
310 When using SUBTREE `LDAP Filter`_ is useful to limit object
311 location.
311 location.
312
312
313 .. _Login Attribute:
313 .. _Login Attribute:
314
314
315 Login Attribute : required
315 Login Attribute : required
316 The LDAP record attribute that will be matched as the USERNAME or
316 The LDAP record attribute that will be matched as the USERNAME or
317 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
317 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
318 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
318 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
319 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
319 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
320 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
320 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
321 ::
321 ::
322
322
323 (&(LDAPFILTER)(uid=jsmith))
323 (&(LDAPFILTER)(uid=jsmith))
324
324
325 .. _ldap_attr_firstname:
325 .. _ldap_attr_firstname:
326
326
327 First Name Attribute : required
327 First Name Attribute : required
328 The LDAP record attribute which represents the user's first name.
328 The LDAP record attribute which represents the user's first name.
329
329
330 .. _ldap_attr_lastname:
330 .. _ldap_attr_lastname:
331
331
332 Last Name Attribute : required
332 Last Name Attribute : required
333 The LDAP record attribute which represents the user's last name.
333 The LDAP record attribute which represents the user's last name.
334
334
335 .. _ldap_attr_email:
335 .. _ldap_attr_email:
336
336
337 Email Attribute : required
337 Email Attribute : required
338 The LDAP record attribute which represents the user's email address.
338 The LDAP record attribute which represents the user's email address.
339
339
340 If all data are entered correctly, and python-ldap_ is properly installed
340 If all data are entered correctly, and python-ldap_ is properly installed
341 users should be granted access to RhodeCode with ldap accounts. At this
341 users should be granted access to RhodeCode with ldap accounts. At this
342 time user information is copied from LDAP into the RhodeCode user database.
342 time user information is copied from LDAP into the RhodeCode user database.
343 This means that updates of an LDAP user object may not be reflected as a
343 This means that updates of an LDAP user object may not be reflected as a
344 user update in RhodeCode.
344 user update in RhodeCode.
345
345
346 If You have problems with LDAP access and believe You entered correct
346 If You have problems with LDAP access and believe You entered correct
347 information check out the RhodeCode logs, any error messages sent from LDAP
347 information check out the RhodeCode logs, any error messages sent from LDAP
348 will be saved there.
348 will be saved there.
349
349
350 Active Directory
350 Active Directory
351 ''''''''''''''''
351 ''''''''''''''''
352
352
353 RhodeCode can use Microsoft Active Directory for user authentication. This
353 RhodeCode can use Microsoft Active Directory for user authentication. This
354 is done through an LDAP or LDAPS connection to Active Directory. The
354 is done through an LDAP or LDAPS connection to Active Directory. The
355 following LDAP configuration settings are typical for using Active
355 following LDAP configuration settings are typical for using Active
356 Directory ::
356 Directory ::
357
357
358 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
358 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
359 Login Attribute = sAMAccountName
359 Login Attribute = sAMAccountName
360 First Name Attribute = givenName
360 First Name Attribute = givenName
361 Last Name Attribute = sn
361 Last Name Attribute = sn
362 E-mail Attribute = mail
362 E-mail Attribute = mail
363
363
364 All other LDAP settings will likely be site-specific and should be
364 All other LDAP settings will likely be site-specific and should be
365 appropriately configured.
365 appropriately configured.
366
366
367
367
368 Authentication by container or reverse-proxy
368 Authentication by container or reverse-proxy
369 --------------------------------------------
369 --------------------------------------------
370
370
371 Starting with version 1.3, RhodeCode supports delegating the authentication
371 Starting with version 1.3, RhodeCode supports delegating the authentication
372 of users to its WSGI container, or to a reverse-proxy server through which all
372 of users to its WSGI container, or to a reverse-proxy server through which all
373 clients access the application.
373 clients access the application.
374
374
375 When these authentication methods are enabled in RhodeCode, it uses the
375 When these authentication methods are enabled in RhodeCode, it uses the
376 username that the container/proxy (Apache/Nginx/etc) authenticated and doesn't
376 username that the container/proxy (Apache/Nginx/etc) authenticated and doesn't
377 perform the authentication itself. The authorization, however, is still done by
377 perform the authentication itself. The authorization, however, is still done by
378 RhodeCode according to its settings.
378 RhodeCode according to its settings.
379
379
380 When a user logs in for the first time using these authentication methods,
380 When a user logs in for the first time using these authentication methods,
381 a matching user account is created in RhodeCode with default permissions. An
381 a matching user account is created in RhodeCode with default permissions. An
382 administrator can then modify it using RhodeCode's admin interface.
382 administrator can then modify it using RhodeCode's admin interface.
383 It's also possible for an administrator to create accounts and configure their
383 It's also possible for an administrator to create accounts and configure their
384 permissions before the user logs in for the first time.
384 permissions before the user logs in for the first time.
385
385
386 Container-based authentication
386 Container-based authentication
387 ''''''''''''''''''''''''''''''
387 ''''''''''''''''''''''''''''''
388
388
389 In a container-based authentication setup, RhodeCode reads the user name from
389 In a container-based authentication setup, RhodeCode reads the user name from
390 the ``REMOTE_USER`` server variable provided by the WSGI container.
390 the ``REMOTE_USER`` server variable provided by the WSGI container.
391
391
392 After setting up your container (see `Apache's WSGI config`_), you'd need
392 After setting up your container (see `Apache's WSGI config`_), you'd need
393 to configure it to require authentication on the location configured for
393 to configure it to require authentication on the location configured for
394 RhodeCode.
394 RhodeCode.
395
395
396 In order for RhodeCode to start using the provided username, you should set the
396 In order for RhodeCode to start using the provided username, you should set the
397 following in the [app:main] section of your .ini file::
397 following in the [app:main] section of your .ini file::
398
398
399 container_auth_enabled = true
399 container_auth_enabled = true
400
400
401
401
402 Proxy pass-through authentication
402 Proxy pass-through authentication
403 '''''''''''''''''''''''''''''''''
403 '''''''''''''''''''''''''''''''''
404
404
405 In a proxy pass-through authentication setup, RhodeCode reads the user name
405 In a proxy pass-through authentication setup, RhodeCode reads the user name
406 from the ``X-Forwarded-User`` request header, which should be configured to be
406 from the ``X-Forwarded-User`` request header, which should be configured to be
407 sent by the reverse-proxy server.
407 sent by the reverse-proxy server.
408
408
409 After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,
409 After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,
410 `Apache as subdirectory`_ or `Nginx virtual host example`_), you'd need to
410 `Apache as subdirectory`_ or `Nginx virtual host example`_), you'd need to
411 configure the authentication and add the username in a request header named
411 configure the authentication and add the username in a request header named
412 ``X-Forwarded-User``.
412 ``X-Forwarded-User``.
413
413
414 For example, the following config section for Apache sets a subdirectory in a
414 For example, the following config section for Apache sets a subdirectory in a
415 reverse-proxy setup with basic auth::
415 reverse-proxy setup with basic auth::
416
416
417 <Location /<someprefix> >
417 <Location /<someprefix> >
418 ProxyPass http://127.0.0.1:5000/<someprefix>
418 ProxyPass http://127.0.0.1:5000/<someprefix>
419 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
419 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
420 SetEnvIf X-Url-Scheme https HTTPS=1
420 SetEnvIf X-Url-Scheme https HTTPS=1
421
421
422 AuthType Basic
422 AuthType Basic
423 AuthName "RhodeCode authentication"
423 AuthName "RhodeCode authentication"
424 AuthUserFile /home/web/rhodecode/.htpasswd
424 AuthUserFile /home/web/rhodecode/.htpasswd
425 require valid-user
425 require valid-user
426
426
427 RequestHeader unset X-Forwarded-User
427 RequestHeader unset X-Forwarded-User
428
428
429 RewriteEngine On
429 RewriteEngine On
430 RewriteCond %{LA-U:REMOTE_USER} (.+)
430 RewriteCond %{LA-U:REMOTE_USER} (.+)
431 RewriteRule .* - [E=RU:%1]
431 RewriteRule .* - [E=RU:%1]
432 RequestHeader set X-Forwarded-User %{RU}e
432 RequestHeader set X-Forwarded-User %{RU}e
433 </Location>
433 </Location>
434
434
435 In order for RhodeCode to start using the forwarded username, you should set
435 In order for RhodeCode to start using the forwarded username, you should set
436 the following in the [app:main] section of your .ini file::
436 the following in the [app:main] section of your .ini file::
437
437
438 proxypass_auth_enabled = true
438 proxypass_auth_enabled = true
439
439
440 .. note::
440 .. note::
441 If you enable proxy pass-through authentication, make sure your server is
441 If you enable proxy pass-through authentication, make sure your server is
442 only accessible through the proxy. Otherwise, any client would be able to
442 only accessible through the proxy. Otherwise, any client would be able to
443 forge the authentication header and could effectively become authenticated
443 forge the authentication header and could effectively become authenticated
444 using any account of their liking.
444 using any account of their liking.
445
445
446 Integration with Issue trackers
446 Integration with Issue trackers
447 -------------------------------
447 -------------------------------
448
448
449 RhodeCode provides a simple integration with issue trackers. It's possible
449 RhodeCode provides a simple integration with issue trackers. It's possible
450 to define a regular expression that will fetch issue id stored in commit
450 to define a regular expression that will fetch issue id stored in commit
451 messages and replace that with an url to this issue. To enable this simply
451 messages and replace that with an url to this issue. To enable this simply
452 uncomment following variables in the ini file::
452 uncomment following variables in the ini file::
453
453
454 issue_pat = (?:^#|\s#)(\w+)
454 issue_pat = (?:^#|\s#)(\w+)
455 issue_server_link = https://myissueserver.com/{repo}/issue/{id}
455 issue_server_link = https://myissueserver.com/{repo}/issue/{id}
456 issue_prefix = #
456 issue_prefix = #
457
457
458 `issue_pat` is the regular expression that will fetch issues from commit messages.
458 `issue_pat` is the regular expression that will fetch issues from commit messages.
459 Default regex will match issues in format of #<number> eg. #300.
459 Default regex will match issues in format of #<number> eg. #300.
460
460
461 Matched issues will be replace with the link specified as `issue_server_link`
461 Matched issues will be replace with the link specified as `issue_server_link`
462 {id} will be replaced with issue id, and {repo} with repository name.
462 {id} will be replaced with issue id, and {repo} with repository name.
463 Since the # is striped `issue_prefix` is added as a prefix to url.
463 Since the # is striped `issue_prefix` is added as a prefix to url.
464 `issue_prefix` can be something different than # if you pass
464 `issue_prefix` can be something different than # if you pass
465 ISSUE- as issue prefix this will generate an url in format::
465 ISSUE- as issue prefix this will generate an url in format::
466
466
467 <a href="https://myissueserver.com/example_repo/issue/300">ISSUE-300</a>
467 <a href="https://myissueserver.com/example_repo/issue/300">ISSUE-300</a>
468
468
469 Hook management
469 Hook management
470 ---------------
470 ---------------
471
471
472 Hooks can be managed in similar way to this used in .hgrc files.
472 Hooks can be managed in similar way to this used in .hgrc files.
473 To access hooks setting click `advanced setup` on Hooks section of Mercurial
473 To access hooks setting click `advanced setup` on Hooks section of Mercurial
474 Settings in Admin.
474 Settings in Admin.
475
475
476 There are 4 built in hooks that cannot be changed (only enable/disable by
476 There are 4 built in hooks that cannot be changed (only enable/disable by
477 checkboxes on previos section).
477 checkboxes on previos section).
478 To add another custom hook simply fill in first section with
478 To add another custom hook simply fill in first section with
479 <name>.<hook_type> and the second one with hook path. Example hooks
479 <name>.<hook_type> and the second one with hook path. Example hooks
480 can be found at *rhodecode.lib.hooks*.
480 can be found at *rhodecode.lib.hooks*.
481
481
482
482
483 Changing default encoding
483 Changing default encoding
484 -------------------------
484 -------------------------
485
485
486 By default RhodeCode uses utf8 encoding, starting from 1.3 series this
486 By default RhodeCode uses utf8 encoding, starting from 1.3 series this
487 can be changed, simply edit default_encoding in .ini file to desired one.
487 can be changed, simply edit default_encoding in .ini file to desired one.
488 This affects many parts in rhodecode including committers names, filenames,
488 This affects many parts in rhodecode including committers names, filenames,
489 encoding of commit messages. In addition RhodeCode can detect if `chardet`
489 encoding of commit messages. In addition RhodeCode can detect if `chardet`
490 library is installed. If `chardet` is detected RhodeCode will fallback to it
490 library is installed. If `chardet` is detected RhodeCode will fallback to it
491 when there are encode/decode errors.
491 when there are encode/decode errors.
492
492
493
493
494 Setting Up Celery
494 Setting Up Celery
495 -----------------
495 -----------------
496
496
497 Since version 1.1 celery is configured by the rhodecode ini configuration files.
497 Since version 1.1 celery is configured by the rhodecode ini configuration files.
498 Simply set use_celery=true in the ini file then add / change the configuration
498 Simply set use_celery=true in the ini file then add / change the configuration
499 variables inside the ini file.
499 variables inside the ini file.
500
500
501 Remember that the ini files use the format with '.' not with '_' like celery.
501 Remember that the ini files use the format with '.' not with '_' like celery.
502 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
502 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
503 the config file.
503 the config file.
504
504
505 In order to start using celery run::
505 In order to start using celery run::
506
506
507 paster celeryd <configfile.ini>
507 paster celeryd <configfile.ini>
508
508
509
509
510 .. note::
510 .. note::
511 Make sure you run this command from the same virtualenv, and with the same
511 Make sure you run this command from the same virtualenv, and with the same
512 user that rhodecode runs.
512 user that rhodecode runs.
513
513
514 HTTPS support
514 HTTPS support
515 -------------
515 -------------
516
516
517 There are two ways to enable https:
517 There are two ways to enable https:
518
518
519 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
519 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
520 recognize this headers and make proper https redirections
520 recognize this headers and make proper https redirections
521 - Alternatively, change the `force_https = true` flag in the ini configuration
521 - Alternatively, change the `force_https = true` flag in the ini configuration
522 to force using https, no headers are needed than to enable https
522 to force using https, no headers are needed than to enable https
523
523
524
524
525 Nginx virtual host example
525 Nginx virtual host example
526 --------------------------
526 --------------------------
527
527
528 Sample config for nginx using proxy::
528 Sample config for nginx using proxy::
529
529
530 upstream rc {
530 upstream rc {
531 server 127.0.0.1:5000;
531 server 127.0.0.1:5000;
532 # add more instances for load balancing
532 # add more instances for load balancing
533 #server 127.0.0.1:5001;
533 #server 127.0.0.1:5001;
534 #server 127.0.0.1:5002;
534 #server 127.0.0.1:5002;
535 }
535 }
536
536
537 ## gist alias
537 ## gist alias
538 server {
538 server {
539 listen 443;
539 listen 443;
540 server_name gist.myserver.com;
540 server_name gist.myserver.com;
541 access_log /var/log/nginx/gist.access.log;
541 access_log /var/log/nginx/gist.access.log;
542 error_log /var/log/nginx/gist.error.log;
542 error_log /var/log/nginx/gist.error.log;
543
543
544 ssl on;
544 ssl on;
545 ssl_certificate gist.rhodecode.myserver.com.crt;
545 ssl_certificate gist.rhodecode.myserver.com.crt;
546 ssl_certificate_key gist.rhodecode.myserver.com.key;
546 ssl_certificate_key gist.rhodecode.myserver.com.key;
547
547
548 ssl_session_timeout 5m;
548 ssl_session_timeout 5m;
549
549
550 ssl_protocols SSLv3 TLSv1;
550 ssl_protocols SSLv3 TLSv1;
551 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
551 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
552 ssl_prefer_server_ciphers on;
552 ssl_prefer_server_ciphers on;
553
553
554 rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
554 rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
555 rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
555 rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
556 }
556 }
557
557
558 server {
558 server {
559 listen 443;
559 listen 443;
560 server_name rhodecode.myserver.com;
560 server_name rhodecode.myserver.com;
561 access_log /var/log/nginx/rhodecode.access.log;
561 access_log /var/log/nginx/rhodecode.access.log;
562 error_log /var/log/nginx/rhodecode.error.log;
562 error_log /var/log/nginx/rhodecode.error.log;
563
563
564 ssl on;
564 ssl on;
565 ssl_certificate rhodecode.myserver.com.crt;
565 ssl_certificate rhodecode.myserver.com.crt;
566 ssl_certificate_key rhodecode.myserver.com.key;
566 ssl_certificate_key rhodecode.myserver.com.key;
567
567
568 ssl_session_timeout 5m;
568 ssl_session_timeout 5m;
569
569
570 ssl_protocols SSLv3 TLSv1;
570 ssl_protocols SSLv3 TLSv1;
571 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
571 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
572 ssl_prefer_server_ciphers on;
572 ssl_prefer_server_ciphers on;
573
573
574 ## uncomment root directive if you want to serve static files by nginx
574 ## uncomment root directive if you want to serve static files by nginx
575 ## requires static_files = false in .ini file
575 ## requires static_files = false in .ini file
576 #root /path/to/installation/rhodecode/public;
576 #root /path/to/installation/rhodecode/public;
577 include /etc/nginx/proxy.conf;
577 include /etc/nginx/proxy.conf;
578 location / {
578 location / {
579 try_files $uri @rhode;
579 try_files $uri @rhode;
580 }
580 }
581
581
582 location @rhode {
582 location @rhode {
583 proxy_pass http://rc;
583 proxy_pass http://rc;
584 }
584 }
585
585
586 }
586 }
587
587
588 Here's the proxy.conf. It's tuned so it will not timeout on long
588 Here's the proxy.conf. It's tuned so it will not timeout on long
589 pushes or large pushes::
589 pushes or large pushes::
590
590
591 proxy_redirect off;
591 proxy_redirect off;
592 proxy_set_header Host $host;
592 proxy_set_header Host $host;
593 ## needed for container auth
594 #proxy_set_header REMOTE_USER $remote_user;
595 #proxy_set_header X-Forwarded-User $remote_user;
593 proxy_set_header X-Url-Scheme $scheme;
596 proxy_set_header X-Url-Scheme $scheme;
594 proxy_set_header X-Host $http_host;
597 proxy_set_header X-Host $http_host;
595 proxy_set_header X-Real-IP $remote_addr;
598 proxy_set_header X-Real-IP $remote_addr;
596 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
599 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
597 proxy_set_header Proxy-host $proxy_host;
600 proxy_set_header Proxy-host $proxy_host;
598 proxy_buffering off;
601 proxy_buffering off;
599 proxy_connect_timeout 7200;
602 proxy_connect_timeout 7200;
600 proxy_send_timeout 7200;
603 proxy_send_timeout 7200;
601 proxy_read_timeout 7200;
604 proxy_read_timeout 7200;
602 proxy_buffers 8 32k;
605 proxy_buffers 8 32k;
603 client_max_body_size 1024m;
606 client_max_body_size 1024m;
604 client_body_buffer_size 128k;
607 client_body_buffer_size 128k;
605 large_client_header_buffers 8 64k;
608 large_client_header_buffers 8 64k;
606
609
607
610
608 Apache virtual host reverse proxy example
611 Apache virtual host reverse proxy example
609 -----------------------------------------
612 -----------------------------------------
610
613
611 Here is a sample configuration file for apache using proxy::
614 Here is a sample configuration file for apache using proxy::
612
615
613 <VirtualHost *:80>
616 <VirtualHost *:80>
614 ServerName hg.myserver.com
617 ServerName hg.myserver.com
615 ServerAlias hg.myserver.com
618 ServerAlias hg.myserver.com
616
619
617 <Proxy *>
620 <Proxy *>
618 Order allow,deny
621 Order allow,deny
619 Allow from all
622 Allow from all
620 </Proxy>
623 </Proxy>
621
624
622 #important !
625 #important !
623 #Directive to properly generate url (clone url) for pylons
626 #Directive to properly generate url (clone url) for pylons
624 ProxyPreserveHost On
627 ProxyPreserveHost On
625
628
626 #rhodecode instance
629 #rhodecode instance
627 ProxyPass / http://127.0.0.1:5000/
630 ProxyPass / http://127.0.0.1:5000/
628 ProxyPassReverse / http://127.0.0.1:5000/
631 ProxyPassReverse / http://127.0.0.1:5000/
629
632
630 #to enable https use line below
633 #to enable https use line below
631 #SetEnvIf X-Url-Scheme https HTTPS=1
634 #SetEnvIf X-Url-Scheme https HTTPS=1
632
635
633 </VirtualHost>
636 </VirtualHost>
634
637
635
638
636 Additional tutorial
639 Additional tutorial
637 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
640 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
638
641
639
642
640 Apache as subdirectory
643 Apache as subdirectory
641 ----------------------
644 ----------------------
642
645
643 Apache subdirectory part::
646 Apache subdirectory part::
644
647
645 <Location /<someprefix> >
648 <Location /<someprefix> >
646 ProxyPass http://127.0.0.1:5000/<someprefix>
649 ProxyPass http://127.0.0.1:5000/<someprefix>
647 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
650 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
648 SetEnvIf X-Url-Scheme https HTTPS=1
651 SetEnvIf X-Url-Scheme https HTTPS=1
649 </Location>
652 </Location>
650
653
651 Besides the regular apache setup you will need to add the following line
654 Besides the regular apache setup you will need to add the following line
652 into [app:main] section of your .ini file::
655 into [app:main] section of your .ini file::
653
656
654 filter-with = proxy-prefix
657 filter-with = proxy-prefix
655
658
656 Add the following at the end of the .ini file::
659 Add the following at the end of the .ini file::
657
660
658 [filter:proxy-prefix]
661 [filter:proxy-prefix]
659 use = egg:PasteDeploy#prefix
662 use = egg:PasteDeploy#prefix
660 prefix = /<someprefix>
663 prefix = /<someprefix>
661
664
662
665
663 then change <someprefix> into your chosen prefix
666 then change <someprefix> into your chosen prefix
664
667
665 Apache's WSGI config
668 Apache's WSGI config
666 --------------------
669 --------------------
667
670
668 Alternatively, RhodeCode can be set up with Apache under mod_wsgi. For
671 Alternatively, RhodeCode can be set up with Apache under mod_wsgi. For
669 that, you'll need to:
672 that, you'll need to:
670
673
671 - Install mod_wsgi. If using a Debian-based distro, you can install
674 - Install mod_wsgi. If using a Debian-based distro, you can install
672 the package libapache2-mod-wsgi::
675 the package libapache2-mod-wsgi::
673
676
674 aptitude install libapache2-mod-wsgi
677 aptitude install libapache2-mod-wsgi
675
678
676 - Enable mod_wsgi::
679 - Enable mod_wsgi::
677
680
678 a2enmod wsgi
681 a2enmod wsgi
679
682
680 - Create a wsgi dispatch script, like the one below. Make sure you
683 - Create a wsgi dispatch script, like the one below. Make sure you
681 check the paths correctly point to where you installed RhodeCode
684 check the paths correctly point to where you installed RhodeCode
682 and its Python Virtual Environment.
685 and its Python Virtual Environment.
683 - Enable the WSGIScriptAlias directive for the wsgi dispatch script,
686 - Enable the WSGIScriptAlias directive for the wsgi dispatch script,
684 as in the following example. Once again, check the paths are
687 as in the following example. Once again, check the paths are
685 correctly specified.
688 correctly specified.
686
689
687 Here is a sample excerpt from an Apache Virtual Host configuration file::
690 Here is a sample excerpt from an Apache Virtual Host configuration file::
688
691
689 WSGIDaemonProcess pylons \
692 WSGIDaemonProcess pylons \
690 threads=4 \
693 threads=4 \
691 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
694 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
692 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
695 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
693 WSGIPassAuthorization On
696 WSGIPassAuthorization On
694
697
695 .. note::
698 .. note::
696 when running apache as root please add: `user=www-data group=www-data`
699 when running apache as root please add: `user=www-data group=www-data`
697 into above configuration
700 into above configuration
698
701
699 .. note::
702 .. note::
700 Running RhodeCode in multiprocess mode in apache is not supported,
703 Running RhodeCode in multiprocess mode in apache is not supported,
701 make sure you don't specify `processes=num` directive in the config
704 make sure you don't specify `processes=num` directive in the config
702
705
703
706
704 Example wsgi dispatch script::
707 Example wsgi dispatch script::
705
708
706 import os
709 import os
707 os.environ["HGENCODING"] = "UTF-8"
710 os.environ["HGENCODING"] = "UTF-8"
708 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
711 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
709
712
710 # sometimes it's needed to set the curent dir
713 # sometimes it's needed to set the curent dir
711 os.chdir('/home/web/rhodecode/')
714 os.chdir('/home/web/rhodecode/')
712
715
713 import site
716 import site
714 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
717 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
715
718
716 from paste.deploy import loadapp
719 from paste.deploy import loadapp
717 from paste.script.util.logging_config import fileConfig
720 from paste.script.util.logging_config import fileConfig
718
721
719 fileConfig('/home/web/rhodecode/production.ini')
722 fileConfig('/home/web/rhodecode/production.ini')
720 application = loadapp('config:/home/web/rhodecode/production.ini')
723 application = loadapp('config:/home/web/rhodecode/production.ini')
721
724
722 Note: when using mod_wsgi you'll need to install the same version of
725 Note: when using mod_wsgi you'll need to install the same version of
723 Mercurial that's inside RhodeCode's virtualenv also on the system's Python
726 Mercurial that's inside RhodeCode's virtualenv also on the system's Python
724 environment.
727 environment.
725
728
726
729
727 Other configuration files
730 Other configuration files
728 -------------------------
731 -------------------------
729
732
730 Some example init.d scripts can be found in init.d directory::
733 Some example init.d scripts can be found in init.d directory::
731
734
732 https://secure.rhodecode.org/rhodecode/files/beta/init.d
735 https://secure.rhodecode.org/rhodecode/files/beta/init.d
733
736
734 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
737 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
735 .. _python: http://www.python.org/
738 .. _python: http://www.python.org/
736 .. _mercurial: http://mercurial.selenic.com/
739 .. _mercurial: http://mercurial.selenic.com/
737 .. _celery: http://celeryproject.org/
740 .. _celery: http://celeryproject.org/
738 .. _rabbitmq: http://www.rabbitmq.com/
741 .. _rabbitmq: http://www.rabbitmq.com/
739 .. _python-ldap: http://www.python-ldap.org/
742 .. _python-ldap: http://www.python-ldap.org/
740 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
743 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
741 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
744 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
742 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
745 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
743 .. _google group rhodecode: http://groups.google.com/group/rhodecode
746 .. _google group rhodecode: http://groups.google.com/group/rhodecode
General Comments 0
You need to be logged in to leave comments. Login now