upstream/kallithea Commit - r8314:850f0965

1

.. _setup:

1

.. _setup:

2

3

=====

3

=====

4

Setup

4

Setup

5

=====

5

=====

6

7

8

Setting up Kallithea

8

Setting up Kallithea

9

--------------------

9

--------------------

10

11

First, you will need to create a Kallithea configuration file. Run the

11

First, you will need to create a Kallithea configuration file. Run the

12

following command to do so::

12

following command to do so::

13

14

kallithea-cli config-create my.ini

14

kallithea-cli config-create my.ini

15

16

This will create the file ``my.ini`` in the current directory. This

16

This will create the file ``my.ini`` in the current directory. This

17

configuration file contains the various settings for Kallithea, e.g.

17

configuration file contains the various settings for Kallithea, e.g.

18

proxy port, email settings, usage of static files, cache, Celery

18

proxy port, email settings, usage of static files, cache, Celery

19

settings, and logging. Extra settings can be specified like::

19

settings, and logging. Extra settings can be specified like::

20

21

kallithea-cli config-create my.ini host=8.8.8.8 "[handler_console]" formatter=color_formatter

21

kallithea-cli config-create my.ini host=8.8.8.8 "[handler_console]" formatter=color_formatter

22

23

Next, you need to create the databases used by Kallithea. It is recommended to

23

Next, you need to create the databases used by Kallithea. It is recommended to

24

use PostgreSQL or SQLite (default). If you choose a database other than the

24

use PostgreSQL or SQLite (default). If you choose a database other than the

25

default, ensure you properly adjust the database URL in your ``my.ini``

25

default, ensure you properly adjust the database URL in your ``my.ini``

26

configuration file to use this other database. Kallithea currently supports

26

configuration file to use this other database. Kallithea currently supports

27

PostgreSQL, SQLite and MariaDB/MySQL databases. Create the database by running

27

PostgreSQL, SQLite and MariaDB/MySQL databases. Create the database by running

28

the following command::

28

the following command::

29

30

kallithea-cli db-create -c my.ini

30

kallithea-cli db-create -c my.ini

31

32

This will prompt you for a "root" path. This "root" path is the location where

32

This will prompt you for a "root" path. This "root" path is the location where

33

Kallithea will store all of its repositories on the current machine. After

33

Kallithea will store all of its repositories on the current machine. After

34

entering this "root" path ``db-create`` will also prompt you for a username

34

entering this "root" path ``db-create`` will also prompt you for a username

35

and password for the initial admin account which ``db-create`` sets

35

and password for the initial admin account which ``db-create`` sets

36

up for you.

36

up for you.

37

38

The ``db-create`` values can also be given on the command line.

38

The ``db-create`` values can also be given on the command line.

39

Example::

39

Example::

40

41

kallithea-cli db-create -c my.ini --user=nn --password=secret --email=nn@example.com --repos=/srv/repos

41

kallithea-cli db-create -c my.ini --user=nn --password=secret --email=nn@example.com --repos=/srv/repos

42

43

The ``db-create`` command will create all needed tables and an

43

The ``db-create`` command will create all needed tables and an

44

admin account. When choosing a root path you can either use a new

44

admin account. When choosing a root path you can either use a new

45

empty location, or a location which already contains existing

45

empty location, or a location which already contains existing

46

repositories. If you choose a location which contains existing

46

repositories. If you choose a location which contains existing

47

repositories Kallithea will add all of the repositories at the chosen

47

repositories Kallithea will add all of the repositories at the chosen

48

location to its database. (Note: make sure you specify the correct

48

location to its database. (Note: make sure you specify the correct

49

path to the root).

49

path to the root).

50

51

.. note:: the given path for Mercurial_ repositories **must** be write

51

.. note:: the given path for Mercurial_ repositories **must** be write

52

accessible for the application. It's very important since

52

accessible for the application. It's very important since

53

the Kallithea web interface will work without write access,

53

the Kallithea web interface will work without write access,

54

but when trying to do a push it will fail with permission

54

but when trying to do a push it will fail with permission

55

denied errors unless it has write access.

55

denied errors unless it has write access.

56

57

Finally, prepare the front-end by running::

57

Finally, the front-end files must be prepared. This requires ``npm`` version 6

58

or later, which needs ``node.js`` (version 12 or later). Prepare the front-end

59

by running::

58

60

59

kallithea-cli front-end-build

61

kallithea-cli front-end-build

60

62

61

You are now ready to use Kallithea. To run it simply execute::

63

You are now ready to use Kallithea. To run it simply execute::

62

64

63

gearbox serve -c my.ini

65

gearbox serve -c my.ini

64

66

65

- This command runs the Kallithea server. The web app should be available at

67

- This command runs the Kallithea server. The web app should be available at

66

http://127.0.0.1:5000. The IP address and port is configurable via the

68

http://127.0.0.1:5000. The IP address and port is configurable via the

67

configuration file created in the previous step.

69

configuration file created in the previous step.

68

- Log in to Kallithea using the admin account created when running ``db-create``.

70

- Log in to Kallithea using the admin account created when running ``db-create``.

69

- The default permissions on each repository is read, and the owner is admin.

71

- The default permissions on each repository is read, and the owner is admin.

70

Remember to update these if needed.

72

Remember to update these if needed.

71

- In the admin panel you can toggle LDAP, anonymous, and permissions

73

- In the admin panel you can toggle LDAP, anonymous, and permissions

72

settings, as well as edit more advanced options on users and

74

settings, as well as edit more advanced options on users and

73

repositories.

75

repositories.

74

76

75

77

76

Internationalization (i18n support)

78

Internationalization (i18n support)

77

-----------------------------------

79

-----------------------------------

78

80

79

The Kallithea web interface is automatically displayed in the user's preferred

81

The Kallithea web interface is automatically displayed in the user's preferred

80

language, as indicated by the browser. Thus, different users may see the

82

language, as indicated by the browser. Thus, different users may see the

81

application in different languages. If the requested language is not available

83

application in different languages. If the requested language is not available

82

(because the translation file for that language does not yet exist or is

84

(because the translation file for that language does not yet exist or is

83

incomplete), English is used.

85

incomplete), English is used.

84

86

85

If you want to disable automatic language detection and instead configure a

87

If you want to disable automatic language detection and instead configure a

86

fixed language regardless of user preference, set ``i18n.enabled = false`` and

88

fixed language regardless of user preference, set ``i18n.enabled = false`` and

87

specify another language by setting ``i18n.lang`` in the Kallithea

89

specify another language by setting ``i18n.lang`` in the Kallithea

88

configuration file.

90

configuration file.

89

91

90

92

91

Using Kallithea with SSH

93

Using Kallithea with SSH

92

------------------------

94

------------------------

93

95

94

Kallithea supports repository access via SSH key based authentication.

96

Kallithea supports repository access via SSH key based authentication.

95

This means:

97

This means:

96

98

97

- repository URLs like ``ssh://kallithea@example.com/name/of/repository``

99

- repository URLs like ``ssh://kallithea@example.com/name/of/repository``

98

100

99

- all network traffic for both read and write happens over the SSH protocol on

101

- all network traffic for both read and write happens over the SSH protocol on

100

port 22, without using HTTP/HTTPS nor the Kallithea WSGI application

102

port 22, without using HTTP/HTTPS nor the Kallithea WSGI application

101

103

102

- encryption and authentication protocols are managed by the system's ``sshd``

104

- encryption and authentication protocols are managed by the system's ``sshd``

103

process, with all users using the same Kallithea system user (e.g.

105

process, with all users using the same Kallithea system user (e.g.

104

``kallithea``) when connecting to the SSH server, but with users' public keys

106

``kallithea``) when connecting to the SSH server, but with users' public keys

105

in the Kallithea system user's `.ssh/authorized_keys` file granting each user

107

in the Kallithea system user's `.ssh/authorized_keys` file granting each user

106

sandboxed access to the repositories.

108

sandboxed access to the repositories.

107

109

108

- users and admins can manage SSH public keys in the web UI

110

- users and admins can manage SSH public keys in the web UI

109

111

110

- in their SSH client configuration, users can configure how the client should

112

- in their SSH client configuration, users can configure how the client should

111

control access to their SSH key - without passphrase, with passphrase, and

113

control access to their SSH key - without passphrase, with passphrase, and

112

optionally with passphrase caching in the local shell session (``ssh-agent``).

114

optionally with passphrase caching in the local shell session (``ssh-agent``).

113

This is standard SSH functionality, not something Kallithea provides or

115

This is standard SSH functionality, not something Kallithea provides or

114

interferes with.

116

interferes with.

115

117

116

- network communication between client and server happens in a bidirectional

118

- network communication between client and server happens in a bidirectional

117

stateful stream, and will in some cases be faster than HTTP/HTTPS with several

119

stateful stream, and will in some cases be faster than HTTP/HTTPS with several

118

stateless round-trips.

120

stateless round-trips.

119

121

120

.. note:: At this moment, repository access via SSH has been tested on Unix

122

.. note:: At this moment, repository access via SSH has been tested on Unix

121

only. Windows users that care about SSH are invited to test it and report

123

only. Windows users that care about SSH are invited to test it and report

122

problems, ideally contributing patches that solve these problems.

124

problems, ideally contributing patches that solve these problems.

123

125

124

Users and admins can upload SSH public keys (e.g. ``.ssh/id_rsa.pub``) through

126

Users and admins can upload SSH public keys (e.g. ``.ssh/id_rsa.pub``) through

125

the web interface. The server's ``.ssh/authorized_keys`` file is automatically

127

the web interface. The server's ``.ssh/authorized_keys`` file is automatically

126

maintained with an entry for each SSH key. Each entry will tell ``sshd`` to run

128

maintained with an entry for each SSH key. Each entry will tell ``sshd`` to run

127

``kallithea-cli`` with the ``ssh-serve`` sub-command and the right Kallithea user ID

129

``kallithea-cli`` with the ``ssh-serve`` sub-command and the right Kallithea user ID

128

when encountering the corresponding SSH key.

130

when encountering the corresponding SSH key.

129

131

130

To enable SSH repository access, Kallithea must be configured with the path to

132

To enable SSH repository access, Kallithea must be configured with the path to

131

the ``.ssh/authorized_keys`` file for the Kallithea user, and the path to the

133

the ``.ssh/authorized_keys`` file for the Kallithea user, and the path to the

132

``kallithea-cli`` command. Put something like this in the ``.ini`` file::

134

``kallithea-cli`` command. Put something like this in the ``.ini`` file::

133

135

134

ssh_enabled = true

136

ssh_enabled = true

135

ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys

137

ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys

136

kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli

138

kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli

137

139

138

The SSH service must be running, and the Kallithea user account must be active

140

The SSH service must be running, and the Kallithea user account must be active

139

(not necessarily with password access, but public key access must be enabled),

141

(not necessarily with password access, but public key access must be enabled),

140

all file permissions must be set as sshd wants it, and ``authorized_keys`` must

142

all file permissions must be set as sshd wants it, and ``authorized_keys`` must

141

be writeable by the Kallithea user.

143

be writeable by the Kallithea user.

142

144

143

.. note:: The ``authorized_keys`` file will be rewritten from scratch on

145

.. note:: The ``authorized_keys`` file will be rewritten from scratch on

144

each update. If it already exists with other data, Kallithea will not

146

each update. If it already exists with other data, Kallithea will not

145

overwrite the existing ``authorized_keys``, and the server process will

147

overwrite the existing ``authorized_keys``, and the server process will

146

instead throw an exception. The system administrator thus cannot ssh

148

instead throw an exception. The system administrator thus cannot ssh

147

directly to the Kallithea user but must use su/sudo from another account.

149

directly to the Kallithea user but must use su/sudo from another account.

148

150

149

If ``/home/kallithea/.ssh/`` (the directory of the path specified in the

151

If ``/home/kallithea/.ssh/`` (the directory of the path specified in the

150

``ssh_authorized_keys`` setting of the ``.ini`` file) does not exist as a

152

``ssh_authorized_keys`` setting of the ``.ini`` file) does not exist as a

151

directory, Kallithea will attempt to create it. If that path exists but is

153

directory, Kallithea will attempt to create it. If that path exists but is

152

*not* a directory, or is not readable-writable-executable by the server

154

*not* a directory, or is not readable-writable-executable by the server

153

process, the server process will raise an exception each time it attempts to

155

process, the server process will raise an exception each time it attempts to

154

write the ``authorized_keys`` file.

156

write the ``authorized_keys`` file.

155

157

156

.. note:: It is possible to configure the SSH server to look for authorized

158

.. note:: It is possible to configure the SSH server to look for authorized

157

keys in multiple files, for example reserving ``ssh/authorized_keys`` to be

159

keys in multiple files, for example reserving ``ssh/authorized_keys`` to be

158

used for normal SSH and with Kallithea using

160

used for normal SSH and with Kallithea using

159

``.ssh/authorized_keys_kallithea``. In ``/etc/ssh/sshd_config`` set

161

``.ssh/authorized_keys_kallithea``. In ``/etc/ssh/sshd_config`` set

160

``AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys_kallithea``

162

``AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys_kallithea``

161

and restart sshd, and in ``my.ini`` set ``ssh_authorized_keys =

163

and restart sshd, and in ``my.ini`` set ``ssh_authorized_keys =

162

/home/kallithea/.ssh/authorized_keys_kallithea``. Note that this new

164

/home/kallithea/.ssh/authorized_keys_kallithea``. Note that this new

163

location will apply to all system users, and that multiple entries for the

165

location will apply to all system users, and that multiple entries for the

164

same SSH key will shadow each other.

166

same SSH key will shadow each other.

165

167

166

.. warning:: The handling of SSH access is steered directly by the command

168

.. warning:: The handling of SSH access is steered directly by the command

167

specified in the ``authorized_keys`` file. There is no interaction with the

169

specified in the ``authorized_keys`` file. There is no interaction with the

168

web UI. Once SSH access is correctly configured and enabled, it will work

170

web UI. Once SSH access is correctly configured and enabled, it will work

169

regardless of whether the Kallithea web process is actually running. Hence,

171

regardless of whether the Kallithea web process is actually running. Hence,

170

if you want to perform repository or server maintenance and want to fully

172

if you want to perform repository or server maintenance and want to fully

171

disable all access to the repositories, disable SSH access by setting

173

disable all access to the repositories, disable SSH access by setting

172

``ssh_enabled = false`` in the correct ``.ini`` file (i.e. the ``.ini`` file

174

``ssh_enabled = false`` in the correct ``.ini`` file (i.e. the ``.ini`` file

173

specified in the ``authorized_keys`` file.)

175

specified in the ``authorized_keys`` file.)

174

176

175

The ``authorized_keys`` file can be updated manually with ``kallithea-cli

177

The ``authorized_keys`` file can be updated manually with ``kallithea-cli

176

ssh-update-authorized-keys -c my.ini``. This command is not needed in normal

178

ssh-update-authorized-keys -c my.ini``. This command is not needed in normal

177

operation but is for example useful after changing SSH-related settings in the

179

operation but is for example useful after changing SSH-related settings in the

178

``.ini`` file or renaming that file. (The path to the ``.ini`` file is used in

180

``.ini`` file or renaming that file. (The path to the ``.ini`` file is used in

179

the generated ``authorized_keys`` file).

181

the generated ``authorized_keys`` file).

180

182

181

183

182

Setting up Whoosh full text search

184

Setting up Whoosh full text search

183

----------------------------------

185

----------------------------------

184

186

185

Kallithea provides full text search of repositories using `Whoosh`__.

187

Kallithea provides full text search of repositories using `Whoosh`__.

186

188

187

.. __: https://whoosh.readthedocs.io/en/latest/

189

.. __: https://whoosh.readthedocs.io/en/latest/

188

190

189

For an incremental index build, run::

191

For an incremental index build, run::

190

192

191

kallithea-cli index-create -c my.ini

193

kallithea-cli index-create -c my.ini

192

194

193

For a full index rebuild, run::

195

For a full index rebuild, run::

194

196

195

kallithea-cli index-create -c my.ini --full

197

kallithea-cli index-create -c my.ini --full

196

198

197

The ``--repo-location`` option allows the location of the repositories to be overridden;

199

The ``--repo-location`` option allows the location of the repositories to be overridden;

198

usually, the location is retrieved from the Kallithea database.

200

usually, the location is retrieved from the Kallithea database.

199

201

200

The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list::

202

The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list::

201

203

202

kallithea-cli index-create -c my.ini --index-only=vcs,kallithea

204

kallithea-cli index-create -c my.ini --index-only=vcs,kallithea

203

205

204

To keep your index up-to-date it is necessary to do periodic index builds;

206

To keep your index up-to-date it is necessary to do periodic index builds;

205

for this, it is recommended to use a crontab entry. Example::

207

for this, it is recommended to use a crontab entry. Example::

206

208

207

0 3 * * * /path/to/virtualenv/bin/kallithea-cli index-create -c /path/to/kallithea/my.ini

209

0 3 * * * /path/to/virtualenv/bin/kallithea-cli index-create -c /path/to/kallithea/my.ini

208

210

209

When using incremental mode (the default), Whoosh will check the last

211

When using incremental mode (the default), Whoosh will check the last

210

modification date of each file and add it to be reindexed if a newer file is

212

modification date of each file and add it to be reindexed if a newer file is

211

available. The indexing daemon checks for any removed files and removes them

213

available. The indexing daemon checks for any removed files and removes them

212

from index.

214

from index.

213

215

214

If you want to rebuild the index from scratch, you can use the ``-f`` flag as above,

216

If you want to rebuild the index from scratch, you can use the ``-f`` flag as above,

215

or in the admin panel you can check the "build from scratch" checkbox.

217

or in the admin panel you can check the "build from scratch" checkbox.

216

218

217

219

218

Integration with issue trackers

220

Integration with issue trackers

219

-------------------------------

221

-------------------------------

220

222

221

Kallithea provides a simple integration with issue trackers. It's possible

223

Kallithea provides a simple integration with issue trackers. It's possible

222

to define a regular expression that will match an issue ID in commit messages,

224

to define a regular expression that will match an issue ID in commit messages,

223

and have that replaced with a URL to the issue.

225

and have that replaced with a URL to the issue.

224

226

225

This is achieved with following three variables in the ini file::

227

This is achieved with following three variables in the ini file::

226

228

227

issue_pat = #(\d+)

229

issue_pat = #(\d+)

228

issue_server_link = https://issues.example.com/{repo}/issue/\1

230

issue_server_link = https://issues.example.com/{repo}/issue/\1

229

issue_sub =

231

issue_sub =

230

232

231

``issue_pat`` is the regular expression describing which strings in

233

``issue_pat`` is the regular expression describing which strings in

232

commit messages will be treated as issue references. The expression can/should

234

commit messages will be treated as issue references. The expression can/should

233

have one or more parenthesized groups that can later be referred to in

235

have one or more parenthesized groups that can later be referred to in

234

``issue_server_link`` and ``issue_sub`` (see below). If you prefer, named groups

236

``issue_server_link`` and ``issue_sub`` (see below). If you prefer, named groups

235

can be used instead of simple parenthesized groups.

237

can be used instead of simple parenthesized groups.

236

238

237

If the pattern should only match if it is preceded by whitespace, add the

239

If the pattern should only match if it is preceded by whitespace, add the

238

following string before the actual pattern: ``(?:^|(?<=\s))``.

240

following string before the actual pattern: ``(?:^|(?<=\s))``.

239

If the pattern should only match if it is followed by whitespace, add the

241

If the pattern should only match if it is followed by whitespace, add the

240

following string after the actual pattern: ``(?:$|(?=\s))``.

242

following string after the actual pattern: ``(?:$|(?=\s))``.

241

These expressions use lookbehind and lookahead assertions of the Python regular

243

These expressions use lookbehind and lookahead assertions of the Python regular

242

expression module to avoid the whitespace to be part of the actual pattern,

244

expression module to avoid the whitespace to be part of the actual pattern,

243

otherwise the link text will also contain that whitespace.

245

otherwise the link text will also contain that whitespace.

244

246

245

Matched issue references are replaced with the link specified in

247

Matched issue references are replaced with the link specified in

246

``issue_server_link``, in which any backreferences are resolved. Backreferences

248

``issue_server_link``, in which any backreferences are resolved. Backreferences

247

can be ``\1``, ``\2``, ... or for named groups ``\g<groupname>``.

249

can be ``\1``, ``\2``, ... or for named groups ``\g<groupname>``.

248

The special token ``{repo}`` is replaced with the full repository path

250

The special token ``{repo}`` is replaced with the full repository path

249

(including repository groups), while token ``{repo_name}`` is replaced with the

251

(including repository groups), while token ``{repo_name}`` is replaced with the

250

repository name (without repository groups).

252

repository name (without repository groups).

251

253

252

The link text is determined by ``issue_sub``, which can be a string containing

254

The link text is determined by ``issue_sub``, which can be a string containing

253

backreferences to the groups specified in ``issue_pat``. If ``issue_sub`` is

255

backreferences to the groups specified in ``issue_pat``. If ``issue_sub`` is

254

empty, then the text matched by ``issue_pat`` is used verbatim.

256

empty, then the text matched by ``issue_pat`` is used verbatim.

255

257

256

The example settings shown above match issues in the format ``#<number>``.

258

The example settings shown above match issues in the format ``#<number>``.

257

This will cause the text ``#300`` to be transformed into a link:

259

This will cause the text ``#300`` to be transformed into a link:

258

260

259

.. code-block:: html

261

.. code-block:: html

260

262

261

263

262

264

263

The following example transforms a text starting with either of 'pullrequest',

265

The following example transforms a text starting with either of 'pullrequest',

264

'pull request' or 'PR', followed by an optional space, then a pound character

266

'pull request' or 'PR', followed by an optional space, then a pound character

265

(#) and one or more digits, into a link with the text 'PR #' followed by the

267

(#) and one or more digits, into a link with the text 'PR #' followed by the

266

digits::

268

digits::

267

269

268

issue_pat = (pullrequest|pull request|PR) ?#(\d+)

270

issue_pat = (pullrequest|pull request|PR) ?#(\d+)

269

issue_server_link = https://issues.example.com/\2

271

issue_server_link = https://issues.example.com/\2

270

issue_sub = PR #\2

272

issue_sub = PR #\2

271

273

272

The following example demonstrates how to require whitespace before the issue

274

The following example demonstrates how to require whitespace before the issue

273

reference in order for it to be recognized, such that the text ``issue#123`` will

275

reference in order for it to be recognized, such that the text ``issue#123`` will

274

not cause a match, but ``issue #123`` will::

276

not cause a match, but ``issue #123`` will::

275

277

276

issue_pat = (?:^|(?<=\s))#(\d+)

278

issue_pat = (?:^|(?<=\s))#(\d+)

277

issue_server_link = https://issues.example.com/\1

279

issue_server_link = https://issues.example.com/\1

278

issue_sub =

280

issue_sub =

279

281

280

If needed, more than one pattern can be specified by appending a unique suffix to

282

If needed, more than one pattern can be specified by appending a unique suffix to

281

the variables. For example, also demonstrating the use of named groups::

283

the variables. For example, also demonstrating the use of named groups::

282

284

283

issue_pat_wiki = wiki-(?P<pagename>\S+)

285

issue_pat_wiki = wiki-(?P<pagename>\S+)

284

issue_server_link_wiki = https://wiki.example.com/\g<pagename>

286

issue_server_link_wiki = https://wiki.example.com/\g<pagename>

285

issue_sub_wiki = WIKI-\g<pagename>

287

issue_sub_wiki = WIKI-\g<pagename>

286

288

287

With these settings, wiki pages can be referenced as wiki-some-id, and every

289

With these settings, wiki pages can be referenced as wiki-some-id, and every

288

such reference will be transformed into:

290

such reference will be transformed into:

289

291

290

.. code-block:: html

292

.. code-block:: html

291

293

292

294

293

295

294

Refer to the `Python regular expression documentation`_ for more details about

296

Refer to the `Python regular expression documentation`_ for more details about

295

the supported syntax in ``issue_pat``, ``issue_server_link`` and ``issue_sub``.

297

the supported syntax in ``issue_pat``, ``issue_server_link`` and ``issue_sub``.

296

298

297

299

298

Hook management

300

Hook management

299

---------------

301

---------------

300

302

301

Hooks can be managed in similar way to that used in ``.hgrc`` files.

303

Hooks can be managed in similar way to that used in ``.hgrc`` files.

302

To manage hooks, choose *Admin > Settings > Hooks*.

304

To manage hooks, choose *Admin > Settings > Hooks*.

303

305

304

The built-in hooks cannot be modified, though they can be enabled or disabled in the *VCS* section.

306

The built-in hooks cannot be modified, though they can be enabled or disabled in the *VCS* section.

305

307

306

To add another custom hook simply fill in the first textbox with

308

To add another custom hook simply fill in the first textbox with

307

``<name>.<hook_type>`` and the second with the hook path. Example hooks

309

``<name>.<hook_type>`` and the second with the hook path. Example hooks

308

can be found in ``kallithea.lib.hooks``.

310

can be found in ``kallithea.lib.hooks``.

309

311

310

312

311

Changing default encoding

313

Changing default encoding

312

-------------------------

314

-------------------------

313

315

314

By default, Kallithea uses UTF-8 encoding.

316

By default, Kallithea uses UTF-8 encoding.

315

This is configurable as ``default_encoding`` in the .ini file.

317

This is configurable as ``default_encoding`` in the .ini file.

316

This affects many parts in Kallithea including user names, filenames, and

318

This affects many parts in Kallithea including user names, filenames, and

317

encoding of commit messages. In addition Kallithea can detect if the ``chardet``

319

encoding of commit messages. In addition Kallithea can detect if the ``chardet``

318

library is installed. If ``chardet`` is detected Kallithea will fallback to it

320

library is installed. If ``chardet`` is detected Kallithea will fallback to it

319

when there are encode/decode errors.

321

when there are encode/decode errors.

320

322

321

The Mercurial encoding is configurable as ``hgencoding``. It is similar to

323

The Mercurial encoding is configurable as ``hgencoding``. It is similar to

322

setting the ``HGENCODING`` environment variable, but will override it.

324

setting the ``HGENCODING`` environment variable, but will override it.

323

325

324

326

325

Celery configuration

327

Celery configuration

326

--------------------

328

--------------------

327

329

328

Kallithea can use the distributed task queue system Celery_ to run tasks like

330

Kallithea can use the distributed task queue system Celery_ to run tasks like

329

cloning repositories or sending emails.

331

cloning repositories or sending emails.

330

332

331

Kallithea will in most setups work perfectly fine out of the box (without

333

Kallithea will in most setups work perfectly fine out of the box (without

332

Celery), executing all tasks in the web server process. Some tasks can however

334

Celery), executing all tasks in the web server process. Some tasks can however

333

take some time to run and it can be better to run such tasks asynchronously in

335

take some time to run and it can be better to run such tasks asynchronously in

334

a separate process so the web server can focus on serving web requests.

336

a separate process so the web server can focus on serving web requests.

335

337

336

For installation and configuration of Celery, see the `Celery documentation`_.

338

For installation and configuration of Celery, see the `Celery documentation`_.

337

Note that Celery requires a message broker service like RabbitMQ_ (recommended)

339

Note that Celery requires a message broker service like RabbitMQ_ (recommended)

338

or Redis_.

340

or Redis_.

339

341

340

The use of Celery is configured in the Kallithea ini configuration file.

342

The use of Celery is configured in the Kallithea ini configuration file.

341

To enable it, simply set::

343

To enable it, simply set::

342

344

343

use_celery = true

345

use_celery = true

344

346

345

and add or change the ``celery.*`` configuration variables.

347

and add or change the ``celery.*`` configuration variables.

346

348

347

Configuration settings are prefixed with 'celery.', so for example setting

349

Configuration settings are prefixed with 'celery.', so for example setting

348

`broker_url` in Celery means setting `celery.broker_url` in the configuration

350

`broker_url` in Celery means setting `celery.broker_url` in the configuration

349

file.

351

file.

350

352

351

To start the Celery process, run::

353

To start the Celery process, run::

352

354

353

kallithea-cli celery-run -c my.ini

355

kallithea-cli celery-run -c my.ini

354

356

355

Extra options to the Celery worker can be passed after ``--`` - see ``-- -h``

357

Extra options to the Celery worker can be passed after ``--`` - see ``-- -h``

356

for more info.

358

for more info.

357

359

358

.. note::

360

.. note::

359

Make sure you run this command from the same virtualenv, and with the same

361

Make sure you run this command from the same virtualenv, and with the same

360

user that Kallithea runs.

362

user that Kallithea runs.

361

363

362

364

363

HTTPS support

365

HTTPS support

364

-------------

366

-------------

365

367

366

Kallithea will by default generate URLs based on the WSGI environment.

368

Kallithea will by default generate URLs based on the WSGI environment.

367

369

368

Alternatively, you can use some special configuration settings to control

370

Alternatively, you can use some special configuration settings to control

369

directly which scheme/protocol Kallithea will use when generating URLs:

371

directly which scheme/protocol Kallithea will use when generating URLs:

370

372

371

- With ``https_fixup = true``, the scheme will be taken from the

373

- With ``https_fixup = true``, the scheme will be taken from the

372

``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header

374

``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header

373

(default ``http``).

375

(default ``http``).

374

- With ``force_https = true`` the default will be ``https``.

376

- With ``force_https = true`` the default will be ``https``.

375

- With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.

377

- With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.

376

378

377

.. _nginx_virtual_host:

379

.. _nginx_virtual_host:

378

380

379

381

380

Nginx virtual host example

382

Nginx virtual host example

381

--------------------------

383

--------------------------

382

384

383

Sample config for Nginx using proxy:

385

Sample config for Nginx using proxy:

384

386

385

.. code-block:: nginx

387

.. code-block:: nginx

386

388

387

upstream kallithea {

389

upstream kallithea {

388

server 127.0.0.1:5000;

390

server 127.0.0.1:5000;

389

# add more instances for load balancing

391

# add more instances for load balancing

390

#server 127.0.0.1:5001;

392

#server 127.0.0.1:5001;

391

#server 127.0.0.1:5002;

393

#server 127.0.0.1:5002;

392

}

394

}

393

395

394

## gist alias

396

## gist alias

395

server {

397

server {

396

listen 443;

398

listen 443;

397

server_name gist.example.com;

399

server_name gist.example.com;

398

access_log /var/log/nginx/gist.access.log;

400

access_log /var/log/nginx/gist.access.log;

399

error_log /var/log/nginx/gist.error.log;

401

error_log /var/log/nginx/gist.error.log;

400

402

401

ssl on;

403

ssl on;

402

ssl_certificate gist.your.kallithea.server.crt;

404

ssl_certificate gist.your.kallithea.server.crt;

403

ssl_certificate_key gist.your.kallithea.server.key;

405

ssl_certificate_key gist.your.kallithea.server.key;

404

406

405

ssl_session_timeout 5m;

407

ssl_session_timeout 5m;

406

408

407

ssl_protocols SSLv3 TLSv1;

409

ssl_protocols SSLv3 TLSv1;

408

ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

410

ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

409

ssl_prefer_server_ciphers on;

411

ssl_prefer_server_ciphers on;

410

412

411

rewrite ^/(.+)$ https://kallithea.example.com/_admin/gists/$1;

413

rewrite ^/(.+)$ https://kallithea.example.com/_admin/gists/$1;

412

rewrite (.*) https://kallithea.example.com/_admin/gists;

414

rewrite (.*) https://kallithea.example.com/_admin/gists;

413

}

415

}

414

416

415

server {

417

server {

416

listen 443;

418

listen 443;

417

server_name kallithea.example.com

419

server_name kallithea.example.com

418

access_log /var/log/nginx/kallithea.access.log;

420

access_log /var/log/nginx/kallithea.access.log;

419

error_log /var/log/nginx/kallithea.error.log;

421

error_log /var/log/nginx/kallithea.error.log;

420

422

421

ssl on;

423

ssl on;

422

ssl_certificate your.kallithea.server.crt;

424

ssl_certificate your.kallithea.server.crt;

423

ssl_certificate_key your.kallithea.server.key;

425

ssl_certificate_key your.kallithea.server.key;

424

426

425

ssl_session_timeout 5m;

427

ssl_session_timeout 5m;

426

428

427

ssl_protocols SSLv3 TLSv1;

429

ssl_protocols SSLv3 TLSv1;

428

ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

430

ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

429

ssl_prefer_server_ciphers on;

431

ssl_prefer_server_ciphers on;

430

432

431

## uncomment root directive if you want to serve static files by nginx

433

## uncomment root directive if you want to serve static files by nginx

432

## requires static_files = false in .ini file

434

## requires static_files = false in .ini file

433

#root /srv/kallithea/kallithea/kallithea/public;

435

#root /srv/kallithea/kallithea/kallithea/public;

434

include /etc/nginx/proxy.conf;

436

include /etc/nginx/proxy.conf;

435

location / {

437

location / {

436

try_files $uri @kallithea;

438

try_files $uri @kallithea;

437

}

439

}

438

440

439

location @kallithea {

441

location @kallithea {

440

proxy_pass http://127.0.0.1:5000;

442

proxy_pass http://127.0.0.1:5000;

441

}

443

}

442

444

443

}

445

}

444

446

445

Here's the proxy.conf. It's tuned so it will not timeout on long

447

Here's the proxy.conf. It's tuned so it will not timeout on long

446

pushes or large pushes::

448

pushes or large pushes::

447

449

448

proxy_redirect off;

450

proxy_redirect off;

449

proxy_set_header Host $host;

451

proxy_set_header Host $host;

450

## needed for container auth

452

## needed for container auth

451

#proxy_set_header REMOTE_USER $remote_user;

453

#proxy_set_header REMOTE_USER $remote_user;

452

#proxy_set_header X-Forwarded-User $remote_user;

454

#proxy_set_header X-Forwarded-User $remote_user;

453

proxy_set_header X-Url-Scheme $scheme;

455

proxy_set_header X-Url-Scheme $scheme;

454

proxy_set_header X-Host $http_host;

456

proxy_set_header X-Host $http_host;

455

proxy_set_header X-Real-IP $remote_addr;

457

proxy_set_header X-Real-IP $remote_addr;

456

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

458

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

457

proxy_set_header Proxy-host $proxy_host;

459

proxy_set_header Proxy-host $proxy_host;

458

proxy_buffering off;

460

proxy_buffering off;

459

proxy_connect_timeout 7200;

461

proxy_connect_timeout 7200;

460

proxy_send_timeout 7200;

462

proxy_send_timeout 7200;

461

proxy_read_timeout 7200;

463

proxy_read_timeout 7200;

462

proxy_buffers 8 32k;

464

proxy_buffers 8 32k;

463

client_max_body_size 1024m;

465

client_max_body_size 1024m;

464

client_body_buffer_size 128k;

466

client_body_buffer_size 128k;

465

large_client_header_buffers 8 64k;

467

large_client_header_buffers 8 64k;

466

468

467

.. _apache_virtual_host_reverse_proxy:

469

.. _apache_virtual_host_reverse_proxy:

468

470

469

471

470

Apache virtual host reverse proxy example

472

Apache virtual host reverse proxy example

471

-----------------------------------------

473

-----------------------------------------

472

474

473

Here is a sample configuration file for Apache using proxy:

475

Here is a sample configuration file for Apache using proxy:

474

476

475

.. code-block:: apache

477

.. code-block:: apache

476

478

477

479

478

ServerName kallithea.example.com

480

ServerName kallithea.example.com

479

481

480

482

481

# For Apache 2.4 and later:

483

# For Apache 2.4 and later:

482

Require all granted

484

Require all granted

483

485

484

# For Apache 2.2 and earlier, instead use:

486

# For Apache 2.2 and earlier, instead use:

485

# Order allow,deny

487

# Order allow,deny

486

# Allow from all

488

# Allow from all

487

</Proxy>

489

</Proxy>

488

490

489

#important !

491

#important !

490

#Directive to properly generate url (clone url) for Kallithea

492

#Directive to properly generate url (clone url) for Kallithea

491

ProxyPreserveHost On

493

ProxyPreserveHost On

492

494

493

#kallithea instance

495

#kallithea instance

494

ProxyPass / http://127.0.0.1:5000/

496

ProxyPass / http://127.0.0.1:5000/

495

ProxyPassReverse / http://127.0.0.1:5000/

497

ProxyPassReverse / http://127.0.0.1:5000/

496

498

497

#to enable https use line below

499

#to enable https use line below

498

#SetEnvIf X-Url-Scheme https HTTPS=1

500

#SetEnvIf X-Url-Scheme https HTTPS=1

499

</VirtualHost>

501

</VirtualHost>

500

502

501

Additional tutorial

503

Additional tutorial

502

http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons

504

http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons

503

505

504

.. _apache_subdirectory:

506

.. _apache_subdirectory:

505

507

506

508

507

Apache as subdirectory

509

Apache as subdirectory

508

----------------------

510

----------------------

509

511

510

Apache subdirectory part:

512

Apache subdirectory part:

511

513

512

.. code-block:: apache

514

.. code-block:: apache

513

515

514

516

515

ProxyPass http://127.0.0.1:5000/PREFIX

517

ProxyPass http://127.0.0.1:5000/PREFIX

516

ProxyPassReverse http://127.0.0.1:5000/PREFIX

518

ProxyPassReverse http://127.0.0.1:5000/PREFIX

517

SetEnvIf X-Url-Scheme https HTTPS=1

519

SetEnvIf X-Url-Scheme https HTTPS=1

518

</Location>

520

</Location>

519

521

520

Besides the regular apache setup you will need to add the following line

522

Besides the regular apache setup you will need to add the following line

521

into ``[app:main]`` section of your .ini file::

523

into ``[app:main]`` section of your .ini file::

522

524

523

filter-with = proxy-prefix

525

filter-with = proxy-prefix

524

526

525

Add the following at the end of the .ini file::

527

Add the following at the end of the .ini file::

526

528

527

[filter:proxy-prefix]

529

[filter:proxy-prefix]

528

use = egg:PasteDeploy#prefix

530

use = egg:PasteDeploy#prefix

529

prefix = /PREFIX

531

prefix = /PREFIX

530

532

531

then change ``PREFIX`` into your chosen prefix

533

then change ``PREFIX`` into your chosen prefix

532

534

533

.. _apache_mod_wsgi:

535

.. _apache_mod_wsgi:

534

536

535

537

536

Apache with mod_wsgi

538

Apache with mod_wsgi

537

--------------------

539

--------------------

538

540

539

Alternatively, Kallithea can be set up with Apache under mod_wsgi. For

541

Alternatively, Kallithea can be set up with Apache under mod_wsgi. For

540

that, you'll need to:

542

that, you'll need to:

541

543

542

- Install mod_wsgi. If using a Debian-based distro, you can install

544

- Install mod_wsgi. If using a Debian-based distro, you can install

543

the package libapache2-mod-wsgi::

545

the package libapache2-mod-wsgi::

544

546

545

aptitude install libapache2-mod-wsgi

547

aptitude install libapache2-mod-wsgi

546

548

547

- Enable mod_wsgi::

549

- Enable mod_wsgi::

548

550

549

a2enmod wsgi

551

a2enmod wsgi

550

552

551

- Add global Apache configuration to tell mod_wsgi that Python only will be

553

- Add global Apache configuration to tell mod_wsgi that Python only will be

552

used in the WSGI processes and shouldn't be initialized in the Apache

554

used in the WSGI processes and shouldn't be initialized in the Apache

553

processes::

555

processes::

554

556

555

WSGIRestrictEmbedded On

557

WSGIRestrictEmbedded On

556

558

557

- Create a WSGI dispatch script, like the one below. Make sure you

559

- Create a WSGI dispatch script, like the one below. Make sure you

558

check that the paths correctly point to where you installed Kallithea

560

check that the paths correctly point to where you installed Kallithea

559

and its Python Virtual Environment.

561

and its Python Virtual Environment.

560

562

561

.. code-block:: python

563

.. code-block:: python

562

564

563

import os

565

import os

564

os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache'

566

os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache'

565

567

566

# sometimes it's needed to set the current dir

568

# sometimes it's needed to set the current dir

567

os.chdir('/srv/kallithea/')

569

os.chdir('/srv/kallithea/')

568

570

569

import site

571

import site

570

site.addsitedir("/srv/kallithea/venv/lib/python3.7/site-packages")

572

site.addsitedir("/srv/kallithea/venv/lib/python3.7/site-packages")

571

573

572

ini = '/srv/kallithea/my.ini'

574

ini = '/srv/kallithea/my.ini'

573

from logging.config import fileConfig

575

from logging.config import fileConfig

574

fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})

576

fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})

575

from paste.deploy import loadapp

577

from paste.deploy import loadapp

576

application = loadapp('config:' + ini)

578

application = loadapp('config:' + ini)

577

579

578

Or using proper virtualenv activation:

580

Or using proper virtualenv activation:

579

581

580

.. code-block:: python

582

.. code-block:: python

581

583

582

activate_this = '/srv/kallithea/venv/bin/activate_this.py'

584

activate_this = '/srv/kallithea/venv/bin/activate_this.py'

583

execfile(activate_this, dict(__file__=activate_this))

585

execfile(activate_this, dict(__file__=activate_this))

584

586

585

import os

587

import os

586

os.environ['HOME'] = '/srv/kallithea'

588

os.environ['HOME'] = '/srv/kallithea'

587

589

588

ini = '/srv/kallithea/kallithea.ini'

590

ini = '/srv/kallithea/kallithea.ini'

589

from logging.config import fileConfig

591

from logging.config import fileConfig

590

fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})

592

fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})

591

from paste.deploy import loadapp

593

from paste.deploy import loadapp

592

application = loadapp('config:' + ini)

594

application = loadapp('config:' + ini)

593

595

594

- Add the necessary ``WSGI*`` directives to the Apache Virtual Host configuration

596

- Add the necessary ``WSGI*`` directives to the Apache Virtual Host configuration

595

file, like in the example below. Notice that the WSGI dispatch script created

597

file, like in the example below. Notice that the WSGI dispatch script created

596

above is referred to with the ``WSGIScriptAlias`` directive.

598

above is referred to with the ``WSGIScriptAlias`` directive.

597

The default locale settings Apache provides for web services are often not

599

The default locale settings Apache provides for web services are often not

598

adequate, with `C` as the default language and `ASCII` as the encoding.

600

adequate, with `C` as the default language and `ASCII` as the encoding.

599

Instead, use the ``lang`` parameter of ``WSGIDaemonProcess`` to specify a

601

Instead, use the ``lang`` parameter of ``WSGIDaemonProcess`` to specify a

600

suitable locale. See also the :ref:`overview` section and the

602

suitable locale. See also the :ref:`overview` section and the

601

`WSGIDaemonProcess documentation`_.

603

`WSGIDaemonProcess documentation`_.

602

604

603

Apache will by default run as a special Apache user, on Linux systems

605

Apache will by default run as a special Apache user, on Linux systems

604

usually ``www-data`` or ``apache``. If you need to have the repositories

606

usually ``www-data`` or ``apache``. If you need to have the repositories

605

directory owned by a different user, use the user and group options to

607

directory owned by a different user, use the user and group options to

606

WSGIDaemonProcess to set the name of the user and group.

608

WSGIDaemonProcess to set the name of the user and group.

607

609

608

Once again, check that all paths are correctly specified.

610

Once again, check that all paths are correctly specified.

609

611

610

.. code-block:: apache

612

.. code-block:: apache

611

613

612

WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \

614

WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \

613

python-home=/srv/kallithea/venv lang=C.UTF-8

615

python-home=/srv/kallithea/venv lang=C.UTF-8

614

WSGIProcessGroup kallithea

616

WSGIProcessGroup kallithea

615

WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

617

WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

616

WSGIPassAuthorization On

618

WSGIPassAuthorization On

617

619

618

Or if using a dispatcher WSGI script with proper virtualenv activation:

620

Or if using a dispatcher WSGI script with proper virtualenv activation:

619

621

620

.. code-block:: apache

622

.. code-block:: apache

621

623

622

WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 lang=en_US.utf8

624

WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 lang=en_US.utf8

623

WSGIProcessGroup kallithea

625

WSGIProcessGroup kallithea

624

WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

626

WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

625

WSGIPassAuthorization On

627

WSGIPassAuthorization On

626

628

627

629

628

Other configuration files

630

Other configuration files

629

-------------------------

631

-------------------------

630

632

631

A number of `example init.d scripts`__ can be found in

633

A number of `example init.d scripts`__ can be found in

632

the ``init.d`` directory of the Kallithea source.

634

the ``init.d`` directory of the Kallithea source.

633

635

634

.. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ .

636

.. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ .

635

637

636

638

637

.. _python: http://www.python.org/

639

.. _python: http://www.python.org/

638

.. _Python regular expression documentation: https://docs.python.org/2/library/re.html

640

.. _Python regular expression documentation: https://docs.python.org/2/library/re.html

639

.. _Mercurial: https://www.mercurial-scm.org/

641

.. _Mercurial: https://www.mercurial-scm.org/

640

.. _Celery: http://celeryproject.org/

642

.. _Celery: http://celeryproject.org/

641

.. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html

643

.. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html

642

.. _RabbitMQ: http://www.rabbitmq.com/

644

.. _RabbitMQ: http://www.rabbitmq.com/

643

.. _Redis: http://redis.io/

645

.. _Redis: http://redis.io/

644

.. _mercurial-server: http://www.lshift.net/mercurial-server.html

646

.. _mercurial-server: http://www.lshift.net/mercurial-server.html

645

.. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories

647

.. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories

646

.. _WSGIDaemonProcess documentation: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html

648

.. _WSGIDaemonProcess documentation: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             .. _overview:
             =====================
             Installation overview
             =====================
             Some overview and some details that can help understanding the options when
             installing Kallithea.
 . **Prepare environment and external dependencies.**
                 Kallithea needs:
                 * A filesystem where the Mercurial and Git repositories can be stored.
                 * A database where meta data can be stored.
                 * A Python environment where the Kallithea application and its dependencies
                   can be installed.
                 * A web server that can host the Kallithea web application using the WSGI
                   API.
 . **Install Kallithea software.**
                 This makes the ``kallithea-cli`` command line tool available.
 . **Create low level configuration file.**
                 Use ``kallithea-cli config-create`` to create a ``.ini`` file with database
                 connection info, mail server information, configuration for the specified
                 web server, etc.
 . **Populate the database.**
                 Use ``kallithea-cli db-create`` with the ``.ini`` file to create the
                 database schema and insert the most basic information: the location of the
                 repository store and an initial local admin user.
 . **Configure the web server.**
                 The web server must invoke the WSGI entrypoint for the Kallithea software
                 using the ``.ini`` file (and thus the database). This makes the web
                 application available so the local admin user can log in and tweak the
                 configuration further.
 . **Configure users.**
                 The initial admin user can create additional local users, or configure how
                 users can be created and authenticated from other user directories.
             See the subsequent sections, the separate OS-specific instructions, and
             :ref:`setup` for details on these steps.
             Python environment
             ------------------
             **Kallithea** is written entirely in Python_ and requires Python version
 .6 or higher.
             Given a Python installation, there are different ways of providing the
             environment for running Python applications. Each of them pretty much
             corresponds to a ``site-packages`` directory somewhere where packages can be
             installed.
             Kallithea itself can be run from source or be installed, but even when running
             from source, there are some dependencies that must be installed in the Python
             environment used for running Kallithea.
             - Packages *could* be installed in Python's ``site-packages`` directory ... but
               that would require running pip_ as root and it would be hard to uninstall or
               upgrade and is probably not a good idea unless using a package manager.
             - Packages could also be installed in ``~/.local`` ... but that is probably
               only a good idea if using a dedicated user per application or instance.
             - Finally, it can be installed in a virtualenv. That is a very lightweight
               "container" where each Kallithea instance can get its own dedicated and
               self-contained virtual environment.
             We recommend using virtualenv for installing Kallithea.
             Locale environment
             ------------------
             In order to ensure a correct functioning of Kallithea with respect to non-ASCII
             characters in user names, file paths, commit messages, etc., it is very
             important that Kallithea is run with a correct `locale` configuration.
             On Unix, environment variables like ``LANG`` or ``LC_ALL`` can specify a language (like
             ``en_US``) and encoding (like ``UTF-8``) to use for code points outside the ASCII
             range. The flexibility of supporting multiple encodings of Unicode has the flip
             side of having to specify which encoding to use - especially for Mercurial.
             It depends on the OS distribution and system configuration which locales are
             available. For example, some Docker containers based on Debian default to only
             supporting the ``C`` language, while other Linux environments have ``en_US`` but not
             ``C``. The ``locale -a`` command will show which values are available on the
             current system. Regardless of the actual language, you should normally choose a
             locale that has the ``UTF-8`` encoding (note that spellings ``utf8``, ``utf-8``,
             ``UTF8``, ``UTF-8`` are all referring to the same thing)
             For technical reasons, the locale configuration **must** be provided in the
             environment in which Kallithea runs - it cannot be specified in the ``.ini`` file.
             How to practically do this depends on the web server that is used and the way it
             is started. For example, gearbox is often started by a normal user, either
             manually or via a script. In this case, the required locale environment
             variables can be provided directly in that user's environment or in the script.
             However, web servers like Apache are often started at boot via an init script or
             service file. Modifying the environment for this case would thus require
             root/administrator privileges. Moreover, that environment would dictate the
             settings for all web services running under that web server, Kallithea being
             just one of them. Specifically in the case of Apache with ``mod_wsgi``, the
             locale can be set for a specific service in its ``WSGIDaemonProcess`` directive,
             using the ``lang`` parameter.
             Installation methods
             --------------------
             Kallithea must be installed on a server. Kallithea is installed in a Python
             environment so it can use packages that are installed there and make itself
             available for other packages.
             Two different cases will pretty much cover the options for how it can be
             installed.
             - The Kallithea source repository can be cloned and used -- it is kept stable and
               can be used in production. The Kallithea maintainers use the development
               branch in production. The advantage of installation from source and regularly
               updating it is that you take advantage of the most recent improvements. Using
               it directly from a DVCS also means that it is easy to track local customizations.
               Running ``pip install -e .`` in the source will use pip to install the
               necessary dependencies in the Python environment and create a
               ``.../site-packages/Kallithea.egg-link`` file there that points at the Kallithea
               source.
             - Kallithea can also be installed from ready-made packages using a package manager.
               The official released versions are available on PyPI_ and can be downloaded and
               installed with all dependencies using ``pip install kallithea``.
               With this method, Kallithea is installed in the Python environment as any
               other package, usually as a ``.../site-packages/Kallithea-X-py3.8.egg/``
               directory with Python files and everything else that is needed.
               (``pip install kallithea`` from a source tree will do pretty much the same
               but build the Kallithea package itself locally instead of downloading it.)
             .. note::
-               Kallithea includes front-end code that needs to be processed first.
+               Kallithea includes front-end code that needs to be processed to prepare
-               The tool npm_ is used to download external dependencies and orchestrate the
+               static files that can be served at run time and used on the client side. The
-               processing. The ``npm`` binary must thus be available.
+               tool npm_ is used to download external dependencies and orchestrate the
+               processing. The ``npm`` binary must thus be available at install time but is
+               not used at run time.
             Web server
             ----------
             Kallithea is (primarily) a WSGI_ application that must be run from a web
             server that serves WSGI applications over HTTP.
             Kallithea itself is not serving HTTP (or HTTPS); that is the web server's
             responsibility. Kallithea does however need to know its own user facing URL
             (protocol, address, port and path) for each HTTP request. Kallithea will
             usually use its own HTML/cookie based authentication but can also be configured
             to use web server authentication.
             There are several web server options:
             - Kallithea uses the Gearbox_ tool as command line interface. Gearbox provides
               ``gearbox serve`` as a convenient way to launch a Python WSGI / web server
               from the command line. That is perfect for development and evaluation.
               Actual use in production might have different requirements and need extra
               work to make it manageable as a scalable system service.
               Gearbox comes with its own built-in web server for development but Kallithea
               defaults to using Waitress_. Gunicorn_ and Gevent_ are also options. These
               web servers have different limited feature sets.
               The web server used by ``gearbox serve`` is configured in the ``.ini`` file.
               Create it with ``config-create`` using for example ``http_server=waitress``
               to get a configuration starting point for your choice of web server.
               (Gearbox will do like ``paste`` and use the WSGI application entry point
               ``kallithea.config.middleware:make_app`` as specified in ``setup.py``.)
             - `Apache httpd`_ can serve WSGI applications directly using mod_wsgi_ and a
               simple Python file with the necessary configuration. This is a good option if
               Apache is an option.
             - uWSGI_ is also a full web server with built-in WSGI module. Use
               ``config-create`` with ``http_server=uwsgi`` to get a ``.ini`` file with
               uWSGI configuration.
             - IIS_ can also server WSGI applications directly using isapi-wsgi_.
             - A `reverse HTTP proxy <https://en.wikipedia.org/wiki/Reverse_proxy>`_
               can be put in front of another web server which has WSGI support.
               Such a layered setup can be complex but might in some cases be the right
               option, for example to standardize on one internet-facing web server, to add
               encryption or special authentication or for other security reasons, to
               provide caching of static files, or to provide load balancing or fail-over.
               Nginx_, Varnish_ and HAProxy_ are often used for this purpose, often in front
               of a ``gearbox serve`` that somehow is wrapped as a service.
             The best option depends on what you are familiar with and the requirements for
             performance and stability. Also, keep in mind that Kallithea mainly is serving
             dynamically generated pages from a relatively slow Python process. Kallithea is
             also often used inside organizations with a limited amount of users and thus no
             continuous hammering from the internet.
             .. _Python: http://www.python.org/
             .. _Gunicorn: http://gunicorn.org/
             .. _Gevent: http://www.gevent.org/
             .. _Waitress: http://waitress.readthedocs.org/en/latest/
             .. _Gearbox: http://turbogears.readthedocs.io/en/latest/turbogears/gearbox.html
             .. _PyPI: https://pypi.python.org/pypi
             .. _Apache httpd: http://httpd.apache.org/
             .. _mod_wsgi: https://code.google.com/p/modwsgi/
             .. _isapi-wsgi: https://github.com/hexdump42/isapi-wsgi
             .. _uWSGI: https://uwsgi-docs.readthedocs.org/en/latest/
             .. _nginx: http://nginx.org/en/
             .. _iis: http://en.wikipedia.org/wiki/Internet_Information_Services
             .. _pip: http://en.wikipedia.org/wiki/Pip_%28package_manager%29
             .. _WSGI: http://en.wikipedia.org/wiki/Web_Server_Gateway_Interface
             .. _HAProxy: http://www.haproxy.org/
             .. _Varnish: https://www.varnish-cache.org/
             .. _npm: https://www.npmjs.com/

             .. _setup:
             =====
             Setup
             =====
             Setting up Kallithea
             --------------------
             First, you will need to create a Kallithea configuration file. Run the
             following command to do so::
                 kallithea-cli config-create my.ini
             This will create the file ``my.ini`` in the current directory. This
             configuration file contains the various settings for Kallithea, e.g.
             proxy port, email settings, usage of static files, cache, Celery
             settings, and logging. Extra settings can be specified like::
                 kallithea-cli config-create my.ini host=8.8.8.8 "[handler_console]" formatter=color_formatter
             Next, you need to create the databases used by Kallithea. It is recommended to
             use PostgreSQL or SQLite (default). If you choose a database other than the
             default, ensure you properly adjust the database URL in your ``my.ini``
             configuration file to use this other database. Kallithea currently supports
             PostgreSQL, SQLite and MariaDB/MySQL databases. Create the database by running
             the following command::
                 kallithea-cli db-create -c my.ini
             This will prompt you for a "root" path. This "root" path is the location where
             Kallithea will store all of its repositories on the current machine. After
             entering this "root" path ``db-create`` will also prompt you for a username
             and password for the initial admin account which ``db-create`` sets
             up for you.
             The ``db-create`` values can also be given on the command line.
             Example::
                 kallithea-cli db-create -c my.ini --user=nn --password=secret --email=nn@example.com --repos=/srv/repos
             The ``db-create`` command will create all needed tables and an
             admin account. When choosing a root path you can either use a new
             empty location, or a location which already contains existing
             repositories. If you choose a location which contains existing
             repositories Kallithea will add all of the repositories at the chosen
             location to its database.  (Note: make sure you specify the correct
             path to the root).
             .. note:: the given path for Mercurial_ repositories **must** be write
                       accessible for the application. It's very important since
                       the Kallithea web interface will work without write access,
                       but when trying to do a push it will fail with permission
                       denied errors unless it has write access.
-            Finally, prepare the front-end by running::
+            Finally, the front-end files must be prepared. This requires ``npm`` version 6
+            or later, which needs ``node.js`` (version 12 or later). Prepare the front-end
+            by running::
                 kallithea-cli front-end-build
             You are now ready to use Kallithea. To run it simply execute::
                 gearbox serve -c my.ini
             - This command runs the Kallithea server. The web app should be available at
               http://127.0.0.1:5000. The IP address and port is configurable via the
               configuration file created in the previous step.
             - Log in to Kallithea using the admin account created when running ``db-create``.
             - The default permissions on each repository is read, and the owner is admin.
               Remember to update these if needed.
             - In the admin panel you can toggle LDAP, anonymous, and permissions
               settings, as well as edit more advanced options on users and
               repositories.
             Internationalization (i18n support)
             -----------------------------------
             The Kallithea web interface is automatically displayed in the user's preferred
             language, as indicated by the browser. Thus, different users may see the
             application in different languages. If the requested language is not available
             (because the translation file for that language does not yet exist or is
             incomplete), English is used.
             If you want to disable automatic language detection and instead configure a
             fixed language regardless of user preference, set ``i18n.enabled = false`` and
             specify another language by setting ``i18n.lang`` in the Kallithea
             configuration file.
             Using Kallithea with SSH
             ------------------------
             Kallithea supports repository access via SSH key based authentication.
             This means:
             - repository URLs like ``ssh://kallithea@example.com/name/of/repository``
             - all network traffic for both read and write happens over the SSH protocol on
               port 22, without using HTTP/HTTPS nor the Kallithea WSGI application
             - encryption and authentication protocols are managed by the system's ``sshd``
               process, with all users using the same Kallithea system user (e.g.
               ``kallithea``) when connecting to the SSH server, but with users' public keys
               in the Kallithea system user's `.ssh/authorized_keys` file granting each user
               sandboxed access to the repositories.
             - users and admins can manage SSH public keys in the web UI
             - in their SSH client configuration, users can configure how the client should
               control access to their SSH key - without passphrase, with passphrase, and
               optionally with passphrase caching in the local shell session (``ssh-agent``).
               This is standard SSH functionality, not something Kallithea provides or
               interferes with.
             - network communication between client and server happens in a bidirectional
               stateful stream, and will in some cases be faster than HTTP/HTTPS with several
               stateless round-trips.
             .. note:: At this moment, repository access via SSH has been tested on Unix
                 only. Windows users that care about SSH are invited to test it and report
                 problems, ideally contributing patches that solve these problems.
             Users and admins can upload SSH public keys (e.g. ``.ssh/id_rsa.pub``) through
             the web interface. The server's ``.ssh/authorized_keys`` file is automatically
             maintained with an entry for each SSH key. Each entry will tell ``sshd`` to run
             ``kallithea-cli`` with the ``ssh-serve`` sub-command and the right Kallithea user ID
             when encountering the corresponding SSH key.
             To enable SSH repository access, Kallithea must be configured with the path to
             the ``.ssh/authorized_keys`` file for the Kallithea user, and the path to the
             ``kallithea-cli`` command. Put something like this in the ``.ini`` file::
                 ssh_enabled = true
                 ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys
                 kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli
             The SSH service must be running, and the Kallithea user account must be active
             (not necessarily with password access, but public key access must be enabled),
             all file permissions must be set as sshd wants it, and ``authorized_keys`` must
             be writeable by the Kallithea user.
             .. note:: The ``authorized_keys`` file will be rewritten from scratch on
                 each update. If it already exists with other data, Kallithea will not
                 overwrite the existing ``authorized_keys``, and the server process will
                 instead throw an exception. The system administrator thus cannot ssh
                 directly to the Kallithea user but must use su/sudo from another account.
                 If ``/home/kallithea/.ssh/`` (the directory of the path specified in the
                 ``ssh_authorized_keys`` setting of the ``.ini`` file) does not exist as a
                 directory, Kallithea will attempt to create it. If that path exists but is
                 *not* a directory, or is not readable-writable-executable by the server
                 process, the server process will raise an exception each time it attempts to
                 write the ``authorized_keys`` file.
             .. note:: It is possible to configure the SSH server to look for authorized
                keys in multiple files, for example reserving ``ssh/authorized_keys`` to be
                used for normal SSH and with Kallithea using
                ``.ssh/authorized_keys_kallithea``. In ``/etc/ssh/sshd_config`` set
                ``AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys_kallithea``
                and restart sshd, and in ``my.ini`` set ``ssh_authorized_keys =
                /home/kallithea/.ssh/authorized_keys_kallithea``. Note that this new
                location will apply to all system users, and that multiple entries for the
                same SSH key will shadow each other.
             .. warning:: The handling of SSH access is steered directly by the command
                 specified in the ``authorized_keys`` file. There is no interaction with the
                 web UI.  Once SSH access is correctly configured and enabled, it will work
                 regardless of whether the Kallithea web process is actually running. Hence,
                 if you want to perform repository or server maintenance and want to fully
                 disable all access to the repositories, disable SSH access by setting
                 ``ssh_enabled = false`` in the correct ``.ini`` file (i.e. the ``.ini`` file
                 specified in the ``authorized_keys`` file.)
             The ``authorized_keys`` file can be updated manually with ``kallithea-cli
             ssh-update-authorized-keys -c my.ini``. This command is not needed in normal
             operation but is for example useful after changing SSH-related settings in the
             ``.ini`` file or renaming that file. (The path to the ``.ini`` file is used in
             the generated ``authorized_keys`` file).
             Setting up Whoosh full text search
             ----------------------------------
             Kallithea provides full text search of repositories using `Whoosh`__.
             .. __: https://whoosh.readthedocs.io/en/latest/
             For an incremental index build, run::
                 kallithea-cli index-create -c my.ini
             For a full index rebuild, run::
                 kallithea-cli index-create -c my.ini --full
             The ``--repo-location`` option allows the location of the repositories to be overridden;
             usually, the location is retrieved from the Kallithea database.
             The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list::
                 kallithea-cli index-create -c my.ini --index-only=vcs,kallithea
             To keep your index up-to-date it is necessary to do periodic index builds;
             for this, it is recommended to use a crontab entry. Example::
 3  *  *  *  /path/to/virtualenv/bin/kallithea-cli index-create -c /path/to/kallithea/my.ini
             When using incremental mode (the default), Whoosh will check the last
             modification date of each file and add it to be reindexed if a newer file is
             available. The indexing daemon checks for any removed files and removes them
             from index.
             If you want to rebuild the index from scratch, you can use the ``-f`` flag as above,
             or in the admin panel you can check the "build from scratch" checkbox.
             Integration with issue trackers
             -------------------------------
             Kallithea provides a simple integration with issue trackers. It's possible
             to define a regular expression that will match an issue ID in commit messages,
             and have that replaced with a URL to the issue.
             This is achieved with following three variables in the ini file::
                 issue_pat = #(\d+)
                 issue_server_link = https://issues.example.com/{repo}/issue/\1
                 issue_sub =
             ``issue_pat`` is the regular expression describing which strings in
             commit messages will be treated as issue references. The expression can/should
             have one or more parenthesized groups that can later be referred to in
             ``issue_server_link`` and ``issue_sub`` (see below). If you prefer, named groups
             can be used instead of simple parenthesized groups.
             If the pattern should only match if it is preceded by whitespace, add the
             following string before the actual pattern: ``(?:^|(?<=\s))``.
             If the pattern should only match if it is followed by whitespace, add the
             following string after the actual pattern: ``(?:$|(?=\s))``.
             These expressions use lookbehind and lookahead assertions of the Python regular
             expression module to avoid the whitespace to be part of the actual pattern,
             otherwise the link text will also contain that whitespace.
             Matched issue references are replaced with the link specified in
             ``issue_server_link``, in which any backreferences are resolved. Backreferences
             can be ``\1``, ``\2``, ... or for named groups ``\g<groupname>``.
             The special token ``{repo}`` is replaced with the full repository path
             (including repository groups), while token ``{repo_name}`` is replaced with the
             repository name (without repository groups).
             The link text is determined by ``issue_sub``, which can be a string containing
             backreferences to the groups specified in ``issue_pat``. If ``issue_sub`` is
             empty, then the text matched by ``issue_pat`` is used verbatim.
             The example settings shown above match issues in the format ``#<number>``.
             This will cause the text ``#300`` to be transformed into a link:
             .. code-block:: html
               <a href="https://issues.example.com/example_repo/issue/300">#300</a>
             The following example transforms a text starting with either of 'pullrequest',
             'pull request' or 'PR', followed by an optional space, then a pound character
             (#) and one or more digits, into a link with the text 'PR #' followed by the
             digits::
                 issue_pat = (pullrequest|pull request|PR) ?#(\d+)
                 issue_server_link = https://issues.example.com/\2
                 issue_sub = PR #\2
             The following example demonstrates how to require whitespace before the issue
             reference in order for it to be recognized, such that the text ``issue#123`` will
             not cause a match, but ``issue #123`` will::
                 issue_pat = (?:^|(?<=\s))#(\d+)
                 issue_server_link = https://issues.example.com/\1
                 issue_sub =
             If needed, more than one pattern can be specified by appending a unique suffix to
             the variables. For example, also demonstrating the use of named groups::
                 issue_pat_wiki = wiki-(?P<pagename>\S+)
                 issue_server_link_wiki = https://wiki.example.com/\g<pagename>
                 issue_sub_wiki = WIKI-\g<pagename>
             With these settings, wiki pages can be referenced as wiki-some-id, and every
             such reference will be transformed into:
             .. code-block:: html
               <a href="https://wiki.example.com/some-id">WIKI-some-id</a>
             Refer to the `Python regular expression documentation`_ for more details about
             the supported syntax in ``issue_pat``, ``issue_server_link`` and ``issue_sub``.
             Hook management
             ---------------
             Hooks can be managed in similar way to that used in ``.hgrc`` files.
             To manage hooks, choose *Admin > Settings > Hooks*.
             The built-in hooks cannot be modified, though they can be enabled or disabled in the *VCS* section.
             To add another custom hook simply fill in the first textbox with
             ``<name>.<hook_type>`` and the second with the hook path. Example hooks
             can be found in ``kallithea.lib.hooks``.
             Changing default encoding
             -------------------------
             By default, Kallithea uses UTF-8 encoding.
             This is configurable as ``default_encoding`` in the .ini file.
             This affects many parts in Kallithea including user names, filenames, and
             encoding of commit messages. In addition Kallithea can detect if the ``chardet``
             library is installed. If ``chardet`` is detected Kallithea will fallback to it
             when there are encode/decode errors.
             The Mercurial encoding is configurable as ``hgencoding``. It is similar to
             setting the ``HGENCODING`` environment variable, but will override it.
             Celery configuration
             --------------------
             Kallithea can use the distributed task queue system Celery_ to run tasks like
             cloning repositories or sending emails.
             Kallithea will in most setups work perfectly fine out of the box (without
             Celery), executing all tasks in the web server process. Some tasks can however
             take some time to run and it can be better to run such tasks asynchronously in
             a separate process so the web server can focus on serving web requests.
             For installation and configuration of Celery, see the `Celery documentation`_.
             Note that Celery requires a message broker service like RabbitMQ_ (recommended)
             or Redis_.
             The use of Celery is configured in the Kallithea ini configuration file.
             To enable it, simply set::
               use_celery = true
             and add or change the ``celery.*`` configuration variables.
             Configuration settings are prefixed with 'celery.', so for example setting
             `broker_url` in Celery means setting `celery.broker_url` in the configuration
             file.
             To start the Celery process, run::
               kallithea-cli celery-run -c my.ini
             Extra options to the Celery worker can be passed after ``--`` - see ``-- -h``
             for more info.
             .. note::
                Make sure you run this command from the same virtualenv, and with the same
                user that Kallithea runs.
             HTTPS support
             -------------
             Kallithea will by default generate URLs based on the WSGI environment.
             Alternatively, you can use some special configuration settings to control
             directly which scheme/protocol Kallithea will use when generating URLs:
             - With ``https_fixup = true``, the scheme will be taken from the
               ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header
               (default ``http``).
             - With ``force_https = true`` the default will be ``https``.
             - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.
             .. _nginx_virtual_host:
             Nginx virtual host example
             --------------------------
             Sample config for Nginx using proxy:
             .. code-block:: nginx
                 upstream kallithea {
                     server 127.0.0.1:5000;
                     # add more instances for load balancing
                     #server 127.0.0.1:5001;
                     #server 127.0.0.1:5002;
                 }
                 ## gist alias
                 server {
                    listen          443;
                    server_name     gist.example.com;
                    access_log      /var/log/nginx/gist.access.log;
                    error_log       /var/log/nginx/gist.error.log;
                    ssl on;
                    ssl_certificate     gist.your.kallithea.server.crt;
                    ssl_certificate_key gist.your.kallithea.server.key;
                    ssl_session_timeout 5m;
                    ssl_protocols SSLv3 TLSv1;
                    ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
                    ssl_prefer_server_ciphers on;
                    rewrite ^/(.+)$ https://kallithea.example.com/_admin/gists/$1;
                    rewrite (.*)    https://kallithea.example.com/_admin/gists;
                 }
                 server {
                    listen          443;
                    server_name     kallithea.example.com
                    access_log      /var/log/nginx/kallithea.access.log;
                    error_log       /var/log/nginx/kallithea.error.log;
                    ssl on;
                    ssl_certificate     your.kallithea.server.crt;
                    ssl_certificate_key your.kallithea.server.key;
                    ssl_session_timeout 5m;
                    ssl_protocols SSLv3 TLSv1;
                    ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
                    ssl_prefer_server_ciphers on;
                    ## uncomment root directive if you want to serve static files by nginx
                    ## requires static_files = false in .ini file
                    #root /srv/kallithea/kallithea/kallithea/public;
                    include         /etc/nginx/proxy.conf;
                    location / {
                         try_files $uri @kallithea;
                    }
                    location @kallithea {
                         proxy_pass      http://127.0.0.1:5000;
                    }
                 }
             Here's the proxy.conf. It's tuned so it will not timeout on long
             pushes or large pushes::
                 proxy_redirect              off;
                 proxy_set_header            Host $host;
                 ## needed for container auth
                 #proxy_set_header            REMOTE_USER $remote_user;
                 #proxy_set_header            X-Forwarded-User $remote_user;
                 proxy_set_header            X-Url-Scheme $scheme;
                 proxy_set_header            X-Host $http_host;
                 proxy_set_header            X-Real-IP $remote_addr;
                 proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header            Proxy-host $proxy_host;
                 proxy_buffering             off;
                 proxy_connect_timeout       7200;
                 proxy_send_timeout          7200;
                 proxy_read_timeout          7200;
                 proxy_buffers               8 32k;
                 client_max_body_size        1024m;
                 client_body_buffer_size     128k;
                 large_client_header_buffers 8 64k;
             .. _apache_virtual_host_reverse_proxy:
             Apache virtual host reverse proxy example
             -----------------------------------------
             Here is a sample configuration file for Apache using proxy:
             .. code-block:: apache
                 <VirtualHost *:80>
                         ServerName kallithea.example.com
                         <Proxy *>
                           # For Apache 2.4 and later:
                           Require all granted
                           # For Apache 2.2 and earlier, instead use:
                           # Order allow,deny
                           # Allow from all
                         </Proxy>
                         #important !
                         #Directive to properly generate url (clone url) for Kallithea
                         ProxyPreserveHost On
                         #kallithea instance
                         ProxyPass / http://127.0.0.1:5000/
                         ProxyPassReverse / http://127.0.0.1:5000/
                         #to enable https use line below
                         #SetEnvIf X-Url-Scheme https HTTPS=1
                 </VirtualHost>
             Additional tutorial
             http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons
             .. _apache_subdirectory:
             Apache as subdirectory
             ----------------------
             Apache subdirectory part:
             .. code-block:: apache
                 <Location /PREFIX >
                   ProxyPass http://127.0.0.1:5000/PREFIX
                   ProxyPassReverse http://127.0.0.1:5000/PREFIX
                   SetEnvIf X-Url-Scheme https HTTPS=1
                 </Location>
             Besides the regular apache setup you will need to add the following line
             into ``[app:main]`` section of your .ini file::
                 filter-with = proxy-prefix
             Add the following at the end of the .ini file::
                 [filter:proxy-prefix]
                 use = egg:PasteDeploy#prefix
                 prefix = /PREFIX
             then change ``PREFIX`` into your chosen prefix
             .. _apache_mod_wsgi:
             Apache with mod_wsgi
             --------------------
             Alternatively, Kallithea can be set up with Apache under mod_wsgi. For
             that, you'll need to:
             - Install mod_wsgi. If using a Debian-based distro, you can install
               the package libapache2-mod-wsgi::
                 aptitude install libapache2-mod-wsgi
             - Enable mod_wsgi::
                 a2enmod wsgi
             - Add global Apache configuration to tell mod_wsgi that Python only will be
               used in the WSGI processes and shouldn't be initialized in the Apache
               processes::
                 WSGIRestrictEmbedded On
             - Create a WSGI dispatch script, like the one below. Make sure you
               check that the paths correctly point to where you installed Kallithea
               and its Python Virtual Environment.
               .. code-block:: python
                   import os
                   os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache'
                   # sometimes it's needed to set the current dir
                   os.chdir('/srv/kallithea/')
                   import site
                   site.addsitedir("/srv/kallithea/venv/lib/python3.7/site-packages")
                   ini = '/srv/kallithea/my.ini'
                   from logging.config import fileConfig
                   fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})
                   from paste.deploy import loadapp
                   application = loadapp('config:' + ini)
               Or using proper virtualenv activation:
               .. code-block:: python
                   activate_this = '/srv/kallithea/venv/bin/activate_this.py'
                   execfile(activate_this, dict(__file__=activate_this))
                   import os
                   os.environ['HOME'] = '/srv/kallithea'
                   ini = '/srv/kallithea/kallithea.ini'
                   from logging.config import fileConfig
                   fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})
                   from paste.deploy import loadapp
                   application = loadapp('config:' + ini)
             - Add the necessary ``WSGI*`` directives to the Apache Virtual Host configuration
               file, like in the example below. Notice that the WSGI dispatch script created
               above is referred to with the ``WSGIScriptAlias`` directive.
               The default locale settings Apache provides for web services are often not
               adequate, with `C` as the default language and `ASCII` as the encoding.
               Instead, use the ``lang`` parameter of ``WSGIDaemonProcess`` to specify a
               suitable locale. See also the :ref:`overview` section and the
               `WSGIDaemonProcess documentation`_.
               Apache will by default run as a special Apache user, on Linux systems
               usually ``www-data`` or ``apache``. If you need to have the repositories
               directory owned by a different user, use the user and group options to
               WSGIDaemonProcess to set the name of the user and group.
               Once again, check that all paths are correctly specified.
               .. code-block:: apache
                   WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \
                       python-home=/srv/kallithea/venv lang=C.UTF-8
                   WSGIProcessGroup kallithea
                   WSGIScriptAlias / /srv/kallithea/dispatch.wsgi
                   WSGIPassAuthorization On
               Or if using a dispatcher WSGI script with proper virtualenv activation:
               .. code-block:: apache
                   WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 lang=en_US.utf8
                   WSGIProcessGroup kallithea
                   WSGIScriptAlias / /srv/kallithea/dispatch.wsgi
                   WSGIPassAuthorization On
             Other configuration files
             -------------------------
             A number of `example init.d scripts`__ can be found in
             the ``init.d`` directory of the Kallithea source.
             .. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ .
             .. _python: http://www.python.org/
             .. _Python regular expression documentation: https://docs.python.org/2/library/re.html
             .. _Mercurial: https://www.mercurial-scm.org/
             .. _Celery: http://celeryproject.org/
             .. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html
             .. _RabbitMQ: http://www.rabbitmq.com/
             .. _Redis: http://redis.io/
             .. _mercurial-server: http://www.lshift.net/mercurial-server.html
             .. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories
             .. _WSGIDaemonProcess documentation: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html