##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

docs update
marcink -
r1870:941dee11 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,443 +1,444 b''
1 1 .. _changelog:
2 2
3 3 Changelog
4 4 =========
5 5
6 6
7 7 1.3.0 (**XXXX-XX-XX**)
8 8 ======================
9 9
10 10 :status: in-progress
11 11 :branch: beta
12 12
13 13 news
14 14 ----
15 15
16 16 - code review, inspired by github code-comments
17 17 - #215 rst and markdown README files support
18 18 - #252 Container-based and proxy pass-through authentication support
19 19 - #44 branch browser. Filtering of changelog by branches
20 20 - mercurial bookmarks support
21 21 - hover top menu
22 22 - configurable clone url template with possibility to specify protocol like
23 23 ssh:// or http:// and also manually alter other parts of clone_url.
24 24 - enabled largefiles extension by default
25 25 - optimized summary file pages and saved a lot of unused space in them
26 26 - #239 option to manually mark repository as fork
27 27 - #320 mapping of commit authors to RhodeCode users
28 28 - #304 hashes are displayed using monospace font
29 29 - diff configuration, toggle white lines and context lines
30 30 - #307 configurable diffs, whitespace toggle, increasing context lines
31 31 - sorting on branches, tags and bookmarks using YUI datatable
32 32 - improved file filter on files page
33 33 - implements #330 api method for listing nodes ar particular revision
34 34 - fixed #331 RhodeCode mangles repository names if the a repository group
35 35 contains the "full path" to the repositories
36 - #73 added linking issues in commit messages to choosen issue tracker url
36 - #73 added linking issues in commit messages to chosen issue tracker url
37 37 based on user defined regular expression
38 - new compact changelog with expandable commit messages
38 39
39 40 fixes
40 41 -----
41 42
42 43 - rewrote dbsession management for atomic operations, and better error handling
43 44 - fixed sorting of repo tables
44 45 - #326 escape of special html entities in diffs
45 46 - normalized user_name => username in api attributes
46 47 - fixes #298 ldap created users with mixed case emails created conflicts
47 48 on saving a form
48 49 - fixes issue when owner of a repo couldn't revoke permissions for users
49 50 and groups
50 51
51 52 1.2.3 (**2011-11-02**)
52 53 ======================
53 54
54 55 news
55 56 ----
56 57
57 58 - added option to manage repos group for non admin users
58 59 - added following API methods for get_users, create_user, get_users_groups,
59 60 get_users_group, create_users_group, add_user_to_users_groups, get_repos,
60 61 get_repo, create_repo, add_user_to_repo
61 62 - implements #237 added password confirmation for my account
62 63 and admin edit user.
63 64 - implements #291 email notification for global events are now sent to all
64 65 administrator users, and global config email.
65 66
66 67 fixes
67 68 -----
68 69
69 70 - added option for passing auth method for smtp mailer
70 71 - #276 issue with adding a single user with id>10 to usergroups
71 72 - #277 fixes windows LDAP settings in which missing values breaks the ldap auth
72 73 - #288 fixes managing of repos in a group for non admin user
73 74
74 75 1.2.2 (**2011-10-17**)
75 76 ======================
76 77
77 78 news
78 79 ----
79 80
80 81 - #226 repo groups are available by path instead of numerical id
81 82
82 83 fixes
83 84 -----
84 85
85 86 - #259 Groups with the same name but with different parent group
86 87 - #260 Put repo in group, then move group to another group -> repo becomes unavailable
87 88 - #258 RhodeCode 1.2 assumes egg folder is writable (lockfiles problems)
88 89 - #265 ldap save fails sometimes on converting attributes to booleans,
89 90 added getter and setter into model that will prevent from this on db model level
90 91 - fixed problems with timestamps issues #251 and #213
91 92 - fixes #266 RhodeCode allows to create repo with the same name and in
92 93 the same parent as group
93 94 - fixes #245 Rescan of the repositories on Windows
94 95 - fixes #248 cannot edit repos inside a group on windows
95 96 - fixes #219 forking problems on windows
96 97
97 98 1.2.1 (**2011-10-08**)
98 99 ======================
99 100
100 101 news
101 102 ----
102 103
103 104
104 105 fixes
105 106 -----
106 107
107 108 - fixed problems with basic auth and push problems
108 109 - gui fixes
109 110 - fixed logger
110 111
111 112 1.2.0 (**2011-10-07**)
112 113 ======================
113 114
114 115 news
115 116 ----
116 117
117 118 - implemented #47 repository groups
118 119 - implemented #89 Can setup google analytics code from settings menu
119 120 - implemented #91 added nicer looking archive urls with more download options
120 121 like tags, branches
121 122 - implemented #44 into file browsing, and added follow branch option
122 123 - implemented #84 downloads can be enabled/disabled for each repository
123 124 - anonymous repository can be cloned without having to pass default:default
124 125 into clone url
125 126 - fixed #90 whoosh indexer can index chooses repositories passed in command
126 127 line
127 128 - extended journal with day aggregates and paging
128 129 - implemented #107 source code lines highlight ranges
129 130 - implemented #93 customizable changelog on combined revision ranges -
130 131 equivalent of githubs compare view
131 132 - implemented #108 extended and more powerful LDAP configuration
132 133 - implemented #56 users groups
133 134 - major code rewrites optimized codes for speed and memory usage
134 135 - raw and diff downloads are now in git format
135 136 - setup command checks for write access to given path
136 137 - fixed many issues with international characters and unicode. It uses utf8
137 138 decode with replace to provide less errors even with non utf8 encoded strings
138 139 - #125 added API KEY access to feeds
139 140 - #109 Repository can be created from external Mercurial link (aka. remote
140 141 repository, and manually updated (via pull) from admin panel
141 142 - beta git support - push/pull server + basic view for git repos
142 143 - added followers page and forks page
143 144 - server side file creation (with binary file upload interface)
144 145 and edition with commits powered by codemirror
145 146 - #111 file browser file finder, quick lookup files on whole file tree
146 147 - added quick login sliding menu into main page
147 148 - changelog uses lazy loading of affected files details, in some scenarios
148 149 this can improve speed of changelog page dramatically especially for
149 150 larger repositories.
150 151 - implements #214 added support for downloading subrepos in download menu.
151 152 - Added basic API for direct operations on rhodecode via JSON
152 153 - Implemented advanced hook management
153 154
154 155 fixes
155 156 -----
156 157
157 158 - fixed file browser bug, when switching into given form revision the url was
158 159 not changing
159 160 - fixed propagation to error controller on simplehg and simplegit middlewares
160 161 - fixed error when trying to make a download on empty repository
161 162 - fixed problem with '[' chars in commit messages in journal
162 163 - fixed #99 Unicode errors, on file node paths with non utf-8 characters
163 164 - journal fork fixes
164 165 - removed issue with space inside renamed repository after deletion
165 166 - fixed strange issue on formencode imports
166 167 - fixed #126 Deleting repository on Windows, rename used incompatible chars.
167 168 - #150 fixes for errors on repositories mapped in db but corrupted in
168 169 filesystem
169 170 - fixed problem with ascendant characters in realm #181
170 171 - fixed problem with sqlite file based database connection pool
171 172 - whoosh indexer and code stats share the same dynamic extensions map
172 173 - fixes #188 - relationship delete of repo_to_perm entry on user removal
173 174 - fixes issue #189 Trending source files shows "show more" when no more exist
174 175 - fixes issue #197 Relative paths for pidlocks
175 176 - fixes issue #198 password will require only 3 chars now for login form
176 177 - fixes issue #199 wrong redirection for non admin users after creating a repository
177 178 - fixes issues #202, bad db constraint made impossible to attach same group
178 179 more than one time. Affects only mysql/postgres
179 180 - fixes #218 os.kill patch for windows was missing sig param
180 181 - improved rendering of dag (they are not trimmed anymore when number of
181 182 heads exceeds 5)
182 183
183 184 1.1.8 (**2011-04-12**)
184 185 ======================
185 186
186 187 news
187 188 ----
188 189
189 190 - improved windows support
190 191
191 192 fixes
192 193 -----
193 194
194 195 - fixed #140 freeze of python dateutil library, since new version is python2.x
195 196 incompatible
196 197 - setup-app will check for write permission in given path
197 198 - cleaned up license info issue #149
198 199 - fixes for issues #137,#116 and problems with unicode and accented characters.
199 200 - fixes crashes on gravatar, when passed in email as unicode
200 201 - fixed tooltip flickering problems
201 202 - fixed came_from redirection on windows
202 203 - fixed logging modules, and sql formatters
203 204 - windows fixes for os.kill issue #133
204 205 - fixes path splitting for windows issues #148
205 206 - fixed issue #143 wrong import on migration to 1.1.X
206 207 - fixed problems with displaying binary files, thanks to Thomas Waldmann
207 208 - removed name from archive files since it's breaking ui for long repo names
208 209 - fixed issue with archive headers sent to browser, thanks to Thomas Waldmann
209 210 - fixed compatibility for 1024px displays, and larger dpi settings, thanks to
210 211 Thomas Waldmann
211 212 - fixed issue #166 summary pager was skipping 10 revisions on second page
212 213
213 214
214 215 1.1.7 (**2011-03-23**)
215 216 ======================
216 217
217 218 news
218 219 ----
219 220
220 221 fixes
221 222 -----
222 223
223 224 - fixed (again) #136 installation support for FreeBSD
224 225
225 226
226 227 1.1.6 (**2011-03-21**)
227 228 ======================
228 229
229 230 news
230 231 ----
231 232
232 233 fixes
233 234 -----
234 235
235 236 - fixed #136 installation support for FreeBSD
236 237 - RhodeCode will check for python version during installation
237 238
238 239 1.1.5 (**2011-03-17**)
239 240 ======================
240 241
241 242 news
242 243 ----
243 244
244 245 - basic windows support, by exchanging pybcrypt into sha256 for windows only
245 246 highly inspired by idea of mantis406
246 247
247 248 fixes
248 249 -----
249 250
250 251 - fixed sorting by author in main page
251 252 - fixed crashes with diffs on binary files
252 253 - fixed #131 problem with boolean values for LDAP
253 254 - fixed #122 mysql problems thanks to striker69
254 255 - fixed problem with errors on calling raw/raw_files/annotate functions
255 256 with unknown revisions
256 257 - fixed returned rawfiles attachment names with international character
257 258 - cleaned out docs, big thanks to Jason Harris
258 259
259 260 1.1.4 (**2011-02-19**)
260 261 ======================
261 262
262 263 news
263 264 ----
264 265
265 266 fixes
266 267 -----
267 268
268 269 - fixed formencode import problem on settings page, that caused server crash
269 270 when that page was accessed as first after server start
270 271 - journal fixes
271 272 - fixed option to access repository just by entering http://server/<repo_name>
272 273
273 274 1.1.3 (**2011-02-16**)
274 275 ======================
275 276
276 277 news
277 278 ----
278 279
279 280 - implemented #102 allowing the '.' character in username
280 281 - added option to access repository just by entering http://server/<repo_name>
281 282 - celery task ignores result for better performance
282 283
283 284 fixes
284 285 -----
285 286
286 287 - fixed ehlo command and non auth mail servers on smtp_lib. Thanks to
287 288 apollo13 and Johan Walles
288 289 - small fixes in journal
289 290 - fixed problems with getting setting for celery from .ini files
290 291 - registration, password reset and login boxes share the same title as main
291 292 application now
292 293 - fixed #113: to high permissions to fork repository
293 294 - fixed problem with '[' chars in commit messages in journal
294 295 - removed issue with space inside renamed repository after deletion
295 296 - db transaction fixes when filesystem repository creation failed
296 297 - fixed #106 relation issues on databases different than sqlite
297 298 - fixed static files paths links to use of url() method
298 299
299 300 1.1.2 (**2011-01-12**)
300 301 ======================
301 302
302 303 news
303 304 ----
304 305
305 306
306 307 fixes
307 308 -----
308 309
309 310 - fixes #98 protection against float division of percentage stats
310 311 - fixed graph bug
311 312 - forced webhelpers version since it was making troubles during installation
312 313
313 314 1.1.1 (**2011-01-06**)
314 315 ======================
315 316
316 317 news
317 318 ----
318 319
319 320 - added force https option into ini files for easier https usage (no need to
320 321 set server headers with this options)
321 322 - small css updates
322 323
323 324 fixes
324 325 -----
325 326
326 327 - fixed #96 redirect loop on files view on repositories without changesets
327 328 - fixed #97 unicode string passed into server header in special cases (mod_wsgi)
328 329 and server crashed with errors
329 330 - fixed large tooltips problems on main page
330 331 - fixed #92 whoosh indexer is more error proof
331 332
332 333 1.1.0 (**2010-12-18**)
333 334 ======================
334 335
335 336 news
336 337 ----
337 338
338 339 - rewrite of internals for vcs >=0.1.10
339 340 - uses mercurial 1.7 with dotencode disabled for maintaining compatibility
340 341 with older clients
341 342 - anonymous access, authentication via ldap
342 343 - performance upgrade for cached repos list - each repository has its own
343 344 cache that's invalidated when needed.
344 345 - performance upgrades on repositories with large amount of commits (20K+)
345 346 - main page quick filter for filtering repositories
346 347 - user dashboards with ability to follow chosen repositories actions
347 348 - sends email to admin on new user registration
348 349 - added cache/statistics reset options into repository settings
349 350 - more detailed action logger (based on hooks) with pushed changesets lists
350 351 and options to disable those hooks from admin panel
351 352 - introduced new enhanced changelog for merges that shows more accurate results
352 353 - new improved and faster code stats (based on pygments lexers mapping tables,
353 354 showing up to 10 trending sources for each repository. Additionally stats
354 355 can be disabled in repository settings.
355 356 - gui optimizations, fixed application width to 1024px
356 357 - added cut off (for large files/changesets) limit into config files
357 358 - whoosh, celeryd, upgrade moved to paster command
358 359 - other than sqlite database backends can be used
359 360
360 361 fixes
361 362 -----
362 363
363 364 - fixes #61 forked repo was showing only after cache expired
364 365 - fixes #76 no confirmation on user deletes
365 366 - fixes #66 Name field misspelled
366 367 - fixes #72 block user removal when he owns repositories
367 368 - fixes #69 added password confirmation fields
368 369 - fixes #87 RhodeCode crashes occasionally on updating repository owner
369 370 - fixes #82 broken annotations on files with more than 1 blank line at the end
370 371 - a lot of fixes and tweaks for file browser
371 372 - fixed detached session issues
372 373 - fixed when user had no repos he would see all repos listed in my account
373 374 - fixed ui() instance bug when global hgrc settings was loaded for server
374 375 instance and all hgrc options were merged with our db ui() object
375 376 - numerous small bugfixes
376 377
377 378 (special thanks for TkSoh for detailed feedback)
378 379
379 380
380 381 1.0.2 (**2010-11-12**)
381 382 ======================
382 383
383 384 news
384 385 ----
385 386
386 387 - tested under python2.7
387 388 - bumped sqlalchemy and celery versions
388 389
389 390 fixes
390 391 -----
391 392
392 393 - fixed #59 missing graph.js
393 394 - fixed repo_size crash when repository had broken symlinks
394 395 - fixed python2.5 crashes.
395 396
396 397
397 398 1.0.1 (**2010-11-10**)
398 399 ======================
399 400
400 401 news
401 402 ----
402 403
403 404 - small css updated
404 405
405 406 fixes
406 407 -----
407 408
408 409 - fixed #53 python2.5 incompatible enumerate calls
409 410 - fixed #52 disable mercurial extension for web
410 411 - fixed #51 deleting repositories don't delete it's dependent objects
411 412
412 413
413 414 1.0.0 (**2010-11-02**)
414 415 ======================
415 416
416 417 - security bugfix simplehg wasn't checking for permissions on commands
417 418 other than pull or push.
418 419 - fixed doubled messages after push or pull in admin journal
419 420 - templating and css corrections, fixed repo switcher on chrome, updated titles
420 421 - admin menu accessible from options menu on repository view
421 422 - permissions cached queries
422 423
423 424 1.0.0rc4 (**2010-10-12**)
424 425 ==========================
425 426
426 427 - fixed python2.5 missing simplejson imports (thanks to Jens BΓ€ckman)
427 428 - removed cache_manager settings from sqlalchemy meta
428 429 - added sqlalchemy cache settings to ini files
429 430 - validated password length and added second try of failure on paster setup-app
430 431 - fixed setup database destroy prompt even when there was no db
431 432
432 433
433 434 1.0.0rc3 (**2010-10-11**)
434 435 =========================
435 436
436 437 - fixed i18n during installation.
437 438
438 439 1.0.0rc2 (**2010-10-11**)
439 440 =========================
440 441
441 442 - Disabled dirsize in file browser, it's causing nasty bug when dir renames
442 443 occure. After vcs is fixed it'll be put back again.
443 444 - templating/css rewrites, optimized css. No newline at end of file
Show file before | Show file after | Hide comments
@@ -1,712 +1,715 b''
1 1 .. _setup:
2 2
3 3 Setup
4 4 =====
5 5
6 6
7 7 Setting up RhodeCode
8 8 --------------------
9 9
10 10 First, you will need to create a RhodeCode configuration file. Run the
11 11 following command to do this::
12 12
13 13 paster make-config RhodeCode production.ini
14 14
15 15 - This will create the file `production.ini` in the current directory. This
16 16 configuration file contains the various settings for RhodeCode, e.g proxy
17 17 port, email settings, usage of static files, cache, celery settings and
18 18 logging.
19 19
20 20
21 21 Next, you need to create the databases used by RhodeCode. I recommend that you
22 22 use sqlite (default) or postgresql. If you choose a database other than the
23 23 default ensure you properly adjust the db url in your production.ini
24 24 configuration file to use this other database. Create the databases by running
25 25 the following command::
26 26
27 27 paster setup-app production.ini
28 28
29 29 This will prompt you for a "root" path. This "root" path is the location where
30 30 RhodeCode will store all of its repositories on the current machine. After
31 31 entering this "root" path ``setup-app`` will also prompt you for a username
32 32 and password for the initial admin account which ``setup-app`` sets up for you.
33 33
34 34 - The ``setup-app`` command will create all of the needed tables and an admin
35 35 account. When choosing a root path you can either use a new empty location,
36 36 or a location which already contains existing repositories. If you choose a
37 37 location which contains existing repositories RhodeCode will simply add all
38 38 of the repositories at the chosen location to it's database. (Note: make
39 39 sure you specify the correct path to the root).
40 40 - Note: the given path for mercurial_ repositories **must** be write accessible
41 41 for the application. It's very important since the RhodeCode web interface
42 42 will work without write access, but when trying to do a push it will
43 43 eventually fail with permission denied errors unless it has write access.
44 44
45 45 You are now ready to use RhodeCode, to run it simply execute::
46 46
47 47 paster serve production.ini
48 48
49 49 - This command runs the RhodeCode server. The web app should be available at the
50 50 127.0.0.1:5000. This ip and port is configurable via the production.ini
51 51 file created in previous step
52 52 - Use the admin account you created above when running ``setup-app`` to login
53 53 to the web app.
54 54 - The default permissions on each repository is read, and the owner is admin.
55 55 Remember to update these if needed.
56 56 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
57 57 well as edit more advanced options on users and repositories
58 58
59 59 Try copying your own mercurial repository into the "root" directory you are
60 60 using, then from within the RhodeCode web application choose Admin >
61 61 repositories. Then choose Add New Repository. Add the repository you copied
62 62 into the root. Test that you can browse your repository from within RhodeCode
63 63 and then try cloning your repository from RhodeCode with::
64 64
65 65 hg clone http://127.0.0.1:5000/<repository name>
66 66
67 67 where *repository name* is replaced by the name of your repository.
68 68
69 69 Using RhodeCode with SSH
70 70 ------------------------
71 71
72 72 RhodeCode currently only hosts repositories using http and https. (The addition
73 73 of ssh hosting is a planned future feature.) However you can easily use ssh in
74 74 parallel with RhodeCode. (Repository access via ssh is a standard "out of
75 75 the box" feature of mercurial_ and you can use this to access any of the
76 76 repositories that RhodeCode is hosting. See PublishingRepositories_)
77 77
78 78 RhodeCode repository structures are kept in directories with the same name
79 79 as the project. When using repository groups, each group is a subdirectory.
80 80 This allows you to easily use ssh for accessing repositories.
81 81
82 82 In order to use ssh you need to make sure that your web-server and the users
83 83 login accounts have the correct permissions set on the appropriate directories.
84 84 (Note that these permissions are independent of any permissions you have set up
85 85 using the RhodeCode web interface.)
86 86
87 87 If your main directory (the same as set in RhodeCode settings) is for example
88 88 set to **/home/hg** and the repository you are using is named `rhodecode`, then
89 89 to clone via ssh you should run::
90 90
91 91 hg clone ssh://user@server.com/home/hg/rhodecode
92 92
93 93 Using other external tools such as mercurial-server_ or using ssh key based
94 94 authentication is fully supported.
95 95
96 96 Note: In an advanced setup, in order for your ssh access to use the same
97 97 permissions as set up via the RhodeCode web interface, you can create an
98 98 authentication hook to connect to the rhodecode db and runs check functions for
99 99 permissions against that.
100 100
101 101 Setting up Whoosh full text search
102 102 ----------------------------------
103 103
104 104 Starting from version 1.1 the whoosh index can be build by using the paster
105 105 command ``make-index``. To use ``make-index`` you must specify the configuration
106 106 file that stores the location of the index. You may specify the location of the
107 107 repositories (`--repo-location`). If not specified, this value is retrieved
108 108 from the RhodeCode database. This was required prior to 1.2. Starting from
109 109 version 1.2 it is also possible to specify a comma separated list of
110 110 repositories (`--index-only`) to build index only on chooses repositories
111 111 skipping any other found in repos location
112 112
113 113 You may optionally pass the option `-f` to enable a full index rebuild. Without
114 114 the `-f` option, indexing will run always in "incremental" mode.
115 115
116 116 For an incremental index build use::
117 117
118 118 paster make-index production.ini
119 119
120 120 For a full index rebuild use::
121 121
122 122 paster make-index production.ini -f
123 123
124 124
125 125 building index just for chosen repositories is possible with such command::
126 126
127 127 paster make-index production.ini --index-only=vcs,rhodecode
128 128
129 129
130 130 In order to do periodical index builds and keep your index always up to date.
131 131 It's recommended to do a crontab entry for incremental indexing.
132 132 An example entry might look like this::
133 133
134 134 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
135 135
136 136 When using incremental mode (the default) whoosh will check the last
137 137 modification date of each file and add it to be reindexed if a newer file is
138 138 available. The indexing daemon checks for any removed files and removes them
139 139 from index.
140 140
141 141 If you want to rebuild index from scratch, you can use the `-f` flag as above,
142 142 or in the admin panel you can check `build from scratch` flag.
143 143
144 144
145 145 Setting up LDAP support
146 146 -----------------------
147 147
148 148 RhodeCode starting from version 1.1 supports ldap authentication. In order
149 149 to use LDAP, you have to install the python-ldap_ package. This package is
150 150 available via pypi, so you can install it by running
151 151
152 152 using easy_install::
153 153
154 154 easy_install python-ldap
155 155
156 156 using pip::
157 157
158 158 pip install python-ldap
159 159
160 160 .. note::
161 161 python-ldap requires some certain libs on your system, so before installing
162 162 it check that you have at least `openldap`, and `sasl` libraries.
163 163
164 164 LDAP settings are located in admin->ldap section,
165 165
166 166 Here's a typical ldap setup::
167 167
168 168 Connection settings
169 169 Enable LDAP = checked
170 170 Host = host.example.org
171 171 Port = 389
172 172 Account = <account>
173 173 Password = <password>
174 174 Connection Security = LDAPS connection
175 175 Certificate Checks = DEMAND
176 176
177 177 Search settings
178 178 Base DN = CN=users,DC=host,DC=example,DC=org
179 179 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
180 180 LDAP Search Scope = SUBTREE
181 181
182 182 Attribute mappings
183 183 Login Attribute = uid
184 184 First Name Attribute = firstName
185 185 Last Name Attribute = lastName
186 186 E-mail Attribute = mail
187 187
188 188 .. _enable_ldap:
189 189
190 190 Enable LDAP : required
191 191 Whether to use LDAP for authenticating users.
192 192
193 193 .. _ldap_host:
194 194
195 195 Host : required
196 196 LDAP server hostname or IP address.
197 197
198 198 .. _Port:
199 199
200 200 Port : required
201 201 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
202 202
203 203 .. _ldap_account:
204 204
205 205 Account : optional
206 206 Only required if the LDAP server does not allow anonymous browsing of
207 207 records. This should be a special account for record browsing. This
208 208 will require `LDAP Password`_ below.
209 209
210 210 .. _LDAP Password:
211 211
212 212 Password : optional
213 213 Only required if the LDAP server does not allow anonymous browsing of
214 214 records.
215 215
216 216 .. _Enable LDAPS:
217 217
218 218 Connection Security : required
219 219 Defines the connection to LDAP server
220 220
221 221 No encryption
222 222 Plain non encrypted connection
223 223
224 224 LDAPS connection
225 225 Enable ldaps connection. It will likely require `Port`_ to be set to
226 226 a different value (standard LDAPS port is 636). When LDAPS is enabled
227 227 then `Certificate Checks`_ is required.
228 228
229 229 START_TLS on LDAP connection
230 230 START TLS connection
231 231
232 232 .. _Certificate Checks:
233 233
234 234 Certificate Checks : optional
235 235 How SSL certificates verification is handled - this is only useful when
236 236 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
237 237 while the other options are susceptible to man-in-the-middle attacks. SSL
238 238 certificates can be installed to /etc/openldap/cacerts so that the
239 239 DEMAND or HARD options can be used with self-signed certificates or
240 240 certificates that do not have traceable certificates of authority.
241 241
242 242 NEVER
243 243 A serve certificate will never be requested or checked.
244 244
245 245 ALLOW
246 246 A server certificate is requested. Failure to provide a
247 247 certificate or providing a bad certificate will not terminate the
248 248 session.
249 249
250 250 TRY
251 251 A server certificate is requested. Failure to provide a
252 252 certificate does not halt the session; providing a bad certificate
253 253 halts the session.
254 254
255 255 DEMAND
256 256 A server certificate is requested and must be provided and
257 257 authenticated for the session to proceed.
258 258
259 259 HARD
260 260 The same as DEMAND.
261 261
262 262 .. _Base DN:
263 263
264 264 Base DN : required
265 265 The Distinguished Name (DN) where searches for users will be performed.
266 266 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
267 267
268 268 .. _LDAP Filter:
269 269
270 270 LDAP Filter : optional
271 271 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
272 272 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
273 273 which LDAP objects are identified as representing Users for
274 274 authentication. The filter is augmented by `Login Attribute`_ below.
275 275 This can commonly be left blank.
276 276
277 277 .. _LDAP Search Scope:
278 278
279 279 LDAP Search Scope : required
280 280 This limits how far LDAP will search for a matching object.
281 281
282 282 BASE
283 283 Only allows searching of `Base DN`_ and is usually not what you
284 284 want.
285 285
286 286 ONELEVEL
287 287 Searches all entries under `Base DN`_, but not Base DN itself.
288 288
289 289 SUBTREE
290 290 Searches all entries below `Base DN`_, but not Base DN itself.
291 291 When using SUBTREE `LDAP Filter`_ is useful to limit object
292 292 location.
293 293
294 294 .. _Login Attribute:
295 295
296 296 Login Attribute : required
297 297 The LDAP record attribute that will be matched as the USERNAME or
298 298 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
299 299 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
300 300 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
301 301 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
302 302 ::
303 303
304 304 (&(LDAPFILTER)(uid=jsmith))
305 305
306 306 .. _ldap_attr_firstname:
307 307
308 308 First Name Attribute : required
309 309 The LDAP record attribute which represents the user's first name.
310 310
311 311 .. _ldap_attr_lastname:
312 312
313 313 Last Name Attribute : required
314 314 The LDAP record attribute which represents the user's last name.
315 315
316 316 .. _ldap_attr_email:
317 317
318 318 Email Attribute : required
319 319 The LDAP record attribute which represents the user's email address.
320 320
321 321 If all data are entered correctly, and python-ldap_ is properly installed
322 322 users should be granted access to RhodeCode with ldap accounts. At this
323 323 time user information is copied from LDAP into the RhodeCode user database.
324 324 This means that updates of an LDAP user object may not be reflected as a
325 325 user update in RhodeCode.
326 326
327 327 If You have problems with LDAP access and believe You entered correct
328 328 information check out the RhodeCode logs, any error messages sent from LDAP
329 329 will be saved there.
330 330
331 331 Active Directory
332 332 ''''''''''''''''
333 333
334 334 RhodeCode can use Microsoft Active Directory for user authentication. This
335 335 is done through an LDAP or LDAPS connection to Active Directory. The
336 336 following LDAP configuration settings are typical for using Active
337 337 Directory ::
338 338
339 339 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
340 340 Login Attribute = sAMAccountName
341 341 First Name Attribute = givenName
342 342 Last Name Attribute = sn
343 343 E-mail Attribute = mail
344 344
345 345 All other LDAP settings will likely be site-specific and should be
346 346 appropriately configured.
347 347
348 348
349 349
350 350 Authentication by container or reverse-proxy
351 351 --------------------------------------------
352 352
353 353 Starting with version 1.3, RhodeCode supports delegating the authentication
354 354 of users to its WSGI container, or to a reverse-proxy server through which all
355 355 clients access the application.
356 356
357 357 When these authentication methods are enabled in RhodeCode, it uses the
358 358 username that the container/proxy (Apache/Nginx/etc) authenticated and doesn't
359 359 perform the authentication itself. The authorization, however, is still done by
360 360 RhodeCode according to its settings.
361 361
362 362 When a user logs in for the first time using these authentication methods,
363 363 a matching user account is created in RhodeCode with default permissions. An
364 364 administrator can then modify it using RhodeCode's admin interface.
365 365 It's also possible for an administrator to create accounts and configure their
366 366 permissions before the user logs in for the first time.
367 367
368 368 Container-based authentication
369 369 ''''''''''''''''''''''''''''''
370 370
371 371 In a container-based authentication setup, RhodeCode reads the user name from
372 372 the ``REMOTE_USER`` server variable provided by the WSGI container.
373 373
374 374 After setting up your container (see `Apache's WSGI config`_), you'd need
375 375 to configure it to require authentication on the location configured for
376 376 RhodeCode.
377 377
378 378 In order for RhodeCode to start using the provided username, you should set the
379 379 following in the [app:main] section of your .ini file::
380 380
381 381 container_auth_enabled = true
382 382
383 383
384 384 Proxy pass-through authentication
385 385 '''''''''''''''''''''''''''''''''
386 386
387 387 In a proxy pass-through authentication setup, RhodeCode reads the user name
388 388 from the ``X-Forwarded-User`` request header, which should be configured to be
389 389 sent by the reverse-proxy server.
390 390
391 391 After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,
392 392 `Apache as subdirectory`_ or `Nginx virtual host example`_), you'd need to
393 393 configure the authentication and add the username in a request header named
394 394 ``X-Forwarded-User``.
395 395
396 396 For example, the following config section for Apache sets a subdirectory in a
397 397 reverse-proxy setup with basic auth::
398 398
399 399 <Location /<someprefix> >
400 400 ProxyPass http://127.0.0.1:5000/<someprefix>
401 401 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
402 402 SetEnvIf X-Url-Scheme https HTTPS=1
403 403
404 404 AuthType Basic
405 405 AuthName "RhodeCode authentication"
406 406 AuthUserFile /home/web/rhodecode/.htpasswd
407 407 require valid-user
408 408
409 409 RequestHeader unset X-Forwarded-User
410 410
411 411 RewriteEngine On
412 412 RewriteCond %{LA-U:REMOTE_USER} (.+)
413 413 RewriteRule .* - [E=RU:%1]
414 414 RequestHeader set X-Forwarded-User %{RU}e
415 415 </Location>
416 416
417 417 In order for RhodeCode to start using the forwarded username, you should set
418 418 the following in the [app:main] section of your .ini file::
419 419
420 420 proxypass_auth_enabled = true
421 421
422 422 .. note::
423 423 If you enable proxy pass-through authentication, make sure your server is
424 424 only accessible through the proxy. Otherwise, any client would be able to
425 425 forge the authentication header and could effectively become authenticated
426 426 using any account of their liking.
427 427
428 428 Integration with Issue trackers
429 429 -------------------------------
430 430
431 431 RhodeCode provides a simple integration with issue trackers. It's possible
432 432 to define a regular expression that will fetch issue id stored in commit
433 433 messages and replace that with an url to this issue. To enable this simply
434 434 uncomment following variables in the ini file::
435 435
436 436 url_pat = (?:^#|\s#)(\w+)
437 issue_server = https://myissueserver.com/issue/{id}
437 issue_server_link = https://myissueserver.com/{repo}/issue/{id}
438 438 issue_prefix = #
439 439
440 `url_pat` is the regular expression that will match issues, default given regex
441 will match issues in format of #<number> eg. #300.
442 Matched issues will be replace with the `issue_server` url replacing {id} with
443 id fetched from regex. Since the # is striped `issue_prefix` is added as a
444 prefix to url. `issue_prefix` can be something different than # if you pass
445 ISSUE- as issue prefix this will generate an url in format
446 `<a href="https://myissueserver.com/issue/300">ISSUE-300</a>`
440 `url_pat` is the regular expression that will fetch issues from commit messages.
441 Default regex will match issues in format of #<number> eg. #300.
442
443 Matched issues will be replace with the link specified as `issue_server_link`
444 {id} will be replaced with issue id, and {repo} with repository name.
445 Since the # is striped `issue_prefix` is added as a prefix to url.
446 `issue_prefix` can be something different than # if you pass
447 ISSUE- as issue prefix this will generate an url in format::
448
449 <a href="https://myissueserver.com/example_repo/issue/300">ISSUE-300</a>
447 450
448 451 Hook management
449 452 ---------------
450 453
451 454 Hooks can be managed in similar way to this used in .hgrc files.
452 455 To access hooks setting click `advanced setup` on Hooks section of Mercurial
453 456 Settings in Admin.
454 457
455 458 There are 4 built in hooks that cannot be changed (only enable/disable by
456 459 checkboxes on previos section).
457 460 To add another custom hook simply fill in first section with
458 461 <name>.<hook_type> and the second one with hook path. Example hooks
459 462 can be found at *rhodecode.lib.hooks*.
460 463
461 464
462 465 Setting Up Celery
463 466 -----------------
464 467
465 468 Since version 1.1 celery is configured by the rhodecode ini configuration files.
466 469 Simply set use_celery=true in the ini file then add / change the configuration
467 470 variables inside the ini file.
468 471
469 472 Remember that the ini files use the format with '.' not with '_' like celery.
470 473 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
471 474 the config file.
472 475
473 476 In order to start using celery run::
474 477
475 478 paster celeryd <configfile.ini>
476 479
477 480
478 481 .. note::
479 482 Make sure you run this command from the same virtualenv, and with the same
480 483 user that rhodecode runs.
481 484
482 485 HTTPS support
483 486 -------------
484 487
485 488 There are two ways to enable https:
486 489
487 490 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
488 491 recognize this headers and make proper https redirections
489 492 - Alternatively, change the `force_https = true` flag in the ini configuration
490 493 to force using https, no headers are needed than to enable https
491 494
492 495
493 496 Nginx virtual host example
494 497 --------------------------
495 498
496 499 Sample config for nginx using proxy::
497 500
498 501 upstream rc {
499 502 server 127.0.0.1:5000;
500 503 # add more instances for load balancing
501 504 #server 127.0.0.1:5001;
502 505 #server 127.0.0.1:5002;
503 506 }
504 507
505 508 server {
506 509 listen 80;
507 510 server_name hg.myserver.com;
508 511 access_log /var/log/nginx/rhodecode.access.log;
509 512 error_log /var/log/nginx/rhodecode.error.log;
510 513
511 514 location / {
512 515 try_files $uri @rhode;
513 516 }
514 517
515 518 location @rhode {
516 519 proxy_pass http://rc;
517 520 include /etc/nginx/proxy.conf;
518 521 }
519 522
520 523 }
521 524
522 525 Here's the proxy.conf. It's tuned so it will not timeout on long
523 526 pushes or large pushes::
524 527
525 528 proxy_redirect off;
526 529 proxy_set_header Host $host;
527 530 proxy_set_header X-Url-Scheme $scheme;
528 531 proxy_set_header X-Host $http_host;
529 532 proxy_set_header X-Real-IP $remote_addr;
530 533 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
531 534 proxy_set_header Proxy-host $proxy_host;
532 535 client_max_body_size 400m;
533 536 client_body_buffer_size 128k;
534 537 proxy_buffering off;
535 538 proxy_connect_timeout 7200;
536 539 proxy_send_timeout 7200;
537 540 proxy_read_timeout 7200;
538 541 proxy_buffers 8 32k;
539 542
540 543 Also, when using root path with nginx you might set the static files to false
541 544 in the production.ini file::
542 545
543 546 [app:main]
544 547 use = egg:rhodecode
545 548 full_stack = true
546 549 static_files = false
547 550 lang=en
548 551 cache_dir = %(here)s/data
549 552
550 553 In order to not have the statics served by the application. This improves speed.
551 554
552 555
553 556 Apache virtual host reverse proxy example
554 557 -----------------------------------------
555 558
556 559 Here is a sample configuration file for apache using proxy::
557 560
558 561 <VirtualHost *:80>
559 562 ServerName hg.myserver.com
560 563 ServerAlias hg.myserver.com
561 564
562 565 <Proxy *>
563 566 Order allow,deny
564 567 Allow from all
565 568 </Proxy>
566 569
567 570 #important !
568 571 #Directive to properly generate url (clone url) for pylons
569 572 ProxyPreserveHost On
570 573
571 574 #rhodecode instance
572 575 ProxyPass / http://127.0.0.1:5000/
573 576 ProxyPassReverse / http://127.0.0.1:5000/
574 577
575 578 #to enable https use line below
576 579 #SetEnvIf X-Url-Scheme https HTTPS=1
577 580
578 581 </VirtualHost>
579 582
580 583
581 584 Additional tutorial
582 585 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
583 586
584 587
585 588 Apache as subdirectory
586 589 ----------------------
587 590
588 591 Apache subdirectory part::
589 592
590 593 <Location /<someprefix> >
591 594 ProxyPass http://127.0.0.1:5000/<someprefix>
592 595 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
593 596 SetEnvIf X-Url-Scheme https HTTPS=1
594 597 </Location>
595 598
596 599 Besides the regular apache setup you will need to add the following line
597 600 into [app:main] section of your .ini file::
598 601
599 602 filter-with = proxy-prefix
600 603
601 604 Add the following at the end of the .ini file::
602 605
603 606 [filter:proxy-prefix]
604 607 use = egg:PasteDeploy#prefix
605 608 prefix = /<someprefix>
606 609
607 610
608 611 then change <someprefix> into your choosen prefix
609 612
610 613 Apache's WSGI config
611 614 --------------------
612 615
613 616 Alternatively, RhodeCode can be set up with Apache under mod_wsgi. For
614 617 that, you'll need to:
615 618
616 619 - Install mod_wsgi. If using a Debian-based distro, you can install
617 620 the package libapache2-mod-wsgi::
618 621
619 622 aptitude install libapache2-mod-wsgi
620 623
621 624 - Enable mod_wsgi::
622 625
623 626 a2enmod wsgi
624 627
625 628 - Create a wsgi dispatch script, like the one below. Make sure you
626 629 check the paths correctly point to where you installed RhodeCode
627 630 and its Python Virtual Environment.
628 631 - Enable the WSGIScriptAlias directive for the wsgi dispatch script,
629 632 as in the following example. Once again, check the paths are
630 633 correctly specified.
631 634
632 635 Here is a sample excerpt from an Apache Virtual Host configuration file::
633 636
634 637 WSGIDaemonProcess pylons user=www-data group=www-data processes=1 \
635 638 threads=4 \
636 639 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
637 640 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
638 641
639 642 Example wsgi dispatch script::
640 643
641 644 import os
642 645 os.environ["HGENCODING"] = "UTF-8"
643 646 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
644 647
645 648 # sometimes it's needed to set the curent dir
646 649 os.chdir('/home/web/rhodecode/')
647 650
648 651 import site
649 652 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
650 653
651 654 from paste.deploy import loadapp
652 655 from paste.script.util.logging_config import fileConfig
653 656
654 657 fileConfig('/home/web/rhodecode/production.ini')
655 658 application = loadapp('config:/home/web/rhodecode/production.ini')
656 659
657 660 Note: when using mod_wsgi you'll need to install the same version of
658 661 Mercurial that's inside RhodeCode's virtualenv also on the system's Python
659 662 environment.
660 663
661 664
662 665 Other configuration files
663 666 -------------------------
664 667
665 668 Some example init.d scripts can be found here, for debian and gentoo:
666 669
667 670 https://rhodecode.org/rhodecode/files/tip/init.d
668 671
669 672
670 673 Troubleshooting
671 674 ---------------
672 675
673 676 :Q: **Missing static files?**
674 677 :A: Make sure either to set the `static_files = true` in the .ini file or
675 678 double check the root path for your http setup. It should point to
676 679 for example:
677 680 /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
678 681
679 682 |
680 683
681 684 :Q: **Can't install celery/rabbitmq**
682 685 :A: Don't worry RhodeCode works without them too. No extra setup is required.
683 686
684 687 |
685 688
686 689 :Q: **Long lasting push timeouts?**
687 690 :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
688 691 are caused by https server and not RhodeCode.
689 692
690 693 |
691 694
692 695 :Q: **Large pushes timeouts?**
693 696 :A: Make sure you set a proper max_body_size for the http server.
694 697
695 698 |
696 699
697 700 :Q: **Apache doesn't pass basicAuth on pull/push?**
698 701 :A: Make sure you added `WSGIPassAuthorization true`.
699 702
700 703 For further questions search the `Issues tracker`_, or post a message in the
701 704 `google group rhodecode`_
702 705
703 706 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
704 707 .. _python: http://www.python.org/
705 708 .. _mercurial: http://mercurial.selenic.com/
706 709 .. _celery: http://celeryproject.org/
707 710 .. _rabbitmq: http://www.rabbitmq.com/
708 711 .. _python-ldap: http://www.python-ldap.org/
709 712 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
710 713 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
711 714 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
712 715 .. _google group rhodecode: http://groups.google.com/group/rhodecode
General Comments 0
You need to be logged in to leave comments. Login now