##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

docs updates
marcink -
r3335:2d4e1f5e beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,735 +1,735 b''
1 .. _setup:
1 .. _setup:
2
2
3 =====
3 =====
4 Setup
4 Setup
5 =====
5 =====
6
6
7
7
8 Setting up RhodeCode
8 Setting up RhodeCode
9 --------------------
9 --------------------
10
10
11 First, you will need to create a RhodeCode configuration file. Run the
11 First, you will need to create a RhodeCode configuration file. Run the
12 following command to do this::
12 following command to do this::
13
13
14 paster make-config RhodeCode production.ini
14 paster make-config RhodeCode production.ini
15
15
16 - This will create the file `production.ini` in the current directory. This
16 - This will create the file `production.ini` in the current directory. This
17 configuration file contains the various settings for RhodeCode, e.g proxy
17 configuration file contains the various settings for RhodeCode, e.g proxy
18 port, email settings, usage of static files, cache, celery settings and
18 port, email settings, usage of static files, cache, celery settings and
19 logging.
19 logging.
20
20
21
21
22 Next, you need to create the databases used by RhodeCode. I recommend that you
22 Next, you need to create the databases used by RhodeCode. I recommend that you
23 use postgresql or sqlite (default). If you choose a database other than the
23 use postgresql or sqlite (default). If you choose a database other than the
24 default ensure you properly adjust the db url in your production.ini
24 default ensure you properly adjust the db url in your production.ini
25 configuration file to use this other database. RhodeCode currently supports
25 configuration file to use this other database. RhodeCode currently supports
26 postgresql, sqlite and mysql databases. Create the database by running
26 postgresql, sqlite and mysql databases. Create the database by running
27 the following command::
27 the following command::
28
28
29 paster setup-rhodecode production.ini
29 paster setup-rhodecode production.ini
30
30
31 This will prompt you for a "root" path. This "root" path is the location where
31 This will prompt you for a "root" path. This "root" path is the location where
32 RhodeCode will store all of its repositories on the current machine. After
32 RhodeCode will store all of its repositories on the current machine. After
33 entering this "root" path ``setup-rhodecode`` will also prompt you for a username
33 entering this "root" path ``setup-rhodecode`` will also prompt you for a username
34 and password for the initial admin account which ``setup-rhodecode`` sets
34 and password for the initial admin account which ``setup-rhodecode`` sets
35 up for you.
35 up for you.
36
36
37 setup process can be fully automated, example for lazy::
37 setup process can be fully automated, example for lazy::
38
38
39 paster setup-rhodecode production.ini --user=marcink --password=secret --email=marcin@rhodecode.org --repos=/home/marcink/my_repos
39 paster setup-rhodecode production.ini --user=marcink --password=secret --email=marcin@rhodecode.org --repos=/home/marcink/my_repos
40
40
41
41
42 - The ``setup-rhodecode`` command will create all of the needed tables and an
42 - The ``setup-rhodecode`` command will create all of the needed tables and an
43 admin account. When choosing a root path you can either use a new empty
43 admin account. When choosing a root path you can either use a new empty
44 location, or a location which already contains existing repositories. If you
44 location, or a location which already contains existing repositories. If you
45 choose a location which contains existing repositories RhodeCode will simply
45 choose a location which contains existing repositories RhodeCode will simply
46 add all of the repositories at the chosen location to it's database.
46 add all of the repositories at the chosen location to it's database.
47 (Note: make sure you specify the correct path to the root).
47 (Note: make sure you specify the correct path to the root).
48 - Note: the given path for mercurial_ repositories **must** be write accessible
48 - Note: the given path for mercurial_ repositories **must** be write accessible
49 for the application. It's very important since the RhodeCode web interface
49 for the application. It's very important since the RhodeCode web interface
50 will work without write access, but when trying to do a push it will
50 will work without write access, but when trying to do a push it will
51 eventually fail with permission denied errors unless it has write access.
51 eventually fail with permission denied errors unless it has write access.
52
52
53 You are now ready to use RhodeCode, to run it simply execute::
53 You are now ready to use RhodeCode, to run it simply execute::
54
54
55 paster serve production.ini
55 paster serve production.ini
56
56
57 - This command runs the RhodeCode server. The web app should be available at the
57 - This command runs the RhodeCode server. The web app should be available at the
58 127.0.0.1:5000. This ip and port is configurable via the production.ini
58 127.0.0.1:5000. This ip and port is configurable via the production.ini
59 file created in previous step
59 file created in previous step
60 - Use the admin account you created above when running ``setup-rhodecode``
60 - Use the admin account you created above when running ``setup-rhodecode``
61 to login to the web app.
61 to login to the web app.
62 - The default permissions on each repository is read, and the owner is admin.
62 - The default permissions on each repository is read, and the owner is admin.
63 Remember to update these if needed.
63 Remember to update these if needed.
64 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
64 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
65 well as edit more advanced options on users and repositories
65 well as edit more advanced options on users and repositories
66
66
67 Optionally users can create `rcextensions` package that extends RhodeCode
67 Optionally users can create `rcextensions` package that extends RhodeCode
68 functionality. To do this simply execute::
68 functionality. To do this simply execute::
69
69
70 paster make-rcext production.ini
70 paster make-rcext production.ini
71
71
72 This will create `rcextensions` package in the same place that your `ini` file
72 This will create `rcextensions` package in the same place that your `ini` file
73 lives. With `rcextensions` it's possible to add additional mapping for whoosh,
73 lives. With `rcextensions` it's possible to add additional mapping for whoosh,
74 stats and add additional code into the push/pull/create/delete repo hooks.
74 stats and add additional code into the push/pull/create/delete repo hooks.
75 For example for sending signals to build-bots such as jenkins.
75 For example for sending signals to build-bots such as jenkins.
76 Please see the `__init__.py` file inside `rcextensions` package
76 Please see the `__init__.py` file inside `rcextensions` package
77 for more details.
77 for more details.
78
78
79
79
80 Using RhodeCode with SSH
80 Using RhodeCode with SSH
81 ------------------------
81 ------------------------
82
82
83 RhodeCode currently only hosts repositories using http and https. (The addition
83 RhodeCode currently only hosts repositories using http and https. (The addition
84 of ssh hosting is a planned future feature.) However you can easily use ssh in
84 of ssh hosting is a planned future feature.) However you can easily use ssh in
85 parallel with RhodeCode. (Repository access via ssh is a standard "out of
85 parallel with RhodeCode. (Repository access via ssh is a standard "out of
86 the box" feature of mercurial_ and you can use this to access any of the
86 the box" feature of mercurial_ and you can use this to access any of the
87 repositories that RhodeCode is hosting. See PublishingRepositories_)
87 repositories that RhodeCode is hosting. See PublishingRepositories_)
88
88
89 RhodeCode repository structures are kept in directories with the same name
89 RhodeCode repository structures are kept in directories with the same name
90 as the project. When using repository groups, each group is a subdirectory.
90 as the project. When using repository groups, each group is a subdirectory.
91 This allows you to easily use ssh for accessing repositories.
91 This allows you to easily use ssh for accessing repositories.
92
92
93 In order to use ssh you need to make sure that your web-server and the users
93 In order to use ssh you need to make sure that your web-server and the users
94 login accounts have the correct permissions set on the appropriate directories.
94 login accounts have the correct permissions set on the appropriate directories.
95 (Note that these permissions are independent of any permissions you have set up
95 (Note that these permissions are independent of any permissions you have set up
96 using the RhodeCode web interface.)
96 using the RhodeCode web interface.)
97
97
98 If your main directory (the same as set in RhodeCode settings) is for example
98 If your main directory (the same as set in RhodeCode settings) is for example
99 set to **/home/hg** and the repository you are using is named `rhodecode`, then
99 set to **/home/hg** and the repository you are using is named `rhodecode`, then
100 to clone via ssh you should run::
100 to clone via ssh you should run::
101
101
102 hg clone ssh://user@server.com/home/hg/rhodecode
102 hg clone ssh://user@server.com/home/hg/rhodecode
103
103
104 Using other external tools such as mercurial-server_ or using ssh key based
104 Using other external tools such as mercurial-server_ or using ssh key based
105 authentication is fully supported.
105 authentication is fully supported.
106
106
107 Note: In an advanced setup, in order for your ssh access to use the same
107 Note: In an advanced setup, in order for your ssh access to use the same
108 permissions as set up via the RhodeCode web interface, you can create an
108 permissions as set up via the RhodeCode web interface, you can create an
109 authentication hook to connect to the rhodecode db and runs check functions for
109 authentication hook to connect to the rhodecode db and runs check functions for
110 permissions against that.
110 permissions against that.
111
111
112 Setting up Whoosh full text search
112 Setting up Whoosh full text search
113 ----------------------------------
113 ----------------------------------
114
114
115 Starting from version 1.1 the whoosh index can be build by using the paster
115 Starting from version 1.1 the whoosh index can be build by using the paster
116 command ``make-index``. To use ``make-index`` you must specify the configuration
116 command ``make-index``. To use ``make-index`` you must specify the configuration
117 file that stores the location of the index. You may specify the location of the
117 file that stores the location of the index. You may specify the location of the
118 repositories (`--repo-location`). If not specified, this value is retrieved
118 repositories (`--repo-location`). If not specified, this value is retrieved
119 from the RhodeCode database. This was required prior to 1.2. Starting from
119 from the RhodeCode database. This was required prior to 1.2. Starting from
120 version 1.2 it is also possible to specify a comma separated list of
120 version 1.2 it is also possible to specify a comma separated list of
121 repositories (`--index-only`) to build index only on chooses repositories
121 repositories (`--index-only`) to build index only on chooses repositories
122 skipping any other found in repos location
122 skipping any other found in repos location
123
123
124 You may optionally pass the option `-f` to enable a full index rebuild. Without
124 You may optionally pass the option `-f` to enable a full index rebuild. Without
125 the `-f` option, indexing will run always in "incremental" mode.
125 the `-f` option, indexing will run always in "incremental" mode.
126
126
127 For an incremental index build use::
127 For an incremental index build use::
128
128
129 paster make-index production.ini
129 paster make-index production.ini
130
130
131 For a full index rebuild use::
131 For a full index rebuild use::
132
132
133 paster make-index production.ini -f
133 paster make-index production.ini -f
134
134
135
135
136 building index just for chosen repositories is possible with such command::
136 building index just for chosen repositories is possible with such command::
137
137
138 paster make-index production.ini --index-only=vcs,rhodecode
138 paster make-index production.ini --index-only=vcs,rhodecode
139
139
140
140
141 In order to do periodical index builds and keep your index always up to date.
141 In order to do periodical index builds and keep your index always up to date.
142 It's recommended to do a crontab entry for incremental indexing.
142 It's recommended to do a crontab entry for incremental indexing.
143 An example entry might look like this::
143 An example entry might look like this::
144
144
145 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
145 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
146
146
147 When using incremental mode (the default) whoosh will check the last
147 When using incremental mode (the default) whoosh will check the last
148 modification date of each file and add it to be reindexed if a newer file is
148 modification date of each file and add it to be reindexed if a newer file is
149 available. The indexing daemon checks for any removed files and removes them
149 available. The indexing daemon checks for any removed files and removes them
150 from index.
150 from index.
151
151
152 If you want to rebuild index from scratch, you can use the `-f` flag as above,
152 If you want to rebuild index from scratch, you can use the `-f` flag as above,
153 or in the admin panel you can check `build from scratch` flag.
153 or in the admin panel you can check `build from scratch` flag.
154
154
155
155
156 Setting up LDAP support
156 Setting up LDAP support
157 -----------------------
157 -----------------------
158
158
159 RhodeCode starting from version 1.1 supports ldap authentication. In order
159 RhodeCode starting from version 1.1 supports ldap authentication. In order
160 to use LDAP, you have to install the python-ldap_ package. This package is
160 to use LDAP, you have to install the python-ldap_ package. This package is
161 available via pypi, so you can install it by running
161 available via pypi, so you can install it by running
162
162
163 using easy_install::
163 using easy_install::
164
164
165 easy_install python-ldap
165 easy_install python-ldap
166
166
167 using pip::
167 using pip::
168
168
169 pip install python-ldap
169 pip install python-ldap
170
170
171 .. note::
171 .. note::
172 python-ldap requires some certain libs on your system, so before installing
172 python-ldap requires some certain libs on your system, so before installing
173 it check that you have at least `openldap`, and `sasl` libraries.
173 it check that you have at least `openldap`, and `sasl` libraries.
174
174
175 LDAP settings are located in admin->ldap section,
175 LDAP settings are located in admin->ldap section,
176
176
177 Here's a typical ldap setup::
177 Here's a typical ldap setup::
178
178
179 Connection settings
179 Connection settings
180 Enable LDAP = checked
180 Enable LDAP = checked
181 Host = host.example.org
181 Host = host.example.org
182 Port = 389
182 Port = 389
183 Account = <account>
183 Account = <account>
184 Password = <password>
184 Password = <password>
185 Connection Security = LDAPS connection
185 Connection Security = LDAPS connection
186 Certificate Checks = DEMAND
186 Certificate Checks = DEMAND
187
187
188 Search settings
188 Search settings
189 Base DN = CN=users,DC=host,DC=example,DC=org
189 Base DN = CN=users,DC=host,DC=example,DC=org
190 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
190 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
191 LDAP Search Scope = SUBTREE
191 LDAP Search Scope = SUBTREE
192
192
193 Attribute mappings
193 Attribute mappings
194 Login Attribute = uid
194 Login Attribute = uid
195 First Name Attribute = firstName
195 First Name Attribute = firstName
196 Last Name Attribute = lastName
196 Last Name Attribute = lastName
197 E-mail Attribute = mail
197 E-mail Attribute = mail
198
198
199 .. _enable_ldap:
199 .. _enable_ldap:
200
200
201 Enable LDAP : required
201 Enable LDAP : required
202 Whether to use LDAP for authenticating users.
202 Whether to use LDAP for authenticating users.
203
203
204 .. _ldap_host:
204 .. _ldap_host:
205
205
206 Host : required
206 Host : required
207 LDAP server hostname or IP address. Can be also a comma separated
207 LDAP server hostname or IP address. Can be also a comma separated
208 list of servers to support LDAP fail-over.
208 list of servers to support LDAP fail-over.
209
209
210 .. _Port:
210 .. _Port:
211
211
212 Port : required
212 Port : required
213 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
213 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
214
214
215 .. _ldap_account:
215 .. _ldap_account:
216
216
217 Account : optional
217 Account : optional
218 Only required if the LDAP server does not allow anonymous browsing of
218 Only required if the LDAP server does not allow anonymous browsing of
219 records. This should be a special account for record browsing. This
219 records. This should be a special account for record browsing. This
220 will require `LDAP Password`_ below.
220 will require `LDAP Password`_ below.
221
221
222 .. _LDAP Password:
222 .. _LDAP Password:
223
223
224 Password : optional
224 Password : optional
225 Only required if the LDAP server does not allow anonymous browsing of
225 Only required if the LDAP server does not allow anonymous browsing of
226 records.
226 records.
227
227
228 .. _Enable LDAPS:
228 .. _Enable LDAPS:
229
229
230 Connection Security : required
230 Connection Security : required
231 Defines the connection to LDAP server
231 Defines the connection to LDAP server
232
232
233 No encryption
233 No encryption
234 Plain non encrypted connection
234 Plain non encrypted connection
235
235
236 LDAPS connection
236 LDAPS connection
237 Enable ldaps connection. It will likely require `Port`_ to be set to
237 Enable ldaps connection. It will likely require `Port`_ to be set to
238 a different value (standard LDAPS port is 636). When LDAPS is enabled
238 a different value (standard LDAPS port is 636). When LDAPS is enabled
239 then `Certificate Checks`_ is required.
239 then `Certificate Checks`_ is required.
240
240
241 START_TLS on LDAP connection
241 START_TLS on LDAP connection
242 START TLS connection
242 START TLS connection
243
243
244 .. _Certificate Checks:
244 .. _Certificate Checks:
245
245
246 Certificate Checks : optional
246 Certificate Checks : optional
247 How SSL certificates verification is handled - this is only useful when
247 How SSL certificates verification is handled - this is only useful when
248 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
248 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
249 while the other options are susceptible to man-in-the-middle attacks. SSL
249 while the other options are susceptible to man-in-the-middle attacks. SSL
250 certificates can be installed to /etc/openldap/cacerts so that the
250 certificates can be installed to /etc/openldap/cacerts so that the
251 DEMAND or HARD options can be used with self-signed certificates or
251 DEMAND or HARD options can be used with self-signed certificates or
252 certificates that do not have traceable certificates of authority.
252 certificates that do not have traceable certificates of authority.
253
253
254 NEVER
254 NEVER
255 A serve certificate will never be requested or checked.
255 A serve certificate will never be requested or checked.
256
256
257 ALLOW
257 ALLOW
258 A server certificate is requested. Failure to provide a
258 A server certificate is requested. Failure to provide a
259 certificate or providing a bad certificate will not terminate the
259 certificate or providing a bad certificate will not terminate the
260 session.
260 session.
261
261
262 TRY
262 TRY
263 A server certificate is requested. Failure to provide a
263 A server certificate is requested. Failure to provide a
264 certificate does not halt the session; providing a bad certificate
264 certificate does not halt the session; providing a bad certificate
265 halts the session.
265 halts the session.
266
266
267 DEMAND
267 DEMAND
268 A server certificate is requested and must be provided and
268 A server certificate is requested and must be provided and
269 authenticated for the session to proceed.
269 authenticated for the session to proceed.
270
270
271 HARD
271 HARD
272 The same as DEMAND.
272 The same as DEMAND.
273
273
274 .. _Base DN:
274 .. _Base DN:
275
275
276 Base DN : required
276 Base DN : required
277 The Distinguished Name (DN) where searches for users will be performed.
277 The Distinguished Name (DN) where searches for users will be performed.
278 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
278 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
279
279
280 .. _LDAP Filter:
280 .. _LDAP Filter:
281
281
282 LDAP Filter : optional
282 LDAP Filter : optional
283 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
283 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
284 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
284 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
285 which LDAP objects are identified as representing Users for
285 which LDAP objects are identified as representing Users for
286 authentication. The filter is augmented by `Login Attribute`_ below.
286 authentication. The filter is augmented by `Login Attribute`_ below.
287 This can commonly be left blank.
287 This can commonly be left blank.
288
288
289 .. _LDAP Search Scope:
289 .. _LDAP Search Scope:
290
290
291 LDAP Search Scope : required
291 LDAP Search Scope : required
292 This limits how far LDAP will search for a matching object.
292 This limits how far LDAP will search for a matching object.
293
293
294 BASE
294 BASE
295 Only allows searching of `Base DN`_ and is usually not what you
295 Only allows searching of `Base DN`_ and is usually not what you
296 want.
296 want.
297
297
298 ONELEVEL
298 ONELEVEL
299 Searches all entries under `Base DN`_, but not Base DN itself.
299 Searches all entries under `Base DN`_, but not Base DN itself.
300
300
301 SUBTREE
301 SUBTREE
302 Searches all entries below `Base DN`_, but not Base DN itself.
302 Searches all entries below `Base DN`_, but not Base DN itself.
303 When using SUBTREE `LDAP Filter`_ is useful to limit object
303 When using SUBTREE `LDAP Filter`_ is useful to limit object
304 location.
304 location.
305
305
306 .. _Login Attribute:
306 .. _Login Attribute:
307
307
308 Login Attribute : required
308 Login Attribute : required
309 The LDAP record attribute that will be matched as the USERNAME or
309 The LDAP record attribute that will be matched as the USERNAME or
310 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
310 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
311 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
311 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
312 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
312 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
313 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
313 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
314 ::
314 ::
315
315
316 (&(LDAPFILTER)(uid=jsmith))
316 (&(LDAPFILTER)(uid=jsmith))
317
317
318 .. _ldap_attr_firstname:
318 .. _ldap_attr_firstname:
319
319
320 First Name Attribute : required
320 First Name Attribute : required
321 The LDAP record attribute which represents the user's first name.
321 The LDAP record attribute which represents the user's first name.
322
322
323 .. _ldap_attr_lastname:
323 .. _ldap_attr_lastname:
324
324
325 Last Name Attribute : required
325 Last Name Attribute : required
326 The LDAP record attribute which represents the user's last name.
326 The LDAP record attribute which represents the user's last name.
327
327
328 .. _ldap_attr_email:
328 .. _ldap_attr_email:
329
329
330 Email Attribute : required
330 Email Attribute : required
331 The LDAP record attribute which represents the user's email address.
331 The LDAP record attribute which represents the user's email address.
332
332
333 If all data are entered correctly, and python-ldap_ is properly installed
333 If all data are entered correctly, and python-ldap_ is properly installed
334 users should be granted access to RhodeCode with ldap accounts. At this
334 users should be granted access to RhodeCode with ldap accounts. At this
335 time user information is copied from LDAP into the RhodeCode user database.
335 time user information is copied from LDAP into the RhodeCode user database.
336 This means that updates of an LDAP user object may not be reflected as a
336 This means that updates of an LDAP user object may not be reflected as a
337 user update in RhodeCode.
337 user update in RhodeCode.
338
338
339 If You have problems with LDAP access and believe You entered correct
339 If You have problems with LDAP access and believe You entered correct
340 information check out the RhodeCode logs, any error messages sent from LDAP
340 information check out the RhodeCode logs, any error messages sent from LDAP
341 will be saved there.
341 will be saved there.
342
342
343 Active Directory
343 Active Directory
344 ''''''''''''''''
344 ''''''''''''''''
345
345
346 RhodeCode can use Microsoft Active Directory for user authentication. This
346 RhodeCode can use Microsoft Active Directory for user authentication. This
347 is done through an LDAP or LDAPS connection to Active Directory. The
347 is done through an LDAP or LDAPS connection to Active Directory. The
348 following LDAP configuration settings are typical for using Active
348 following LDAP configuration settings are typical for using Active
349 Directory ::
349 Directory ::
350
350
351 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
351 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
352 Login Attribute = sAMAccountName
352 Login Attribute = sAMAccountName
353 First Name Attribute = givenName
353 First Name Attribute = givenName
354 Last Name Attribute = sn
354 Last Name Attribute = sn
355 E-mail Attribute = mail
355 E-mail Attribute = mail
356
356
357 All other LDAP settings will likely be site-specific and should be
357 All other LDAP settings will likely be site-specific and should be
358 appropriately configured.
358 appropriately configured.
359
359
360
360
361 Authentication by container or reverse-proxy
361 Authentication by container or reverse-proxy
362 --------------------------------------------
362 --------------------------------------------
363
363
364 Starting with version 1.3, RhodeCode supports delegating the authentication
364 Starting with version 1.3, RhodeCode supports delegating the authentication
365 of users to its WSGI container, or to a reverse-proxy server through which all
365 of users to its WSGI container, or to a reverse-proxy server through which all
366 clients access the application.
366 clients access the application.
367
367
368 When these authentication methods are enabled in RhodeCode, it uses the
368 When these authentication methods are enabled in RhodeCode, it uses the
369 username that the container/proxy (Apache/Nginx/etc) authenticated and doesn't
369 username that the container/proxy (Apache/Nginx/etc) authenticated and doesn't
370 perform the authentication itself. The authorization, however, is still done by
370 perform the authentication itself. The authorization, however, is still done by
371 RhodeCode according to its settings.
371 RhodeCode according to its settings.
372
372
373 When a user logs in for the first time using these authentication methods,
373 When a user logs in for the first time using these authentication methods,
374 a matching user account is created in RhodeCode with default permissions. An
374 a matching user account is created in RhodeCode with default permissions. An
375 administrator can then modify it using RhodeCode's admin interface.
375 administrator can then modify it using RhodeCode's admin interface.
376 It's also possible for an administrator to create accounts and configure their
376 It's also possible for an administrator to create accounts and configure their
377 permissions before the user logs in for the first time.
377 permissions before the user logs in for the first time.
378
378
379 Container-based authentication
379 Container-based authentication
380 ''''''''''''''''''''''''''''''
380 ''''''''''''''''''''''''''''''
381
381
382 In a container-based authentication setup, RhodeCode reads the user name from
382 In a container-based authentication setup, RhodeCode reads the user name from
383 the ``REMOTE_USER`` server variable provided by the WSGI container.
383 the ``REMOTE_USER`` server variable provided by the WSGI container.
384
384
385 After setting up your container (see `Apache's WSGI config`_), you'd need
385 After setting up your container (see `Apache's WSGI config`_), you'd need
386 to configure it to require authentication on the location configured for
386 to configure it to require authentication on the location configured for
387 RhodeCode.
387 RhodeCode.
388
388
389 In order for RhodeCode to start using the provided username, you should set the
389 In order for RhodeCode to start using the provided username, you should set the
390 following in the [app:main] section of your .ini file::
390 following in the [app:main] section of your .ini file::
391
391
392 container_auth_enabled = true
392 container_auth_enabled = true
393
393
394
394
395 Proxy pass-through authentication
395 Proxy pass-through authentication
396 '''''''''''''''''''''''''''''''''
396 '''''''''''''''''''''''''''''''''
397
397
398 In a proxy pass-through authentication setup, RhodeCode reads the user name
398 In a proxy pass-through authentication setup, RhodeCode reads the user name
399 from the ``X-Forwarded-User`` request header, which should be configured to be
399 from the ``X-Forwarded-User`` request header, which should be configured to be
400 sent by the reverse-proxy server.
400 sent by the reverse-proxy server.
401
401
402 After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,
402 After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,
403 `Apache as subdirectory`_ or `Nginx virtual host example`_), you'd need to
403 `Apache as subdirectory`_ or `Nginx virtual host example`_), you'd need to
404 configure the authentication and add the username in a request header named
404 configure the authentication and add the username in a request header named
405 ``X-Forwarded-User``.
405 ``X-Forwarded-User``.
406
406
407 For example, the following config section for Apache sets a subdirectory in a
407 For example, the following config section for Apache sets a subdirectory in a
408 reverse-proxy setup with basic auth::
408 reverse-proxy setup with basic auth::
409
409
410 <Location /<someprefix> >
410 <Location /<someprefix> >
411 ProxyPass http://127.0.0.1:5000/<someprefix>
411 ProxyPass http://127.0.0.1:5000/<someprefix>
412 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
412 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
413 SetEnvIf X-Url-Scheme https HTTPS=1
413 SetEnvIf X-Url-Scheme https HTTPS=1
414
414
415 AuthType Basic
415 AuthType Basic
416 AuthName "RhodeCode authentication"
416 AuthName "RhodeCode authentication"
417 AuthUserFile /home/web/rhodecode/.htpasswd
417 AuthUserFile /home/web/rhodecode/.htpasswd
418 require valid-user
418 require valid-user
419
419
420 RequestHeader unset X-Forwarded-User
420 RequestHeader unset X-Forwarded-User
421
421
422 RewriteEngine On
422 RewriteEngine On
423 RewriteCond %{LA-U:REMOTE_USER} (.+)
423 RewriteCond %{LA-U:REMOTE_USER} (.+)
424 RewriteRule .* - [E=RU:%1]
424 RewriteRule .* - [E=RU:%1]
425 RequestHeader set X-Forwarded-User %{RU}e
425 RequestHeader set X-Forwarded-User %{RU}e
426 </Location>
426 </Location>
427
427
428 In order for RhodeCode to start using the forwarded username, you should set
428 In order for RhodeCode to start using the forwarded username, you should set
429 the following in the [app:main] section of your .ini file::
429 the following in the [app:main] section of your .ini file::
430
430
431 proxypass_auth_enabled = true
431 proxypass_auth_enabled = true
432
432
433 .. note::
433 .. note::
434 If you enable proxy pass-through authentication, make sure your server is
434 If you enable proxy pass-through authentication, make sure your server is
435 only accessible through the proxy. Otherwise, any client would be able to
435 only accessible through the proxy. Otherwise, any client would be able to
436 forge the authentication header and could effectively become authenticated
436 forge the authentication header and could effectively become authenticated
437 using any account of their liking.
437 using any account of their liking.
438
438
439 Integration with Issue trackers
439 Integration with Issue trackers
440 -------------------------------
440 -------------------------------
441
441
442 RhodeCode provides a simple integration with issue trackers. It's possible
442 RhodeCode provides a simple integration with issue trackers. It's possible
443 to define a regular expression that will fetch issue id stored in commit
443 to define a regular expression that will fetch issue id stored in commit
444 messages and replace that with an url to this issue. To enable this simply
444 messages and replace that with an url to this issue. To enable this simply
445 uncomment following variables in the ini file::
445 uncomment following variables in the ini file::
446
446
447 url_pat = (?:^#|\s#)(\w+)
447 url_pat = (?:^#|\s#)(\w+)
448 issue_server_link = https://myissueserver.com/{repo}/issue/{id}
448 issue_server_link = https://myissueserver.com/{repo}/issue/{id}
449 issue_prefix = #
449 issue_prefix = #
450
450
451 `url_pat` is the regular expression that will fetch issues from commit messages.
451 `url_pat` is the regular expression that will fetch issues from commit messages.
452 Default regex will match issues in format of #<number> eg. #300.
452 Default regex will match issues in format of #<number> eg. #300.
453
453
454 Matched issues will be replace with the link specified as `issue_server_link`
454 Matched issues will be replace with the link specified as `issue_server_link`
455 {id} will be replaced with issue id, and {repo} with repository name.
455 {id} will be replaced with issue id, and {repo} with repository name.
456 Since the # is striped `issue_prefix` is added as a prefix to url.
456 Since the # is striped `issue_prefix` is added as a prefix to url.
457 `issue_prefix` can be something different than # if you pass
457 `issue_prefix` can be something different than # if you pass
458 ISSUE- as issue prefix this will generate an url in format::
458 ISSUE- as issue prefix this will generate an url in format::
459
459
460 <a href="https://myissueserver.com/example_repo/issue/300">ISSUE-300</a>
460 <a href="https://myissueserver.com/example_repo/issue/300">ISSUE-300</a>
461
461
462 Hook management
462 Hook management
463 ---------------
463 ---------------
464
464
465 Hooks can be managed in similar way to this used in .hgrc files.
465 Hooks can be managed in similar way to this used in .hgrc files.
466 To access hooks setting click `advanced setup` on Hooks section of Mercurial
466 To access hooks setting click `advanced setup` on Hooks section of Mercurial
467 Settings in Admin.
467 Settings in Admin.
468
468
469 There are 4 built in hooks that cannot be changed (only enable/disable by
469 There are 4 built in hooks that cannot be changed (only enable/disable by
470 checkboxes on previos section).
470 checkboxes on previos section).
471 To add another custom hook simply fill in first section with
471 To add another custom hook simply fill in first section with
472 <name>.<hook_type> and the second one with hook path. Example hooks
472 <name>.<hook_type> and the second one with hook path. Example hooks
473 can be found at *rhodecode.lib.hooks*.
473 can be found at *rhodecode.lib.hooks*.
474
474
475
475
476 Changing default encoding
476 Changing default encoding
477 -------------------------
477 -------------------------
478
478
479 By default RhodeCode uses utf8 encoding, starting from 1.3 series this
479 By default RhodeCode uses utf8 encoding, starting from 1.3 series this
480 can be changed, simply edit default_encoding in .ini file to desired one.
480 can be changed, simply edit default_encoding in .ini file to desired one.
481 This affects many parts in rhodecode including commiters names, filenames,
481 This affects many parts in rhodecode including commiters names, filenames,
482 encoding of commit messages. In addition RhodeCode can detect if `chardet`
482 encoding of commit messages. In addition RhodeCode can detect if `chardet`
483 library is installed. If `chardet` is detected RhodeCode will fallback to it
483 library is installed. If `chardet` is detected RhodeCode will fallback to it
484 when there are encode/decode errors.
484 when there are encode/decode errors.
485
485
486
486
487 Setting Up Celery
487 Setting Up Celery
488 -----------------
488 -----------------
489
489
490 Since version 1.1 celery is configured by the rhodecode ini configuration files.
490 Since version 1.1 celery is configured by the rhodecode ini configuration files.
491 Simply set use_celery=true in the ini file then add / change the configuration
491 Simply set use_celery=true in the ini file then add / change the configuration
492 variables inside the ini file.
492 variables inside the ini file.
493
493
494 Remember that the ini files use the format with '.' not with '_' like celery.
494 Remember that the ini files use the format with '.' not with '_' like celery.
495 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
495 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
496 the config file.
496 the config file.
497
497
498 In order to start using celery run::
498 In order to start using celery run::
499
499
500 paster celeryd <configfile.ini>
500 paster celeryd <configfile.ini>
501
501
502
502
503 .. note::
503 .. note::
504 Make sure you run this command from the same virtualenv, and with the same
504 Make sure you run this command from the same virtualenv, and with the same
505 user that rhodecode runs.
505 user that rhodecode runs.
506
506
507 HTTPS support
507 HTTPS support
508 -------------
508 -------------
509
509
510 There are two ways to enable https:
510 There are two ways to enable https:
511
511
512 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
512 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
513 recognize this headers and make proper https redirections
513 recognize this headers and make proper https redirections
514 - Alternatively, change the `force_https = true` flag in the ini configuration
514 - Alternatively, change the `force_https = true` flag in the ini configuration
515 to force using https, no headers are needed than to enable https
515 to force using https, no headers are needed than to enable https
516
516
517
517
518 Nginx virtual host example
518 Nginx virtual host example
519 --------------------------
519 --------------------------
520
520
521 Sample config for nginx using proxy::
521 Sample config for nginx using proxy::
522
522
523 upstream rc {
523 upstream rc {
524 server 127.0.0.1:5000;
524 server 127.0.0.1:5000;
525 # add more instances for load balancing
525 # add more instances for load balancing
526 #server 127.0.0.1:5001;
526 #server 127.0.0.1:5001;
527 #server 127.0.0.1:5002;
527 #server 127.0.0.1:5002;
528 }
528 }
529
529
530 server {
530 server {
531 listen 443;
531 listen 443;
532 server_name rhodecode.myserver.com;
532 server_name rhodecode.myserver.com;
533 access_log /var/log/nginx/rhodecode.access.log;
533 access_log /var/log/nginx/rhodecode.access.log;
534 error_log /var/log/nginx/rhodecode.error.log;
534 error_log /var/log/nginx/rhodecode.error.log;
535
535
536 ssl on;
536 ssl on;
537 ssl_certificate rhodecode.myserver.com.crt;
537 ssl_certificate rhodecode.myserver.com.crt;
538 ssl_certificate_key rhodecode.myserver.com.key;
538 ssl_certificate_key rhodecode.myserver.com.key;
539
539
540 ssl_session_timeout 5m;
540 ssl_session_timeout 5m;
541
541
542 ssl_protocols SSLv3 TLSv1;
542 ssl_protocols SSLv3 TLSv1;
543 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
543 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
544 ssl_prefer_server_ciphers on;
544 ssl_prefer_server_ciphers on;
545
545
546 # uncomment if you have nginx with chunking module compiled
546 # uncomment if you have nginx with chunking module compiled
547 # fixes the issues of having to put postBuffer data for large git
547 # fixes the issues of having to put postBuffer data for large git
548 # pushes
548 # pushes
549 #chunkin on;
549 #chunkin on;
550 #error_page 411 = @my_411_error;
550 #error_page 411 = @my_411_error;
551 #location @my_411_error {
551 #location @my_411_error {
552 # chunkin_resume;
552 # chunkin_resume;
553 #}
553 #}
554
554
555 # uncomment if you want to serve static files by nginx
555 # uncomment if you want to serve static files by nginx
556 #root /path/to/installation/rhodecode/public;
556 #root /path/to/installation/rhodecode/public;
557
557
558 location / {
558 location / {
559 try_files $uri @rhode;
559 try_files $uri @rhode;
560 }
560 }
561
561
562 location @rhode {
562 location @rhode {
563 proxy_pass http://rc;
563 proxy_pass http://rc;
564 include /etc/nginx/proxy.conf;
564 include /etc/nginx/proxy.conf;
565 }
565 }
566
566
567 }
567 }
568
568
569 Here's the proxy.conf. It's tuned so it will not timeout on long
569 Here's the proxy.conf. It's tuned so it will not timeout on long
570 pushes or large pushes::
570 pushes or large pushes::
571
571
572 proxy_redirect off;
572 proxy_redirect off;
573 proxy_set_header Host $host;
573 proxy_set_header Host $host;
574 proxy_set_header X-Url-Scheme $scheme;
574 proxy_set_header X-Url-Scheme $scheme;
575 proxy_set_header X-Host $http_host;
575 proxy_set_header X-Host $http_host;
576 proxy_set_header X-Real-IP $remote_addr;
576 proxy_set_header X-Real-IP $remote_addr;
577 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
577 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
578 proxy_set_header Proxy-host $proxy_host;
578 proxy_set_header Proxy-host $proxy_host;
579 client_max_body_size 400m;
579 client_max_body_size 400m;
580 client_body_buffer_size 128k;
580 client_body_buffer_size 128k;
581 proxy_buffering off;
581 proxy_buffering off;
582 proxy_connect_timeout 7200;
582 proxy_connect_timeout 7200;
583 proxy_send_timeout 7200;
583 proxy_send_timeout 7200;
584 proxy_read_timeout 7200;
584 proxy_read_timeout 7200;
585 proxy_buffers 8 32k;
585 proxy_buffers 8 32k;
586
586
587 Also, when using root path with nginx you might set the static files to false
587 Also, when using root path with nginx you might set the static files to false
588 in the production.ini file::
588 in the production.ini file::
589
589
590 [app:main]
590 [app:main]
591 use = egg:rhodecode
591 use = egg:rhodecode
592 full_stack = true
592 full_stack = true
593 static_files = false
593 static_files = false
594 lang=en
594 lang=en
595 cache_dir = %(here)s/data
595 cache_dir = %(here)s/data
596
596
597 In order to not have the statics served by the application. This improves speed.
597 In order to not have the statics served by the application. This improves speed.
598
598
599
599
600 Apache virtual host reverse proxy example
600 Apache virtual host reverse proxy example
601 -----------------------------------------
601 -----------------------------------------
602
602
603 Here is a sample configuration file for apache using proxy::
603 Here is a sample configuration file for apache using proxy::
604
604
605 <VirtualHost *:80>
605 <VirtualHost *:80>
606 ServerName hg.myserver.com
606 ServerName hg.myserver.com
607 ServerAlias hg.myserver.com
607 ServerAlias hg.myserver.com
608
608
609 <Proxy *>
609 <Proxy *>
610 Order allow,deny
610 Order allow,deny
611 Allow from all
611 Allow from all
612 </Proxy>
612 </Proxy>
613
613
614 #important !
614 #important !
615 #Directive to properly generate url (clone url) for pylons
615 #Directive to properly generate url (clone url) for pylons
616 ProxyPreserveHost On
616 ProxyPreserveHost On
617
617
618 #rhodecode instance
618 #rhodecode instance
619 ProxyPass / http://127.0.0.1:5000/
619 ProxyPass / http://127.0.0.1:5000/
620 ProxyPassReverse / http://127.0.0.1:5000/
620 ProxyPassReverse / http://127.0.0.1:5000/
621
621
622 #to enable https use line below
622 #to enable https use line below
623 #SetEnvIf X-Url-Scheme https HTTPS=1
623 #SetEnvIf X-Url-Scheme https HTTPS=1
624
624
625 </VirtualHost>
625 </VirtualHost>
626
626
627
627
628 Additional tutorial
628 Additional tutorial
629 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
629 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
630
630
631
631
632 Apache as subdirectory
632 Apache as subdirectory
633 ----------------------
633 ----------------------
634
634
635 Apache subdirectory part::
635 Apache subdirectory part::
636
636
637 <Location /<someprefix> >
637 <Location /<someprefix> >
638 ProxyPass http://127.0.0.1:5000/<someprefix>
638 ProxyPass http://127.0.0.1:5000/<someprefix>
639 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
639 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
640 SetEnvIf X-Url-Scheme https HTTPS=1
640 SetEnvIf X-Url-Scheme https HTTPS=1
641 </Location>
641 </Location>
642
642
643 Besides the regular apache setup you will need to add the following line
643 Besides the regular apache setup you will need to add the following line
644 into [app:main] section of your .ini file::
644 into [app:main] section of your .ini file::
645
645
646 filter-with = proxy-prefix
646 filter-with = proxy-prefix
647
647
648 Add the following at the end of the .ini file::
648 Add the following at the end of the .ini file::
649
649
650 [filter:proxy-prefix]
650 [filter:proxy-prefix]
651 use = egg:PasteDeploy#prefix
651 use = egg:PasteDeploy#prefix
652 prefix = /<someprefix>
652 prefix = /<someprefix>
653
653
654
654
655 then change <someprefix> into your choosen prefix
655 then change <someprefix> into your choosen prefix
656
656
657 Apache's WSGI config
657 Apache's WSGI config
658 --------------------
658 --------------------
659
659
660 Alternatively, RhodeCode can be set up with Apache under mod_wsgi. For
660 Alternatively, RhodeCode can be set up with Apache under mod_wsgi. For
661 that, you'll need to:
661 that, you'll need to:
662
662
663 - Install mod_wsgi. If using a Debian-based distro, you can install
663 - Install mod_wsgi. If using a Debian-based distro, you can install
664 the package libapache2-mod-wsgi::
664 the package libapache2-mod-wsgi::
665
665
666 aptitude install libapache2-mod-wsgi
666 aptitude install libapache2-mod-wsgi
667
667
668 - Enable mod_wsgi::
668 - Enable mod_wsgi::
669
669
670 a2enmod wsgi
670 a2enmod wsgi
671
671
672 - Create a wsgi dispatch script, like the one below. Make sure you
672 - Create a wsgi dispatch script, like the one below. Make sure you
673 check the paths correctly point to where you installed RhodeCode
673 check the paths correctly point to where you installed RhodeCode
674 and its Python Virtual Environment.
674 and its Python Virtual Environment.
675 - Enable the WSGIScriptAlias directive for the wsgi dispatch script,
675 - Enable the WSGIScriptAlias directive for the wsgi dispatch script,
676 as in the following example. Once again, check the paths are
676 as in the following example. Once again, check the paths are
677 correctly specified.
677 correctly specified.
678
678
679 Here is a sample excerpt from an Apache Virtual Host configuration file::
679 Here is a sample excerpt from an Apache Virtual Host configuration file::
680
680
681 WSGIDaemonProcess pylons \
681 WSGIDaemonProcess pylons \
682 threads=4 \
682 threads=4 \
683 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
683 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
684 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
684 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
685 WSGIPassAuthorization On
685 WSGIPassAuthorization On
686
686
687 .. note::
687 .. note::
688 when running apache as root please add: `user=www-data group=www-data`
688 when running apache as root please add: `user=www-data group=www-data`
689 into above configuration
689 into above configuration
690
690
691 .. note::
691 .. note::
692 RhodeCode cannot be runned in multiprocess mode in apache, make sure
692 Running RhodeCode in multiprocess mode in apache is not supported,
693 you don't specify `processes=num` directive in the config
693 make sure you don't specify `processes=num` directive in the config
694
694
695
695
696 Example wsgi dispatch script::
696 Example wsgi dispatch script::
697
697
698 import os
698 import os
699 os.environ["HGENCODING"] = "UTF-8"
699 os.environ["HGENCODING"] = "UTF-8"
700 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
700 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
701
701
702 # sometimes it's needed to set the curent dir
702 # sometimes it's needed to set the curent dir
703 os.chdir('/home/web/rhodecode/')
703 os.chdir('/home/web/rhodecode/')
704
704
705 import site
705 import site
706 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
706 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
707
707
708 from paste.deploy import loadapp
708 from paste.deploy import loadapp
709 from paste.script.util.logging_config import fileConfig
709 from paste.script.util.logging_config import fileConfig
710
710
711 fileConfig('/home/web/rhodecode/production.ini')
711 fileConfig('/home/web/rhodecode/production.ini')
712 application = loadapp('config:/home/web/rhodecode/production.ini')
712 application = loadapp('config:/home/web/rhodecode/production.ini')
713
713
714 Note: when using mod_wsgi you'll need to install the same version of
714 Note: when using mod_wsgi you'll need to install the same version of
715 Mercurial that's inside RhodeCode's virtualenv also on the system's Python
715 Mercurial that's inside RhodeCode's virtualenv also on the system's Python
716 environment.
716 environment.
717
717
718
718
719 Other configuration files
719 Other configuration files
720 -------------------------
720 -------------------------
721
721
722 Some example init.d scripts can be found in init.d directory::
722 Some example init.d scripts can be found in init.d directory::
723
723
724 https://secure.rhodecode.org/rhodecode/files/beta/init.d
724 https://secure.rhodecode.org/rhodecode/files/beta/init.d
725
725
726 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
726 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
727 .. _python: http://www.python.org/
727 .. _python: http://www.python.org/
728 .. _mercurial: http://mercurial.selenic.com/
728 .. _mercurial: http://mercurial.selenic.com/
729 .. _celery: http://celeryproject.org/
729 .. _celery: http://celeryproject.org/
730 .. _rabbitmq: http://www.rabbitmq.com/
730 .. _rabbitmq: http://www.rabbitmq.com/
731 .. _python-ldap: http://www.python-ldap.org/
731 .. _python-ldap: http://www.python-ldap.org/
732 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
732 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
733 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
733 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
734 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
734 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
735 .. _google group rhodecode: http://groups.google.com/group/rhodecode
735 .. _google group rhodecode: http://groups.google.com/group/rhodecode
Show file before | Show file after | Hide comments
@@ -1,99 +1,107 b''
1 .. _upgrade:
1 .. _upgrade:
2
2
3 =======
3 =======
4 Upgrade
4 Upgrade
5 =======
5 =======
6
6
7 Upgrading from PyPI (aka "Cheeseshop")
7 Upgrading from PyPI (aka "Cheeseshop")
8 ---------------------------------------
8 ---------------------------------------
9
9
10 .. note::
10 .. note::
11 Firstly, it is recommended that you **always** perform a database and
11 Firstly, it is recommended that you **always** perform a database and
12 configuration backup before doing an upgrade.
12 configuration backup before doing an upgrade.
13
13
14 (These directions will use '{version}' to note that this is the version of
14 (These directions will use '{version}' to note that this is the version of
15 Rhodecode that these files were used with. If backing up your RhodeCode
15 Rhodecode that these files were used with. If backing up your RhodeCode
16 instance from version 1.3.6 to 1.4.0, the ``production.ini`` file would be
16 instance from version 1.3.6 to 1.4.0, the ``production.ini`` file would be
17 backed up to ``production.ini.1-3-6``.)
17 backed up to ``production.ini.1-3-6``.)
18
18
19
19
20 If using a sqlite database, stop the Rhodecode process/daemon/service, and
20 If using a sqlite database, stop the Rhodecode process/daemon/service, and
21 then make a copy of the database file::
21 then make a copy of the database file::
22
22
23 service rhodecode stop
23 service rhodecode stop
24 cp rhodecode.db rhodecode.db.{version}
24 cp rhodecode.db rhodecode.db.{version}
25
25
26
26
27 Back up your configuration file::
27 Back up your configuration file::
28
28
29 cp production.ini production.ini.{version}
29 cp production.ini production.ini.{version}
30
30
31
31
32 Ensure that you are using the Python Virtual Environment that you'd originally
32 Ensure that you are using the Python Virtual Environment that you'd originally
33 installed Rhodecode in::
33 installed Rhodecode in::
34
34
35 pip freeze
35 pip freeze
36
36
37 will list all packages installed in the current environment. If Rhodecode
37 will list all packages installed in the current environment. If Rhodecode
38 isn't listed, change virtual environments to your venv location::
38 isn't listed, change virtual environments to your venv location::
39
39
40 source /opt/rhodecode-venv/bin/activate
40 source /opt/rhodecode-venv/bin/activate
41
41
42
42
43 Once you have verified the environment you can upgrade ``Rhodecode`` with::
43 Once you have verified the environment you can upgrade ``Rhodecode`` with::
44
44
45 easy_install -U rhodecode
45 easy_install -U rhodecode
46
46
47 Or::
47 Or::
48
48
49 pip install --upgrade rhodecode
49 pip install --upgrade rhodecode
50
50
51
51
52 Then run the following command from the installation directory::
52 Then run the following command from the installation directory::
53
53
54 paster make-config RhodeCode production.ini
54 paster make-config RhodeCode production.ini
55
55
56 This will display any changes made by the new version of RhodeCode to your
56 This will display any changes made by the new version of RhodeCode to your
57 current configuration. It will try to perform an automerge. It's recommended
57 current configuration. It will try to perform an automerge. It's recommended
58 that you re-check the content after the automerge.
58 that you re-check the content after the automerge.
59
59
60 .. note::
60 .. note::
61 Please always make sure your .ini files are up to date. Often errors are
61 Please always make sure your .ini files are up to date. Often errors are
62 caused by missing params added in new versions.
62 caused by missing params added in new versions.
63
63
64
64
65 It is also recommended that you rebuild the whoosh index after upgrading since
65 It is also recommended that you rebuild the whoosh index after upgrading since
66 the new whoosh version could introduce some incompatible index changes. Please
66 the new whoosh version could introduce some incompatible index changes. Please
67 Read the changelog to see if there were any changes to whoosh.
67 Read the changelog to see if there were any changes to whoosh.
68
68
69
69
70 The final step is to upgrade the database. To do this simply run::
70 The final step is to upgrade the database. To do this simply run::
71
71
72 paster upgrade-db production.ini
72 paster upgrade-db production.ini
73
73
74 This will upgrade the schema and update some of the defaults in the database,
74 This will upgrade the schema and update some of the defaults in the database,
75 and will always recheck the settings of the application, if there are no new
75 and will always recheck the settings of the application, if there are no new
76 options that need to be set.
76 options that need to be set.
77
77
78
79 .. note::
80 DB schema upgrade library has some limitations and can sometimes fail if you try to
81 upgrade from older major releases. In such case simply run upgrades sequentially, eg.
82 upgrading from 1.2.X to 1.5.X should be done like that: 1.2.X. > 1.3.X > 1.4.X > 1.5.X
83 You can always specify what version of RhodeCode you want to install for example in pip
84 `pip install RhodeCode==1.3.6`
85
78 You may find it helpful to clear out your log file so that new errors are
86 You may find it helpful to clear out your log file so that new errors are
79 readily apparent::
87 readily apparent::
80
88
81 echo > rhodecode.log
89 echo > rhodecode.log
82
90
83 Once that is complete, you may now start your upgraded Rhodecode Instance::
91 Once that is complete, you may now start your upgraded Rhodecode Instance::
84
92
85 service rhodecode start
93 service rhodecode start
86
94
87 Or::
95 Or::
88
96
89 paster serve /var/www/rhodecode/production.ini
97 paster serve /var/www/rhodecode/production.ini
90
98
91 .. note::
99 .. note::
92 If you're using Celery, make sure you restart all instances of it after
100 If you're using Celery, make sure you restart all instances of it after
93 upgrade.
101 upgrade.
94
102
95 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
103 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
96 .. _python: http://www.python.org/
104 .. _python: http://www.python.org/
97 .. _mercurial: http://mercurial.selenic.com/
105 .. _mercurial: http://mercurial.selenic.com/
98 .. _celery: http://celeryproject.org/
106 .. _celery: http://celeryproject.org/
99 .. _rabbitmq: http://www.rabbitmq.com/
107 .. _rabbitmq: http://www.rabbitmq.com/
Show file before | Show file after | Hide comments
@@ -1,107 +1,115 b''
1 .. _general:
1 .. _general:
2
2
3 =======================
3 =======================
4 General RhodeCode usage
4 General RhodeCode usage
5 =======================
5 =======================
6
6
7
7
8 Repository deleting
8 Repository deleting
9 -------------------
9 -------------------
10
10
11 Currently when admin/owner deletes a repository, RhodeCode does not physically
11 Currently when admin/owner deletes a repository, RhodeCode does not physically
12 delete a repository from filesystem, it renames it in a special way so it's
12 delete a repository from filesystem, it renames it in a special way so it's
13 not possible to push,clone or access repository. It's worth a notice that,
13 not possible to push,clone or access repository. It's worth a notice that,
14 even if someone will be given administrative access to RhodeCode and will
14 even if someone will be given administrative access to RhodeCode and will
15 delete a repository You can easy restore such action by restoring `rm__<date>`
15 delete a repository You can easy restore such action by restoring `rm__<date>`
16 from the repository name, and internal repository storage (.hg/.git)
16 from the repository name, and internal repository storage (.hg/.git). There
17 is also a special command for cleaning such archived repos::
18
19 paster cleanup-repos --older-than=30d production.ini
20
21 This command will scan for archived repositories that are older than 30d,
22 display them and ask if you want to delete them (there's a --dont-ask flag also)
23 If you host big amount of repositories with forks that are constantly deleted
24 it's recommended that you run such command via crontab.
17
25
18 Follow current branch in file view
26 Follow current branch in file view
19 ----------------------------------
27 ----------------------------------
20
28
21 In file view when this checkbox is checked the << and >> arrows will jump
29 In file view when this checkbox is checked the << and >> arrows will jump
22 to changesets within the same branch currently viewing. So for example
30 to changesets within the same branch currently viewing. So for example
23 if someone is viewing files at 'beta' branch and marks `follow current branch`
31 if someone is viewing files at 'beta' branch and marks `follow current branch`
24 checkbox the << and >> buttons will only show him revisions for 'beta' branch
32 checkbox the << and >> buttons will only show him revisions for 'beta' branch
25
33
26
34
27 Compare view from changelog
35 Compare view from changelog
28 ---------------------------
36 ---------------------------
29
37
30 Checkboxes in compare view allow users to view combined compare view. You can
38 Checkboxes in compare view allow users to view combined compare view. You can
31 only show the range between the first and last checkbox (no cherry pick).
39 only show the range between the first and last checkbox (no cherry pick).
32 Clicking more than one checkbox will activate a link in top saying
40 Clicking more than one checkbox will activate a link in top saying
33 `Show selected changes <from-rev> -> <to-rev>` clicking this will bring
41 `Show selected changes <from-rev> -> <to-rev>` clicking this will bring
34 compare view
42 compare view. In this view also it's possible to switch to combined compare.
35
43
36 Compare view is also available from the journal on pushes having more than
44 Compare view is also available from the journal on pushes having more than
37 one changeset
45 one changeset
38
46
39
47
40 Non changeable repository urls
48 Non changeable repository urls
41 ------------------------------
49 ------------------------------
42
50
43 Due to complicated nature of repository grouping, often urls of repositories
51 Due to complicated nature of repository grouping, often urls of repositories
44 can change.
52 can change.
45
53
46 example::
54 example::
47
55
48 #before
56 #before
49 http://server.com/repo_name
57 http://server.com/repo_name
50 # after insertion to test_group group the url will be
58 # after insertion to test_group group the url will be
51 http://server.com/test_group/repo_name
59 http://server.com/test_group/repo_name
52
60
53 This can be an issue for build systems and any other hardcoded scripts, moving
61 This can be an issue for build systems and any other hardcoded scripts, moving
54 repository to a group leads to a need for changing external systems. To
62 repository to a group leads to a need for changing external systems. To
55 overcome this RhodeCode introduces a non changable replacement url. It's
63 overcome this RhodeCode introduces a non changable replacement url. It's
56 simply an repository ID prefixed with `_` above urls are also accessible as::
64 simply an repository ID prefixed with `_` above urls are also accessible as::
57
65
58 http://server.com/_<ID>
66 http://server.com/_<ID>
59
67
60 Since ID are always the same moving the repository will not affect such url.
68 Since ID are always the same moving the repository will not affect such url.
61 the _<ID> syntax can be used anywhere in the system so urls with repo_name
69 the _<ID> syntax can be used anywhere in the system so urls with repo_name
62 for changelogs, files and other can be exchanged with _<ID> syntax.
70 for changelogs, files and other can be exchanged with _<ID> syntax.
63
71
64
72
65 Mailing
73 Mailing
66 -------
74 -------
67
75
68 When administrator will fill up the mailing settings in .ini files
76 When administrator will fill up the mailing settings in .ini files
69 RhodeCode will send mails on user registration, or when RhodeCode errors occur
77 RhodeCode will send mails on user registration, or when RhodeCode errors occur
70 on errors the mails will have a detailed traceback of error.
78 on errors the mails will have a detailed traceback of error.
71
79
72
80
73 Mails are also sent for code comments. If someone comments on a changeset
81 Mails are also sent for code comments. If someone comments on a changeset
74 mail is sent to all participants, the person who commited the changeset
82 mail is sent to all participants, the person who commited the changeset
75 (if present in RhodeCode), and to all people mentioned with @mention system.
83 (if present in RhodeCode), and to all people mentioned with @mention system.
76
84
77
85
78 Trending source files
86 Trending source files
79 ---------------------
87 ---------------------
80
88
81 Trending source files are calculated based on pre defined dict of known
89 Trending source files are calculated based on pre defined dict of known
82 types and extensions. If You miss some extension or Would like to scan some
90 types and extensions. If You miss some extension or Would like to scan some
83 custom files it's possible to add new types in `LANGUAGES_EXTENSIONS_MAP` dict
91 custom files it's possible to add new types in `LANGUAGES_EXTENSIONS_MAP` dict
84 located in `/rhodecode/lib/celerylib/tasks.py`
92 located in `/rhodecode/lib/celerylib/tasks.py`
85
93
86
94
87 Cloning remote repositories
95 Cloning remote repositories
88 ---------------------------
96 ---------------------------
89
97
90 RhodeCode has an ability to clone remote repos from given remote locations.
98 RhodeCode has an ability to clone remote repos from given remote locations.
91 Currently it support following options:
99 Currently it support following options:
92
100
93 - hg -> hg clone
101 - hg -> hg clone
94 - svn -> hg clone
102 - svn -> hg clone
95 - git -> git clone
103 - git -> git clone
96
104
97
105
98 .. note::
106 .. note::
99
107
100 - *`svn -> hg` cloning requires `hgsubversion` library to be installed.*
108 - *`svn -> hg` cloning requires `hgsubversion` library to be installed.*
101
109
102 If you need to clone repositories that are protected via basic auth, you
110 If you need to clone repositories that are protected via basic auth, you
103 might pass the url with stored credentials inside eg.
111 might pass the url with stored credentials inside eg.
104 `http://user:passw@remote.server/repo, RhodeCode will try to login and clone
112 `http://user:passw@remote.server/repo, RhodeCode will try to login and clone
105 using given credentials. Please take a note that they will be stored as
113 using given credentials. Please take a note that they will be stored as
106 plaintext inside the database. RhodeCode will remove auth info when showing the
114 plaintext inside the database. RhodeCode will remove auth info when showing the
107 clone url in summary page.
115 clone url in summary page.
General Comments 0
You need to be logged in to leave comments. Login now