Show More
@@ -1,227 +1,227 b'' | |||||
1 | .. _contributing: |
|
1 | .. _contributing: | |
2 |
|
2 | |||
3 | ========================= |
|
3 | ========================= | |
4 | Contributing to Kallithea |
|
4 | Contributing to Kallithea | |
5 | ========================= |
|
5 | ========================= | |
6 |
|
6 | |||
7 | Kallithea is developed and maintained by its users. Please join us and scratch |
|
7 | Kallithea is developed and maintained by its users. Please join us and scratch | |
8 | your own itch. |
|
8 | your own itch. | |
9 |
|
9 | |||
10 |
|
10 | |||
11 | Infrastructure |
|
11 | Infrastructure | |
12 | -------------- |
|
12 | -------------- | |
13 |
|
13 | |||
14 | The main repository is hosted on Our Own Kallithea (aka OOK) at |
|
14 | The main repository is hosted on Our Own Kallithea (aka OOK) at | |
15 | https://kallithea-scm.org/repos/kallithea/, our self-hosted instance |
|
15 | https://kallithea-scm.org/repos/kallithea/, our self-hosted instance | |
16 | of Kallithea. |
|
16 | of Kallithea. | |
17 |
|
17 | |||
18 | For now, we use Bitbucket_ for `pull requests`_ and `issue tracking`_. The |
|
18 | For now, we use Bitbucket_ for `pull requests`_ and `issue tracking`_. The | |
19 | issue tracker is for tracking bugs, not for support, discussion, or ideas -- |
|
19 | issue tracker is for tracking bugs, not for support, discussion, or ideas -- | |
20 | please use the `mailing list`_ or :ref:`IRC <readme>` to reach the community. |
|
20 | please use the `mailing list`_ or :ref:`IRC <readme>` to reach the community. | |
21 |
|
21 | |||
22 | We use Weblate_ to translate the user interface messages into languages other |
|
22 | We use Weblate_ to translate the user interface messages into languages other | |
23 | than English. Join our project on `Hosted Weblate`_ to help us. |
|
23 | than English. Join our project on `Hosted Weblate`_ to help us. | |
24 | To register, you can use your Bitbucket or GitHub account. See :ref:`translations` |
|
24 | To register, you can use your Bitbucket or GitHub account. See :ref:`translations` | |
25 | for more details. |
|
25 | for more details. | |
26 |
|
26 | |||
27 |
|
27 | |||
28 | Getting started |
|
28 | Getting started | |
29 | --------------- |
|
29 | --------------- | |
30 |
|
30 | |||
31 | To get started with development:: |
|
31 | To get started with development:: | |
32 |
|
32 | |||
33 | hg clone https://kallithea-scm.org/repos/kallithea |
|
33 | hg clone https://kallithea-scm.org/repos/kallithea | |
34 | cd kallithea |
|
34 | cd kallithea | |
35 | virtualenv ../kallithea-venv |
|
35 | virtualenv ../kallithea-venv | |
36 | source ../kallithea-venv/bin/activate |
|
36 | source ../kallithea-venv/bin/activate | |
37 | pip install --upgrade pip setuptools |
|
37 | pip install --upgrade pip setuptools | |
38 | pip install -e . |
|
38 | pip install -e . | |
39 | paster make-config Kallithea my.ini |
|
39 | paster make-config Kallithea my.ini | |
40 | paster setup-db my.ini --user=user --email=user@example.com --password=password --repos=/tmp |
|
40 | paster setup-db my.ini --user=user --email=user@example.com --password=password --repos=/tmp | |
41 | paster serve my.ini --reload & |
|
41 | paster serve my.ini --reload & | |
42 | firefox http://127.0.0.1:5000/ |
|
42 | firefox http://127.0.0.1:5000/ | |
43 |
|
43 | |||
44 | You can also start out by forking https://bitbucket.org/conservancy/kallithea |
|
44 | You can also start out by forking https://bitbucket.org/conservancy/kallithea | |
45 | on Bitbucket_ and create a local clone of your own fork. |
|
45 | on Bitbucket_ and create a local clone of your own fork. | |
46 |
|
46 | |||
47 |
|
47 | |||
48 | Running tests |
|
48 | Running tests | |
49 | ------------- |
|
49 | ------------- | |
50 |
|
50 | |||
51 | After finishing your changes make sure all tests pass cleanly. Install the test |
|
51 | After finishing your changes make sure all tests pass cleanly. Install the test | |
52 | dependencies, then run the testsuite by invoking ``py.test`` from the |
|
52 | dependencies, then run the testsuite by invoking ``py.test`` from the | |
53 | project root:: |
|
53 | project root:: | |
54 |
|
54 | |||
55 | pip install -r dev_requirements.txt |
|
55 | pip install -r dev_requirements.txt | |
56 | py.test |
|
56 | py.test | |
57 |
|
57 | |||
58 | Note that testing on Python 2.6 also requires ``unittest2``. |
|
58 | Note that testing on Python 2.6 also requires ``unittest2``. | |
59 |
|
59 | |||
60 | You can also use ``tox`` to run the tests with all supported Python versions |
|
60 | You can also use ``tox`` to run the tests with all supported Python versions | |
61 | (currently Python 2.6--2.7). |
|
61 | (currently Python 2.6--2.7). | |
62 |
|
62 | |||
63 | When running tests, Kallithea uses `kallithea/tests/test.ini` and populates the |
|
63 | When running tests, Kallithea uses `kallithea/tests/test.ini` and populates the | |
64 | SQLite database specified there. |
|
64 | SQLite database specified there. | |
65 |
|
65 | |||
66 | It is possible to avoid recreating the full test database on each invocation of |
|
66 | It is possible to avoid recreating the full test database on each invocation of | |
67 | the tests, thus eliminating the initial delay. To achieve this, run the tests as:: |
|
67 | the tests, thus eliminating the initial delay. To achieve this, run the tests as:: | |
68 |
|
68 | |||
69 | paster serve kallithea/tests/test.ini --pid-file=test.pid --daemon |
|
69 | paster serve kallithea/tests/test.ini --pid-file=test.pid --daemon | |
70 | KALLITHEA_WHOOSH_TEST_DISABLE=1 KALLITHEA_NO_TMP_PATH=1 py.test |
|
70 | KALLITHEA_WHOOSH_TEST_DISABLE=1 KALLITHEA_NO_TMP_PATH=1 py.test | |
71 | kill -9 $(cat test.pid) |
|
71 | kill -9 $(cat test.pid) | |
72 |
|
72 | |||
73 | In these commands, the following variables are used:: |
|
73 | In these commands, the following variables are used:: | |
74 |
|
74 | |||
75 | KALLITHEA_WHOOSH_TEST_DISABLE=1 - skip whoosh index building and tests |
|
75 | KALLITHEA_WHOOSH_TEST_DISABLE=1 - skip whoosh index building and tests | |
76 | KALLITHEA_NO_TMP_PATH=1 - disable new temp path for tests, used mostly for testing_vcs_operations |
|
76 | KALLITHEA_NO_TMP_PATH=1 - disable new temp path for tests, used mostly for testing_vcs_operations | |
77 |
|
77 | |||
78 | You can run individual tests by specifying their path as argument to py.test. |
|
78 | You can run individual tests by specifying their path as argument to py.test. | |
79 | py.test also has many more options, see `py.test -h`. Some useful options |
|
79 | py.test also has many more options, see `py.test -h`. Some useful options | |
80 | are:: |
|
80 | are:: | |
81 |
|
81 | |||
82 | -k EXPRESSION only run tests which match the given substring |
|
82 | -k EXPRESSION only run tests which match the given substring | |
83 | expression. An expression is a python evaluable |
|
83 | expression. An expression is a python evaluable | |
84 | expression where all names are substring-matched |
|
84 | expression where all names are substring-matched | |
85 | against test names and their parent classes. Example: |
|
85 | against test names and their parent classes. Example: | |
86 | -x, --exitfirst exit instantly on first error or failed test. |
|
86 | -x, --exitfirst exit instantly on first error or failed test. | |
87 | --lf rerun only the tests that failed at the last run (or |
|
87 | --lf rerun only the tests that failed at the last run (or | |
88 | all if none failed) |
|
88 | all if none failed) | |
89 | --ff run all tests but run the last failures first. This |
|
89 | --ff run all tests but run the last failures first. This | |
90 | may re-order tests and thus lead to repeated fixture |
|
90 | may re-order tests and thus lead to repeated fixture | |
91 | setup/teardown |
|
91 | setup/teardown | |
92 | --pdb start the interactive Python debugger on errors. |
|
92 | --pdb start the interactive Python debugger on errors. | |
93 | -s, --capture=no don't capture stdout (any stdout output will be |
|
93 | -s, --capture=no don't capture stdout (any stdout output will be | |
94 | printed immediately) |
|
94 | printed immediately) | |
95 |
|
95 | |||
96 |
|
96 | |||
97 | Contribution guidelines |
|
97 | Contribution guidelines | |
98 | ----------------------- |
|
98 | ----------------------- | |
99 |
|
99 | |||
100 | Kallithea is GPLv3 and we assume all contributions are made by the |
|
100 | Kallithea is GPLv3 and we assume all contributions are made by the | |
101 | committer/contributor and under GPLv3 unless explicitly stated. We do care a |
|
101 | committer/contributor and under GPLv3 unless explicitly stated. We do care a | |
102 | lot about preservation of copyright and license information for existing code |
|
102 | lot about preservation of copyright and license information for existing code | |
103 | that is brought into the project. |
|
103 | that is brought into the project. | |
104 |
|
104 | |||
105 | Contributions will be accepted in most formats -- such as pull requests on |
|
105 | Contributions will be accepted in most formats -- such as pull requests on | |
106 | Bitbucket, something hosted on your own Kallithea instance, or patches sent by |
|
106 | Bitbucket, something hosted on your own Kallithea instance, or patches sent by | |
107 | email to the `kallithea-general`_ mailing list. |
|
107 | email to the `kallithea-general`_ mailing list. | |
108 |
|
108 | |||
109 | When contributing via Bitbucket, please make your fork of |
|
109 | When contributing via Bitbucket, please make your fork of | |
110 | https://bitbucket.org/conservancy/kallithea/ `non-publishing`_ -- it is one of |
|
110 | https://bitbucket.org/conservancy/kallithea/ `non-publishing`_ -- it is one of | |
111 | the settings on "Repository details" page. This ensures your commits are in |
|
111 | the settings on "Repository details" page. This ensures your commits are in | |
112 | "draft" phase and makes it easier for you to address feedback and for project |
|
112 | "draft" phase and makes it easier for you to address feedback and for project | |
113 | maintainers to integrate your changes. |
|
113 | maintainers to integrate your changes. | |
114 |
|
114 | |||
115 | .. _non-publishing: https://www.mercurial-scm.org/wiki/Phases#Publishing_Repository |
|
115 | .. _non-publishing: https://www.mercurial-scm.org/wiki/Phases#Publishing_Repository | |
116 |
|
116 | |||
117 | Make sure to test your changes both manually and with the automatic tests |
|
117 | Make sure to test your changes both manually and with the automatic tests | |
118 | before posting. |
|
118 | before posting. | |
119 |
|
119 | |||
120 | We care about quality and review and keeping a clean repository history. We |
|
120 | We care about quality and review and keeping a clean repository history. We | |
121 | might give feedback that requests polishing contributions until they are |
|
121 | might give feedback that requests polishing contributions until they are | |
122 | "perfect". We might also rebase and collapse and make minor adjustments to your |
|
122 | "perfect". We might also rebase and collapse and make minor adjustments to your | |
123 | changes when we apply them. |
|
123 | changes when we apply them. | |
124 |
|
124 | |||
125 | We try to make sure we have consensus on the direction the project is taking. |
|
125 | We try to make sure we have consensus on the direction the project is taking. | |
126 | Everything non-sensitive should be discussed in public -- preferably on the |
|
126 | Everything non-sensitive should be discussed in public -- preferably on the | |
127 | mailing list. We aim at having all non-trivial changes reviewed by at least |
|
127 | mailing list. We aim at having all non-trivial changes reviewed by at least | |
128 | one other core developer before pushing. Obvious non-controversial changes will |
|
128 | one other core developer before pushing. Obvious non-controversial changes will | |
129 | be handled more casually. |
|
129 | be handled more casually. | |
130 |
|
130 | |||
131 | For now we just have one official branch ("default") and will keep it so stable |
|
131 | For now we just have one official branch ("default") and will keep it so stable | |
132 | that it can be (and is) used in production. Experimental changes should live |
|
132 | that it can be (and is) used in production. Experimental changes should live | |
133 | elsewhere (for example in a pull request) until they are ready. |
|
133 | elsewhere (for example in a pull request) until they are ready. | |
134 |
|
134 | |||
135 |
|
135 | |||
136 | Coding guidelines |
|
136 | Coding guidelines | |
137 | ----------------- |
|
137 | ----------------- | |
138 |
|
138 | |||
139 | We don't have a formal coding/formatting standard. We are currently using a mix |
|
139 | We don't have a formal coding/formatting standard. We are currently using a mix | |
140 |
of Mercurial (http://mercurial |
|
140 | of Mercurial's (https://www.mercurial-scm.org/wiki/CodingStyle), pep8, and | |
141 | consistency with existing code. Run ``scripts/run-all-cleanup`` before |
|
141 | consistency with existing code. Run ``scripts/run-all-cleanup`` before | |
142 | committing to ensure some basic code formatting consistency. |
|
142 | committing to ensure some basic code formatting consistency. | |
143 |
|
143 | |||
144 | We support both Python 2.6.x and 2.7.x and nothing else. For now we don't care |
|
144 | We support both Python 2.6.x and 2.7.x and nothing else. For now we don't care | |
145 | about Python 3 compatibility. |
|
145 | about Python 3 compatibility. | |
146 |
|
146 | |||
147 | We try to support the most common modern web browsers. IE9 is still supported |
|
147 | We try to support the most common modern web browsers. IE9 is still supported | |
148 | to the extent it is feasible, IE8 is not. |
|
148 | to the extent it is feasible, IE8 is not. | |
149 |
|
149 | |||
150 | We primarily support Linux and OS X on the server side but Windows should also work. |
|
150 | We primarily support Linux and OS X on the server side but Windows should also work. | |
151 |
|
151 | |||
152 | HTML templates should use 2 spaces for indentation ... but be pragmatic. We |
|
152 | HTML templates should use 2 spaces for indentation ... but be pragmatic. We | |
153 | should use templates cleverly and avoid duplication. We should use reasonable |
|
153 | should use templates cleverly and avoid duplication. We should use reasonable | |
154 | semantic markup with element classes and IDs that can be used for styling and testing. |
|
154 | semantic markup with element classes and IDs that can be used for styling and testing. | |
155 | We should only use inline styles in places where it really is semantic (such as |
|
155 | We should only use inline styles in places where it really is semantic (such as | |
156 | ``display: none``). |
|
156 | ``display: none``). | |
157 |
|
157 | |||
158 | JavaScript must use ``;`` between/after statements. Indentation 4 spaces. Inline |
|
158 | JavaScript must use ``;`` between/after statements. Indentation 4 spaces. Inline | |
159 | multiline functions should be indented two levels -- one for the ``()`` and one for |
|
159 | multiline functions should be indented two levels -- one for the ``()`` and one for | |
160 | ``{}``. |
|
160 | ``{}``. | |
161 | Variables holding jQuery objects should be named with a leading ``$``. |
|
161 | Variables holding jQuery objects should be named with a leading ``$``. | |
162 |
|
162 | |||
163 | Commit messages should have a leading short line summarizing the changes. For |
|
163 | Commit messages should have a leading short line summarizing the changes. For | |
164 | bug fixes, put ``(Issue #123)`` at the end of this line. |
|
164 | bug fixes, put ``(Issue #123)`` at the end of this line. | |
165 |
|
165 | |||
166 | Use American English grammar and spelling overall. Use `English title case`_ for |
|
166 | Use American English grammar and spelling overall. Use `English title case`_ for | |
167 | page titles, button labels, headers, and 'labels' for fields in forms. |
|
167 | page titles, button labels, headers, and 'labels' for fields in forms. | |
168 |
|
168 | |||
169 | .. _English title case: https://en.wikipedia.org/wiki/Capitalization#Title_case |
|
169 | .. _English title case: https://en.wikipedia.org/wiki/Capitalization#Title_case | |
170 |
|
170 | |||
171 | Template helpers (that is, everything in ``kallithea.lib.helpers``) |
|
171 | Template helpers (that is, everything in ``kallithea.lib.helpers``) | |
172 | should only be referenced from templates. If you need to call a |
|
172 | should only be referenced from templates. If you need to call a | |
173 | helper from the Python code, consider moving the function somewhere |
|
173 | helper from the Python code, consider moving the function somewhere | |
174 | else (e.g. to the model). |
|
174 | else (e.g. to the model). | |
175 |
|
175 | |||
176 | Notes on the SQLAlchemy session |
|
176 | Notes on the SQLAlchemy session | |
177 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
177 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
178 |
|
178 | |||
179 | Each HTTP request runs inside an independent SQLAlchemy session (as well |
|
179 | Each HTTP request runs inside an independent SQLAlchemy session (as well | |
180 | as in an independent database transaction). Database model objects |
|
180 | as in an independent database transaction). Database model objects | |
181 | (almost) always belong to a particular SQLAlchemy session, which means |
|
181 | (almost) always belong to a particular SQLAlchemy session, which means | |
182 | that SQLAlchemy will ensure that they're kept in sync with the database |
|
182 | that SQLAlchemy will ensure that they're kept in sync with the database | |
183 | (but also means that they cannot be shared across requests). |
|
183 | (but also means that they cannot be shared across requests). | |
184 |
|
184 | |||
185 | Objects can be added to the session using ``Session().add``, but this is |
|
185 | Objects can be added to the session using ``Session().add``, but this is | |
186 | rarely needed: |
|
186 | rarely needed: | |
187 |
|
187 | |||
188 | * When creating a database object by calling the constructor directly, |
|
188 | * When creating a database object by calling the constructor directly, | |
189 | it must explicitly be added to the session. |
|
189 | it must explicitly be added to the session. | |
190 |
|
190 | |||
191 | * When creating an object using a factory function (like |
|
191 | * When creating an object using a factory function (like | |
192 | ``create_repo``), the returned object has already (by convention) |
|
192 | ``create_repo``), the returned object has already (by convention) | |
193 | been added to the session, and should not be added again. |
|
193 | been added to the session, and should not be added again. | |
194 |
|
194 | |||
195 | * When getting an object from the session (via ``Session().query`` or |
|
195 | * When getting an object from the session (via ``Session().query`` or | |
196 | any of the utility functions that look up objects in the database), |
|
196 | any of the utility functions that look up objects in the database), | |
197 | it's already part of the session, and should not be added again. |
|
197 | it's already part of the session, and should not be added again. | |
198 | SQLAlchemy monitors attribute modifications automatically for all |
|
198 | SQLAlchemy monitors attribute modifications automatically for all | |
199 | objects it knows about and syncs them to the database. |
|
199 | objects it knows about and syncs them to the database. | |
200 |
|
200 | |||
201 | SQLAlchemy also flushes changes to the database automatically; manually |
|
201 | SQLAlchemy also flushes changes to the database automatically; manually | |
202 | calling ``Session().flush`` is usually only necessary when the Python |
|
202 | calling ``Session().flush`` is usually only necessary when the Python | |
203 | code needs the database to assign an "auto-increment" primary key ID to |
|
203 | code needs the database to assign an "auto-increment" primary key ID to | |
204 | a freshly created model object (before flushing, the ID attribute will |
|
204 | a freshly created model object (before flushing, the ID attribute will | |
205 | be ``None``). |
|
205 | be ``None``). | |
206 |
|
206 | |||
207 |
|
207 | |||
208 | "Roadmap" |
|
208 | "Roadmap" | |
209 | --------- |
|
209 | --------- | |
210 |
|
210 | |||
211 | We do not have a road map but are waiting for your contributions. Refer to the |
|
211 | We do not have a road map but are waiting for your contributions. Refer to the | |
212 | wiki_ for some ideas of places we might want to go -- contributions in these |
|
212 | wiki_ for some ideas of places we might want to go -- contributions in these | |
213 | areas are very welcome. |
|
213 | areas are very welcome. | |
214 |
|
214 | |||
215 |
|
215 | |||
216 | Thank you for your contribution! |
|
216 | Thank you for your contribution! | |
217 | -------------------------------- |
|
217 | -------------------------------- | |
218 |
|
218 | |||
219 |
|
219 | |||
220 | .. _Weblate: http://weblate.org/ |
|
220 | .. _Weblate: http://weblate.org/ | |
221 | .. _issue tracking: https://bitbucket.org/conservancy/kallithea/issues?status=new&status=open |
|
221 | .. _issue tracking: https://bitbucket.org/conservancy/kallithea/issues?status=new&status=open | |
222 | .. _pull requests: https://bitbucket.org/conservancy/kallithea/pull-requests |
|
222 | .. _pull requests: https://bitbucket.org/conservancy/kallithea/pull-requests | |
223 | .. _bitbucket: http://bitbucket.org/ |
|
223 | .. _bitbucket: http://bitbucket.org/ | |
224 | .. _mailing list: http://lists.sfconservancy.org/mailman/listinfo/kallithea-general |
|
224 | .. _mailing list: http://lists.sfconservancy.org/mailman/listinfo/kallithea-general | |
225 | .. _kallithea-general: http://lists.sfconservancy.org/mailman/listinfo/kallithea-general |
|
225 | .. _kallithea-general: http://lists.sfconservancy.org/mailman/listinfo/kallithea-general | |
226 | .. _Hosted Weblate: https://hosted.weblate.org/projects/kallithea/kallithea/ |
|
226 | .. _Hosted Weblate: https://hosted.weblate.org/projects/kallithea/kallithea/ | |
227 | .. _wiki: https://bitbucket.org/conservancy/kallithea/wiki/Home |
|
227 | .. _wiki: https://bitbucket.org/conservancy/kallithea/wiki/Home |
@@ -1,83 +1,83 b'' | |||||
1 | .. _index: |
|
1 | .. _index: | |
2 |
|
2 | |||
3 | ####################### |
|
3 | ####################### | |
4 | Kallithea Documentation |
|
4 | Kallithea Documentation | |
5 | ####################### |
|
5 | ####################### | |
6 |
|
6 | |||
7 | **Readme** |
|
7 | **Readme** | |
8 |
|
8 | |||
9 | .. toctree:: |
|
9 | .. toctree:: | |
10 | :maxdepth: 1 |
|
10 | :maxdepth: 1 | |
11 |
|
11 | |||
12 | readme |
|
12 | readme | |
13 |
|
13 | |||
14 | **Installation** |
|
14 | **Installation** | |
15 |
|
15 | |||
16 | .. toctree:: |
|
16 | .. toctree:: | |
17 | :maxdepth: 1 |
|
17 | :maxdepth: 1 | |
18 |
|
18 | |||
19 | overview |
|
19 | overview | |
20 | installation |
|
20 | installation | |
21 | installation_win |
|
21 | installation_win | |
22 | installation_win_old |
|
22 | installation_win_old | |
23 | installation_iis |
|
23 | installation_iis | |
24 | setup |
|
24 | setup | |
25 | installation_puppet |
|
25 | installation_puppet | |
26 | upgrade |
|
26 | upgrade | |
27 |
|
27 | |||
28 | **Usage** |
|
28 | **Usage** | |
29 |
|
29 | |||
30 | .. toctree:: |
|
30 | .. toctree:: | |
31 | :maxdepth: 1 |
|
31 | :maxdepth: 1 | |
32 |
|
32 | |||
33 | usage/general |
|
33 | usage/general | |
34 | usage/vcs_support |
|
34 | usage/vcs_support | |
35 | usage/locking |
|
35 | usage/locking | |
36 | usage/statistics |
|
36 | usage/statistics | |
37 |
|
37 | |||
38 | **Administrator's guide** |
|
38 | **Administrator's guide** | |
39 |
|
39 | |||
40 | .. toctree:: |
|
40 | .. toctree:: | |
41 | :maxdepth: 1 |
|
41 | :maxdepth: 1 | |
42 |
|
42 | |||
43 | usage/email |
|
43 | usage/email | |
44 | usage/performance |
|
44 | usage/performance | |
45 | usage/backup |
|
45 | usage/backup | |
46 | usage/debugging |
|
46 | usage/debugging | |
47 | usage/troubleshooting |
|
47 | usage/troubleshooting | |
48 | usage/customization |
|
48 | usage/customization | |
49 |
|
49 | |||
50 | **Development** |
|
50 | **Development** | |
51 |
|
51 | |||
52 | .. toctree:: |
|
52 | .. toctree:: | |
53 | :maxdepth: 1 |
|
53 | :maxdepth: 1 | |
54 |
|
54 | |||
55 | contributing |
|
55 | contributing | |
56 | dev/translation |
|
56 | dev/translation | |
57 | dev/dbmigrations |
|
57 | dev/dbmigrations | |
58 |
|
58 | |||
59 | **API** |
|
59 | **API** | |
60 |
|
60 | |||
61 | .. toctree:: |
|
61 | .. toctree:: | |
62 | :maxdepth: 1 |
|
62 | :maxdepth: 1 | |
63 |
|
63 | |||
64 | api/api |
|
64 | api/api | |
65 |
|
65 | |||
66 |
|
66 | |||
67 | Other topics |
|
67 | Other topics | |
68 | ************ |
|
68 | ************ | |
69 |
|
69 | |||
70 | * :ref:`genindex` |
|
70 | * :ref:`genindex` | |
71 | * :ref:`search` |
|
71 | * :ref:`search` | |
72 |
|
72 | |||
73 |
|
73 | |||
74 | .. _virtualenv: http://pypi.python.org/pypi/virtualenv |
|
74 | .. _virtualenv: http://pypi.python.org/pypi/virtualenv | |
75 | .. _python: http://www.python.org/ |
|
75 | .. _python: http://www.python.org/ | |
76 | .. _django: http://www.djangoproject.com/ |
|
76 | .. _django: http://www.djangoproject.com/ | |
77 |
.. _mercurial: http://mercurial |
|
77 | .. _mercurial: https://www.mercurial-scm.org/ | |
78 | .. _bitbucket: http://bitbucket.org/ |
|
78 | .. _bitbucket: http://bitbucket.org/ | |
79 | .. _subversion: http://subversion.tigris.org/ |
|
79 | .. _subversion: http://subversion.tigris.org/ | |
80 | .. _git: http://git-scm.com/ |
|
80 | .. _git: http://git-scm.com/ | |
81 | .. _celery: http://celeryproject.org/ |
|
81 | .. _celery: http://celeryproject.org/ | |
82 | .. _Sphinx: http://sphinx.pocoo.org/ |
|
82 | .. _Sphinx: http://sphinx.pocoo.org/ | |
83 | .. _vcs: http://pypi.python.org/pypi/vcs |
|
83 | .. _vcs: http://pypi.python.org/pypi/vcs |
@@ -1,874 +1,874 b'' | |||||
1 | .. _setup: |
|
1 | .. _setup: | |
2 |
|
2 | |||
3 | ===== |
|
3 | ===== | |
4 | Setup |
|
4 | Setup | |
5 | ===== |
|
5 | ===== | |
6 |
|
6 | |||
7 |
|
7 | |||
8 | Setting up Kallithea |
|
8 | Setting up Kallithea | |
9 | -------------------- |
|
9 | -------------------- | |
10 |
|
10 | |||
11 | First, you will need to create a Kallithea configuration file. Run the |
|
11 | First, you will need to create a Kallithea configuration file. Run the | |
12 | following command to do so:: |
|
12 | following command to do so:: | |
13 |
|
13 | |||
14 | paster make-config Kallithea my.ini |
|
14 | paster make-config Kallithea my.ini | |
15 |
|
15 | |||
16 | This will create the file ``my.ini`` in the current directory. This |
|
16 | This will create the file ``my.ini`` in the current directory. This | |
17 | configuration file contains the various settings for Kallithea, e.g. |
|
17 | configuration file contains the various settings for Kallithea, e.g. | |
18 | proxy port, email settings, usage of static files, cache, Celery |
|
18 | proxy port, email settings, usage of static files, cache, Celery | |
19 | settings, and logging. |
|
19 | settings, and logging. | |
20 |
|
20 | |||
21 | Next, you need to create the databases used by Kallithea. It is recommended to |
|
21 | Next, you need to create the databases used by Kallithea. It is recommended to | |
22 | use PostgreSQL or SQLite (default). If you choose a database other than the |
|
22 | use PostgreSQL or SQLite (default). If you choose a database other than the | |
23 | default, ensure you properly adjust the database URL in your ``my.ini`` |
|
23 | default, ensure you properly adjust the database URL in your ``my.ini`` | |
24 | configuration file to use this other database. Kallithea currently supports |
|
24 | configuration file to use this other database. Kallithea currently supports | |
25 | PostgreSQL, SQLite and MySQL databases. Create the database by running |
|
25 | PostgreSQL, SQLite and MySQL databases. Create the database by running | |
26 | the following command:: |
|
26 | the following command:: | |
27 |
|
27 | |||
28 | paster setup-db my.ini |
|
28 | paster setup-db my.ini | |
29 |
|
29 | |||
30 | This will prompt you for a "root" path. This "root" path is the location where |
|
30 | This will prompt you for a "root" path. This "root" path is the location where | |
31 | Kallithea will store all of its repositories on the current machine. After |
|
31 | Kallithea will store all of its repositories on the current machine. After | |
32 | entering this "root" path ``setup-db`` will also prompt you for a username |
|
32 | entering this "root" path ``setup-db`` will also prompt you for a username | |
33 | and password for the initial admin account which ``setup-db`` sets |
|
33 | and password for the initial admin account which ``setup-db`` sets | |
34 | up for you. |
|
34 | up for you. | |
35 |
|
35 | |||
36 | The ``setup-db`` values can also be given on the command line. |
|
36 | The ``setup-db`` values can also be given on the command line. | |
37 | Example:: |
|
37 | Example:: | |
38 |
|
38 | |||
39 | paster setup-db my.ini --user=nn --password=secret --email=nn@example.com --repos=/srv/repos |
|
39 | paster setup-db my.ini --user=nn --password=secret --email=nn@example.com --repos=/srv/repos | |
40 |
|
40 | |||
41 | The ``setup-db`` command will create all needed tables and an |
|
41 | The ``setup-db`` command will create all needed tables and an | |
42 | admin account. When choosing a root path you can either use a new |
|
42 | admin account. When choosing a root path you can either use a new | |
43 | empty location, or a location which already contains existing |
|
43 | empty location, or a location which already contains existing | |
44 | repositories. If you choose a location which contains existing |
|
44 | repositories. If you choose a location which contains existing | |
45 | repositories Kallithea will add all of the repositories at the chosen |
|
45 | repositories Kallithea will add all of the repositories at the chosen | |
46 | location to its database. (Note: make sure you specify the correct |
|
46 | location to its database. (Note: make sure you specify the correct | |
47 | path to the root). |
|
47 | path to the root). | |
48 |
|
48 | |||
49 | .. note:: the given path for Mercurial_ repositories **must** be write |
|
49 | .. note:: the given path for Mercurial_ repositories **must** be write | |
50 | accessible for the application. It's very important since |
|
50 | accessible for the application. It's very important since | |
51 | the Kallithea web interface will work without write access, |
|
51 | the Kallithea web interface will work without write access, | |
52 | but when trying to do a push it will fail with permission |
|
52 | but when trying to do a push it will fail with permission | |
53 | denied errors unless it has write access. |
|
53 | denied errors unless it has write access. | |
54 |
|
54 | |||
55 | You are now ready to use Kallithea. To run it simply execute:: |
|
55 | You are now ready to use Kallithea. To run it simply execute:: | |
56 |
|
56 | |||
57 | paster serve my.ini |
|
57 | paster serve my.ini | |
58 |
|
58 | |||
59 | - This command runs the Kallithea server. The web app should be available at |
|
59 | - This command runs the Kallithea server. The web app should be available at | |
60 | http://127.0.0.1:5000. The IP address and port is configurable via the |
|
60 | http://127.0.0.1:5000. The IP address and port is configurable via the | |
61 | configuration file created in the previous step. |
|
61 | configuration file created in the previous step. | |
62 | - Log in to Kallithea using the admin account created when running ``setup-db``. |
|
62 | - Log in to Kallithea using the admin account created when running ``setup-db``. | |
63 | - The default permissions on each repository is read, and the owner is admin. |
|
63 | - The default permissions on each repository is read, and the owner is admin. | |
64 | Remember to update these if needed. |
|
64 | Remember to update these if needed. | |
65 | - In the admin panel you can toggle LDAP, anonymous, and permissions |
|
65 | - In the admin panel you can toggle LDAP, anonymous, and permissions | |
66 | settings, as well as edit more advanced options on users and |
|
66 | settings, as well as edit more advanced options on users and | |
67 | repositories. |
|
67 | repositories. | |
68 |
|
68 | |||
69 |
|
69 | |||
70 | Using Kallithea with SSH |
|
70 | Using Kallithea with SSH | |
71 | ------------------------ |
|
71 | ------------------------ | |
72 |
|
72 | |||
73 | Kallithea currently only hosts repositories using http and https. (The addition |
|
73 | Kallithea currently only hosts repositories using http and https. (The addition | |
74 | of ssh hosting is a planned future feature.) However you can easily use ssh in |
|
74 | of ssh hosting is a planned future feature.) However you can easily use ssh in | |
75 | parallel with Kallithea. (Repository access via ssh is a standard "out of |
|
75 | parallel with Kallithea. (Repository access via ssh is a standard "out of | |
76 | the box" feature of Mercurial_ and you can use this to access any of the |
|
76 | the box" feature of Mercurial_ and you can use this to access any of the | |
77 | repositories that Kallithea is hosting. See PublishingRepositories_) |
|
77 | repositories that Kallithea is hosting. See PublishingRepositories_) | |
78 |
|
78 | |||
79 | Kallithea repository structures are kept in directories with the same name |
|
79 | Kallithea repository structures are kept in directories with the same name | |
80 | as the project. When using repository groups, each group is a subdirectory. |
|
80 | as the project. When using repository groups, each group is a subdirectory. | |
81 | This allows you to easily use ssh for accessing repositories. |
|
81 | This allows you to easily use ssh for accessing repositories. | |
82 |
|
82 | |||
83 | In order to use ssh you need to make sure that your web server and the users' |
|
83 | In order to use ssh you need to make sure that your web server and the users' | |
84 | login accounts have the correct permissions set on the appropriate directories. |
|
84 | login accounts have the correct permissions set on the appropriate directories. | |
85 |
|
85 | |||
86 | .. note:: These permissions are independent of any permissions you |
|
86 | .. note:: These permissions are independent of any permissions you | |
87 | have set up using the Kallithea web interface. |
|
87 | have set up using the Kallithea web interface. | |
88 |
|
88 | |||
89 | If your main directory (the same as set in Kallithea settings) is for |
|
89 | If your main directory (the same as set in Kallithea settings) is for | |
90 | example set to ``/srv/repos`` and the repository you are using is |
|
90 | example set to ``/srv/repos`` and the repository you are using is | |
91 | named ``kallithea``, then to clone via ssh you should run:: |
|
91 | named ``kallithea``, then to clone via ssh you should run:: | |
92 |
|
92 | |||
93 | hg clone ssh://user@kallithea.example.com/srv/repos/kallithea |
|
93 | hg clone ssh://user@kallithea.example.com/srv/repos/kallithea | |
94 |
|
94 | |||
95 | Using other external tools such as mercurial-server_ or using ssh key-based |
|
95 | Using other external tools such as mercurial-server_ or using ssh key-based | |
96 | authentication is fully supported. |
|
96 | authentication is fully supported. | |
97 |
|
97 | |||
98 | .. note:: In an advanced setup, in order for your ssh access to use |
|
98 | .. note:: In an advanced setup, in order for your ssh access to use | |
99 | the same permissions as set up via the Kallithea web |
|
99 | the same permissions as set up via the Kallithea web | |
100 | interface, you can create an authentication hook to connect |
|
100 | interface, you can create an authentication hook to connect | |
101 | to the Kallithea db and run check functions for permissions |
|
101 | to the Kallithea db and run check functions for permissions | |
102 | against that. |
|
102 | against that. | |
103 |
|
103 | |||
104 |
|
104 | |||
105 | Setting up Whoosh full text search |
|
105 | Setting up Whoosh full text search | |
106 | ---------------------------------- |
|
106 | ---------------------------------- | |
107 |
|
107 | |||
108 | Kallithea provides full text search of repositories using `Whoosh`__. |
|
108 | Kallithea provides full text search of repositories using `Whoosh`__. | |
109 |
|
109 | |||
110 | .. __: https://pythonhosted.org/Whoosh/ |
|
110 | .. __: https://pythonhosted.org/Whoosh/ | |
111 |
|
111 | |||
112 | For an incremental index build, run:: |
|
112 | For an incremental index build, run:: | |
113 |
|
113 | |||
114 | paster make-index my.ini |
|
114 | paster make-index my.ini | |
115 |
|
115 | |||
116 | For a full index rebuild, run:: |
|
116 | For a full index rebuild, run:: | |
117 |
|
117 | |||
118 | paster make-index my.ini -f |
|
118 | paster make-index my.ini -f | |
119 |
|
119 | |||
120 | The ``--repo-location`` option allows the location of the repositories to be overridden; |
|
120 | The ``--repo-location`` option allows the location of the repositories to be overridden; | |
121 | usually, the location is retrieved from the Kallithea database. |
|
121 | usually, the location is retrieved from the Kallithea database. | |
122 |
|
122 | |||
123 | The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list:: |
|
123 | The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list:: | |
124 |
|
124 | |||
125 | paster make-index my.ini --index-only=vcs,kallithea |
|
125 | paster make-index my.ini --index-only=vcs,kallithea | |
126 |
|
126 | |||
127 | To keep your index up-to-date it is necessary to do periodic index builds; |
|
127 | To keep your index up-to-date it is necessary to do periodic index builds; | |
128 | for this, it is recommended to use a crontab entry. Example:: |
|
128 | for this, it is recommended to use a crontab entry. Example:: | |
129 |
|
129 | |||
130 | 0 3 * * * /path/to/virtualenv/bin/paster make-index /path/to/kallithea/my.ini |
|
130 | 0 3 * * * /path/to/virtualenv/bin/paster make-index /path/to/kallithea/my.ini | |
131 |
|
131 | |||
132 | When using incremental mode (the default), Whoosh will check the last |
|
132 | When using incremental mode (the default), Whoosh will check the last | |
133 | modification date of each file and add it to be reindexed if a newer file is |
|
133 | modification date of each file and add it to be reindexed if a newer file is | |
134 | available. The indexing daemon checks for any removed files and removes them |
|
134 | available. The indexing daemon checks for any removed files and removes them | |
135 | from index. |
|
135 | from index. | |
136 |
|
136 | |||
137 | If you want to rebuild the index from scratch, you can use the ``-f`` flag as above, |
|
137 | If you want to rebuild the index from scratch, you can use the ``-f`` flag as above, | |
138 | or in the admin panel you can check the "build from scratch" checkbox. |
|
138 | or in the admin panel you can check the "build from scratch" checkbox. | |
139 |
|
139 | |||
140 | .. _ldap-setup: |
|
140 | .. _ldap-setup: | |
141 |
|
141 | |||
142 |
|
142 | |||
143 | Setting up LDAP support |
|
143 | Setting up LDAP support | |
144 | ----------------------- |
|
144 | ----------------------- | |
145 |
|
145 | |||
146 | Kallithea supports LDAP authentication. In order |
|
146 | Kallithea supports LDAP authentication. In order | |
147 | to use LDAP, you have to install the python-ldap_ package. This package is |
|
147 | to use LDAP, you have to install the python-ldap_ package. This package is | |
148 | available via PyPI, so you can install it by running:: |
|
148 | available via PyPI, so you can install it by running:: | |
149 |
|
149 | |||
150 | pip install python-ldap |
|
150 | pip install python-ldap | |
151 |
|
151 | |||
152 | .. note:: ``python-ldap`` requires some libraries to be installed on |
|
152 | .. note:: ``python-ldap`` requires some libraries to be installed on | |
153 | your system, so before installing it check that you have at |
|
153 | your system, so before installing it check that you have at | |
154 | least the ``openldap`` and ``sasl`` libraries. |
|
154 | least the ``openldap`` and ``sasl`` libraries. | |
155 |
|
155 | |||
156 | Choose *Admin > Authentication*, click the ``kallithea.lib.auth_modules.auth_ldap`` button |
|
156 | Choose *Admin > Authentication*, click the ``kallithea.lib.auth_modules.auth_ldap`` button | |
157 | and then *Save*, to enable the LDAP plugin and configure its settings. |
|
157 | and then *Save*, to enable the LDAP plugin and configure its settings. | |
158 |
|
158 | |||
159 | Here's a typical LDAP setup:: |
|
159 | Here's a typical LDAP setup:: | |
160 |
|
160 | |||
161 | Connection settings |
|
161 | Connection settings | |
162 | Enable LDAP = checked |
|
162 | Enable LDAP = checked | |
163 | Host = host.example.com |
|
163 | Host = host.example.com | |
164 | Account = <account> |
|
164 | Account = <account> | |
165 | Password = <password> |
|
165 | Password = <password> | |
166 | Connection Security = LDAPS connection |
|
166 | Connection Security = LDAPS connection | |
167 | Certificate Checks = DEMAND |
|
167 | Certificate Checks = DEMAND | |
168 |
|
168 | |||
169 | Search settings |
|
169 | Search settings | |
170 | Base DN = CN=users,DC=host,DC=example,DC=org |
|
170 | Base DN = CN=users,DC=host,DC=example,DC=org | |
171 | LDAP Filter = (&(objectClass=user)(!(objectClass=computer))) |
|
171 | LDAP Filter = (&(objectClass=user)(!(objectClass=computer))) | |
172 | LDAP Search Scope = SUBTREE |
|
172 | LDAP Search Scope = SUBTREE | |
173 |
|
173 | |||
174 | Attribute mappings |
|
174 | Attribute mappings | |
175 | Login Attribute = uid |
|
175 | Login Attribute = uid | |
176 | First Name Attribute = firstName |
|
176 | First Name Attribute = firstName | |
177 | Last Name Attribute = lastName |
|
177 | Last Name Attribute = lastName | |
178 | Email Attribute = mail |
|
178 | Email Attribute = mail | |
179 |
|
179 | |||
180 | If your user groups are placed in an Organisation Unit (OU) structure, the Search Settings configuration differs:: |
|
180 | If your user groups are placed in an Organisation Unit (OU) structure, the Search Settings configuration differs:: | |
181 |
|
181 | |||
182 | Search settings |
|
182 | Search settings | |
183 | Base DN = DC=host,DC=example,DC=org |
|
183 | Base DN = DC=host,DC=example,DC=org | |
184 | LDAP Filter = (&(memberOf=CN=your user group,OU=subunit,OU=unit,DC=host,DC=example,DC=org)(objectClass=user)) |
|
184 | LDAP Filter = (&(memberOf=CN=your user group,OU=subunit,OU=unit,DC=host,DC=example,DC=org)(objectClass=user)) | |
185 | LDAP Search Scope = SUBTREE |
|
185 | LDAP Search Scope = SUBTREE | |
186 |
|
186 | |||
187 | .. _enable_ldap: |
|
187 | .. _enable_ldap: | |
188 |
|
188 | |||
189 | Enable LDAP : required |
|
189 | Enable LDAP : required | |
190 | Whether to use LDAP for authenticating users. |
|
190 | Whether to use LDAP for authenticating users. | |
191 |
|
191 | |||
192 | .. _ldap_host: |
|
192 | .. _ldap_host: | |
193 |
|
193 | |||
194 | Host : required |
|
194 | Host : required | |
195 | LDAP server hostname or IP address. Can be also a comma separated |
|
195 | LDAP server hostname or IP address. Can be also a comma separated | |
196 | list of servers to support LDAP fail-over. |
|
196 | list of servers to support LDAP fail-over. | |
197 |
|
197 | |||
198 | .. _Port: |
|
198 | .. _Port: | |
199 |
|
199 | |||
200 | Port : optional |
|
200 | Port : optional | |
201 | Defaults to 389 for PLAIN un-encrypted LDAP and START_TLS. |
|
201 | Defaults to 389 for PLAIN un-encrypted LDAP and START_TLS. | |
202 | Defaults to 636 for LDAPS. |
|
202 | Defaults to 636 for LDAPS. | |
203 |
|
203 | |||
204 | .. _ldap_account: |
|
204 | .. _ldap_account: | |
205 |
|
205 | |||
206 | Account : optional |
|
206 | Account : optional | |
207 | Only required if the LDAP server does not allow anonymous browsing of |
|
207 | Only required if the LDAP server does not allow anonymous browsing of | |
208 | records. This should be a special account for record browsing. This |
|
208 | records. This should be a special account for record browsing. This | |
209 | will require `LDAP Password`_ below. |
|
209 | will require `LDAP Password`_ below. | |
210 |
|
210 | |||
211 | .. _LDAP Password: |
|
211 | .. _LDAP Password: | |
212 |
|
212 | |||
213 | Password : optional |
|
213 | Password : optional | |
214 | Only required if the LDAP server does not allow anonymous browsing of |
|
214 | Only required if the LDAP server does not allow anonymous browsing of | |
215 | records. |
|
215 | records. | |
216 |
|
216 | |||
217 | .. _Enable LDAPS: |
|
217 | .. _Enable LDAPS: | |
218 |
|
218 | |||
219 | Connection Security : required |
|
219 | Connection Security : required | |
220 | Defines the connection to LDAP server |
|
220 | Defines the connection to LDAP server | |
221 |
|
221 | |||
222 | PLAIN |
|
222 | PLAIN | |
223 | Plain unencrypted LDAP connection. |
|
223 | Plain unencrypted LDAP connection. | |
224 | This will by default use `Port`_ 389. |
|
224 | This will by default use `Port`_ 389. | |
225 |
|
225 | |||
226 | LDAPS |
|
226 | LDAPS | |
227 | Use secure LDAPS connections according to `Certificate |
|
227 | Use secure LDAPS connections according to `Certificate | |
228 | Checks`_ configuration. |
|
228 | Checks`_ configuration. | |
229 | This will by default use `Port`_ 636. |
|
229 | This will by default use `Port`_ 636. | |
230 |
|
230 | |||
231 | START_TLS |
|
231 | START_TLS | |
232 | Use START TLS according to `Certificate Checks`_ configuration on an |
|
232 | Use START TLS according to `Certificate Checks`_ configuration on an | |
233 | apparently "plain" LDAP connection. |
|
233 | apparently "plain" LDAP connection. | |
234 | This will by default use `Port`_ 389. |
|
234 | This will by default use `Port`_ 389. | |
235 |
|
235 | |||
236 | .. _Certificate Checks: |
|
236 | .. _Certificate Checks: | |
237 |
|
237 | |||
238 | Certificate Checks : optional |
|
238 | Certificate Checks : optional | |
239 | How SSL certificates verification is handled -- this is only useful when |
|
239 | How SSL certificates verification is handled -- this is only useful when | |
240 | `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security |
|
240 | `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security | |
241 | with mandatory certificate validation, while the other options are |
|
241 | with mandatory certificate validation, while the other options are | |
242 | susceptible to man-in-the-middle attacks. |
|
242 | susceptible to man-in-the-middle attacks. | |
243 |
|
243 | |||
244 | NEVER |
|
244 | NEVER | |
245 | A serve certificate will never be requested or checked. |
|
245 | A serve certificate will never be requested or checked. | |
246 |
|
246 | |||
247 | ALLOW |
|
247 | ALLOW | |
248 | A server certificate is requested. Failure to provide a |
|
248 | A server certificate is requested. Failure to provide a | |
249 | certificate or providing a bad certificate will not terminate the |
|
249 | certificate or providing a bad certificate will not terminate the | |
250 | session. |
|
250 | session. | |
251 |
|
251 | |||
252 | TRY |
|
252 | TRY | |
253 | A server certificate is requested. Failure to provide a |
|
253 | A server certificate is requested. Failure to provide a | |
254 | certificate does not halt the session; providing a bad certificate |
|
254 | certificate does not halt the session; providing a bad certificate | |
255 | halts the session. |
|
255 | halts the session. | |
256 |
|
256 | |||
257 | DEMAND |
|
257 | DEMAND | |
258 | A server certificate is requested and must be provided and |
|
258 | A server certificate is requested and must be provided and | |
259 | authenticated for the session to proceed. |
|
259 | authenticated for the session to proceed. | |
260 |
|
260 | |||
261 | HARD |
|
261 | HARD | |
262 | The same as DEMAND. |
|
262 | The same as DEMAND. | |
263 |
|
263 | |||
264 | .. _Custom CA Certificates: |
|
264 | .. _Custom CA Certificates: | |
265 |
|
265 | |||
266 | Custom CA Certificates : optional |
|
266 | Custom CA Certificates : optional | |
267 | Directory used by OpenSSL to find CAs for validating the LDAP server certificate. |
|
267 | Directory used by OpenSSL to find CAs for validating the LDAP server certificate. | |
268 | Python 2.7.10 and later default to using the system certificate store, and |
|
268 | Python 2.7.10 and later default to using the system certificate store, and | |
269 | this should thus not be necessary when using certificates signed by a CA |
|
269 | this should thus not be necessary when using certificates signed by a CA | |
270 | trusted by the system. |
|
270 | trusted by the system. | |
271 | It can be set to something like `/etc/openldap/cacerts` on older systems or |
|
271 | It can be set to something like `/etc/openldap/cacerts` on older systems or | |
272 | if using self-signed certificates. |
|
272 | if using self-signed certificates. | |
273 |
|
273 | |||
274 | .. _Base DN: |
|
274 | .. _Base DN: | |
275 |
|
275 | |||
276 | Base DN : required |
|
276 | Base DN : required | |
277 | The Distinguished Name (DN) where searches for users will be performed. |
|
277 | The Distinguished Name (DN) where searches for users will be performed. | |
278 | Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_. |
|
278 | Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_. | |
279 |
|
279 | |||
280 | .. _LDAP Filter: |
|
280 | .. _LDAP Filter: | |
281 |
|
281 | |||
282 | LDAP Filter : optional |
|
282 | LDAP Filter : optional | |
283 | A LDAP filter defined by RFC 2254. This is more useful when `LDAP |
|
283 | A LDAP filter defined by RFC 2254. This is more useful when `LDAP | |
284 | Search Scope`_ is set to SUBTREE. The filter is useful for limiting |
|
284 | Search Scope`_ is set to SUBTREE. The filter is useful for limiting | |
285 | which LDAP objects are identified as representing Users for |
|
285 | which LDAP objects are identified as representing Users for | |
286 | authentication. The filter is augmented by `Login Attribute`_ below. |
|
286 | authentication. The filter is augmented by `Login Attribute`_ below. | |
287 | This can commonly be left blank. |
|
287 | This can commonly be left blank. | |
288 |
|
288 | |||
289 | .. _LDAP Search Scope: |
|
289 | .. _LDAP Search Scope: | |
290 |
|
290 | |||
291 | LDAP Search Scope : required |
|
291 | LDAP Search Scope : required | |
292 | This limits how far LDAP will search for a matching object. |
|
292 | This limits how far LDAP will search for a matching object. | |
293 |
|
293 | |||
294 | BASE |
|
294 | BASE | |
295 | Only allows searching of `Base DN`_ and is usually not what you |
|
295 | Only allows searching of `Base DN`_ and is usually not what you | |
296 | want. |
|
296 | want. | |
297 |
|
297 | |||
298 | ONELEVEL |
|
298 | ONELEVEL | |
299 | Searches all entries under `Base DN`_, but not Base DN itself. |
|
299 | Searches all entries under `Base DN`_, but not Base DN itself. | |
300 |
|
300 | |||
301 | SUBTREE |
|
301 | SUBTREE | |
302 | Searches all entries below `Base DN`_, but not Base DN itself. |
|
302 | Searches all entries below `Base DN`_, but not Base DN itself. | |
303 | When using SUBTREE `LDAP Filter`_ is useful to limit object |
|
303 | When using SUBTREE `LDAP Filter`_ is useful to limit object | |
304 | location. |
|
304 | location. | |
305 |
|
305 | |||
306 | .. _Login Attribute: |
|
306 | .. _Login Attribute: | |
307 |
|
307 | |||
308 | Login Attribute : required |
|
308 | Login Attribute : required | |
309 | The LDAP record attribute that will be matched as the USERNAME or |
|
309 | The LDAP record attribute that will be matched as the USERNAME or | |
310 | ACCOUNT used to connect to Kallithea. This will be added to `LDAP |
|
310 | ACCOUNT used to connect to Kallithea. This will be added to `LDAP | |
311 | Filter`_ for locating the User object. If `LDAP Filter`_ is specified as |
|
311 | Filter`_ for locating the User object. If `LDAP Filter`_ is specified as | |
312 | "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has |
|
312 | "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has | |
313 | connected as "jsmith" then the `LDAP Filter`_ will be augmented as below |
|
313 | connected as "jsmith" then the `LDAP Filter`_ will be augmented as below | |
314 | :: |
|
314 | :: | |
315 |
|
315 | |||
316 | (&(LDAPFILTER)(uid=jsmith)) |
|
316 | (&(LDAPFILTER)(uid=jsmith)) | |
317 |
|
317 | |||
318 | .. _ldap_attr_firstname: |
|
318 | .. _ldap_attr_firstname: | |
319 |
|
319 | |||
320 | First Name Attribute : required |
|
320 | First Name Attribute : required | |
321 | The LDAP record attribute which represents the user's first name. |
|
321 | The LDAP record attribute which represents the user's first name. | |
322 |
|
322 | |||
323 | .. _ldap_attr_lastname: |
|
323 | .. _ldap_attr_lastname: | |
324 |
|
324 | |||
325 | Last Name Attribute : required |
|
325 | Last Name Attribute : required | |
326 | The LDAP record attribute which represents the user's last name. |
|
326 | The LDAP record attribute which represents the user's last name. | |
327 |
|
327 | |||
328 | .. _ldap_attr_email: |
|
328 | .. _ldap_attr_email: | |
329 |
|
329 | |||
330 | Email Attribute : required |
|
330 | Email Attribute : required | |
331 | The LDAP record attribute which represents the user's email address. |
|
331 | The LDAP record attribute which represents the user's email address. | |
332 |
|
332 | |||
333 | If all data are entered correctly, and python-ldap_ is properly installed |
|
333 | If all data are entered correctly, and python-ldap_ is properly installed | |
334 | users should be granted access to Kallithea with LDAP accounts. At this |
|
334 | users should be granted access to Kallithea with LDAP accounts. At this | |
335 | time user information is copied from LDAP into the Kallithea user database. |
|
335 | time user information is copied from LDAP into the Kallithea user database. | |
336 | This means that updates of an LDAP user object may not be reflected as a |
|
336 | This means that updates of an LDAP user object may not be reflected as a | |
337 | user update in Kallithea. |
|
337 | user update in Kallithea. | |
338 |
|
338 | |||
339 | If You have problems with LDAP access and believe You entered correct |
|
339 | If You have problems with LDAP access and believe You entered correct | |
340 | information check out the Kallithea logs, any error messages sent from LDAP |
|
340 | information check out the Kallithea logs, any error messages sent from LDAP | |
341 | will be saved there. |
|
341 | will be saved there. | |
342 |
|
342 | |||
343 | Active Directory |
|
343 | Active Directory | |
344 | ^^^^^^^^^^^^^^^^ |
|
344 | ^^^^^^^^^^^^^^^^ | |
345 |
|
345 | |||
346 | Kallithea can use Microsoft Active Directory for user authentication. This |
|
346 | Kallithea can use Microsoft Active Directory for user authentication. This | |
347 | is done through an LDAP or LDAPS connection to Active Directory. The |
|
347 | is done through an LDAP or LDAPS connection to Active Directory. The | |
348 | following LDAP configuration settings are typical for using Active |
|
348 | following LDAP configuration settings are typical for using Active | |
349 | Directory :: |
|
349 | Directory :: | |
350 |
|
350 | |||
351 | Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local |
|
351 | Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local | |
352 | Login Attribute = sAMAccountName |
|
352 | Login Attribute = sAMAccountName | |
353 | First Name Attribute = givenName |
|
353 | First Name Attribute = givenName | |
354 | Last Name Attribute = sn |
|
354 | Last Name Attribute = sn | |
355 | Email Attribute = mail |
|
355 | Email Attribute = mail | |
356 |
|
356 | |||
357 | All other LDAP settings will likely be site-specific and should be |
|
357 | All other LDAP settings will likely be site-specific and should be | |
358 | appropriately configured. |
|
358 | appropriately configured. | |
359 |
|
359 | |||
360 |
|
360 | |||
361 | Authentication by container or reverse-proxy |
|
361 | Authentication by container or reverse-proxy | |
362 | -------------------------------------------- |
|
362 | -------------------------------------------- | |
363 |
|
363 | |||
364 | Kallithea supports delegating the authentication |
|
364 | Kallithea supports delegating the authentication | |
365 | of users to its WSGI container, or to a reverse-proxy server through which all |
|
365 | of users to its WSGI container, or to a reverse-proxy server through which all | |
366 | clients access the application. |
|
366 | clients access the application. | |
367 |
|
367 | |||
368 | When these authentication methods are enabled in Kallithea, it uses the |
|
368 | When these authentication methods are enabled in Kallithea, it uses the | |
369 | username that the container/proxy (Apache or Nginx, etc.) provides and doesn't |
|
369 | username that the container/proxy (Apache or Nginx, etc.) provides and doesn't | |
370 | perform the authentication itself. The authorization, however, is still done by |
|
370 | perform the authentication itself. The authorization, however, is still done by | |
371 | Kallithea according to its settings. |
|
371 | Kallithea according to its settings. | |
372 |
|
372 | |||
373 | When a user logs in for the first time using these authentication methods, |
|
373 | When a user logs in for the first time using these authentication methods, | |
374 | a matching user account is created in Kallithea with default permissions. An |
|
374 | a matching user account is created in Kallithea with default permissions. An | |
375 | administrator can then modify it using Kallithea's admin interface. |
|
375 | administrator can then modify it using Kallithea's admin interface. | |
376 |
|
376 | |||
377 | It's also possible for an administrator to create accounts and configure their |
|
377 | It's also possible for an administrator to create accounts and configure their | |
378 | permissions before the user logs in for the first time, using the :ref:`create-user` API. |
|
378 | permissions before the user logs in for the first time, using the :ref:`create-user` API. | |
379 |
|
379 | |||
380 | Container-based authentication |
|
380 | Container-based authentication | |
381 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
381 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
382 |
|
382 | |||
383 | In a container-based authentication setup, Kallithea reads the user name from |
|
383 | In a container-based authentication setup, Kallithea reads the user name from | |
384 | the ``REMOTE_USER`` server variable provided by the WSGI container. |
|
384 | the ``REMOTE_USER`` server variable provided by the WSGI container. | |
385 |
|
385 | |||
386 | After setting up your container (see `Apache with mod_wsgi`_), you'll need |
|
386 | After setting up your container (see `Apache with mod_wsgi`_), you'll need | |
387 | to configure it to require authentication on the location configured for |
|
387 | to configure it to require authentication on the location configured for | |
388 | Kallithea. |
|
388 | Kallithea. | |
389 |
|
389 | |||
390 | Proxy pass-through authentication |
|
390 | Proxy pass-through authentication | |
391 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
391 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
392 |
|
392 | |||
393 | In a proxy pass-through authentication setup, Kallithea reads the user name |
|
393 | In a proxy pass-through authentication setup, Kallithea reads the user name | |
394 | from the ``X-Forwarded-User`` request header, which should be configured to be |
|
394 | from the ``X-Forwarded-User`` request header, which should be configured to be | |
395 | sent by the reverse-proxy server. |
|
395 | sent by the reverse-proxy server. | |
396 |
|
396 | |||
397 | After setting up your proxy solution (see `Apache virtual host reverse proxy example`_, |
|
397 | After setting up your proxy solution (see `Apache virtual host reverse proxy example`_, | |
398 | `Apache as subdirectory`_ or `Nginx virtual host example`_), you'll need to |
|
398 | `Apache as subdirectory`_ or `Nginx virtual host example`_), you'll need to | |
399 | configure the authentication and add the username in a request header named |
|
399 | configure the authentication and add the username in a request header named | |
400 | ``X-Forwarded-User``. |
|
400 | ``X-Forwarded-User``. | |
401 |
|
401 | |||
402 | For example, the following config section for Apache sets a subdirectory in a |
|
402 | For example, the following config section for Apache sets a subdirectory in a | |
403 | reverse-proxy setup with basic auth: |
|
403 | reverse-proxy setup with basic auth: | |
404 |
|
404 | |||
405 | .. code-block:: apache |
|
405 | .. code-block:: apache | |
406 |
|
406 | |||
407 | <Location /someprefix> |
|
407 | <Location /someprefix> | |
408 | ProxyPass http://127.0.0.1:5000/someprefix |
|
408 | ProxyPass http://127.0.0.1:5000/someprefix | |
409 | ProxyPassReverse http://127.0.0.1:5000/someprefix |
|
409 | ProxyPassReverse http://127.0.0.1:5000/someprefix | |
410 | SetEnvIf X-Url-Scheme https HTTPS=1 |
|
410 | SetEnvIf X-Url-Scheme https HTTPS=1 | |
411 |
|
411 | |||
412 | AuthType Basic |
|
412 | AuthType Basic | |
413 | AuthName "Kallithea authentication" |
|
413 | AuthName "Kallithea authentication" | |
414 | AuthUserFile /srv/kallithea/.htpasswd |
|
414 | AuthUserFile /srv/kallithea/.htpasswd | |
415 | Require valid-user |
|
415 | Require valid-user | |
416 |
|
416 | |||
417 | RequestHeader unset X-Forwarded-User |
|
417 | RequestHeader unset X-Forwarded-User | |
418 |
|
418 | |||
419 | RewriteEngine On |
|
419 | RewriteEngine On | |
420 | RewriteCond %{LA-U:REMOTE_USER} (.+) |
|
420 | RewriteCond %{LA-U:REMOTE_USER} (.+) | |
421 | RewriteRule .* - [E=RU:%1] |
|
421 | RewriteRule .* - [E=RU:%1] | |
422 | RequestHeader set X-Forwarded-User %{RU}e |
|
422 | RequestHeader set X-Forwarded-User %{RU}e | |
423 | </Location> |
|
423 | </Location> | |
424 |
|
424 | |||
425 | Setting metadata in container/reverse-proxy |
|
425 | Setting metadata in container/reverse-proxy | |
426 | """"""""""""""""""""""""""""""""""""""""""" |
|
426 | """"""""""""""""""""""""""""""""""""""""""" | |
427 | When a new user account is created on the first login, Kallithea has no information about |
|
427 | When a new user account is created on the first login, Kallithea has no information about | |
428 | the user's email and full name. So you can set some additional request headers like in the |
|
428 | the user's email and full name. So you can set some additional request headers like in the | |
429 | example below. In this example the user is authenticated via Kerberos and an Apache |
|
429 | example below. In this example the user is authenticated via Kerberos and an Apache | |
430 | mod_python fixup handler is used to get the user information from a LDAP server. But you |
|
430 | mod_python fixup handler is used to get the user information from a LDAP server. But you | |
431 | could set the request headers however you want. |
|
431 | could set the request headers however you want. | |
432 |
|
432 | |||
433 | .. code-block:: apache |
|
433 | .. code-block:: apache | |
434 |
|
434 | |||
435 | <Location /someprefix> |
|
435 | <Location /someprefix> | |
436 | ProxyPass http://127.0.0.1:5000/someprefix |
|
436 | ProxyPass http://127.0.0.1:5000/someprefix | |
437 | ProxyPassReverse http://127.0.0.1:5000/someprefix |
|
437 | ProxyPassReverse http://127.0.0.1:5000/someprefix | |
438 | SetEnvIf X-Url-Scheme https HTTPS=1 |
|
438 | SetEnvIf X-Url-Scheme https HTTPS=1 | |
439 |
|
439 | |||
440 | AuthName "Kerberos Login" |
|
440 | AuthName "Kerberos Login" | |
441 | AuthType Kerberos |
|
441 | AuthType Kerberos | |
442 | Krb5Keytab /etc/apache2/http.keytab |
|
442 | Krb5Keytab /etc/apache2/http.keytab | |
443 | KrbMethodK5Passwd off |
|
443 | KrbMethodK5Passwd off | |
444 | KrbVerifyKDC on |
|
444 | KrbVerifyKDC on | |
445 | Require valid-user |
|
445 | Require valid-user | |
446 |
|
446 | |||
447 | PythonFixupHandler ldapmetadata |
|
447 | PythonFixupHandler ldapmetadata | |
448 |
|
448 | |||
449 | RequestHeader set X_REMOTE_USER %{X_REMOTE_USER}e |
|
449 | RequestHeader set X_REMOTE_USER %{X_REMOTE_USER}e | |
450 | RequestHeader set X_REMOTE_EMAIL %{X_REMOTE_EMAIL}e |
|
450 | RequestHeader set X_REMOTE_EMAIL %{X_REMOTE_EMAIL}e | |
451 | RequestHeader set X_REMOTE_FIRSTNAME %{X_REMOTE_FIRSTNAME}e |
|
451 | RequestHeader set X_REMOTE_FIRSTNAME %{X_REMOTE_FIRSTNAME}e | |
452 | RequestHeader set X_REMOTE_LASTNAME %{X_REMOTE_LASTNAME}e |
|
452 | RequestHeader set X_REMOTE_LASTNAME %{X_REMOTE_LASTNAME}e | |
453 | </Location> |
|
453 | </Location> | |
454 |
|
454 | |||
455 | .. code-block:: python |
|
455 | .. code-block:: python | |
456 |
|
456 | |||
457 | from mod_python import apache |
|
457 | from mod_python import apache | |
458 | import ldap |
|
458 | import ldap | |
459 |
|
459 | |||
460 | LDAP_SERVER = "ldap://server.mydomain.com:389" |
|
460 | LDAP_SERVER = "ldap://server.mydomain.com:389" | |
461 | LDAP_USER = "" |
|
461 | LDAP_USER = "" | |
462 | LDAP_PASS = "" |
|
462 | LDAP_PASS = "" | |
463 | LDAP_ROOT = "dc=mydomain,dc=com" |
|
463 | LDAP_ROOT = "dc=mydomain,dc=com" | |
464 | LDAP_FILTER = "sAMAccountName=%s" |
|
464 | LDAP_FILTER = "sAMAccountName=%s" | |
465 | LDAP_ATTR_LIST = ['sAMAccountName','givenname','sn','mail'] |
|
465 | LDAP_ATTR_LIST = ['sAMAccountName','givenname','sn','mail'] | |
466 |
|
466 | |||
467 | def fixuphandler(req): |
|
467 | def fixuphandler(req): | |
468 | if req.user is None: |
|
468 | if req.user is None: | |
469 | # no user to search for |
|
469 | # no user to search for | |
470 | return apache.OK |
|
470 | return apache.OK | |
471 | else: |
|
471 | else: | |
472 | try: |
|
472 | try: | |
473 | if('\\' in req.user): |
|
473 | if('\\' in req.user): | |
474 | username = req.user.split('\\')[1] |
|
474 | username = req.user.split('\\')[1] | |
475 | elif('@' in req.user): |
|
475 | elif('@' in req.user): | |
476 | username = req.user.split('@')[0] |
|
476 | username = req.user.split('@')[0] | |
477 | else: |
|
477 | else: | |
478 | username = req.user |
|
478 | username = req.user | |
479 | l = ldap.initialize(LDAP_SERVER) |
|
479 | l = ldap.initialize(LDAP_SERVER) | |
480 | l.simple_bind_s(LDAP_USER, LDAP_PASS) |
|
480 | l.simple_bind_s(LDAP_USER, LDAP_PASS) | |
481 | r = l.search_s(LDAP_ROOT, ldap.SCOPE_SUBTREE, LDAP_FILTER % username, attrlist=LDAP_ATTR_LIST) |
|
481 | r = l.search_s(LDAP_ROOT, ldap.SCOPE_SUBTREE, LDAP_FILTER % username, attrlist=LDAP_ATTR_LIST) | |
482 |
|
482 | |||
483 | req.subprocess_env['X_REMOTE_USER'] = username |
|
483 | req.subprocess_env['X_REMOTE_USER'] = username | |
484 | req.subprocess_env['X_REMOTE_EMAIL'] = r[0][1]['mail'][0].lower() |
|
484 | req.subprocess_env['X_REMOTE_EMAIL'] = r[0][1]['mail'][0].lower() | |
485 | req.subprocess_env['X_REMOTE_FIRSTNAME'] = "%s" % r[0][1]['givenname'][0] |
|
485 | req.subprocess_env['X_REMOTE_FIRSTNAME'] = "%s" % r[0][1]['givenname'][0] | |
486 | req.subprocess_env['X_REMOTE_LASTNAME'] = "%s" % r[0][1]['sn'][0] |
|
486 | req.subprocess_env['X_REMOTE_LASTNAME'] = "%s" % r[0][1]['sn'][0] | |
487 | except Exception, e: |
|
487 | except Exception, e: | |
488 | apache.log_error("error getting data from ldap %s" % str(e), apache.APLOG_ERR) |
|
488 | apache.log_error("error getting data from ldap %s" % str(e), apache.APLOG_ERR) | |
489 |
|
489 | |||
490 | return apache.OK |
|
490 | return apache.OK | |
491 |
|
491 | |||
492 | .. note:: |
|
492 | .. note:: | |
493 | If you enable proxy pass-through authentication, make sure your server is |
|
493 | If you enable proxy pass-through authentication, make sure your server is | |
494 | only accessible through the proxy. Otherwise, any client would be able to |
|
494 | only accessible through the proxy. Otherwise, any client would be able to | |
495 | forge the authentication header and could effectively become authenticated |
|
495 | forge the authentication header and could effectively become authenticated | |
496 | using any account of their liking. |
|
496 | using any account of their liking. | |
497 |
|
497 | |||
498 |
|
498 | |||
499 | Integration with issue trackers |
|
499 | Integration with issue trackers | |
500 | ------------------------------- |
|
500 | ------------------------------- | |
501 |
|
501 | |||
502 | Kallithea provides a simple integration with issue trackers. It's possible |
|
502 | Kallithea provides a simple integration with issue trackers. It's possible | |
503 | to define a regular expression that will match an issue ID in commit messages, |
|
503 | to define a regular expression that will match an issue ID in commit messages, | |
504 | and have that replaced with a URL to the issue. To enable this simply |
|
504 | and have that replaced with a URL to the issue. To enable this simply | |
505 | uncomment the following variables in the ini file:: |
|
505 | uncomment the following variables in the ini file:: | |
506 |
|
506 | |||
507 | issue_pat = (?:^#|\s#)(\w+) |
|
507 | issue_pat = (?:^#|\s#)(\w+) | |
508 | issue_server_link = https://issues.example.com/{repo}/issue/{id} |
|
508 | issue_server_link = https://issues.example.com/{repo}/issue/{id} | |
509 | issue_prefix = # |
|
509 | issue_prefix = # | |
510 |
|
510 | |||
511 | ``issue_pat`` is the regular expression describing which strings in |
|
511 | ``issue_pat`` is the regular expression describing which strings in | |
512 | commit messages will be treated as issue references. A match group in |
|
512 | commit messages will be treated as issue references. A match group in | |
513 | parentheses should be used to specify the actual issue id. |
|
513 | parentheses should be used to specify the actual issue id. | |
514 |
|
514 | |||
515 | The default expression matches issues in the format ``#<number>``, e.g., ``#300``. |
|
515 | The default expression matches issues in the format ``#<number>``, e.g., ``#300``. | |
516 |
|
516 | |||
517 | Matched issue references are replaced with the link specified in |
|
517 | Matched issue references are replaced with the link specified in | |
518 | ``issue_server_link``. ``{id}`` is replaced with the issue ID, and |
|
518 | ``issue_server_link``. ``{id}`` is replaced with the issue ID, and | |
519 | ``{repo}`` with the repository name. Since the # is stripped away, |
|
519 | ``{repo}`` with the repository name. Since the # is stripped away, | |
520 | ``issue_prefix`` is prepended to the link text. ``issue_prefix`` doesn't |
|
520 | ``issue_prefix`` is prepended to the link text. ``issue_prefix`` doesn't | |
521 | necessarily need to be ``#``: if you set issue prefix to ``ISSUE-`` this will |
|
521 | necessarily need to be ``#``: if you set issue prefix to ``ISSUE-`` this will | |
522 | generate a URL in the format: |
|
522 | generate a URL in the format: | |
523 |
|
523 | |||
524 | .. code-block:: html |
|
524 | .. code-block:: html | |
525 |
|
525 | |||
526 | <a href="https://issues.example.com/example_repo/issue/300">ISSUE-300</a> |
|
526 | <a href="https://issues.example.com/example_repo/issue/300">ISSUE-300</a> | |
527 |
|
527 | |||
528 | If needed, more than one pattern can be specified by appending a unique suffix to |
|
528 | If needed, more than one pattern can be specified by appending a unique suffix to | |
529 | the variables. For example:: |
|
529 | the variables. For example:: | |
530 |
|
530 | |||
531 | issue_pat_wiki = (?:wiki-)(.+) |
|
531 | issue_pat_wiki = (?:wiki-)(.+) | |
532 | issue_server_link_wiki = https://wiki.example.com/{id} |
|
532 | issue_server_link_wiki = https://wiki.example.com/{id} | |
533 | issue_prefix_wiki = WIKI- |
|
533 | issue_prefix_wiki = WIKI- | |
534 |
|
534 | |||
535 | With these settings, wiki pages can be referenced as wiki-some-id, and every |
|
535 | With these settings, wiki pages can be referenced as wiki-some-id, and every | |
536 | such reference will be transformed into: |
|
536 | such reference will be transformed into: | |
537 |
|
537 | |||
538 | .. code-block:: html |
|
538 | .. code-block:: html | |
539 |
|
539 | |||
540 | <a href="https://wiki.example.com/some-id">WIKI-some-id</a> |
|
540 | <a href="https://wiki.example.com/some-id">WIKI-some-id</a> | |
541 |
|
541 | |||
542 |
|
542 | |||
543 | Hook management |
|
543 | Hook management | |
544 | --------------- |
|
544 | --------------- | |
545 |
|
545 | |||
546 | Hooks can be managed in similar way to that used in ``.hgrc`` files. |
|
546 | Hooks can be managed in similar way to that used in ``.hgrc`` files. | |
547 | To manage hooks, choose *Admin > Settings > Hooks*. |
|
547 | To manage hooks, choose *Admin > Settings > Hooks*. | |
548 |
|
548 | |||
549 | The built-in hooks cannot be modified, though they can be enabled or disabled in the *VCS* section. |
|
549 | The built-in hooks cannot be modified, though they can be enabled or disabled in the *VCS* section. | |
550 |
|
550 | |||
551 | To add another custom hook simply fill in the first textbox with |
|
551 | To add another custom hook simply fill in the first textbox with | |
552 | ``<name>.<hook_type>`` and the second with the hook path. Example hooks |
|
552 | ``<name>.<hook_type>`` and the second with the hook path. Example hooks | |
553 | can be found in ``kallithea.lib.hooks``. |
|
553 | can be found in ``kallithea.lib.hooks``. | |
554 |
|
554 | |||
555 |
|
555 | |||
556 | Changing default encoding |
|
556 | Changing default encoding | |
557 | ------------------------- |
|
557 | ------------------------- | |
558 |
|
558 | |||
559 | By default, Kallithea uses UTF-8 encoding. |
|
559 | By default, Kallithea uses UTF-8 encoding. | |
560 | This is configurable as ``default_encoding`` in the .ini file. |
|
560 | This is configurable as ``default_encoding`` in the .ini file. | |
561 | This affects many parts in Kallithea including user names, filenames, and |
|
561 | This affects many parts in Kallithea including user names, filenames, and | |
562 | encoding of commit messages. In addition Kallithea can detect if the ``chardet`` |
|
562 | encoding of commit messages. In addition Kallithea can detect if the ``chardet`` | |
563 | library is installed. If ``chardet`` is detected Kallithea will fallback to it |
|
563 | library is installed. If ``chardet`` is detected Kallithea will fallback to it | |
564 | when there are encode/decode errors. |
|
564 | when there are encode/decode errors. | |
565 |
|
565 | |||
566 |
|
566 | |||
567 | Celery configuration |
|
567 | Celery configuration | |
568 | -------------------- |
|
568 | -------------------- | |
569 |
|
569 | |||
570 | Kallithea can use the distributed task queue system Celery_ to run tasks like |
|
570 | Kallithea can use the distributed task queue system Celery_ to run tasks like | |
571 | cloning repositories or sending emails. |
|
571 | cloning repositories or sending emails. | |
572 |
|
572 | |||
573 | Kallithea will in most setups work perfectly fine out of the box (without |
|
573 | Kallithea will in most setups work perfectly fine out of the box (without | |
574 | Celery), executing all tasks in the web server process. Some tasks can however |
|
574 | Celery), executing all tasks in the web server process. Some tasks can however | |
575 | take some time to run and it can be better to run such tasks asynchronously in |
|
575 | take some time to run and it can be better to run such tasks asynchronously in | |
576 | a separate process so the web server can focus on serving web requests. |
|
576 | a separate process so the web server can focus on serving web requests. | |
577 |
|
577 | |||
578 | For installation and configuration of Celery, see the `Celery documentation`_. |
|
578 | For installation and configuration of Celery, see the `Celery documentation`_. | |
579 | Note that Celery requires a message broker service like RabbitMQ_ (recommended) |
|
579 | Note that Celery requires a message broker service like RabbitMQ_ (recommended) | |
580 | or Redis_. |
|
580 | or Redis_. | |
581 |
|
581 | |||
582 | The use of Celery is configured in the Kallithea ini configuration file. |
|
582 | The use of Celery is configured in the Kallithea ini configuration file. | |
583 | To enable it, simply set:: |
|
583 | To enable it, simply set:: | |
584 |
|
584 | |||
585 | use_celery = true |
|
585 | use_celery = true | |
586 |
|
586 | |||
587 | and add or change the ``celery.*`` and ``broker.*`` configuration variables. |
|
587 | and add or change the ``celery.*`` and ``broker.*`` configuration variables. | |
588 |
|
588 | |||
589 | Remember that the ini files use the format with '.' and not with '_' like |
|
589 | Remember that the ini files use the format with '.' and not with '_' like | |
590 | Celery. So for example setting `BROKER_HOST` in Celery means setting |
|
590 | Celery. So for example setting `BROKER_HOST` in Celery means setting | |
591 | `broker.host` in the configuration file. |
|
591 | `broker.host` in the configuration file. | |
592 |
|
592 | |||
593 | To start the Celery process, run:: |
|
593 | To start the Celery process, run:: | |
594 |
|
594 | |||
595 | paster celeryd <configfile.ini> |
|
595 | paster celeryd <configfile.ini> | |
596 |
|
596 | |||
597 | .. note:: |
|
597 | .. note:: | |
598 | Make sure you run this command from the same virtualenv, and with the same |
|
598 | Make sure you run this command from the same virtualenv, and with the same | |
599 | user that Kallithea runs. |
|
599 | user that Kallithea runs. | |
600 |
|
600 | |||
601 |
|
601 | |||
602 | HTTPS support |
|
602 | HTTPS support | |
603 | ------------- |
|
603 | ------------- | |
604 |
|
604 | |||
605 | Kallithea will by default generate URLs based on the WSGI environment. |
|
605 | Kallithea will by default generate URLs based on the WSGI environment. | |
606 |
|
606 | |||
607 | Alternatively, you can use some special configuration settings to control |
|
607 | Alternatively, you can use some special configuration settings to control | |
608 | directly which scheme/protocol Kallithea will use when generating URLs: |
|
608 | directly which scheme/protocol Kallithea will use when generating URLs: | |
609 |
|
609 | |||
610 | - With ``https_fixup = true``, the scheme will be taken from the |
|
610 | - With ``https_fixup = true``, the scheme will be taken from the | |
611 | ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header |
|
611 | ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header | |
612 | (default ``http``). |
|
612 | (default ``http``). | |
613 | - With ``force_https = true`` the default will be ``https``. |
|
613 | - With ``force_https = true`` the default will be ``https``. | |
614 | - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https. |
|
614 | - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https. | |
615 |
|
615 | |||
616 |
|
616 | |||
617 | Nginx virtual host example |
|
617 | Nginx virtual host example | |
618 | -------------------------- |
|
618 | -------------------------- | |
619 |
|
619 | |||
620 | Sample config for Nginx using proxy: |
|
620 | Sample config for Nginx using proxy: | |
621 |
|
621 | |||
622 | .. code-block:: nginx |
|
622 | .. code-block:: nginx | |
623 |
|
623 | |||
624 | upstream kallithea { |
|
624 | upstream kallithea { | |
625 | server 127.0.0.1:5000; |
|
625 | server 127.0.0.1:5000; | |
626 | # add more instances for load balancing |
|
626 | # add more instances for load balancing | |
627 | #server 127.0.0.1:5001; |
|
627 | #server 127.0.0.1:5001; | |
628 | #server 127.0.0.1:5002; |
|
628 | #server 127.0.0.1:5002; | |
629 | } |
|
629 | } | |
630 |
|
630 | |||
631 | ## gist alias |
|
631 | ## gist alias | |
632 | server { |
|
632 | server { | |
633 | listen 443; |
|
633 | listen 443; | |
634 | server_name gist.example.com; |
|
634 | server_name gist.example.com; | |
635 | access_log /var/log/nginx/gist.access.log; |
|
635 | access_log /var/log/nginx/gist.access.log; | |
636 | error_log /var/log/nginx/gist.error.log; |
|
636 | error_log /var/log/nginx/gist.error.log; | |
637 |
|
637 | |||
638 | ssl on; |
|
638 | ssl on; | |
639 | ssl_certificate gist.your.kallithea.server.crt; |
|
639 | ssl_certificate gist.your.kallithea.server.crt; | |
640 | ssl_certificate_key gist.your.kallithea.server.key; |
|
640 | ssl_certificate_key gist.your.kallithea.server.key; | |
641 |
|
641 | |||
642 | ssl_session_timeout 5m; |
|
642 | ssl_session_timeout 5m; | |
643 |
|
643 | |||
644 | ssl_protocols SSLv3 TLSv1; |
|
644 | ssl_protocols SSLv3 TLSv1; | |
645 | ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5; |
|
645 | ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5; | |
646 | ssl_prefer_server_ciphers on; |
|
646 | ssl_prefer_server_ciphers on; | |
647 |
|
647 | |||
648 | rewrite ^/(.+)$ https://kallithea.example.com/_admin/gists/$1; |
|
648 | rewrite ^/(.+)$ https://kallithea.example.com/_admin/gists/$1; | |
649 | rewrite (.*) https://kallithea.example.com/_admin/gists; |
|
649 | rewrite (.*) https://kallithea.example.com/_admin/gists; | |
650 | } |
|
650 | } | |
651 |
|
651 | |||
652 | server { |
|
652 | server { | |
653 | listen 443; |
|
653 | listen 443; | |
654 | server_name kallithea.example.com |
|
654 | server_name kallithea.example.com | |
655 | access_log /var/log/nginx/kallithea.access.log; |
|
655 | access_log /var/log/nginx/kallithea.access.log; | |
656 | error_log /var/log/nginx/kallithea.error.log; |
|
656 | error_log /var/log/nginx/kallithea.error.log; | |
657 |
|
657 | |||
658 | ssl on; |
|
658 | ssl on; | |
659 | ssl_certificate your.kallithea.server.crt; |
|
659 | ssl_certificate your.kallithea.server.crt; | |
660 | ssl_certificate_key your.kallithea.server.key; |
|
660 | ssl_certificate_key your.kallithea.server.key; | |
661 |
|
661 | |||
662 | ssl_session_timeout 5m; |
|
662 | ssl_session_timeout 5m; | |
663 |
|
663 | |||
664 | ssl_protocols SSLv3 TLSv1; |
|
664 | ssl_protocols SSLv3 TLSv1; | |
665 | ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5; |
|
665 | ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5; | |
666 | ssl_prefer_server_ciphers on; |
|
666 | ssl_prefer_server_ciphers on; | |
667 |
|
667 | |||
668 | ## uncomment root directive if you want to serve static files by nginx |
|
668 | ## uncomment root directive if you want to serve static files by nginx | |
669 | ## requires static_files = false in .ini file |
|
669 | ## requires static_files = false in .ini file | |
670 | #root /srv/kallithea/kallithea/kallithea/public; |
|
670 | #root /srv/kallithea/kallithea/kallithea/public; | |
671 | include /etc/nginx/proxy.conf; |
|
671 | include /etc/nginx/proxy.conf; | |
672 | location / { |
|
672 | location / { | |
673 | try_files $uri @kallithea; |
|
673 | try_files $uri @kallithea; | |
674 | } |
|
674 | } | |
675 |
|
675 | |||
676 | location @kallithea { |
|
676 | location @kallithea { | |
677 | proxy_pass http://127.0.0.1:5000; |
|
677 | proxy_pass http://127.0.0.1:5000; | |
678 | } |
|
678 | } | |
679 |
|
679 | |||
680 | } |
|
680 | } | |
681 |
|
681 | |||
682 | Here's the proxy.conf. It's tuned so it will not timeout on long |
|
682 | Here's the proxy.conf. It's tuned so it will not timeout on long | |
683 | pushes or large pushes:: |
|
683 | pushes or large pushes:: | |
684 |
|
684 | |||
685 | proxy_redirect off; |
|
685 | proxy_redirect off; | |
686 | proxy_set_header Host $host; |
|
686 | proxy_set_header Host $host; | |
687 | ## needed for container auth |
|
687 | ## needed for container auth | |
688 | #proxy_set_header REMOTE_USER $remote_user; |
|
688 | #proxy_set_header REMOTE_USER $remote_user; | |
689 | #proxy_set_header X-Forwarded-User $remote_user; |
|
689 | #proxy_set_header X-Forwarded-User $remote_user; | |
690 | proxy_set_header X-Url-Scheme $scheme; |
|
690 | proxy_set_header X-Url-Scheme $scheme; | |
691 | proxy_set_header X-Host $http_host; |
|
691 | proxy_set_header X-Host $http_host; | |
692 | proxy_set_header X-Real-IP $remote_addr; |
|
692 | proxy_set_header X-Real-IP $remote_addr; | |
693 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
693 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
694 | proxy_set_header Proxy-host $proxy_host; |
|
694 | proxy_set_header Proxy-host $proxy_host; | |
695 | proxy_buffering off; |
|
695 | proxy_buffering off; | |
696 | proxy_connect_timeout 7200; |
|
696 | proxy_connect_timeout 7200; | |
697 | proxy_send_timeout 7200; |
|
697 | proxy_send_timeout 7200; | |
698 | proxy_read_timeout 7200; |
|
698 | proxy_read_timeout 7200; | |
699 | proxy_buffers 8 32k; |
|
699 | proxy_buffers 8 32k; | |
700 | client_max_body_size 1024m; |
|
700 | client_max_body_size 1024m; | |
701 | client_body_buffer_size 128k; |
|
701 | client_body_buffer_size 128k; | |
702 | large_client_header_buffers 8 64k; |
|
702 | large_client_header_buffers 8 64k; | |
703 |
|
703 | |||
704 |
|
704 | |||
705 | Apache virtual host reverse proxy example |
|
705 | Apache virtual host reverse proxy example | |
706 | ----------------------------------------- |
|
706 | ----------------------------------------- | |
707 |
|
707 | |||
708 | Here is a sample configuration file for Apache using proxy: |
|
708 | Here is a sample configuration file for Apache using proxy: | |
709 |
|
709 | |||
710 | .. code-block:: apache |
|
710 | .. code-block:: apache | |
711 |
|
711 | |||
712 | <VirtualHost *:80> |
|
712 | <VirtualHost *:80> | |
713 | ServerName kallithea.example.com |
|
713 | ServerName kallithea.example.com | |
714 |
|
714 | |||
715 | <Proxy *> |
|
715 | <Proxy *> | |
716 | # For Apache 2.4 and later: |
|
716 | # For Apache 2.4 and later: | |
717 | Require all granted |
|
717 | Require all granted | |
718 |
|
718 | |||
719 | # For Apache 2.2 and earlier, instead use: |
|
719 | # For Apache 2.2 and earlier, instead use: | |
720 | # Order allow,deny |
|
720 | # Order allow,deny | |
721 | # Allow from all |
|
721 | # Allow from all | |
722 | </Proxy> |
|
722 | </Proxy> | |
723 |
|
723 | |||
724 | #important ! |
|
724 | #important ! | |
725 | #Directive to properly generate url (clone url) for pylons |
|
725 | #Directive to properly generate url (clone url) for pylons | |
726 | ProxyPreserveHost On |
|
726 | ProxyPreserveHost On | |
727 |
|
727 | |||
728 | #kallithea instance |
|
728 | #kallithea instance | |
729 | ProxyPass / http://127.0.0.1:5000/ |
|
729 | ProxyPass / http://127.0.0.1:5000/ | |
730 | ProxyPassReverse / http://127.0.0.1:5000/ |
|
730 | ProxyPassReverse / http://127.0.0.1:5000/ | |
731 |
|
731 | |||
732 | #to enable https use line below |
|
732 | #to enable https use line below | |
733 | #SetEnvIf X-Url-Scheme https HTTPS=1 |
|
733 | #SetEnvIf X-Url-Scheme https HTTPS=1 | |
734 | </VirtualHost> |
|
734 | </VirtualHost> | |
735 |
|
735 | |||
736 | Additional tutorial |
|
736 | Additional tutorial | |
737 | http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons |
|
737 | http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons | |
738 |
|
738 | |||
739 |
|
739 | |||
740 | Apache as subdirectory |
|
740 | Apache as subdirectory | |
741 | ---------------------- |
|
741 | ---------------------- | |
742 |
|
742 | |||
743 | Apache subdirectory part: |
|
743 | Apache subdirectory part: | |
744 |
|
744 | |||
745 | .. code-block:: apache |
|
745 | .. code-block:: apache | |
746 |
|
746 | |||
747 | <Location /<someprefix> > |
|
747 | <Location /<someprefix> > | |
748 | ProxyPass http://127.0.0.1:5000/<someprefix> |
|
748 | ProxyPass http://127.0.0.1:5000/<someprefix> | |
749 | ProxyPassReverse http://127.0.0.1:5000/<someprefix> |
|
749 | ProxyPassReverse http://127.0.0.1:5000/<someprefix> | |
750 | SetEnvIf X-Url-Scheme https HTTPS=1 |
|
750 | SetEnvIf X-Url-Scheme https HTTPS=1 | |
751 | </Location> |
|
751 | </Location> | |
752 |
|
752 | |||
753 | Besides the regular apache setup you will need to add the following line |
|
753 | Besides the regular apache setup you will need to add the following line | |
754 | into ``[app:main]`` section of your .ini file:: |
|
754 | into ``[app:main]`` section of your .ini file:: | |
755 |
|
755 | |||
756 | filter-with = proxy-prefix |
|
756 | filter-with = proxy-prefix | |
757 |
|
757 | |||
758 | Add the following at the end of the .ini file:: |
|
758 | Add the following at the end of the .ini file:: | |
759 |
|
759 | |||
760 | [filter:proxy-prefix] |
|
760 | [filter:proxy-prefix] | |
761 | use = egg:PasteDeploy#prefix |
|
761 | use = egg:PasteDeploy#prefix | |
762 | prefix = /<someprefix> |
|
762 | prefix = /<someprefix> | |
763 |
|
763 | |||
764 | then change ``<someprefix>`` into your chosen prefix |
|
764 | then change ``<someprefix>`` into your chosen prefix | |
765 |
|
765 | |||
766 |
|
766 | |||
767 | Apache with mod_wsgi |
|
767 | Apache with mod_wsgi | |
768 | -------------------- |
|
768 | -------------------- | |
769 |
|
769 | |||
770 | Alternatively, Kallithea can be set up with Apache under mod_wsgi. For |
|
770 | Alternatively, Kallithea can be set up with Apache under mod_wsgi. For | |
771 | that, you'll need to: |
|
771 | that, you'll need to: | |
772 |
|
772 | |||
773 | - Install mod_wsgi. If using a Debian-based distro, you can install |
|
773 | - Install mod_wsgi. If using a Debian-based distro, you can install | |
774 | the package libapache2-mod-wsgi:: |
|
774 | the package libapache2-mod-wsgi:: | |
775 |
|
775 | |||
776 | aptitude install libapache2-mod-wsgi |
|
776 | aptitude install libapache2-mod-wsgi | |
777 |
|
777 | |||
778 | - Enable mod_wsgi:: |
|
778 | - Enable mod_wsgi:: | |
779 |
|
779 | |||
780 | a2enmod wsgi |
|
780 | a2enmod wsgi | |
781 |
|
781 | |||
782 | - Add global Apache configuration to tell mod_wsgi that Python only will be |
|
782 | - Add global Apache configuration to tell mod_wsgi that Python only will be | |
783 | used in the WSGI processes and shouldn't be initialized in the Apache |
|
783 | used in the WSGI processes and shouldn't be initialized in the Apache | |
784 | processes:: |
|
784 | processes:: | |
785 |
|
785 | |||
786 | WSGIRestrictEmbedded On |
|
786 | WSGIRestrictEmbedded On | |
787 |
|
787 | |||
788 | - Create a wsgi dispatch script, like the one below. Make sure you |
|
788 | - Create a wsgi dispatch script, like the one below. Make sure you | |
789 | check that the paths correctly point to where you installed Kallithea |
|
789 | check that the paths correctly point to where you installed Kallithea | |
790 | and its Python Virtual Environment. |
|
790 | and its Python Virtual Environment. | |
791 | - Enable the ``WSGIScriptAlias`` directive for the WSGI dispatch script, |
|
791 | - Enable the ``WSGIScriptAlias`` directive for the WSGI dispatch script, | |
792 | as in the following example. Once again, check the paths are |
|
792 | as in the following example. Once again, check the paths are | |
793 | correctly specified. |
|
793 | correctly specified. | |
794 |
|
794 | |||
795 | Here is a sample excerpt from an Apache Virtual Host configuration file: |
|
795 | Here is a sample excerpt from an Apache Virtual Host configuration file: | |
796 |
|
796 | |||
797 | .. code-block:: apache |
|
797 | .. code-block:: apache | |
798 |
|
798 | |||
799 | WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \ |
|
799 | WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \ | |
800 | python-home=/srv/kallithea/venv |
|
800 | python-home=/srv/kallithea/venv | |
801 | WSGIProcessGroup kallithea |
|
801 | WSGIProcessGroup kallithea | |
802 | WSGIScriptAlias / /srv/kallithea/dispatch.wsgi |
|
802 | WSGIScriptAlias / /srv/kallithea/dispatch.wsgi | |
803 | WSGIPassAuthorization On |
|
803 | WSGIPassAuthorization On | |
804 |
|
804 | |||
805 | Or if using a dispatcher WSGI script with proper virtualenv activation: |
|
805 | Or if using a dispatcher WSGI script with proper virtualenv activation: | |
806 |
|
806 | |||
807 | .. code-block:: apache |
|
807 | .. code-block:: apache | |
808 |
|
808 | |||
809 | WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 |
|
809 | WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 | |
810 | WSGIProcessGroup kallithea |
|
810 | WSGIProcessGroup kallithea | |
811 | WSGIScriptAlias / /srv/kallithea/dispatch.wsgi |
|
811 | WSGIScriptAlias / /srv/kallithea/dispatch.wsgi | |
812 | WSGIPassAuthorization On |
|
812 | WSGIPassAuthorization On | |
813 |
|
813 | |||
814 | Apache will by default run as a special Apache user, on Linux systems |
|
814 | Apache will by default run as a special Apache user, on Linux systems | |
815 | usually ``www-data`` or ``apache``. If you need to have the repositories |
|
815 | usually ``www-data`` or ``apache``. If you need to have the repositories | |
816 | directory owned by a different user, use the user and group options to |
|
816 | directory owned by a different user, use the user and group options to | |
817 | WSGIDaemonProcess to set the name of the user and group. |
|
817 | WSGIDaemonProcess to set the name of the user and group. | |
818 |
|
818 | |||
819 | Example WSGI dispatch script: |
|
819 | Example WSGI dispatch script: | |
820 |
|
820 | |||
821 | .. code-block:: python |
|
821 | .. code-block:: python | |
822 |
|
822 | |||
823 | import os |
|
823 | import os | |
824 | os.environ["HGENCODING"] = "UTF-8" |
|
824 | os.environ["HGENCODING"] = "UTF-8" | |
825 | os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache' |
|
825 | os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache' | |
826 |
|
826 | |||
827 | # sometimes it's needed to set the current dir |
|
827 | # sometimes it's needed to set the current dir | |
828 | os.chdir('/srv/kallithea/') |
|
828 | os.chdir('/srv/kallithea/') | |
829 |
|
829 | |||
830 | import site |
|
830 | import site | |
831 | site.addsitedir("/srv/kallithea/venv/lib/python2.7/site-packages") |
|
831 | site.addsitedir("/srv/kallithea/venv/lib/python2.7/site-packages") | |
832 |
|
832 | |||
833 | ini = '/srv/kallithea/my.ini' |
|
833 | ini = '/srv/kallithea/my.ini' | |
834 | from paste.script.util.logging_config import fileConfig |
|
834 | from paste.script.util.logging_config import fileConfig | |
835 | fileConfig(ini) |
|
835 | fileConfig(ini) | |
836 | from paste.deploy import loadapp |
|
836 | from paste.deploy import loadapp | |
837 | application = loadapp('config:' + ini) |
|
837 | application = loadapp('config:' + ini) | |
838 |
|
838 | |||
839 | Or using proper virtualenv activation: |
|
839 | Or using proper virtualenv activation: | |
840 |
|
840 | |||
841 | .. code-block:: python |
|
841 | .. code-block:: python | |
842 |
|
842 | |||
843 | activate_this = '/srv/kallithea/venv/bin/activate_this.py' |
|
843 | activate_this = '/srv/kallithea/venv/bin/activate_this.py' | |
844 | execfile(activate_this, dict(__file__=activate_this)) |
|
844 | execfile(activate_this, dict(__file__=activate_this)) | |
845 |
|
845 | |||
846 | import os |
|
846 | import os | |
847 | os.environ['HOME'] = '/srv/kallithea' |
|
847 | os.environ['HOME'] = '/srv/kallithea' | |
848 |
|
848 | |||
849 | ini = '/srv/kallithea/kallithea.ini' |
|
849 | ini = '/srv/kallithea/kallithea.ini' | |
850 | from paste.script.util.logging_config import fileConfig |
|
850 | from paste.script.util.logging_config import fileConfig | |
851 | fileConfig(ini) |
|
851 | fileConfig(ini) | |
852 | from paste.deploy import loadapp |
|
852 | from paste.deploy import loadapp | |
853 | application = loadapp('config:' + ini) |
|
853 | application = loadapp('config:' + ini) | |
854 |
|
854 | |||
855 |
|
855 | |||
856 | Other configuration files |
|
856 | Other configuration files | |
857 | ------------------------- |
|
857 | ------------------------- | |
858 |
|
858 | |||
859 | A number of `example init.d scripts`__ can be found in |
|
859 | A number of `example init.d scripts`__ can be found in | |
860 | the ``init.d`` directory of the Kallithea source. |
|
860 | the ``init.d`` directory of the Kallithea source. | |
861 |
|
861 | |||
862 | .. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ . |
|
862 | .. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ . | |
863 |
|
863 | |||
864 |
|
864 | |||
865 | .. _virtualenv: http://pypi.python.org/pypi/virtualenv |
|
865 | .. _virtualenv: http://pypi.python.org/pypi/virtualenv | |
866 | .. _python: http://www.python.org/ |
|
866 | .. _python: http://www.python.org/ | |
867 |
.. _Mercurial: http://mercurial |
|
867 | .. _Mercurial: https://www.mercurial-scm.org/ | |
868 | .. _Celery: http://celeryproject.org/ |
|
868 | .. _Celery: http://celeryproject.org/ | |
869 | .. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html |
|
869 | .. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html | |
870 | .. _RabbitMQ: http://www.rabbitmq.com/ |
|
870 | .. _RabbitMQ: http://www.rabbitmq.com/ | |
871 | .. _Redis: http://redis.io/ |
|
871 | .. _Redis: http://redis.io/ | |
872 | .. _python-ldap: http://www.python-ldap.org/ |
|
872 | .. _python-ldap: http://www.python-ldap.org/ | |
873 | .. _mercurial-server: http://www.lshift.net/mercurial-server.html |
|
873 | .. _mercurial-server: http://www.lshift.net/mercurial-server.html | |
874 |
.. _PublishingRepositories: http://mercurial |
|
874 | .. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories |
@@ -1,75 +1,75 b'' | |||||
1 | .. _troubleshooting: |
|
1 | .. _troubleshooting: | |
2 |
|
2 | |||
3 | =============== |
|
3 | =============== | |
4 | Troubleshooting |
|
4 | Troubleshooting | |
5 | =============== |
|
5 | =============== | |
6 |
|
6 | |||
7 | :Q: **Missing static files?** |
|
7 | :Q: **Missing static files?** | |
8 | :A: Make sure either to set the ``static_files = true`` in the .ini file or |
|
8 | :A: Make sure either to set the ``static_files = true`` in the .ini file or | |
9 | double check the root path for your http setup. It should point to |
|
9 | double check the root path for your http setup. It should point to | |
10 | for example: |
|
10 | for example: | |
11 | ``/home/my-virtual-python/lib/python2.7/site-packages/kallithea/public`` |
|
11 | ``/home/my-virtual-python/lib/python2.7/site-packages/kallithea/public`` | |
12 |
|
12 | |||
13 | | |
|
13 | | | |
14 |
|
14 | |||
15 | :Q: **Can't install celery/rabbitmq?** |
|
15 | :Q: **Can't install celery/rabbitmq?** | |
16 | :A: Don't worry. Kallithea works without them, too. No extra setup is required. |
|
16 | :A: Don't worry. Kallithea works without them, too. No extra setup is required. | |
17 | Try out the great Celery docs for further help. |
|
17 | Try out the great Celery docs for further help. | |
18 |
|
18 | |||
19 | | |
|
19 | | | |
20 |
|
20 | |||
21 | :Q: **Long lasting push timeouts?** |
|
21 | :Q: **Long lasting push timeouts?** | |
22 | :A: Make sure you set a longer timeout in your proxy/fcgi settings. Timeouts |
|
22 | :A: Make sure you set a longer timeout in your proxy/fcgi settings. Timeouts | |
23 | are caused by the http server and not Kallithea. |
|
23 | are caused by the http server and not Kallithea. | |
24 |
|
24 | |||
25 | | |
|
25 | | | |
26 |
|
26 | |||
27 | :Q: **Large pushes timeouts?** |
|
27 | :Q: **Large pushes timeouts?** | |
28 | :A: Make sure you set a proper ``max_body_size`` for the http server. Very often |
|
28 | :A: Make sure you set a proper ``max_body_size`` for the http server. Very often | |
29 | Apache, Nginx, or other http servers kill the connection due to to large |
|
29 | Apache, Nginx, or other http servers kill the connection due to to large | |
30 | body. |
|
30 | body. | |
31 |
|
31 | |||
32 | | |
|
32 | | | |
33 |
|
33 | |||
34 | :Q: **Apache doesn't pass basicAuth on pull/push?** |
|
34 | :Q: **Apache doesn't pass basicAuth on pull/push?** | |
35 | :A: Make sure you added ``WSGIPassAuthorization true``. |
|
35 | :A: Make sure you added ``WSGIPassAuthorization true``. | |
36 |
|
36 | |||
37 | | |
|
37 | | | |
38 |
|
38 | |||
39 | :Q: **Git fails on push/pull?** |
|
39 | :Q: **Git fails on push/pull?** | |
40 | :A: Make sure you're using a WSGI http server that can handle chunked encoding |
|
40 | :A: Make sure you're using a WSGI http server that can handle chunked encoding | |
41 | such as ``waitress`` or ``gunicorn``. |
|
41 | such as ``waitress`` or ``gunicorn``. | |
42 |
|
42 | |||
43 | | |
|
43 | | | |
44 |
|
44 | |||
45 | :Q: **How can I use hooks in Kallithea?** |
|
45 | :Q: **How can I use hooks in Kallithea?** | |
46 | :A: It's easy if they are Python hooks: just use advanced link in |
|
46 | :A: It's easy if they are Python hooks: just use advanced link in | |
47 | hooks section in Admin panel, that works only for Mercurial. If |
|
47 | hooks section in Admin panel, that works only for Mercurial. If | |
48 | you want to use Git hooks, just install th proper one in the repository, |
|
48 | you want to use Git hooks, just install th proper one in the repository, | |
49 | e.g., create a file `/gitrepo/hooks/pre-receive`. You can also use |
|
49 | e.g., create a file `/gitrepo/hooks/pre-receive`. You can also use | |
50 | Kallithea-extensions to connect to callback hooks, for both Git |
|
50 | Kallithea-extensions to connect to callback hooks, for both Git | |
51 | and Mercurial. |
|
51 | and Mercurial. | |
52 |
|
52 | |||
53 | | |
|
53 | | | |
54 |
|
54 | |||
55 | :Q: **Kallithea is slow for me, how can I make it faster?** |
|
55 | :Q: **Kallithea is slow for me, how can I make it faster?** | |
56 | :A: See the :ref:`performance` section. |
|
56 | :A: See the :ref:`performance` section. | |
57 |
|
57 | |||
58 | | |
|
58 | | | |
59 |
|
59 | |||
60 | :Q: **UnicodeDecodeError on Apache mod_wsgi** |
|
60 | :Q: **UnicodeDecodeError on Apache mod_wsgi** | |
61 | :A: Please read: https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/#if-you-get-a-unicodeencodeerror. |
|
61 | :A: Please read: https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/#if-you-get-a-unicodeencodeerror. | |
62 |
|
62 | |||
63 | | |
|
63 | | | |
64 |
|
64 | |||
65 | :Q: **Requests hanging on Windows** |
|
65 | :Q: **Requests hanging on Windows** | |
66 | :A: Please try out with disabled Antivirus software, there are some known problems with Eset Antivirus. Make sure |
|
66 | :A: Please try out with disabled Antivirus software, there are some known problems with Eset Antivirus. Make sure | |
67 | you have installed the latest Windows patches (especially KB2789397). |
|
67 | you have installed the latest Windows patches (especially KB2789397). | |
68 |
|
68 | |||
69 |
|
69 | |||
70 | .. _virtualenv: http://pypi.python.org/pypi/virtualenv |
|
70 | .. _virtualenv: http://pypi.python.org/pypi/virtualenv | |
71 | .. _python: http://www.python.org/ |
|
71 | .. _python: http://www.python.org/ | |
72 |
.. _mercurial: http://mercurial |
|
72 | .. _mercurial: https://www.mercurial-scm.org/ | |
73 | .. _celery: http://celeryproject.org/ |
|
73 | .. _celery: http://celeryproject.org/ | |
74 | .. _rabbitmq: http://www.rabbitmq.com/ |
|
74 | .. _rabbitmq: http://www.rabbitmq.com/ | |
75 | .. _python-ldap: http://www.python-ldap.org/ |
|
75 | .. _python-ldap: http://www.python-ldap.org/ |
General Comments 0
You need to be logged in to leave comments.
Login now