##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

docs: outline the challenges of specifying a locale for services (Issue #340)...
Mads Kiilerich -
r7559:9bae1116 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,146 +1,181 b''
1 1 .. _overview:
2 2
3 3 =====================
4 4 Installation overview
5 5 =====================
6 6
7 7 Some overview and some details that can help understanding the options when
8 8 installing Kallithea.
9 9
10 10
11 11 Python environment
12 12 ------------------
13 13
14 14 **Kallithea** is written entirely in Python_ and requires Python version
15 15 2.6 or higher. Python 3.x is currently not supported.
16 16
17 17 Given a Python installation, there are different ways of providing the
18 18 environment for running Python applications. Each of them pretty much
19 19 corresponds to a ``site-packages`` directory somewhere where packages can be
20 20 installed.
21 21
22 22 Kallithea itself can be run from source or be installed, but even when running
23 23 from source, there are some dependencies that must be installed in the Python
24 24 environment used for running Kallithea.
25 25
26 26 - Packages *could* be installed in Python's ``site-packages`` directory ... but
27 27 that would require running pip_ as root and it would be hard to uninstall or
28 28 upgrade and is probably not a good idea unless using a package manager.
29 29
30 30 - Packages could also be installed in ``~/.local`` ... but that is probably
31 31 only a good idea if using a dedicated user per application or instance.
32 32
33 33 - Finally, it can be installed in a virtualenv_. That is a very lightweight
34 34 "container" where each Kallithea instance can get its own dedicated and
35 35 self-contained virtual environment.
36 36
37 37 We recommend using virtualenv for installing Kallithea.
38 38
39 39
40 Locale environment
41 ------------------
42
43 In order to ensure a correct functioning of Kallithea with respect to non-ASCII
44 characters in user names, file paths, commit messages, etc., it is very
45 important that Kallithea is run with a correct `locale` configuration.
46
47 On Unix, environment variables like ``LANG`` or ``LC_ALL`` can specify a language (like
48 ``en_US``) and encoding (like ``UTF-8``) to use for code points outside the ASCII
49 range. The flexibility of supporting multiple encodings of Unicode has the flip
50 side of having to specify which encoding to use - especially for Mercurial.
51
52 It depends on the OS distribution and system configuration which locales are
53 available. For example, some Docker containers based on Debian default to only
54 supporting the ``C`` language, while other Linux environments have ``en_US`` but not
55 ``C``. The ``locale -a`` command will show which values are available on the
56 current system. Regardless of the actual language, you should normally choose a
57 locale that has the ``UTF-8`` encoding (note that spellings ``utf8``, ``utf-8``,
58 ``UTF8``, ``UTF-8`` are all referring to the same thing)
59
60 For technical reasons, the locale configuration **must** be provided in the
61 environment in which Kallithea runs - it cannot be specified in the ``.ini`` file.
62 How to practically do this depends on the web server that is used and the way it
63 is started. For example, gearbox is often started by a normal user, either
64 manually or via a script. In this case, the required locale environment
65 variables can be provided directly in that user's environment or in the script.
66 However, web servers like Apache are often started at boot via an init script or
67 service file. Modifying the environment for this case would thus require
68 root/administrator privileges. Moreover, that environment would dictate the
69 settings for all web services running under that web server, Kallithea being
70 just one of them. Specifically in the case of Apache with ``mod_wsgi``, the
71 locale can be set for a specific service in its ``WSGIDaemonProcess`` directive,
72 using the ``lang`` parameter.
73
74
40 75 Installation methods
41 76 --------------------
42 77
43 78 Kallithea must be installed on a server. Kallithea is installed in a Python
44 79 environment so it can use packages that are installed there and make itself
45 80 available for other packages.
46 81
47 82 Two different cases will pretty much cover the options for how it can be
48 83 installed.
49 84
50 85 - The Kallithea source repository can be cloned and used -- it is kept stable and
51 86 can be used in production. The Kallithea maintainers use the development
52 87 branch in production. The advantage of installation from source and regularly
53 88 updating it is that you take advantage of the most recent improvements. Using
54 89 it directly from a DVCS also means that it is easy to track local customizations.
55 90
56 91 Running ``pip install -e .`` in the source will use pip to install the
57 92 necessary dependencies in the Python environment and create a
58 93 ``.../site-packages/Kallithea.egg-link`` file there that points at the Kallithea
59 94 source.
60 95
61 96 - Kallithea can also be installed from ready-made packages using a package manager.
62 97 The official released versions are available on PyPI_ and can be downloaded and
63 98 installed with all dependencies using ``pip install kallithea``.
64 99
65 100 With this method, Kallithea is installed in the Python environment as any
66 101 other package, usually as a ``.../site-packages/Kallithea-X-py2.7.egg/``
67 102 directory with Python files and everything else that is needed.
68 103
69 104 (``pip install kallithea`` from a source tree will do pretty much the same
70 105 but build the Kallithea package itself locally instead of downloading it.)
71 106
72 107 .. note::
73 108 Kallithea includes front-end code that needs to be processed first.
74 109 The tool npm_ is used to download external dependencies and orchestrate the
75 110 processing. The ``npm`` binary must thus be available.
76 111
77 112
78 113 Web server
79 114 ----------
80 115
81 116 Kallithea is (primarily) a WSGI_ application that must be run from a web
82 117 server that serves WSGI applications over HTTP.
83 118
84 119 Kallithea itself is not serving HTTP (or HTTPS); that is the web server's
85 120 responsibility. Kallithea does however need to know its own user facing URL
86 121 (protocol, address, port and path) for each HTTP request. Kallithea will
87 122 usually use its own HTML/cookie based authentication but can also be configured
88 123 to use web server authentication.
89 124
90 125 There are several web server options:
91 126
92 127 - Kallithea uses the Gearbox_ tool as command line interface. Gearbox provides
93 128 ``gearbox serve`` as a convenient way to launch a Python WSGI / web server
94 129 from the command line. That is perfect for development and evaluation.
95 130 Actual use in production might have different requirements and need extra
96 131 work to make it manageable as a scalable system service.
97 132
98 133 Gearbox comes with its own built-in web server but Kallithea defaults to use
99 134 Waitress_. Gunicorn_ is also an option. These web servers have different
100 135 limited feature sets.
101 136
102 137 The web server used by ``gearbox`` is configured in the ``.ini`` file passed
103 138 to it. The entry point for the WSGI application is configured
104 139 in ``setup.py`` as ``kallithea.config.middleware:make_app``.
105 140
106 141 - `Apache httpd`_ can serve WSGI applications directly using mod_wsgi_ and a
107 142 simple Python file with the necessary configuration. This is a good option if
108 143 Apache is an option.
109 144
110 145 - uWSGI_ is also a full web server with built-in WSGI module.
111 146
112 147 - IIS_ can also server WSGI applications directly using isapi-wsgi_.
113 148
114 149 - A `reverse HTTP proxy <https://en.wikipedia.org/wiki/Reverse_proxy>`_
115 150 can be put in front of another web server which has WSGI support.
116 151 Such a layered setup can be complex but might in some cases be the right
117 152 option, for example to standardize on one internet-facing web server, to add
118 153 encryption or special authentication or for other security reasons, to
119 154 provide caching of static files, or to provide load balancing or fail-over.
120 155 Nginx_, Varnish_ and HAProxy_ are often used for this purpose, often in front
121 156 of a ``gearbox serve`` that somehow is wrapped as a service.
122 157
123 158 The best option depends on what you are familiar with and the requirements for
124 159 performance and stability. Also, keep in mind that Kallithea mainly is serving
125 160 dynamically generated pages from a relatively slow Python process. Kallithea is
126 161 also often used inside organizations with a limited amount of users and thus no
127 162 continuous hammering from the internet.
128 163
129 164
130 165 .. _Python: http://www.python.org/
131 166 .. _Gunicorn: http://gunicorn.org/
132 167 .. _Waitress: http://waitress.readthedocs.org/en/latest/
133 168 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
134 169 .. _Gearbox: http://turbogears.readthedocs.io/en/latest/turbogears/gearbox.html
135 170 .. _PyPI: https://pypi.python.org/pypi
136 171 .. _Apache httpd: http://httpd.apache.org/
137 172 .. _mod_wsgi: https://code.google.com/p/modwsgi/
138 173 .. _isapi-wsgi: https://github.com/hexdump42/isapi-wsgi
139 174 .. _uWSGI: https://uwsgi-docs.readthedocs.org/en/latest/
140 175 .. _nginx: http://nginx.org/en/
141 176 .. _iis: http://en.wikipedia.org/wiki/Internet_Information_Services
142 177 .. _pip: http://en.wikipedia.org/wiki/Pip_%28package_manager%29
143 178 .. _WSGI: http://en.wikipedia.org/wiki/Web_Server_Gateway_Interface
144 179 .. _HAProxy: http://www.haproxy.org/
145 180 .. _Varnish: https://www.varnish-cache.org/
146 181 .. _npm: https://www.npmjs.com/
Show file before | Show file after | Hide comments
@@ -1,585 +1,592 b''
1 1 .. _setup:
2 2
3 3 =====
4 4 Setup
5 5 =====
6 6
7 7
8 8 Setting up Kallithea
9 9 --------------------
10 10
11 11 First, you will need to create a Kallithea configuration file. Run the
12 12 following command to do so::
13 13
14 14 kallithea-cli config-create my.ini
15 15
16 16 This will create the file ``my.ini`` in the current directory. This
17 17 configuration file contains the various settings for Kallithea, e.g.
18 18 proxy port, email settings, usage of static files, cache, Celery
19 19 settings, and logging. Extra settings can be specified like::
20 20
21 21 kallithea-cli config-create my.ini host=8.8.8.8 "[handler_console]" formatter=color_formatter
22 22
23 23 Next, you need to create the databases used by Kallithea. It is recommended to
24 24 use PostgreSQL or SQLite (default). If you choose a database other than the
25 25 default, ensure you properly adjust the database URL in your ``my.ini``
26 26 configuration file to use this other database. Kallithea currently supports
27 27 PostgreSQL, SQLite and MySQL databases. Create the database by running
28 28 the following command::
29 29
30 30 kallithea-cli db-create -c my.ini
31 31
32 32 This will prompt you for a "root" path. This "root" path is the location where
33 33 Kallithea will store all of its repositories on the current machine. After
34 34 entering this "root" path ``db-create`` will also prompt you for a username
35 35 and password for the initial admin account which ``db-create`` sets
36 36 up for you.
37 37
38 38 The ``db-create`` values can also be given on the command line.
39 39 Example::
40 40
41 41 kallithea-cli db-create -c my.ini --user=nn --password=secret --email=nn@example.com --repos=/srv/repos
42 42
43 43 The ``db-create`` command will create all needed tables and an
44 44 admin account. When choosing a root path you can either use a new
45 45 empty location, or a location which already contains existing
46 46 repositories. If you choose a location which contains existing
47 47 repositories Kallithea will add all of the repositories at the chosen
48 48 location to its database. (Note: make sure you specify the correct
49 49 path to the root).
50 50
51 51 .. note:: the given path for Mercurial_ repositories **must** be write
52 52 accessible for the application. It's very important since
53 53 the Kallithea web interface will work without write access,
54 54 but when trying to do a push it will fail with permission
55 55 denied errors unless it has write access.
56 56
57 57 Finally, prepare the front-end by running::
58 58
59 59 kallithea-cli front-end-build
60 60
61 61 You are now ready to use Kallithea. To run it simply execute::
62 62
63 63 gearbox serve -c my.ini
64 64
65 65 - This command runs the Kallithea server. The web app should be available at
66 66 http://127.0.0.1:5000. The IP address and port is configurable via the
67 67 configuration file created in the previous step.
68 68 - Log in to Kallithea using the admin account created when running ``db-create``.
69 69 - The default permissions on each repository is read, and the owner is admin.
70 70 Remember to update these if needed.
71 71 - In the admin panel you can toggle LDAP, anonymous, and permissions
72 72 settings, as well as edit more advanced options on users and
73 73 repositories.
74 74
75 75
76 76 Internationalization (i18n support)
77 77 -----------------------------------
78 78
79 79 The Kallithea web interface is automatically displayed in the user's preferred
80 80 language, as indicated by the browser. Thus, different users may see the
81 81 application in different languages. If the requested language is not available
82 82 (because the translation file for that language does not yet exist or is
83 83 incomplete), the language specified in setting ``i18n.lang`` in the Kallithea
84 84 configuration file is used as fallback. If no fallback language is explicitly
85 85 specified, English is used.
86 86
87 87 If you want to disable automatic language detection and instead configure a
88 88 fixed language regardless of user preference, set ``i18n.enabled = false`` and
89 89 set ``i18n.lang`` to the desired language (or leave empty for English).
90 90
91 91
92 92 Using Kallithea with SSH
93 93 ------------------------
94 94
95 95 Kallithea currently only hosts repositories using http and https. (The addition
96 96 of ssh hosting is a planned future feature.) However you can easily use ssh in
97 97 parallel with Kallithea. (Repository access via ssh is a standard "out of
98 98 the box" feature of Mercurial_ and you can use this to access any of the
99 99 repositories that Kallithea is hosting. See PublishingRepositories_)
100 100
101 101 Kallithea repository structures are kept in directories with the same name
102 102 as the project. When using repository groups, each group is a subdirectory.
103 103 This allows you to easily use ssh for accessing repositories.
104 104
105 105 In order to use ssh you need to make sure that your web server and the users'
106 106 login accounts have the correct permissions set on the appropriate directories.
107 107
108 108 .. note:: These permissions are independent of any permissions you
109 109 have set up using the Kallithea web interface.
110 110
111 111 If your main directory (the same as set in Kallithea settings) is for
112 112 example set to ``/srv/repos`` and the repository you are using is
113 113 named ``kallithea``, then to clone via ssh you should run::
114 114
115 115 hg clone ssh://user@kallithea.example.com/srv/repos/kallithea
116 116
117 117 Using other external tools such as mercurial-server_ or using ssh key-based
118 118 authentication is fully supported.
119 119
120 120 .. note:: In an advanced setup, in order for your ssh access to use
121 121 the same permissions as set up via the Kallithea web
122 122 interface, you can create an authentication hook to connect
123 123 to the Kallithea db and run check functions for permissions
124 124 against that.
125 125
126 126
127 127 Setting up Whoosh full text search
128 128 ----------------------------------
129 129
130 130 Kallithea provides full text search of repositories using `Whoosh`__.
131 131
132 132 .. __: https://whoosh.readthedocs.io/en/latest/
133 133
134 134 For an incremental index build, run::
135 135
136 136 kallithea-cli index-create -c my.ini
137 137
138 138 For a full index rebuild, run::
139 139
140 140 kallithea-cli index-create -c my.ini --full
141 141
142 142 The ``--repo-location`` option allows the location of the repositories to be overridden;
143 143 usually, the location is retrieved from the Kallithea database.
144 144
145 145 The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list::
146 146
147 147 kallithea-cli index-create -c my.ini --index-only=vcs,kallithea
148 148
149 149 To keep your index up-to-date it is necessary to do periodic index builds;
150 150 for this, it is recommended to use a crontab entry. Example::
151 151
152 152 0 3 * * * /path/to/virtualenv/bin/kallithea-cli index-create -c /path/to/kallithea/my.ini
153 153
154 154 When using incremental mode (the default), Whoosh will check the last
155 155 modification date of each file and add it to be reindexed if a newer file is
156 156 available. The indexing daemon checks for any removed files and removes them
157 157 from index.
158 158
159 159 If you want to rebuild the index from scratch, you can use the ``-f`` flag as above,
160 160 or in the admin panel you can check the "build from scratch" checkbox.
161 161
162 162
163 163 Integration with issue trackers
164 164 -------------------------------
165 165
166 166 Kallithea provides a simple integration with issue trackers. It's possible
167 167 to define a regular expression that will match an issue ID in commit messages,
168 168 and have that replaced with a URL to the issue.
169 169
170 170 This is achieved with following three variables in the ini file::
171 171
172 172 issue_pat = #(\d+)
173 173 issue_server_link = https://issues.example.com/{repo}/issue/\1
174 174 issue_sub =
175 175
176 176 ``issue_pat`` is the regular expression describing which strings in
177 177 commit messages will be treated as issue references. The expression can/should
178 178 have one or more parenthesized groups that can later be referred to in
179 179 ``issue_server_link`` and ``issue_sub`` (see below). If you prefer, named groups
180 180 can be used instead of simple parenthesized groups.
181 181
182 182 If the pattern should only match if it is preceded by whitespace, add the
183 183 following string before the actual pattern: ``(?:^|(?<=\s))``.
184 184 If the pattern should only match if it is followed by whitespace, add the
185 185 following string after the actual pattern: ``(?:$|(?=\s))``.
186 186 These expressions use lookbehind and lookahead assertions of the Python regular
187 187 expression module to avoid the whitespace to be part of the actual pattern,
188 188 otherwise the link text will also contain that whitespace.
189 189
190 190 Matched issue references are replaced with the link specified in
191 191 ``issue_server_link``, in which any backreferences are resolved. Backreferences
192 192 can be ``\1``, ``\2``, ... or for named groups ``\g<groupname>``.
193 193 The special token ``{repo}`` is replaced with the full repository path
194 194 (including repository groups), while token ``{repo_name}`` is replaced with the
195 195 repository name (without repository groups).
196 196
197 197 The link text is determined by ``issue_sub``, which can be a string containing
198 198 backreferences to the groups specified in ``issue_pat``. If ``issue_sub`` is
199 199 empty, then the text matched by ``issue_pat`` is used verbatim.
200 200
201 201 The example settings shown above match issues in the format ``#<number>``.
202 202 This will cause the text ``#300`` to be transformed into a link:
203 203
204 204 .. code-block:: html
205 205
206 206 <a href="https://issues.example.com/example_repo/issue/300">#300</a>
207 207
208 208 The following example transforms a text starting with either of 'pullrequest',
209 209 'pull request' or 'PR', followed by an optional space, then a pound character
210 210 (#) and one or more digits, into a link with the text 'PR #' followed by the
211 211 digits::
212 212
213 213 issue_pat = (pullrequest|pull request|PR) ?#(\d+)
214 214 issue_server_link = https://issues.example.com/\2
215 215 issue_sub = PR #\2
216 216
217 217 The following example demonstrates how to require whitespace before the issue
218 218 reference in order for it to be recognized, such that the text ``issue#123`` will
219 219 not cause a match, but ``issue #123`` will::
220 220
221 221 issue_pat = (?:^|(?<=\s))#(\d+)
222 222 issue_server_link = https://issues.example.com/\1
223 223 issue_sub =
224 224
225 225 If needed, more than one pattern can be specified by appending a unique suffix to
226 226 the variables. For example, also demonstrating the use of named groups::
227 227
228 228 issue_pat_wiki = wiki-(?P<pagename>\S+)
229 229 issue_server_link_wiki = https://wiki.example.com/\g<pagename>
230 230 issue_sub_wiki = WIKI-\g<pagename>
231 231
232 232 With these settings, wiki pages can be referenced as wiki-some-id, and every
233 233 such reference will be transformed into:
234 234
235 235 .. code-block:: html
236 236
237 237 <a href="https://wiki.example.com/some-id">WIKI-some-id</a>
238 238
239 239 Refer to the `Python regular expression documentation`_ for more details about
240 240 the supported syntax in ``issue_pat``, ``issue_server_link`` and ``issue_sub``.
241 241
242 242
243 243 Hook management
244 244 ---------------
245 245
246 246 Hooks can be managed in similar way to that used in ``.hgrc`` files.
247 247 To manage hooks, choose *Admin > Settings > Hooks*.
248 248
249 249 The built-in hooks cannot be modified, though they can be enabled or disabled in the *VCS* section.
250 250
251 251 To add another custom hook simply fill in the first textbox with
252 252 ``<name>.<hook_type>`` and the second with the hook path. Example hooks
253 253 can be found in ``kallithea.lib.hooks``.
254 254
255 255
256 256 Changing default encoding
257 257 -------------------------
258 258
259 259 By default, Kallithea uses UTF-8 encoding.
260 260 This is configurable as ``default_encoding`` in the .ini file.
261 261 This affects many parts in Kallithea including user names, filenames, and
262 262 encoding of commit messages. In addition Kallithea can detect if the ``chardet``
263 263 library is installed. If ``chardet`` is detected Kallithea will fallback to it
264 264 when there are encode/decode errors.
265 265
266 266 The Mercurial encoding is configurable as ``hgencoding``. It is similar to
267 267 setting the ``HGENCODING`` environment variable, but will override it.
268 268
269 269
270 270 Celery configuration
271 271 --------------------
272 272
273 273 Kallithea can use the distributed task queue system Celery_ to run tasks like
274 274 cloning repositories or sending emails.
275 275
276 276 Kallithea will in most setups work perfectly fine out of the box (without
277 277 Celery), executing all tasks in the web server process. Some tasks can however
278 278 take some time to run and it can be better to run such tasks asynchronously in
279 279 a separate process so the web server can focus on serving web requests.
280 280
281 281 For installation and configuration of Celery, see the `Celery documentation`_.
282 282 Note that Celery requires a message broker service like RabbitMQ_ (recommended)
283 283 or Redis_.
284 284
285 285 The use of Celery is configured in the Kallithea ini configuration file.
286 286 To enable it, simply set::
287 287
288 288 use_celery = true
289 289
290 290 and add or change the ``celery.*`` and ``broker.*`` configuration variables.
291 291
292 292 Remember that the ini files use the format with '.' and not with '_' like
293 293 Celery. So for example setting `BROKER_HOST` in Celery means setting
294 294 `broker.host` in the configuration file.
295 295
296 296 To start the Celery process, run::
297 297
298 298 kallithea-cli celery-run -c my.ini
299 299
300 300 Extra options to the Celery worker can be passed after ``--`` - see ``-- -h``
301 301 for more info.
302 302
303 303 .. note::
304 304 Make sure you run this command from the same virtualenv, and with the same
305 305 user that Kallithea runs.
306 306
307 307
308 308 HTTPS support
309 309 -------------
310 310
311 311 Kallithea will by default generate URLs based on the WSGI environment.
312 312
313 313 Alternatively, you can use some special configuration settings to control
314 314 directly which scheme/protocol Kallithea will use when generating URLs:
315 315
316 316 - With ``https_fixup = true``, the scheme will be taken from the
317 317 ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header
318 318 (default ``http``).
319 319 - With ``force_https = true`` the default will be ``https``.
320 320 - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.
321 321
322 322 .. _nginx_virtual_host:
323 323
324 324
325 325 Nginx virtual host example
326 326 --------------------------
327 327
328 328 Sample config for Nginx using proxy:
329 329
330 330 .. code-block:: nginx
331 331
332 332 upstream kallithea {
333 333 server 127.0.0.1:5000;
334 334 # add more instances for load balancing
335 335 #server 127.0.0.1:5001;
336 336 #server 127.0.0.1:5002;
337 337 }
338 338
339 339 ## gist alias
340 340 server {
341 341 listen 443;
342 342 server_name gist.example.com;
343 343 access_log /var/log/nginx/gist.access.log;
344 344 error_log /var/log/nginx/gist.error.log;
345 345
346 346 ssl on;
347 347 ssl_certificate gist.your.kallithea.server.crt;
348 348 ssl_certificate_key gist.your.kallithea.server.key;
349 349
350 350 ssl_session_timeout 5m;
351 351
352 352 ssl_protocols SSLv3 TLSv1;
353 353 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
354 354 ssl_prefer_server_ciphers on;
355 355
356 356 rewrite ^/(.+)$ https://kallithea.example.com/_admin/gists/$1;
357 357 rewrite (.*) https://kallithea.example.com/_admin/gists;
358 358 }
359 359
360 360 server {
361 361 listen 443;
362 362 server_name kallithea.example.com
363 363 access_log /var/log/nginx/kallithea.access.log;
364 364 error_log /var/log/nginx/kallithea.error.log;
365 365
366 366 ssl on;
367 367 ssl_certificate your.kallithea.server.crt;
368 368 ssl_certificate_key your.kallithea.server.key;
369 369
370 370 ssl_session_timeout 5m;
371 371
372 372 ssl_protocols SSLv3 TLSv1;
373 373 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
374 374 ssl_prefer_server_ciphers on;
375 375
376 376 ## uncomment root directive if you want to serve static files by nginx
377 377 ## requires static_files = false in .ini file
378 378 #root /srv/kallithea/kallithea/kallithea/public;
379 379 include /etc/nginx/proxy.conf;
380 380 location / {
381 381 try_files $uri @kallithea;
382 382 }
383 383
384 384 location @kallithea {
385 385 proxy_pass http://127.0.0.1:5000;
386 386 }
387 387
388 388 }
389 389
390 390 Here's the proxy.conf. It's tuned so it will not timeout on long
391 391 pushes or large pushes::
392 392
393 393 proxy_redirect off;
394 394 proxy_set_header Host $host;
395 395 ## needed for container auth
396 396 #proxy_set_header REMOTE_USER $remote_user;
397 397 #proxy_set_header X-Forwarded-User $remote_user;
398 398 proxy_set_header X-Url-Scheme $scheme;
399 399 proxy_set_header X-Host $http_host;
400 400 proxy_set_header X-Real-IP $remote_addr;
401 401 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
402 402 proxy_set_header Proxy-host $proxy_host;
403 403 proxy_buffering off;
404 404 proxy_connect_timeout 7200;
405 405 proxy_send_timeout 7200;
406 406 proxy_read_timeout 7200;
407 407 proxy_buffers 8 32k;
408 408 client_max_body_size 1024m;
409 409 client_body_buffer_size 128k;
410 410 large_client_header_buffers 8 64k;
411 411
412 412 .. _apache_virtual_host_reverse_proxy:
413 413
414 414
415 415 Apache virtual host reverse proxy example
416 416 -----------------------------------------
417 417
418 418 Here is a sample configuration file for Apache using proxy:
419 419
420 420 .. code-block:: apache
421 421
422 422 <VirtualHost *:80>
423 423 ServerName kallithea.example.com
424 424
425 425 <Proxy *>
426 426 # For Apache 2.4 and later:
427 427 Require all granted
428 428
429 429 # For Apache 2.2 and earlier, instead use:
430 430 # Order allow,deny
431 431 # Allow from all
432 432 </Proxy>
433 433
434 434 #important !
435 435 #Directive to properly generate url (clone url) for Kallithea
436 436 ProxyPreserveHost On
437 437
438 438 #kallithea instance
439 439 ProxyPass / http://127.0.0.1:5000/
440 440 ProxyPassReverse / http://127.0.0.1:5000/
441 441
442 442 #to enable https use line below
443 443 #SetEnvIf X-Url-Scheme https HTTPS=1
444 444 </VirtualHost>
445 445
446 446 Additional tutorial
447 447 http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons
448 448
449 449 .. _apache_subdirectory:
450 450
451 451
452 452 Apache as subdirectory
453 453 ----------------------
454 454
455 455 Apache subdirectory part:
456 456
457 457 .. code-block:: apache
458 458
459 459 <Location /PREFIX >
460 460 ProxyPass http://127.0.0.1:5000/PREFIX
461 461 ProxyPassReverse http://127.0.0.1:5000/PREFIX
462 462 SetEnvIf X-Url-Scheme https HTTPS=1
463 463 </Location>
464 464
465 465 Besides the regular apache setup you will need to add the following line
466 466 into ``[app:main]`` section of your .ini file::
467 467
468 468 filter-with = proxy-prefix
469 469
470 470 Add the following at the end of the .ini file::
471 471
472 472 [filter:proxy-prefix]
473 473 use = egg:PasteDeploy#prefix
474 474 prefix = /PREFIX
475 475
476 476 then change ``PREFIX`` into your chosen prefix
477 477
478 478 .. _apache_mod_wsgi:
479 479
480 480
481 481 Apache with mod_wsgi
482 482 --------------------
483 483
484 484 Alternatively, Kallithea can be set up with Apache under mod_wsgi. For
485 485 that, you'll need to:
486 486
487 487 - Install mod_wsgi. If using a Debian-based distro, you can install
488 488 the package libapache2-mod-wsgi::
489 489
490 490 aptitude install libapache2-mod-wsgi
491 491
492 492 - Enable mod_wsgi::
493 493
494 494 a2enmod wsgi
495 495
496 496 - Add global Apache configuration to tell mod_wsgi that Python only will be
497 497 used in the WSGI processes and shouldn't be initialized in the Apache
498 498 processes::
499 499
500 500 WSGIRestrictEmbedded On
501 501
502 502 - Create a WSGI dispatch script, like the one below. Make sure you
503 503 check that the paths correctly point to where you installed Kallithea
504 504 and its Python Virtual Environment.
505 505
506 506 .. code-block:: python
507 507
508 508 import os
509 509 os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache'
510 510
511 511 # sometimes it's needed to set the current dir
512 512 os.chdir('/srv/kallithea/')
513 513
514 514 import site
515 515 site.addsitedir("/srv/kallithea/venv/lib/python2.7/site-packages")
516 516
517 517 ini = '/srv/kallithea/my.ini'
518 518 from logging.config import fileConfig
519 519 fileConfig(ini)
520 520 from paste.deploy import loadapp
521 521 application = loadapp('config:' + ini)
522 522
523 523 Or using proper virtualenv activation:
524 524
525 525 .. code-block:: python
526 526
527 527 activate_this = '/srv/kallithea/venv/bin/activate_this.py'
528 528 execfile(activate_this, dict(__file__=activate_this))
529 529
530 530 import os
531 531 os.environ['HOME'] = '/srv/kallithea'
532 532
533 533 ini = '/srv/kallithea/kallithea.ini'
534 534 from logging.config import fileConfig
535 535 fileConfig(ini)
536 536 from paste.deploy import loadapp
537 537 application = loadapp('config:' + ini)
538 538
539 539 - Add the necessary ``WSGI*`` directives to the Apache Virtual Host configuration
540 540 file, like in the example below. Notice that the WSGI dispatch script created
541 541 above is referred to with the ``WSGIScriptAlias`` directive.
542 The default locale settings Apache provides for web services are often not
543 adequate, with `C` as the default language and `ASCII` as the encoding.
544 Instead, use the ``lang`` parameter of ``WSGIDaemonProcess`` to specify a
545 suitable locale. See also the :ref:`overview` section and the
546 `WSGIDaemonProcess documentation`_.
547
542 548 Apache will by default run as a special Apache user, on Linux systems
543 549 usually ``www-data`` or ``apache``. If you need to have the repositories
544 550 directory owned by a different user, use the user and group options to
545 551 WSGIDaemonProcess to set the name of the user and group.
546 552
547 553 Once again, check that all paths are correctly specified.
548 554
549 555 .. code-block:: apache
550 556
551 557 WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \
552 python-home=/srv/kallithea/venv
558 python-home=/srv/kallithea/venv lang=C.UTF-8
553 559 WSGIProcessGroup kallithea
554 560 WSGIScriptAlias / /srv/kallithea/dispatch.wsgi
555 561 WSGIPassAuthorization On
556 562
557 563 Or if using a dispatcher WSGI script with proper virtualenv activation:
558 564
559 565 .. code-block:: apache
560 566
561 WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100
567 WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 lang=en_US.utf8
562 568 WSGIProcessGroup kallithea
563 569 WSGIScriptAlias / /srv/kallithea/dispatch.wsgi
564 570 WSGIPassAuthorization On
565 571
566 572
567 573 Other configuration files
568 574 -------------------------
569 575
570 576 A number of `example init.d scripts`__ can be found in
571 577 the ``init.d`` directory of the Kallithea source.
572 578
573 579 .. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ .
574 580
575 581
576 582 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
577 583 .. _python: http://www.python.org/
578 584 .. _Python regular expression documentation: https://docs.python.org/2/library/re.html
579 585 .. _Mercurial: https://www.mercurial-scm.org/
580 586 .. _Celery: http://celeryproject.org/
581 587 .. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html
582 588 .. _RabbitMQ: http://www.rabbitmq.com/
583 589 .. _Redis: http://redis.io/
584 590 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
585 591 .. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories
592 .. _WSGIDaemonProcess documentation: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html
General Comments 0
You need to be logged in to leave comments. Login now