##// END OF EJS Templates
Improvements to mod_wsgi setup documentation.
Augusto Herrmann -
r1558:662173ba beta
parent child Browse files
Show More
@@ -1,573 +1,601 b''
1 .. _setup:
1 .. _setup:
2
2
3 Setup
3 Setup
4 =====
4 =====
5
5
6
6
7 Setting up RhodeCode
7 Setting up RhodeCode
8 --------------------
8 --------------------
9
9
10 First, you will need to create a RhodeCode configuration file. Run the
10 First, you will need to create a RhodeCode configuration file. Run the
11 following command to do this::
11 following command to do this::
12
12
13 paster make-config RhodeCode production.ini
13 paster make-config RhodeCode production.ini
14
14
15 - This will create the file `production.ini` in the current directory. This
15 - This will create the file `production.ini` in the current directory. This
16 configuration file contains the various settings for RhodeCode, e.g proxy
16 configuration file contains the various settings for RhodeCode, e.g proxy
17 port, email settings, usage of static files, cache, celery settings and
17 port, email settings, usage of static files, cache, celery settings and
18 logging.
18 logging.
19
19
20
20
21 Next, you need to create the databases used by RhodeCode. I recommend that you
21 Next, you need to create the databases used by RhodeCode. I recommend that you
22 use sqlite (default) or postgresql. If you choose a database other than the
22 use sqlite (default) or postgresql. If you choose a database other than the
23 default ensure you properly adjust the db url in your production.ini
23 default ensure you properly adjust the db url in your production.ini
24 configuration file to use this other database. Create the databases by running
24 configuration file to use this other database. Create the databases by running
25 the following command::
25 the following command::
26
26
27 paster setup-app production.ini
27 paster setup-app production.ini
28
28
29 This will prompt you for a "root" path. This "root" path is the location where
29 This will prompt you for a "root" path. This "root" path is the location where
30 RhodeCode will store all of its repositories on the current machine. After
30 RhodeCode will store all of its repositories on the current machine. After
31 entering this "root" path ``setup-app`` will also prompt you for a username
31 entering this "root" path ``setup-app`` will also prompt you for a username
32 and password for the initial admin account which ``setup-app`` sets up for you.
32 and password for the initial admin account which ``setup-app`` sets up for you.
33
33
34 - The ``setup-app`` command will create all of the needed tables and an admin
34 - The ``setup-app`` command will create all of the needed tables and an admin
35 account. When choosing a root path you can either use a new empty location,
35 account. When choosing a root path you can either use a new empty location,
36 or a location which already contains existing repositories. If you choose a
36 or a location which already contains existing repositories. If you choose a
37 location which contains existing repositories RhodeCode will simply add all
37 location which contains existing repositories RhodeCode will simply add all
38 of the repositories at the chosen location to it's database. (Note: make
38 of the repositories at the chosen location to it's database. (Note: make
39 sure you specify the correct path to the root).
39 sure you specify the correct path to the root).
40 - Note: the given path for mercurial_ repositories **must** be write accessible
40 - Note: the given path for mercurial_ repositories **must** be write accessible
41 for the application. It's very important since the RhodeCode web interface
41 for the application. It's very important since the RhodeCode web interface
42 will work without write access, but when trying to do a push it will
42 will work without write access, but when trying to do a push it will
43 eventually fail with permission denied errors unless it has write access.
43 eventually fail with permission denied errors unless it has write access.
44
44
45 You are now ready to use RhodeCode, to run it simply execute::
45 You are now ready to use RhodeCode, to run it simply execute::
46
46
47 paster serve production.ini
47 paster serve production.ini
48
48
49 - This command runs the RhodeCode server. The web app should be available at the
49 - This command runs the RhodeCode server. The web app should be available at the
50 127.0.0.1:5000. This ip and port is configurable via the production.ini
50 127.0.0.1:5000. This ip and port is configurable via the production.ini
51 file created in previous step
51 file created in previous step
52 - Use the admin account you created above when running ``setup-app`` to login
52 - Use the admin account you created above when running ``setup-app`` to login
53 to the web app.
53 to the web app.
54 - The default permissions on each repository is read, and the owner is admin.
54 - The default permissions on each repository is read, and the owner is admin.
55 Remember to update these if needed.
55 Remember to update these if needed.
56 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
56 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
57 well as edit more advanced options on users and repositories
57 well as edit more advanced options on users and repositories
58
58
59 Try copying your own mercurial repository into the "root" directory you are
59 Try copying your own mercurial repository into the "root" directory you are
60 using, then from within the RhodeCode web application choose Admin >
60 using, then from within the RhodeCode web application choose Admin >
61 repositories. Then choose Add New Repository. Add the repository you copied
61 repositories. Then choose Add New Repository. Add the repository you copied
62 into the root. Test that you can browse your repository from within RhodeCode
62 into the root. Test that you can browse your repository from within RhodeCode
63 and then try cloning your repository from RhodeCode with::
63 and then try cloning your repository from RhodeCode with::
64
64
65 hg clone http://127.0.0.1:5000/<repository name>
65 hg clone http://127.0.0.1:5000/<repository name>
66
66
67 where *repository name* is replaced by the name of your repository.
67 where *repository name* is replaced by the name of your repository.
68
68
69 Using RhodeCode with SSH
69 Using RhodeCode with SSH
70 ------------------------
70 ------------------------
71
71
72 RhodeCode currently only hosts repositories using http and https. (The addition
72 RhodeCode currently only hosts repositories using http and https. (The addition
73 of ssh hosting is a planned future feature.) However you can easily use ssh in
73 of ssh hosting is a planned future feature.) However you can easily use ssh in
74 parallel with RhodeCode. (Repository access via ssh is a standard "out of
74 parallel with RhodeCode. (Repository access via ssh is a standard "out of
75 the box" feature of mercurial_ and you can use this to access any of the
75 the box" feature of mercurial_ and you can use this to access any of the
76 repositories that RhodeCode is hosting. See PublishingRepositories_)
76 repositories that RhodeCode is hosting. See PublishingRepositories_)
77
77
78 RhodeCode repository structures are kept in directories with the same name
78 RhodeCode repository structures are kept in directories with the same name
79 as the project. When using repository groups, each group is a subdirectory.
79 as the project. When using repository groups, each group is a subdirectory.
80 This allows you to easily use ssh for accessing repositories.
80 This allows you to easily use ssh for accessing repositories.
81
81
82 In order to use ssh you need to make sure that your web-server and the users
82 In order to use ssh you need to make sure that your web-server and the users
83 login accounts have the correct permissions set on the appropriate directories.
83 login accounts have the correct permissions set on the appropriate directories.
84 (Note that these permissions are independent of any permissions you have set up
84 (Note that these permissions are independent of any permissions you have set up
85 using the RhodeCode web interface.)
85 using the RhodeCode web interface.)
86
86
87 If your main directory (the same as set in RhodeCode settings) is for example
87 If your main directory (the same as set in RhodeCode settings) is for example
88 set to **/home/hg** and the repository you are using is named `rhodecode`, then
88 set to **/home/hg** and the repository you are using is named `rhodecode`, then
89 to clone via ssh you should run::
89 to clone via ssh you should run::
90
90
91 hg clone ssh://user@server.com/home/hg/rhodecode
91 hg clone ssh://user@server.com/home/hg/rhodecode
92
92
93 Using other external tools such as mercurial-server_ or using ssh key based
93 Using other external tools such as mercurial-server_ or using ssh key based
94 authentication is fully supported.
94 authentication is fully supported.
95
95
96 Note: In an advanced setup, in order for your ssh access to use the same
96 Note: In an advanced setup, in order for your ssh access to use the same
97 permissions as set up via the RhodeCode web interface, you can create an
97 permissions as set up via the RhodeCode web interface, you can create an
98 authentication hook to connect to the rhodecode db and runs check functions for
98 authentication hook to connect to the rhodecode db and runs check functions for
99 permissions against that.
99 permissions against that.
100
100
101 Setting up Whoosh full text search
101 Setting up Whoosh full text search
102 ----------------------------------
102 ----------------------------------
103
103
104 Starting from version 1.1 the whoosh index can be build by using the paster
104 Starting from version 1.1 the whoosh index can be build by using the paster
105 command ``make-index``. To use ``make-index`` you must specify the configuration
105 command ``make-index``. To use ``make-index`` you must specify the configuration
106 file that stores the location of the index. You may specify the location of the
106 file that stores the location of the index. You may specify the location of the
107 repositories (`--repo-location`). If not specified, this value is retrieved
107 repositories (`--repo-location`). If not specified, this value is retrieved
108 from the RhodeCode database. This was required prior to 1.2. Starting from
108 from the RhodeCode database. This was required prior to 1.2. Starting from
109 version 1.2 it is also possible to specify a comma separated list of
109 version 1.2 it is also possible to specify a comma separated list of
110 repositories (`--index-only`) to build index only on chooses repositories
110 repositories (`--index-only`) to build index only on chooses repositories
111 skipping any other found in repos location
111 skipping any other found in repos location
112
112
113 You may optionally pass the option `-f` to enable a full index rebuild. Without
113 You may optionally pass the option `-f` to enable a full index rebuild. Without
114 the `-f` option, indexing will run always in "incremental" mode.
114 the `-f` option, indexing will run always in "incremental" mode.
115
115
116 For an incremental index build use::
116 For an incremental index build use::
117
117
118 paster make-index production.ini
118 paster make-index production.ini
119
119
120 For a full index rebuild use::
120 For a full index rebuild use::
121
121
122 paster make-index production.ini -f
122 paster make-index production.ini -f
123
123
124
124
125 building index just for chosen repositories is possible with such command::
125 building index just for chosen repositories is possible with such command::
126
126
127 paster make-index production.ini --index-only=vcs,rhodecode
127 paster make-index production.ini --index-only=vcs,rhodecode
128
128
129
129
130 In order to do periodical index builds and keep your index always up to date.
130 In order to do periodical index builds and keep your index always up to date.
131 It's recommended to do a crontab entry for incremental indexing.
131 It's recommended to do a crontab entry for incremental indexing.
132 An example entry might look like this::
132 An example entry might look like this::
133
133
134 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
134 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
135
135
136 When using incremental mode (the default) whoosh will check the last
136 When using incremental mode (the default) whoosh will check the last
137 modification date of each file and add it to be reindexed if a newer file is
137 modification date of each file and add it to be reindexed if a newer file is
138 available. The indexing daemon checks for any removed files and removes them
138 available. The indexing daemon checks for any removed files and removes them
139 from index.
139 from index.
140
140
141 If you want to rebuild index from scratch, you can use the `-f` flag as above,
141 If you want to rebuild index from scratch, you can use the `-f` flag as above,
142 or in the admin panel you can check `build from scratch` flag.
142 or in the admin panel you can check `build from scratch` flag.
143
143
144
144
145 Setting up LDAP support
145 Setting up LDAP support
146 -----------------------
146 -----------------------
147
147
148 RhodeCode starting from version 1.1 supports ldap authentication. In order
148 RhodeCode starting from version 1.1 supports ldap authentication. In order
149 to use LDAP, you have to install the python-ldap_ package. This package is
149 to use LDAP, you have to install the python-ldap_ package. This package is
150 available via pypi, so you can install it by running
150 available via pypi, so you can install it by running
151
151
152 using easy_install::
152 using easy_install::
153
153
154 easy_install python-ldap
154 easy_install python-ldap
155
155
156 using pip::
156 using pip::
157
157
158 pip install python-ldap
158 pip install python-ldap
159
159
160 .. note::
160 .. note::
161 python-ldap requires some certain libs on your system, so before installing
161 python-ldap requires some certain libs on your system, so before installing
162 it check that you have at least `openldap`, and `sasl` libraries.
162 it check that you have at least `openldap`, and `sasl` libraries.
163
163
164 LDAP settings are located in admin->ldap section,
164 LDAP settings are located in admin->ldap section,
165
165
166 Here's a typical ldap setup::
166 Here's a typical ldap setup::
167
167
168 Connection settings
168 Connection settings
169 Enable LDAP = checked
169 Enable LDAP = checked
170 Host = host.example.org
170 Host = host.example.org
171 Port = 389
171 Port = 389
172 Account = <account>
172 Account = <account>
173 Password = <password>
173 Password = <password>
174 Connection Security = LDAPS connection
174 Connection Security = LDAPS connection
175 Certificate Checks = DEMAND
175 Certificate Checks = DEMAND
176
176
177 Search settings
177 Search settings
178 Base DN = CN=users,DC=host,DC=example,DC=org
178 Base DN = CN=users,DC=host,DC=example,DC=org
179 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
179 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
180 LDAP Search Scope = SUBTREE
180 LDAP Search Scope = SUBTREE
181
181
182 Attribute mappings
182 Attribute mappings
183 Login Attribute = uid
183 Login Attribute = uid
184 First Name Attribute = firstName
184 First Name Attribute = firstName
185 Last Name Attribute = lastName
185 Last Name Attribute = lastName
186 E-mail Attribute = mail
186 E-mail Attribute = mail
187
187
188 .. _enable_ldap:
188 .. _enable_ldap:
189
189
190 Enable LDAP : required
190 Enable LDAP : required
191 Whether to use LDAP for authenticating users.
191 Whether to use LDAP for authenticating users.
192
192
193 .. _ldap_host:
193 .. _ldap_host:
194
194
195 Host : required
195 Host : required
196 LDAP server hostname or IP address.
196 LDAP server hostname or IP address.
197
197
198 .. _Port:
198 .. _Port:
199
199
200 Port : required
200 Port : required
201 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
201 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
202
202
203 .. _ldap_account:
203 .. _ldap_account:
204
204
205 Account : optional
205 Account : optional
206 Only required if the LDAP server does not allow anonymous browsing of
206 Only required if the LDAP server does not allow anonymous browsing of
207 records. This should be a special account for record browsing. This
207 records. This should be a special account for record browsing. This
208 will require `LDAP Password`_ below.
208 will require `LDAP Password`_ below.
209
209
210 .. _LDAP Password:
210 .. _LDAP Password:
211
211
212 Password : optional
212 Password : optional
213 Only required if the LDAP server does not allow anonymous browsing of
213 Only required if the LDAP server does not allow anonymous browsing of
214 records.
214 records.
215
215
216 .. _Enable LDAPS:
216 .. _Enable LDAPS:
217
217
218 Connection Security : required
218 Connection Security : required
219 Defines the connection to LDAP server
219 Defines the connection to LDAP server
220
220
221 No encryption
221 No encryption
222 Plain non encrypted connection
222 Plain non encrypted connection
223
223
224 LDAPS connection
224 LDAPS connection
225 Enable ldaps connection. It will likely require `Port`_ to be set to
225 Enable ldaps connection. It will likely require `Port`_ to be set to
226 a different value (standard LDAPS port is 636). When LDAPS is enabled
226 a different value (standard LDAPS port is 636). When LDAPS is enabled
227 then `Certificate Checks`_ is required.
227 then `Certificate Checks`_ is required.
228
228
229 START_TLS on LDAP connection
229 START_TLS on LDAP connection
230 START TLS connection
230 START TLS connection
231
231
232 .. _Certificate Checks:
232 .. _Certificate Checks:
233
233
234 Certificate Checks : optional
234 Certificate Checks : optional
235 How SSL certificates verification is handled - this is only useful when
235 How SSL certificates verification is handled - this is only useful when
236 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
236 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
237 while the other options are susceptible to man-in-the-middle attacks. SSL
237 while the other options are susceptible to man-in-the-middle attacks. SSL
238 certificates can be installed to /etc/openldap/cacerts so that the
238 certificates can be installed to /etc/openldap/cacerts so that the
239 DEMAND or HARD options can be used with self-signed certificates or
239 DEMAND or HARD options can be used with self-signed certificates or
240 certificates that do not have traceable certificates of authority.
240 certificates that do not have traceable certificates of authority.
241
241
242 NEVER
242 NEVER
243 A serve certificate will never be requested or checked.
243 A serve certificate will never be requested or checked.
244
244
245 ALLOW
245 ALLOW
246 A server certificate is requested. Failure to provide a
246 A server certificate is requested. Failure to provide a
247 certificate or providing a bad certificate will not terminate the
247 certificate or providing a bad certificate will not terminate the
248 session.
248 session.
249
249
250 TRY
250 TRY
251 A server certificate is requested. Failure to provide a
251 A server certificate is requested. Failure to provide a
252 certificate does not halt the session; providing a bad certificate
252 certificate does not halt the session; providing a bad certificate
253 halts the session.
253 halts the session.
254
254
255 DEMAND
255 DEMAND
256 A server certificate is requested and must be provided and
256 A server certificate is requested and must be provided and
257 authenticated for the session to proceed.
257 authenticated for the session to proceed.
258
258
259 HARD
259 HARD
260 The same as DEMAND.
260 The same as DEMAND.
261
261
262 .. _Base DN:
262 .. _Base DN:
263
263
264 Base DN : required
264 Base DN : required
265 The Distinguished Name (DN) where searches for users will be performed.
265 The Distinguished Name (DN) where searches for users will be performed.
266 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
266 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
267
267
268 .. _LDAP Filter:
268 .. _LDAP Filter:
269
269
270 LDAP Filter : optional
270 LDAP Filter : optional
271 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
271 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
272 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
272 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
273 which LDAP objects are identified as representing Users for
273 which LDAP objects are identified as representing Users for
274 authentication. The filter is augmented by `Login Attribute`_ below.
274 authentication. The filter is augmented by `Login Attribute`_ below.
275 This can commonly be left blank.
275 This can commonly be left blank.
276
276
277 .. _LDAP Search Scope:
277 .. _LDAP Search Scope:
278
278
279 LDAP Search Scope : required
279 LDAP Search Scope : required
280 This limits how far LDAP will search for a matching object.
280 This limits how far LDAP will search for a matching object.
281
281
282 BASE
282 BASE
283 Only allows searching of `Base DN`_ and is usually not what you
283 Only allows searching of `Base DN`_ and is usually not what you
284 want.
284 want.
285
285
286 ONELEVEL
286 ONELEVEL
287 Searches all entries under `Base DN`_, but not Base DN itself.
287 Searches all entries under `Base DN`_, but not Base DN itself.
288
288
289 SUBTREE
289 SUBTREE
290 Searches all entries below `Base DN`_, but not Base DN itself.
290 Searches all entries below `Base DN`_, but not Base DN itself.
291 When using SUBTREE `LDAP Filter`_ is useful to limit object
291 When using SUBTREE `LDAP Filter`_ is useful to limit object
292 location.
292 location.
293
293
294 .. _Login Attribute:
294 .. _Login Attribute:
295
295
296 Login Attribute : required
296 Login Attribute : required
297 The LDAP record attribute that will be matched as the USERNAME or
297 The LDAP record attribute that will be matched as the USERNAME or
298 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
298 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
299 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
299 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
300 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
300 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
301 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
301 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
302 ::
302 ::
303
303
304 (&(LDAPFILTER)(uid=jsmith))
304 (&(LDAPFILTER)(uid=jsmith))
305
305
306 .. _ldap_attr_firstname:
306 .. _ldap_attr_firstname:
307
307
308 First Name Attribute : required
308 First Name Attribute : required
309 The LDAP record attribute which represents the user's first name.
309 The LDAP record attribute which represents the user's first name.
310
310
311 .. _ldap_attr_lastname:
311 .. _ldap_attr_lastname:
312
312
313 Last Name Attribute : required
313 Last Name Attribute : required
314 The LDAP record attribute which represents the user's last name.
314 The LDAP record attribute which represents the user's last name.
315
315
316 .. _ldap_attr_email:
316 .. _ldap_attr_email:
317
317
318 Email Attribute : required
318 Email Attribute : required
319 The LDAP record attribute which represents the user's email address.
319 The LDAP record attribute which represents the user's email address.
320
320
321 If all data are entered correctly, and python-ldap_ is properly installed
321 If all data are entered correctly, and python-ldap_ is properly installed
322 users should be granted access to RhodeCode with ldap accounts. At this
322 users should be granted access to RhodeCode with ldap accounts. At this
323 time user information is copied from LDAP into the RhodeCode user database.
323 time user information is copied from LDAP into the RhodeCode user database.
324 This means that updates of an LDAP user object may not be reflected as a
324 This means that updates of an LDAP user object may not be reflected as a
325 user update in RhodeCode.
325 user update in RhodeCode.
326
326
327 If You have problems with LDAP access and believe You entered correct
327 If You have problems with LDAP access and believe You entered correct
328 information check out the RhodeCode logs, any error messages sent from LDAP
328 information check out the RhodeCode logs, any error messages sent from LDAP
329 will be saved there.
329 will be saved there.
330
330
331 Active Directory
331 Active Directory
332 ''''''''''''''''
332 ''''''''''''''''
333
333
334 RhodeCode can use Microsoft Active Directory for user authentication. This
334 RhodeCode can use Microsoft Active Directory for user authentication. This
335 is done through an LDAP or LDAPS connection to Active Directory. The
335 is done through an LDAP or LDAPS connection to Active Directory. The
336 following LDAP configuration settings are typical for using Active
336 following LDAP configuration settings are typical for using Active
337 Directory ::
337 Directory ::
338
338
339 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
339 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
340 Login Attribute = sAMAccountName
340 Login Attribute = sAMAccountName
341 First Name Attribute = givenName
341 First Name Attribute = givenName
342 Last Name Attribute = sn
342 Last Name Attribute = sn
343 E-mail Attribute = mail
343 E-mail Attribute = mail
344
344
345 All other LDAP settings will likely be site-specific and should be
345 All other LDAP settings will likely be site-specific and should be
346 appropriately configured.
346 appropriately configured.
347
347
348
348
349
349
350 Hook management
350 Hook management
351 ---------------
351 ---------------
352
352
353 Hooks can be managed in similar way to this used in .hgrc files.
353 Hooks can be managed in similar way to this used in .hgrc files.
354 To access hooks setting click `advanced setup` on Hooks section of Mercurial
354 To access hooks setting click `advanced setup` on Hooks section of Mercurial
355 Settings in Admin.
355 Settings in Admin.
356
356
357 There are 4 built in hooks that cannot be changed (only enable/disable by
357 There are 4 built in hooks that cannot be changed (only enable/disable by
358 checkboxes on previos section).
358 checkboxes on previos section).
359 To add another custom hook simply fill in first section with
359 To add another custom hook simply fill in first section with
360 <name>.<hook_type> and the second one with hook path. Example hooks
360 <name>.<hook_type> and the second one with hook path. Example hooks
361 can be found at *rhodecode.lib.hooks*.
361 can be found at *rhodecode.lib.hooks*.
362
362
363
363
364 Setting Up Celery
364 Setting Up Celery
365 -----------------
365 -----------------
366
366
367 Since version 1.1 celery is configured by the rhodecode ini configuration files.
367 Since version 1.1 celery is configured by the rhodecode ini configuration files.
368 Simply set use_celery=true in the ini file then add / change the configuration
368 Simply set use_celery=true in the ini file then add / change the configuration
369 variables inside the ini file.
369 variables inside the ini file.
370
370
371 Remember that the ini files use the format with '.' not with '_' like celery.
371 Remember that the ini files use the format with '.' not with '_' like celery.
372 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
372 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
373 the config file.
373 the config file.
374
374
375 In order to start using celery run::
375 In order to start using celery run::
376
376
377 paster celeryd <configfile.ini>
377 paster celeryd <configfile.ini>
378
378
379
379
380 .. note::
380 .. note::
381 Make sure you run this command from the same virtualenv, and with the same
381 Make sure you run this command from the same virtualenv, and with the same
382 user that rhodecode runs.
382 user that rhodecode runs.
383
383
384 HTTPS support
384 HTTPS support
385 -------------
385 -------------
386
386
387 There are two ways to enable https:
387 There are two ways to enable https:
388
388
389 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
389 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
390 recognize this headers and make proper https redirections
390 recognize this headers and make proper https redirections
391 - Alternatively, change the `force_https = true` flag in the ini configuration
391 - Alternatively, change the `force_https = true` flag in the ini configuration
392 to force using https, no headers are needed than to enable https
392 to force using https, no headers are needed than to enable https
393
393
394
394
395 Nginx virtual host example
395 Nginx virtual host example
396 --------------------------
396 --------------------------
397
397
398 Sample config for nginx using proxy::
398 Sample config for nginx using proxy::
399
399
400 server {
400 server {
401 listen 80;
401 listen 80;
402 server_name hg.myserver.com;
402 server_name hg.myserver.com;
403 access_log /var/log/nginx/rhodecode.access.log;
403 access_log /var/log/nginx/rhodecode.access.log;
404 error_log /var/log/nginx/rhodecode.error.log;
404 error_log /var/log/nginx/rhodecode.error.log;
405 location / {
405 location / {
406 root /var/www/rhodecode/rhodecode/public/;
406 root /var/www/rhodecode/rhodecode/public/;
407 if (!-f $request_filename){
407 if (!-f $request_filename){
408 proxy_pass http://127.0.0.1:5000;
408 proxy_pass http://127.0.0.1:5000;
409 }
409 }
410 #this is important if you want to use https !!!
410 #this is important if you want to use https !!!
411 proxy_set_header X-Url-Scheme $scheme;
411 proxy_set_header X-Url-Scheme $scheme;
412 include /etc/nginx/proxy.conf;
412 include /etc/nginx/proxy.conf;
413 }
413 }
414 }
414 }
415
415
416 Here's the proxy.conf. It's tuned so it will not timeout on long
416 Here's the proxy.conf. It's tuned so it will not timeout on long
417 pushes or large pushes::
417 pushes or large pushes::
418
418
419 proxy_redirect off;
419 proxy_redirect off;
420 proxy_set_header Host $host;
420 proxy_set_header Host $host;
421 proxy_set_header X-Host $http_host;
421 proxy_set_header X-Host $http_host;
422 proxy_set_header X-Real-IP $remote_addr;
422 proxy_set_header X-Real-IP $remote_addr;
423 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
423 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
424 proxy_set_header Proxy-host $proxy_host;
424 proxy_set_header Proxy-host $proxy_host;
425 client_max_body_size 400m;
425 client_max_body_size 400m;
426 client_body_buffer_size 128k;
426 client_body_buffer_size 128k;
427 proxy_buffering off;
427 proxy_buffering off;
428 proxy_connect_timeout 7200;
428 proxy_connect_timeout 7200;
429 proxy_send_timeout 7200;
429 proxy_send_timeout 7200;
430 proxy_read_timeout 7200;
430 proxy_read_timeout 7200;
431 proxy_buffers 8 32k;
431 proxy_buffers 8 32k;
432
432
433 Also, when using root path with nginx you might set the static files to false
433 Also, when using root path with nginx you might set the static files to false
434 in the production.ini file::
434 in the production.ini file::
435
435
436 [app:main]
436 [app:main]
437 use = egg:rhodecode
437 use = egg:rhodecode
438 full_stack = true
438 full_stack = true
439 static_files = false
439 static_files = false
440 lang=en
440 lang=en
441 cache_dir = %(here)s/data
441 cache_dir = %(here)s/data
442
442
443 In order to not have the statics served by the application. This improves speed.
443 In order to not have the statics served by the application. This improves speed.
444
444
445
445
446 Apache virtual host example
446 Apache virtual host reverse proxy example
447 ---------------------------
447 -----------------------------------------
448
448
449 Here is a sample configuration file for apache using proxy::
449 Here is a sample configuration file for apache using proxy::
450
450
451 <VirtualHost *:80>
451 <VirtualHost *:80>
452 ServerName hg.myserver.com
452 ServerName hg.myserver.com
453 ServerAlias hg.myserver.com
453 ServerAlias hg.myserver.com
454
454
455 <Proxy *>
455 <Proxy *>
456 Order allow,deny
456 Order allow,deny
457 Allow from all
457 Allow from all
458 </Proxy>
458 </Proxy>
459
459
460 #important !
460 #important !
461 #Directive to properly generate url (clone url) for pylons
461 #Directive to properly generate url (clone url) for pylons
462 ProxyPreserveHost On
462 ProxyPreserveHost On
463
463
464 #rhodecode instance
464 #rhodecode instance
465 ProxyPass / http://127.0.0.1:5000/
465 ProxyPass / http://127.0.0.1:5000/
466 ProxyPassReverse / http://127.0.0.1:5000/
466 ProxyPassReverse / http://127.0.0.1:5000/
467
467
468 #to enable https use line below
468 #to enable https use line below
469 #SetEnvIf X-Url-Scheme https HTTPS=1
469 #SetEnvIf X-Url-Scheme https HTTPS=1
470
470
471 </VirtualHost>
471 </VirtualHost>
472
472
473
473
474 Additional tutorial
474 Additional tutorial
475 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
475 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
476
476
477
477
478 Apache as subdirectory
478 Apache as subdirectory
479 ----------------------
479 ----------------------
480
480
481 Apache subdirectory part::
481 Apache subdirectory part::
482
482
483 <Location /<someprefix> >
483 <Location /<someprefix> >
484 ProxyPass http://127.0.0.1:5000/<someprefix>
484 ProxyPass http://127.0.0.1:5000/<someprefix>
485 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
485 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
486 SetEnvIf X-Url-Scheme https HTTPS=1
486 SetEnvIf X-Url-Scheme https HTTPS=1
487 </Location>
487 </Location>
488
488
489 Besides the regular apache setup you will need to add the following line
489 Besides the regular apache setup you will need to add the following line
490 into [app:main] section of your .ini file::
490 into [app:main] section of your .ini file::
491
491
492 filter-with = proxy-prefix
492 filter-with = proxy-prefix
493
493
494 Add the following at the end of the .ini file::
494 Add the following at the end of the .ini file::
495
495
496 [filter:proxy-prefix]
496 [filter:proxy-prefix]
497 use = egg:PasteDeploy#prefix
497 use = egg:PasteDeploy#prefix
498 prefix = /<someprefix>
498 prefix = /<someprefix>
499
499
500
500
501 then change <someprefix> into your choosen prefix
501 then change <someprefix> into your choosen prefix
502
502
503 Apache's WSGI config
503 Apache's WSGI config
504 --------------------
504 --------------------
505
505
506 Alternatively, RhodeCode can be set up with Apache under mod_wsgi. For
507 that, you'll need to:
508
509 - Install mod_wsgi. If using a Debian-based distro, you can install
510 the package libapache2-mod-wsgi::
511 aptitude install libapache2-mod-wsgi
512 - Enable mod_wsgi::
513 a2enmod wsgi
514 - Create a wsgi dispatch script, like the one below. Make sure you
515 check the paths correctly point to where you installed RhodeCode
516 and its Python Virtual Environment.
517 - Enable the WSGIScriptAlias directive for the wsgi dispatch script,
518 as in the following example. Once again, check the paths are
519 correctly specified.
520
521 Here is a sample excerpt from an Apache Virtual Host configuration file::
522
523 WSGIDaemonProcess pylons user=www-data group=www-data processes=1 \
524 threads=4 \
525 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
526 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
506
527
507 Example wsgi dispatch script::
528 Example wsgi dispatch script::
508
529
509 import os
530 import os
510 os.environ["HGENCODING"] = "UTF-8"
531 os.environ["HGENCODING"] = "UTF-8"
511 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
532 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
512
533
513 # sometimes it's needed to set the curent dir
534 # sometimes it's needed to set the curent dir
514 os.chdir('/home/web/rhodecode/')
535 os.chdir('/home/web/rhodecode/')
515
536
537 import site
538 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
539
516 from paste.deploy import loadapp
540 from paste.deploy import loadapp
517 from paste.script.util.logging_config import fileConfig
541 from paste.script.util.logging_config import fileConfig
518
542
519 fileConfig('/home/web/rhodecode/production.ini')
543 fileConfig('/home/web/rhodecode/production.ini')
520 application = loadapp('config:/home/web/rhodecode/production.ini')
544 application = loadapp('config:/home/web/rhodecode/production.ini')
521
545
546 Note: when using mod_wsgi you'll need to install the same version of
547 Mercurial that's inside RhodeCode's virtualenv also on the system's Python
548 environment.
549
522
550
523 Other configuration files
551 Other configuration files
524 -------------------------
552 -------------------------
525
553
526 Some example init.d scripts can be found here, for debian and gentoo:
554 Some example init.d scripts can be found here, for debian and gentoo:
527
555
528 https://rhodecode.org/rhodecode/files/tip/init.d
556 https://rhodecode.org/rhodecode/files/tip/init.d
529
557
530
558
531 Troubleshooting
559 Troubleshooting
532 ---------------
560 ---------------
533
561
534 :Q: **Missing static files?**
562 :Q: **Missing static files?**
535 :A: Make sure either to set the `static_files = true` in the .ini file or
563 :A: Make sure either to set the `static_files = true` in the .ini file or
536 double check the root path for your http setup. It should point to
564 double check the root path for your http setup. It should point to
537 for example:
565 for example:
538 /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
566 /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
539
567
540 |
568 |
541
569
542 :Q: **Can't install celery/rabbitmq**
570 :Q: **Can't install celery/rabbitmq**
543 :A: Don't worry RhodeCode works without them too. No extra setup is required.
571 :A: Don't worry RhodeCode works without them too. No extra setup is required.
544
572
545 |
573 |
546
574
547 :Q: **Long lasting push timeouts?**
575 :Q: **Long lasting push timeouts?**
548 :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
576 :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
549 are caused by https server and not RhodeCode.
577 are caused by https server and not RhodeCode.
550
578
551 |
579 |
552
580
553 :Q: **Large pushes timeouts?**
581 :Q: **Large pushes timeouts?**
554 :A: Make sure you set a proper max_body_size for the http server.
582 :A: Make sure you set a proper max_body_size for the http server.
555
583
556 |
584 |
557
585
558 :Q: **Apache doesn't pass basicAuth on pull/push?**
586 :Q: **Apache doesn't pass basicAuth on pull/push?**
559 :A: Make sure you added `WSGIPassAuthorization true`.
587 :A: Make sure you added `WSGIPassAuthorization true`.
560
588
561 For further questions search the `Issues tracker`_, or post a message in the
589 For further questions search the `Issues tracker`_, or post a message in the
562 `google group rhodecode`_
590 `google group rhodecode`_
563
591
564 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
592 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
565 .. _python: http://www.python.org/
593 .. _python: http://www.python.org/
566 .. _mercurial: http://mercurial.selenic.com/
594 .. _mercurial: http://mercurial.selenic.com/
567 .. _celery: http://celeryproject.org/
595 .. _celery: http://celeryproject.org/
568 .. _rabbitmq: http://www.rabbitmq.com/
596 .. _rabbitmq: http://www.rabbitmq.com/
569 .. _python-ldap: http://www.python-ldap.org/
597 .. _python-ldap: http://www.python-ldap.org/
570 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
598 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
571 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
599 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
572 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
600 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
573 .. _google group rhodecode: http://groups.google.com/group/rhodecode
601 .. _google group rhodecode: http://groups.google.com/group/rhodecode
General Comments 0
You need to be logged in to leave comments. Login now