##// END OF EJS Templates
Added example wsgi config into docs
marcink -
r1386:5a31d387 beta
parent child Browse files
Show More
@@ -1,543 +1,558 b''
1 .. _setup:
1 .. _setup:
2
2
3 Setup
3 Setup
4 =====
4 =====
5
5
6
6
7 Setting up RhodeCode
7 Setting up RhodeCode
8 --------------------------
8 --------------------------
9
9
10 First, you will need to create a RhodeCode configuration file. Run the
10 First, you will need to create a RhodeCode configuration file. Run the
11 following command to do this::
11 following command to do this::
12
12
13 paster make-config RhodeCode production.ini
13 paster make-config RhodeCode production.ini
14
14
15 - This will create the file `production.ini` in the current directory. This
15 - This will create the file `production.ini` in the current directory. This
16 configuration file contains the various settings for RhodeCode, e.g proxy
16 configuration file contains the various settings for RhodeCode, e.g proxy
17 port, email settings, usage of static files, cache, celery settings and
17 port, email settings, usage of static files, cache, celery settings and
18 logging.
18 logging.
19
19
20
20
21 Next, you need to create the databases used by RhodeCode. I recommend that you
21 Next, you need to create the databases used by RhodeCode. I recommend that you
22 use sqlite (default) or postgresql. If you choose a database other than the
22 use sqlite (default) or postgresql. If you choose a database other than the
23 default ensure you properly adjust the db url in your production.ini
23 default ensure you properly adjust the db url in your production.ini
24 configuration file to use this other database. Create the databases by running
24 configuration file to use this other database. Create the databases by running
25 the following command::
25 the following command::
26
26
27 paster setup-app production.ini
27 paster setup-app production.ini
28
28
29 This will prompt you for a "root" path. This "root" path is the location where
29 This will prompt you for a "root" path. This "root" path is the location where
30 RhodeCode will store all of its repositories on the current machine. After
30 RhodeCode will store all of its repositories on the current machine. After
31 entering this "root" path ``setup-app`` will also prompt you for a username
31 entering this "root" path ``setup-app`` will also prompt you for a username
32 and password for the initial admin account which ``setup-app`` sets up for you.
32 and password for the initial admin account which ``setup-app`` sets up for you.
33
33
34 - The ``setup-app`` command will create all of the needed tables and an admin
34 - The ``setup-app`` command will create all of the needed tables and an admin
35 account. When choosing a root path you can either use a new empty location,
35 account. When choosing a root path you can either use a new empty location,
36 or a location which already contains existing repositories. If you choose a
36 or a location which already contains existing repositories. If you choose a
37 location which contains existing repositories RhodeCode will simply add all
37 location which contains existing repositories RhodeCode will simply add all
38 of the repositories at the chosen location to it's database. (Note: make
38 of the repositories at the chosen location to it's database. (Note: make
39 sure you specify the correct path to the root).
39 sure you specify the correct path to the root).
40 - Note: the given path for mercurial_ repositories **must** be write accessible
40 - Note: the given path for mercurial_ repositories **must** be write accessible
41 for the application. It's very important since the RhodeCode web interface
41 for the application. It's very important since the RhodeCode web interface
42 will work without write access, but when trying to do a push it will
42 will work without write access, but when trying to do a push it will
43 eventually fail with permission denied errors unless it has write access.
43 eventually fail with permission denied errors unless it has write access.
44
44
45 You are now ready to use RhodeCode, to run it simply execute::
45 You are now ready to use RhodeCode, to run it simply execute::
46
46
47 paster serve production.ini
47 paster serve production.ini
48
48
49 - This command runs the RhodeCode server. The web app should be available at the
49 - This command runs the RhodeCode server. The web app should be available at the
50 127.0.0.1:5000. This ip and port is configurable via the production.ini
50 127.0.0.1:5000. This ip and port is configurable via the production.ini
51 file created in previous step
51 file created in previous step
52 - Use the admin account you created above when running ``setup-app`` to login
52 - Use the admin account you created above when running ``setup-app`` to login
53 to the web app.
53 to the web app.
54 - The default permissions on each repository is read, and the owner is admin.
54 - The default permissions on each repository is read, and the owner is admin.
55 Remember to update these if needed.
55 Remember to update these if needed.
56 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
56 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
57 well as edit more advanced options on users and repositories
57 well as edit more advanced options on users and repositories
58
58
59 Try copying your own mercurial repository into the "root" directory you are
59 Try copying your own mercurial repository into the "root" directory you are
60 using, then from within the RhodeCode web application choose Admin >
60 using, then from within the RhodeCode web application choose Admin >
61 repositories. Then choose Add New Repository. Add the repository you copied
61 repositories. Then choose Add New Repository. Add the repository you copied
62 into the root. Test that you can browse your repository from within RhodeCode
62 into the root. Test that you can browse your repository from within RhodeCode
63 and then try cloning your repository from RhodeCode with::
63 and then try cloning your repository from RhodeCode with::
64
64
65 hg clone http://127.0.0.1:5000/<repository name>
65 hg clone http://127.0.0.1:5000/<repository name>
66
66
67 where *repository name* is replaced by the name of your repository.
67 where *repository name* is replaced by the name of your repository.
68
68
69 Using RhodeCode with SSH
69 Using RhodeCode with SSH
70 ------------------------
70 ------------------------
71
71
72 RhodeCode currently only hosts repositories using http and https. (The addition
72 RhodeCode currently only hosts repositories using http and https. (The addition
73 of ssh hosting is a planned future feature.) However you can easily use ssh in
73 of ssh hosting is a planned future feature.) However you can easily use ssh in
74 parallel with RhodeCode. (Repository access via ssh is a standard "out of
74 parallel with RhodeCode. (Repository access via ssh is a standard "out of
75 the box" feature of mercurial_ and you can use this to access any of the
75 the box" feature of mercurial_ and you can use this to access any of the
76 repositories that RhodeCode is hosting. See PublishingRepositories_)
76 repositories that RhodeCode is hosting. See PublishingRepositories_)
77
77
78 RhodeCode repository structures are kept in directories with the same name
78 RhodeCode repository structures are kept in directories with the same name
79 as the project. When using repository groups, each group is a subdirectory.
79 as the project. When using repository groups, each group is a subdirectory.
80 This allows you to easily use ssh for accessing repositories.
80 This allows you to easily use ssh for accessing repositories.
81
81
82 In order to use ssh you need to make sure that your web-server and the users
82 In order to use ssh you need to make sure that your web-server and the users
83 login accounts have the correct permissions set on the appropriate directories.
83 login accounts have the correct permissions set on the appropriate directories.
84 (Note that these permissions are independent of any permissions you have set up
84 (Note that these permissions are independent of any permissions you have set up
85 using the RhodeCode web interface.)
85 using the RhodeCode web interface.)
86
86
87 If your main directory (the same as set in RhodeCode settings) is for example
87 If your main directory (the same as set in RhodeCode settings) is for example
88 set to **/home/hg** and the repository you are using is named `rhodecode`, then
88 set to **/home/hg** and the repository you are using is named `rhodecode`, then
89 to clone via ssh you should run::
89 to clone via ssh you should run::
90
90
91 hg clone ssh://user@server.com/home/hg/rhodecode
91 hg clone ssh://user@server.com/home/hg/rhodecode
92
92
93 Using other external tools such as mercurial-server_ or using ssh key based
93 Using other external tools such as mercurial-server_ or using ssh key based
94 authentication is fully supported.
94 authentication is fully supported.
95
95
96 Note: In an advanced setup, in order for your ssh access to use the same
96 Note: In an advanced setup, in order for your ssh access to use the same
97 permissions as set up via the RhodeCode web interface, you can create an
97 permissions as set up via the RhodeCode web interface, you can create an
98 authentication hook to connect to the rhodecode db and runs check functions for
98 authentication hook to connect to the rhodecode db and runs check functions for
99 permissions against that.
99 permissions against that.
100
100
101 Setting up Whoosh full text search
101 Setting up Whoosh full text search
102 ----------------------------------
102 ----------------------------------
103
103
104 Starting from version 1.1 the whoosh index can be build by using the paster
104 Starting from version 1.1 the whoosh index can be build by using the paster
105 command ``make-index``. To use ``make-index`` you must specify the configuration
105 command ``make-index``. To use ``make-index`` you must specify the configuration
106 file that stores the location of the index, and the location of the repositories
106 file that stores the location of the index, and the location of the repositories
107 (`--repo-location`).Starting from version 1.2 it is
107 (`--repo-location`).Starting from version 1.2 it is
108 also possible to specify a comma separated list of repositories (`--index-only`)
108 also possible to specify a comma separated list of repositories (`--index-only`)
109 to build index only on chooses repositories skipping any other found in repos
109 to build index only on chooses repositories skipping any other found in repos
110 location
110 location
111
111
112 You may optionally pass the option `-f` to enable a full index rebuild. Without
112 You may optionally pass the option `-f` to enable a full index rebuild. Without
113 the `-f` option, indexing will run always in "incremental" mode.
113 the `-f` option, indexing will run always in "incremental" mode.
114
114
115 For an incremental index build use::
115 For an incremental index build use::
116
116
117 paster make-index production.ini --repo-location=<location for repos>
117 paster make-index production.ini --repo-location=<location for repos>
118
118
119 For a full index rebuild use::
119 For a full index rebuild use::
120
120
121 paster make-index production.ini -f --repo-location=<location for repos>
121 paster make-index production.ini -f --repo-location=<location for repos>
122
122
123
123
124 building index just for chosen repositories is possible with such command::
124 building index just for chosen repositories is possible with such command::
125
125
126 paster make-index production.ini --repo-location=<location for repos> --index-only=vcs,rhodecode
126 paster make-index production.ini --repo-location=<location for repos> --index-only=vcs,rhodecode
127
127
128
128
129 In order to do periodical index builds and keep your index always up to date.
129 In order to do periodical index builds and keep your index always up to date.
130 It's recommended to do a crontab entry for incremental indexing.
130 It's recommended to do a crontab entry for incremental indexing.
131 An example entry might look like this::
131 An example entry might look like this::
132
132
133 /path/to/python/bin/paster /path/to/rhodecode/production.ini --repo-location=<location for repos>
133 /path/to/python/bin/paster /path/to/rhodecode/production.ini --repo-location=<location for repos>
134
134
135 When using incremental mode (the default) whoosh will check the last
135 When using incremental mode (the default) whoosh will check the last
136 modification date of each file and add it to be reindexed if a newer file is
136 modification date of each file and add it to be reindexed if a newer file is
137 available. The indexing daemon checks for any removed files and removes them
137 available. The indexing daemon checks for any removed files and removes them
138 from index.
138 from index.
139
139
140 If you want to rebuild index from scratch, you can use the `-f` flag as above,
140 If you want to rebuild index from scratch, you can use the `-f` flag as above,
141 or in the admin panel you can check `build from scratch` flag.
141 or in the admin panel you can check `build from scratch` flag.
142
142
143
143
144 Setting up LDAP support
144 Setting up LDAP support
145 -----------------------
145 -----------------------
146
146
147 RhodeCode starting from version 1.1 supports ldap authentication. In order
147 RhodeCode starting from version 1.1 supports ldap authentication. In order
148 to use LDAP, you have to install the python-ldap_ package. This package is
148 to use LDAP, you have to install the python-ldap_ package. This package is
149 available via pypi, so you can install it by running
149 available via pypi, so you can install it by running
150
150
151 using easy_install::
151 using easy_install::
152
152
153 easy_install python-ldap
153 easy_install python-ldap
154
154
155 using pip::
155 using pip::
156
156
157 pip install python-ldap
157 pip install python-ldap
158
158
159 .. note::
159 .. note::
160 python-ldap requires some certain libs on your system, so before installing
160 python-ldap requires some certain libs on your system, so before installing
161 it check that you have at least `openldap`, and `sasl` libraries.
161 it check that you have at least `openldap`, and `sasl` libraries.
162
162
163 LDAP settings are located in admin->ldap section,
163 LDAP settings are located in admin->ldap section,
164
164
165 Here's a typical ldap setup::
165 Here's a typical ldap setup::
166
166
167 Connection settings
167 Connection settings
168 Enable LDAP = checked
168 Enable LDAP = checked
169 Host = host.example.org
169 Host = host.example.org
170 Port = 389
170 Port = 389
171 Account = <account>
171 Account = <account>
172 Password = <password>
172 Password = <password>
173 Connection Security = LDAPS connection
173 Connection Security = LDAPS connection
174 Certificate Checks = DEMAND
174 Certificate Checks = DEMAND
175
175
176 Search settings
176 Search settings
177 Base DN = CN=users,DC=host,DC=example,DC=org
177 Base DN = CN=users,DC=host,DC=example,DC=org
178 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
178 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
179 LDAP Search Scope = SUBTREE
179 LDAP Search Scope = SUBTREE
180
180
181 Attribute mappings
181 Attribute mappings
182 Login Attribute = uid
182 Login Attribute = uid
183 First Name Attribute = firstName
183 First Name Attribute = firstName
184 Last Name Attribute = lastName
184 Last Name Attribute = lastName
185 E-mail Attribute = mail
185 E-mail Attribute = mail
186
186
187 .. _enable_ldap:
187 .. _enable_ldap:
188
188
189 Enable LDAP : required
189 Enable LDAP : required
190 Whether to use LDAP for authenticating users.
190 Whether to use LDAP for authenticating users.
191
191
192 .. _ldap_host:
192 .. _ldap_host:
193
193
194 Host : required
194 Host : required
195 LDAP server hostname or IP address.
195 LDAP server hostname or IP address.
196
196
197 .. _Port:
197 .. _Port:
198
198
199 Port : required
199 Port : required
200 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
200 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
201
201
202 .. _ldap_account:
202 .. _ldap_account:
203
203
204 Account : optional
204 Account : optional
205 Only required if the LDAP server does not allow anonymous browsing of
205 Only required if the LDAP server does not allow anonymous browsing of
206 records. This should be a special account for record browsing. This
206 records. This should be a special account for record browsing. This
207 will require `LDAP Password`_ below.
207 will require `LDAP Password`_ below.
208
208
209 .. _LDAP Password:
209 .. _LDAP Password:
210
210
211 Password : optional
211 Password : optional
212 Only required if the LDAP server does not allow anonymous browsing of
212 Only required if the LDAP server does not allow anonymous browsing of
213 records.
213 records.
214
214
215 .. _Enable LDAPS:
215 .. _Enable LDAPS:
216
216
217 Connection Security : required
217 Connection Security : required
218 Defines the connection to LDAP server
218 Defines the connection to LDAP server
219
219
220 No encryption
220 No encryption
221 Plain non encrypted connection
221 Plain non encrypted connection
222
222
223 LDAPS connection
223 LDAPS connection
224 Enable ldaps connection. It will likely require `Port`_ to be set to
224 Enable ldaps connection. It will likely require `Port`_ to be set to
225 a different value (standard LDAPS port is 636). When LDAPS is enabled
225 a different value (standard LDAPS port is 636). When LDAPS is enabled
226 then `Certificate Checks`_ is required.
226 then `Certificate Checks`_ is required.
227
227
228 START_TLS on LDAP connection
228 START_TLS on LDAP connection
229 START TLS connection
229 START TLS connection
230
230
231 .. _Certificate Checks:
231 .. _Certificate Checks:
232
232
233 Certificate Checks : optional
233 Certificate Checks : optional
234 How SSL certificates verification is handled - this is only useful when
234 How SSL certificates verification is handled - this is only useful when
235 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
235 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
236 while the other options are susceptible to man-in-the-middle attacks. SSL
236 while the other options are susceptible to man-in-the-middle attacks. SSL
237 certificates can be installed to /etc/openldap/cacerts so that the
237 certificates can be installed to /etc/openldap/cacerts so that the
238 DEMAND or HARD options can be used with self-signed certificates or
238 DEMAND or HARD options can be used with self-signed certificates or
239 certificates that do not have traceable certificates of authority.
239 certificates that do not have traceable certificates of authority.
240
240
241 NEVER
241 NEVER
242 A serve certificate will never be requested or checked.
242 A serve certificate will never be requested or checked.
243
243
244 ALLOW
244 ALLOW
245 A server certificate is requested. Failure to provide a
245 A server certificate is requested. Failure to provide a
246 certificate or providing a bad certificate will not terminate the
246 certificate or providing a bad certificate will not terminate the
247 session.
247 session.
248
248
249 TRY
249 TRY
250 A server certificate is requested. Failure to provide a
250 A server certificate is requested. Failure to provide a
251 certificate does not halt the session; providing a bad certificate
251 certificate does not halt the session; providing a bad certificate
252 halts the session.
252 halts the session.
253
253
254 DEMAND
254 DEMAND
255 A server certificate is requested and must be provided and
255 A server certificate is requested and must be provided and
256 authenticated for the session to proceed.
256 authenticated for the session to proceed.
257
257
258 HARD
258 HARD
259 The same as DEMAND.
259 The same as DEMAND.
260
260
261 .. _Base DN:
261 .. _Base DN:
262
262
263 Base DN : required
263 Base DN : required
264 The Distinguished Name (DN) where searches for users will be performed.
264 The Distinguished Name (DN) where searches for users will be performed.
265 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
265 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
266
266
267 .. _LDAP Filter:
267 .. _LDAP Filter:
268
268
269 LDAP Filter : optional
269 LDAP Filter : optional
270 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
270 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
271 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
271 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
272 which LDAP objects are identified as representing Users for
272 which LDAP objects are identified as representing Users for
273 authentication. The filter is augmented by `Login Attribute`_ below.
273 authentication. The filter is augmented by `Login Attribute`_ below.
274 This can commonly be left blank.
274 This can commonly be left blank.
275
275
276 .. _LDAP Search Scope:
276 .. _LDAP Search Scope:
277
277
278 LDAP Search Scope : required
278 LDAP Search Scope : required
279 This limits how far LDAP will search for a matching object.
279 This limits how far LDAP will search for a matching object.
280
280
281 BASE
281 BASE
282 Only allows searching of `Base DN`_ and is usually not what you
282 Only allows searching of `Base DN`_ and is usually not what you
283 want.
283 want.
284
284
285 ONELEVEL
285 ONELEVEL
286 Searches all entries under `Base DN`_, but not Base DN itself.
286 Searches all entries under `Base DN`_, but not Base DN itself.
287
287
288 SUBTREE
288 SUBTREE
289 Searches all entries below `Base DN`_, but not Base DN itself.
289 Searches all entries below `Base DN`_, but not Base DN itself.
290 When using SUBTREE `LDAP Filter`_ is useful to limit object
290 When using SUBTREE `LDAP Filter`_ is useful to limit object
291 location.
291 location.
292
292
293 .. _Login Attribute:
293 .. _Login Attribute:
294
294
295 Login Attribute : required
295 Login Attribute : required
296 The LDAP record attribute that will be matched as the USERNAME or
296 The LDAP record attribute that will be matched as the USERNAME or
297 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
297 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
298 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
298 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
299 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
299 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
300 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
300 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
301 ::
301 ::
302
302
303 (&(LDAPFILTER)(uid=jsmith))
303 (&(LDAPFILTER)(uid=jsmith))
304
304
305 .. _ldap_attr_firstname:
305 .. _ldap_attr_firstname:
306
306
307 First Name Attribute : required
307 First Name Attribute : required
308 The LDAP record attribute which represents the user's first name.
308 The LDAP record attribute which represents the user's first name.
309
309
310 .. _ldap_attr_lastname:
310 .. _ldap_attr_lastname:
311
311
312 Last Name Attribute : required
312 Last Name Attribute : required
313 The LDAP record attribute which represents the user's last name.
313 The LDAP record attribute which represents the user's last name.
314
314
315 .. _ldap_attr_email:
315 .. _ldap_attr_email:
316
316
317 Email Attribute : required
317 Email Attribute : required
318 The LDAP record attribute which represents the user's email address.
318 The LDAP record attribute which represents the user's email address.
319
319
320 If all data are entered correctly, and python-ldap_ is properly installed
320 If all data are entered correctly, and python-ldap_ is properly installed
321 users should be granted access to RhodeCode with ldap accounts. At this
321 users should be granted access to RhodeCode with ldap accounts. At this
322 time user information is copied from LDAP into the RhodeCode user database.
322 time user information is copied from LDAP into the RhodeCode user database.
323 This means that updates of an LDAP user object may not be reflected as a
323 This means that updates of an LDAP user object may not be reflected as a
324 user update in RhodeCode.
324 user update in RhodeCode.
325
325
326 If You have problems with LDAP access and believe You entered correct
326 If You have problems with LDAP access and believe You entered correct
327 information check out the RhodeCode logs, any error messages sent from LDAP
327 information check out the RhodeCode logs, any error messages sent from LDAP
328 will be saved there.
328 will be saved there.
329
329
330 Active Directory
330 Active Directory
331 ''''''''''''''''
331 ''''''''''''''''
332
332
333 RhodeCode can use Microsoft Active Directory for user authentication. This
333 RhodeCode can use Microsoft Active Directory for user authentication. This
334 is done through an LDAP or LDAPS connection to Active Directory. The
334 is done through an LDAP or LDAPS connection to Active Directory. The
335 following LDAP configuration settings are typical for using Active
335 following LDAP configuration settings are typical for using Active
336 Directory ::
336 Directory ::
337
337
338 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
338 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
339 Login Attribute = sAMAccountName
339 Login Attribute = sAMAccountName
340 First Name Attribute = givenName
340 First Name Attribute = givenName
341 Last Name Attribute = sn
341 Last Name Attribute = sn
342 E-mail Attribute = mail
342 E-mail Attribute = mail
343
343
344 All other LDAP settings will likely be site-specific and should be
344 All other LDAP settings will likely be site-specific and should be
345 appropriately configured.
345 appropriately configured.
346
346
347 Setting Up Celery
347 Setting Up Celery
348 -----------------
348 -----------------
349
349
350 Since version 1.1 celery is configured by the rhodecode ini configuration files.
350 Since version 1.1 celery is configured by the rhodecode ini configuration files.
351 Simply set use_celery=true in the ini file then add / change the configuration
351 Simply set use_celery=true in the ini file then add / change the configuration
352 variables inside the ini file.
352 variables inside the ini file.
353
353
354 Remember that the ini files use the format with '.' not with '_' like celery.
354 Remember that the ini files use the format with '.' not with '_' like celery.
355 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
355 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
356 the config file.
356 the config file.
357
357
358 In order to start using celery run::
358 In order to start using celery run::
359
359
360 paster celeryd <configfile.ini>
360 paster celeryd <configfile.ini>
361
361
362
362
363 .. note::
363 .. note::
364 Make sure you run this command from the same virtualenv, and with the same
364 Make sure you run this command from the same virtualenv, and with the same
365 user that rhodecode runs.
365 user that rhodecode runs.
366
366
367 HTTPS support
367 HTTPS support
368 -------------
368 -------------
369
369
370 There are two ways to enable https:
370 There are two ways to enable https:
371
371
372 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
372 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
373 recognize this headers and make proper https redirections
373 recognize this headers and make proper https redirections
374 - Alternatively, set `force_https = true` in the ini configuration to force
374 - Alternatively, set `force_https = true` in the ini configuration to force
375 using https, no headers are needed than to enable https
375 using https, no headers are needed than to enable https
376
376
377
377
378 Nginx virtual host example
378 Nginx virtual host example
379 --------------------------
379 --------------------------
380
380
381 Sample config for nginx using proxy::
381 Sample config for nginx using proxy::
382
382
383 server {
383 server {
384 listen 80;
384 listen 80;
385 server_name hg.myserver.com;
385 server_name hg.myserver.com;
386 access_log /var/log/nginx/rhodecode.access.log;
386 access_log /var/log/nginx/rhodecode.access.log;
387 error_log /var/log/nginx/rhodecode.error.log;
387 error_log /var/log/nginx/rhodecode.error.log;
388 location / {
388 location / {
389 root /var/www/rhodecode/rhodecode/public/;
389 root /var/www/rhodecode/rhodecode/public/;
390 if (!-f $request_filename){
390 if (!-f $request_filename){
391 proxy_pass http://127.0.0.1:5000;
391 proxy_pass http://127.0.0.1:5000;
392 }
392 }
393 #this is important if you want to use https !!!
393 #this is important if you want to use https !!!
394 proxy_set_header X-Url-Scheme $scheme;
394 proxy_set_header X-Url-Scheme $scheme;
395 include /etc/nginx/proxy.conf;
395 include /etc/nginx/proxy.conf;
396 }
396 }
397 }
397 }
398
398
399 Here's the proxy.conf. It's tuned so it will not timeout on long
399 Here's the proxy.conf. It's tuned so it will not timeout on long
400 pushes or large pushes::
400 pushes or large pushes::
401
401
402 proxy_redirect off;
402 proxy_redirect off;
403 proxy_set_header Host $host;
403 proxy_set_header Host $host;
404 proxy_set_header X-Host $http_host;
404 proxy_set_header X-Host $http_host;
405 proxy_set_header X-Real-IP $remote_addr;
405 proxy_set_header X-Real-IP $remote_addr;
406 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
406 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
407 proxy_set_header Proxy-host $proxy_host;
407 proxy_set_header Proxy-host $proxy_host;
408 client_max_body_size 400m;
408 client_max_body_size 400m;
409 client_body_buffer_size 128k;
409 client_body_buffer_size 128k;
410 proxy_buffering off;
410 proxy_buffering off;
411 proxy_connect_timeout 3600;
411 proxy_connect_timeout 3600;
412 proxy_send_timeout 3600;
412 proxy_send_timeout 3600;
413 proxy_read_timeout 3600;
413 proxy_read_timeout 3600;
414 proxy_buffer_size 16k;
414 proxy_buffer_size 16k;
415 proxy_buffers 4 16k;
415 proxy_buffers 4 16k;
416 proxy_busy_buffers_size 64k;
416 proxy_busy_buffers_size 64k;
417 proxy_temp_file_write_size 64k;
417 proxy_temp_file_write_size 64k;
418
418
419 Also, when using root path with nginx you might set the static files to false
419 Also, when using root path with nginx you might set the static files to false
420 in the production.ini file::
420 in the production.ini file::
421
421
422 [app:main]
422 [app:main]
423 use = egg:rhodecode
423 use = egg:rhodecode
424 full_stack = true
424 full_stack = true
425 static_files = false
425 static_files = false
426 lang=en
426 lang=en
427 cache_dir = %(here)s/data
427 cache_dir = %(here)s/data
428
428
429 In order to not have the statics served by the application. This improves speed.
429 In order to not have the statics served by the application. This improves speed.
430
430
431
431
432 Apache virtual host example
432 Apache virtual host example
433 ---------------------------
433 ---------------------------
434
434
435 Here is a sample configuration file for apache using proxy::
435 Here is a sample configuration file for apache using proxy::
436
436
437 <VirtualHost *:80>
437 <VirtualHost *:80>
438 ServerName hg.myserver.com
438 ServerName hg.myserver.com
439 ServerAlias hg.myserver.com
439 ServerAlias hg.myserver.com
440
440
441 <Proxy *>
441 <Proxy *>
442 Order allow,deny
442 Order allow,deny
443 Allow from all
443 Allow from all
444 </Proxy>
444 </Proxy>
445
445
446 #important !
446 #important !
447 #Directive to properly generate url (clone url) for pylons
447 #Directive to properly generate url (clone url) for pylons
448 ProxyPreserveHost On
448 ProxyPreserveHost On
449
449
450 #rhodecode instance
450 #rhodecode instance
451 ProxyPass / http://127.0.0.1:5000/
451 ProxyPass / http://127.0.0.1:5000/
452 ProxyPassReverse / http://127.0.0.1:5000/
452 ProxyPassReverse / http://127.0.0.1:5000/
453
453
454 #to enable https use line below
454 #to enable https use line below
455 #SetEnvIf X-Url-Scheme https HTTPS=1
455 #SetEnvIf X-Url-Scheme https HTTPS=1
456
456
457 </VirtualHost>
457 </VirtualHost>
458
458
459
459
460 Additional tutorial
460 Additional tutorial
461 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
461 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
462
462
463
463
464 Apache as subdirectory
464 Apache as subdirectory
465 ----------------------
465 ----------------------
466
466
467 Apache subdirectory part::
467 Apache subdirectory part::
468
468
469 <Location /<someprefix> >
469 <Location /<someprefix> >
470 ProxyPass http://127.0.0.1:5000/<someprefix>
470 ProxyPass http://127.0.0.1:5000/<someprefix>
471 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
471 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
472 SetEnvIf X-Url-Scheme https HTTPS=1
472 SetEnvIf X-Url-Scheme https HTTPS=1
473 </Location>
473 </Location>
474
474
475 Besides the regular apache setup you will need to add the following to your .ini file::
475 Besides the regular apache setup you will need to add the following to your .ini file::
476
476
477 filter-with = proxy-prefix
477 filter-with = proxy-prefix
478
478
479 Add the following at the end of the .ini file::
479 Add the following at the end of the .ini file::
480
480
481 [filter:proxy-prefix]
481 [filter:proxy-prefix]
482 use = egg:PasteDeploy#prefix
482 use = egg:PasteDeploy#prefix
483 prefix = /<someprefix>
483 prefix = /<someprefix>
484
484
485
485
486 then change <someprefix> into your choosen prefix
486 then change <someprefix> into your choosen prefix
487
487
488 Apache's example FCGI config
488 Apache's WSGI config
489 ----------------------------
489 --------------------
490
491
492 Example wsgi dispatch script::
493
494 import os
495 os.environ["HGENCODING"] = "UTF-8"
496 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
490
497
491 TODO !
498 # sometimes it's needed to set the curent dir
499 os.chdir('/home/web/rhodecode/')
500
501 from paste.deploy import loadapp
502 from paste.script.util.logging_config import fileConfig
503
504 fileConfig('/home/web/rhodecode/production.ini')
505 application = loadapp('config:/home/web/rhodecode/production.ini')
506
492
507
493 Other configuration files
508 Other configuration files
494 -------------------------
509 -------------------------
495
510
496 Some example init.d scripts can be found here, for debian and gentoo:
511 Some example init.d scripts can be found here, for debian and gentoo:
497
512
498 https://rhodecode.org/rhodecode/files/tip/init.d
513 https://rhodecode.org/rhodecode/files/tip/init.d
499
514
500
515
501 Troubleshooting
516 Troubleshooting
502 ---------------
517 ---------------
503
518
504 :Q: **Missing static files?**
519 :Q: **Missing static files?**
505 :A: Make sure either to set the `static_files = true` in the .ini file or
520 :A: Make sure either to set the `static_files = true` in the .ini file or
506 double check the root path for your http setup. It should point to
521 double check the root path for your http setup. It should point to
507 for example:
522 for example:
508 /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
523 /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
509
524
510 |
525 |
511
526
512 :Q: **Can't install celery/rabbitmq**
527 :Q: **Can't install celery/rabbitmq**
513 :A: Don't worry RhodeCode works without them too. No extra setup is required.
528 :A: Don't worry RhodeCode works without them too. No extra setup is required.
514
529
515 |
530 |
516
531
517 :Q: **Long lasting push timeouts?**
532 :Q: **Long lasting push timeouts?**
518 :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
533 :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
519 are caused by https server and not RhodeCode.
534 are caused by https server and not RhodeCode.
520
535
521 |
536 |
522
537
523 :Q: **Large pushes timeouts?**
538 :Q: **Large pushes timeouts?**
524 :A: Make sure you set a proper max_body_size for the http server.
539 :A: Make sure you set a proper max_body_size for the http server.
525
540
526 |
541 |
527
542
528 :Q: **Apache doesn't pass basicAuth on pull/push?**
543 :Q: **Apache doesn't pass basicAuth on pull/push?**
529 :A: Make sure you added `WSGIPassAuthorization true`.
544 :A: Make sure you added `WSGIPassAuthorization true`.
530
545
531 For further questions search the `Issues tracker`_, or post a message in the
546 For further questions search the `Issues tracker`_, or post a message in the
532 `google group rhodecode`_
547 `google group rhodecode`_
533
548
534 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
549 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
535 .. _python: http://www.python.org/
550 .. _python: http://www.python.org/
536 .. _mercurial: http://mercurial.selenic.com/
551 .. _mercurial: http://mercurial.selenic.com/
537 .. _celery: http://celeryproject.org/
552 .. _celery: http://celeryproject.org/
538 .. _rabbitmq: http://www.rabbitmq.com/
553 .. _rabbitmq: http://www.rabbitmq.com/
539 .. _python-ldap: http://www.python-ldap.org/
554 .. _python-ldap: http://www.python-ldap.org/
540 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
555 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
541 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
556 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
542 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
557 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
543 .. _google group rhodecode: http://groups.google.com/group/rhodecode No newline at end of file
558 .. _google group rhodecode: http://groups.google.com/group/rhodecode
General Comments 0
You need to be logged in to leave comments. Login now