##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

switch to SSL configuration example on nginx
marcink -
r3243:c759c091 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,725 +1,735 b''
1 1 .. _setup:
2 2
3 3 =====
4 4 Setup
5 5 =====
6 6
7 7
8 8 Setting up RhodeCode
9 9 --------------------
10 10
11 11 First, you will need to create a RhodeCode configuration file. Run the
12 12 following command to do this::
13 13
14 14 paster make-config RhodeCode production.ini
15 15
16 16 - This will create the file `production.ini` in the current directory. This
17 17 configuration file contains the various settings for RhodeCode, e.g proxy
18 18 port, email settings, usage of static files, cache, celery settings and
19 19 logging.
20 20
21 21
22 22 Next, you need to create the databases used by RhodeCode. I recommend that you
23 23 use postgresql or sqlite (default). If you choose a database other than the
24 24 default ensure you properly adjust the db url in your production.ini
25 25 configuration file to use this other database. RhodeCode currently supports
26 26 postgresql, sqlite and mysql databases. Create the database by running
27 27 the following command::
28 28
29 29 paster setup-rhodecode production.ini
30 30
31 31 This will prompt you for a "root" path. This "root" path is the location where
32 32 RhodeCode will store all of its repositories on the current machine. After
33 33 entering this "root" path ``setup-rhodecode`` will also prompt you for a username
34 34 and password for the initial admin account which ``setup-rhodecode`` sets
35 35 up for you.
36 36
37 37 setup process can be fully automated, example for lazy::
38 38
39 39 paster setup-rhodecode production.ini --user=marcink --password=secret --email=marcin@rhodecode.org --repos=/home/marcink/my_repos
40 40
41 41
42 42 - The ``setup-rhodecode`` command will create all of the needed tables and an
43 43 admin account. When choosing a root path you can either use a new empty
44 44 location, or a location which already contains existing repositories. If you
45 45 choose a location which contains existing repositories RhodeCode will simply
46 46 add all of the repositories at the chosen location to it's database.
47 47 (Note: make sure you specify the correct path to the root).
48 48 - Note: the given path for mercurial_ repositories **must** be write accessible
49 49 for the application. It's very important since the RhodeCode web interface
50 50 will work without write access, but when trying to do a push it will
51 51 eventually fail with permission denied errors unless it has write access.
52 52
53 53 You are now ready to use RhodeCode, to run it simply execute::
54 54
55 55 paster serve production.ini
56 56
57 57 - This command runs the RhodeCode server. The web app should be available at the
58 58 127.0.0.1:5000. This ip and port is configurable via the production.ini
59 59 file created in previous step
60 60 - Use the admin account you created above when running ``setup-rhodecode``
61 61 to login to the web app.
62 62 - The default permissions on each repository is read, and the owner is admin.
63 63 Remember to update these if needed.
64 64 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
65 65 well as edit more advanced options on users and repositories
66 66
67 67 Optionally users can create `rcextensions` package that extends RhodeCode
68 68 functionality. To do this simply execute::
69 69
70 70 paster make-rcext production.ini
71 71
72 72 This will create `rcextensions` package in the same place that your `ini` file
73 73 lives. With `rcextensions` it's possible to add additional mapping for whoosh,
74 74 stats and add additional code into the push/pull/create/delete repo hooks.
75 75 For example for sending signals to build-bots such as jenkins.
76 76 Please see the `__init__.py` file inside `rcextensions` package
77 77 for more details.
78 78
79 79
80 80 Using RhodeCode with SSH
81 81 ------------------------
82 82
83 83 RhodeCode currently only hosts repositories using http and https. (The addition
84 84 of ssh hosting is a planned future feature.) However you can easily use ssh in
85 85 parallel with RhodeCode. (Repository access via ssh is a standard "out of
86 86 the box" feature of mercurial_ and you can use this to access any of the
87 87 repositories that RhodeCode is hosting. See PublishingRepositories_)
88 88
89 89 RhodeCode repository structures are kept in directories with the same name
90 90 as the project. When using repository groups, each group is a subdirectory.
91 91 This allows you to easily use ssh for accessing repositories.
92 92
93 93 In order to use ssh you need to make sure that your web-server and the users
94 94 login accounts have the correct permissions set on the appropriate directories.
95 95 (Note that these permissions are independent of any permissions you have set up
96 96 using the RhodeCode web interface.)
97 97
98 98 If your main directory (the same as set in RhodeCode settings) is for example
99 99 set to **/home/hg** and the repository you are using is named `rhodecode`, then
100 100 to clone via ssh you should run::
101 101
102 102 hg clone ssh://user@server.com/home/hg/rhodecode
103 103
104 104 Using other external tools such as mercurial-server_ or using ssh key based
105 105 authentication is fully supported.
106 106
107 107 Note: In an advanced setup, in order for your ssh access to use the same
108 108 permissions as set up via the RhodeCode web interface, you can create an
109 109 authentication hook to connect to the rhodecode db and runs check functions for
110 110 permissions against that.
111 111
112 112 Setting up Whoosh full text search
113 113 ----------------------------------
114 114
115 115 Starting from version 1.1 the whoosh index can be build by using the paster
116 116 command ``make-index``. To use ``make-index`` you must specify the configuration
117 117 file that stores the location of the index. You may specify the location of the
118 118 repositories (`--repo-location`). If not specified, this value is retrieved
119 119 from the RhodeCode database. This was required prior to 1.2. Starting from
120 120 version 1.2 it is also possible to specify a comma separated list of
121 121 repositories (`--index-only`) to build index only on chooses repositories
122 122 skipping any other found in repos location
123 123
124 124 You may optionally pass the option `-f` to enable a full index rebuild. Without
125 125 the `-f` option, indexing will run always in "incremental" mode.
126 126
127 127 For an incremental index build use::
128 128
129 129 paster make-index production.ini
130 130
131 131 For a full index rebuild use::
132 132
133 133 paster make-index production.ini -f
134 134
135 135
136 136 building index just for chosen repositories is possible with such command::
137 137
138 138 paster make-index production.ini --index-only=vcs,rhodecode
139 139
140 140
141 141 In order to do periodical index builds and keep your index always up to date.
142 142 It's recommended to do a crontab entry for incremental indexing.
143 143 An example entry might look like this::
144 144
145 145 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
146 146
147 147 When using incremental mode (the default) whoosh will check the last
148 148 modification date of each file and add it to be reindexed if a newer file is
149 149 available. The indexing daemon checks for any removed files and removes them
150 150 from index.
151 151
152 152 If you want to rebuild index from scratch, you can use the `-f` flag as above,
153 153 or in the admin panel you can check `build from scratch` flag.
154 154
155 155
156 156 Setting up LDAP support
157 157 -----------------------
158 158
159 159 RhodeCode starting from version 1.1 supports ldap authentication. In order
160 160 to use LDAP, you have to install the python-ldap_ package. This package is
161 161 available via pypi, so you can install it by running
162 162
163 163 using easy_install::
164 164
165 165 easy_install python-ldap
166 166
167 167 using pip::
168 168
169 169 pip install python-ldap
170 170
171 171 .. note::
172 172 python-ldap requires some certain libs on your system, so before installing
173 173 it check that you have at least `openldap`, and `sasl` libraries.
174 174
175 175 LDAP settings are located in admin->ldap section,
176 176
177 177 Here's a typical ldap setup::
178 178
179 179 Connection settings
180 180 Enable LDAP = checked
181 181 Host = host.example.org
182 182 Port = 389
183 183 Account = <account>
184 184 Password = <password>
185 185 Connection Security = LDAPS connection
186 186 Certificate Checks = DEMAND
187 187
188 188 Search settings
189 189 Base DN = CN=users,DC=host,DC=example,DC=org
190 190 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
191 191 LDAP Search Scope = SUBTREE
192 192
193 193 Attribute mappings
194 194 Login Attribute = uid
195 195 First Name Attribute = firstName
196 196 Last Name Attribute = lastName
197 197 E-mail Attribute = mail
198 198
199 199 .. _enable_ldap:
200 200
201 201 Enable LDAP : required
202 202 Whether to use LDAP for authenticating users.
203 203
204 204 .. _ldap_host:
205 205
206 206 Host : required
207 207 LDAP server hostname or IP address. Can be also a comma separated
208 208 list of servers to support LDAP fail-over.
209 209
210 210 .. _Port:
211 211
212 212 Port : required
213 213 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
214 214
215 215 .. _ldap_account:
216 216
217 217 Account : optional
218 218 Only required if the LDAP server does not allow anonymous browsing of
219 219 records. This should be a special account for record browsing. This
220 220 will require `LDAP Password`_ below.
221 221
222 222 .. _LDAP Password:
223 223
224 224 Password : optional
225 225 Only required if the LDAP server does not allow anonymous browsing of
226 226 records.
227 227
228 228 .. _Enable LDAPS:
229 229
230 230 Connection Security : required
231 231 Defines the connection to LDAP server
232 232
233 233 No encryption
234 234 Plain non encrypted connection
235 235
236 236 LDAPS connection
237 237 Enable ldaps connection. It will likely require `Port`_ to be set to
238 238 a different value (standard LDAPS port is 636). When LDAPS is enabled
239 239 then `Certificate Checks`_ is required.
240 240
241 241 START_TLS on LDAP connection
242 242 START TLS connection
243 243
244 244 .. _Certificate Checks:
245 245
246 246 Certificate Checks : optional
247 247 How SSL certificates verification is handled - this is only useful when
248 248 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
249 249 while the other options are susceptible to man-in-the-middle attacks. SSL
250 250 certificates can be installed to /etc/openldap/cacerts so that the
251 251 DEMAND or HARD options can be used with self-signed certificates or
252 252 certificates that do not have traceable certificates of authority.
253 253
254 254 NEVER
255 255 A serve certificate will never be requested or checked.
256 256
257 257 ALLOW
258 258 A server certificate is requested. Failure to provide a
259 259 certificate or providing a bad certificate will not terminate the
260 260 session.
261 261
262 262 TRY
263 263 A server certificate is requested. Failure to provide a
264 264 certificate does not halt the session; providing a bad certificate
265 265 halts the session.
266 266
267 267 DEMAND
268 268 A server certificate is requested and must be provided and
269 269 authenticated for the session to proceed.
270 270
271 271 HARD
272 272 The same as DEMAND.
273 273
274 274 .. _Base DN:
275 275
276 276 Base DN : required
277 277 The Distinguished Name (DN) where searches for users will be performed.
278 278 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
279 279
280 280 .. _LDAP Filter:
281 281
282 282 LDAP Filter : optional
283 283 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
284 284 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
285 285 which LDAP objects are identified as representing Users for
286 286 authentication. The filter is augmented by `Login Attribute`_ below.
287 287 This can commonly be left blank.
288 288
289 289 .. _LDAP Search Scope:
290 290
291 291 LDAP Search Scope : required
292 292 This limits how far LDAP will search for a matching object.
293 293
294 294 BASE
295 295 Only allows searching of `Base DN`_ and is usually not what you
296 296 want.
297 297
298 298 ONELEVEL
299 299 Searches all entries under `Base DN`_, but not Base DN itself.
300 300
301 301 SUBTREE
302 302 Searches all entries below `Base DN`_, but not Base DN itself.
303 303 When using SUBTREE `LDAP Filter`_ is useful to limit object
304 304 location.
305 305
306 306 .. _Login Attribute:
307 307
308 308 Login Attribute : required
309 309 The LDAP record attribute that will be matched as the USERNAME or
310 310 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
311 311 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
312 312 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
313 313 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
314 314 ::
315 315
316 316 (&(LDAPFILTER)(uid=jsmith))
317 317
318 318 .. _ldap_attr_firstname:
319 319
320 320 First Name Attribute : required
321 321 The LDAP record attribute which represents the user's first name.
322 322
323 323 .. _ldap_attr_lastname:
324 324
325 325 Last Name Attribute : required
326 326 The LDAP record attribute which represents the user's last name.
327 327
328 328 .. _ldap_attr_email:
329 329
330 330 Email Attribute : required
331 331 The LDAP record attribute which represents the user's email address.
332 332
333 333 If all data are entered correctly, and python-ldap_ is properly installed
334 334 users should be granted access to RhodeCode with ldap accounts. At this
335 335 time user information is copied from LDAP into the RhodeCode user database.
336 336 This means that updates of an LDAP user object may not be reflected as a
337 337 user update in RhodeCode.
338 338
339 339 If You have problems with LDAP access and believe You entered correct
340 340 information check out the RhodeCode logs, any error messages sent from LDAP
341 341 will be saved there.
342 342
343 343 Active Directory
344 344 ''''''''''''''''
345 345
346 346 RhodeCode can use Microsoft Active Directory for user authentication. This
347 347 is done through an LDAP or LDAPS connection to Active Directory. The
348 348 following LDAP configuration settings are typical for using Active
349 349 Directory ::
350 350
351 351 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
352 352 Login Attribute = sAMAccountName
353 353 First Name Attribute = givenName
354 354 Last Name Attribute = sn
355 355 E-mail Attribute = mail
356 356
357 357 All other LDAP settings will likely be site-specific and should be
358 358 appropriately configured.
359 359
360 360
361 361 Authentication by container or reverse-proxy
362 362 --------------------------------------------
363 363
364 364 Starting with version 1.3, RhodeCode supports delegating the authentication
365 365 of users to its WSGI container, or to a reverse-proxy server through which all
366 366 clients access the application.
367 367
368 368 When these authentication methods are enabled in RhodeCode, it uses the
369 369 username that the container/proxy (Apache/Nginx/etc) authenticated and doesn't
370 370 perform the authentication itself. The authorization, however, is still done by
371 371 RhodeCode according to its settings.
372 372
373 373 When a user logs in for the first time using these authentication methods,
374 374 a matching user account is created in RhodeCode with default permissions. An
375 375 administrator can then modify it using RhodeCode's admin interface.
376 376 It's also possible for an administrator to create accounts and configure their
377 377 permissions before the user logs in for the first time.
378 378
379 379 Container-based authentication
380 380 ''''''''''''''''''''''''''''''
381 381
382 382 In a container-based authentication setup, RhodeCode reads the user name from
383 383 the ``REMOTE_USER`` server variable provided by the WSGI container.
384 384
385 385 After setting up your container (see `Apache's WSGI config`_), you'd need
386 386 to configure it to require authentication on the location configured for
387 387 RhodeCode.
388 388
389 389 In order for RhodeCode to start using the provided username, you should set the
390 390 following in the [app:main] section of your .ini file::
391 391
392 392 container_auth_enabled = true
393 393
394 394
395 395 Proxy pass-through authentication
396 396 '''''''''''''''''''''''''''''''''
397 397
398 398 In a proxy pass-through authentication setup, RhodeCode reads the user name
399 399 from the ``X-Forwarded-User`` request header, which should be configured to be
400 400 sent by the reverse-proxy server.
401 401
402 402 After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,
403 403 `Apache as subdirectory`_ or `Nginx virtual host example`_), you'd need to
404 404 configure the authentication and add the username in a request header named
405 405 ``X-Forwarded-User``.
406 406
407 407 For example, the following config section for Apache sets a subdirectory in a
408 408 reverse-proxy setup with basic auth::
409 409
410 410 <Location /<someprefix> >
411 411 ProxyPass http://127.0.0.1:5000/<someprefix>
412 412 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
413 413 SetEnvIf X-Url-Scheme https HTTPS=1
414 414
415 415 AuthType Basic
416 416 AuthName "RhodeCode authentication"
417 417 AuthUserFile /home/web/rhodecode/.htpasswd
418 418 require valid-user
419 419
420 420 RequestHeader unset X-Forwarded-User
421 421
422 422 RewriteEngine On
423 423 RewriteCond %{LA-U:REMOTE_USER} (.+)
424 424 RewriteRule .* - [E=RU:%1]
425 425 RequestHeader set X-Forwarded-User %{RU}e
426 426 </Location>
427 427
428 428 In order for RhodeCode to start using the forwarded username, you should set
429 429 the following in the [app:main] section of your .ini file::
430 430
431 431 proxypass_auth_enabled = true
432 432
433 433 .. note::
434 434 If you enable proxy pass-through authentication, make sure your server is
435 435 only accessible through the proxy. Otherwise, any client would be able to
436 436 forge the authentication header and could effectively become authenticated
437 437 using any account of their liking.
438 438
439 439 Integration with Issue trackers
440 440 -------------------------------
441 441
442 442 RhodeCode provides a simple integration with issue trackers. It's possible
443 443 to define a regular expression that will fetch issue id stored in commit
444 444 messages and replace that with an url to this issue. To enable this simply
445 445 uncomment following variables in the ini file::
446 446
447 447 url_pat = (?:^#|\s#)(\w+)
448 448 issue_server_link = https://myissueserver.com/{repo}/issue/{id}
449 449 issue_prefix = #
450 450
451 451 `url_pat` is the regular expression that will fetch issues from commit messages.
452 452 Default regex will match issues in format of #<number> eg. #300.
453 453
454 454 Matched issues will be replace with the link specified as `issue_server_link`
455 455 {id} will be replaced with issue id, and {repo} with repository name.
456 456 Since the # is striped `issue_prefix` is added as a prefix to url.
457 457 `issue_prefix` can be something different than # if you pass
458 458 ISSUE- as issue prefix this will generate an url in format::
459 459
460 460 <a href="https://myissueserver.com/example_repo/issue/300">ISSUE-300</a>
461 461
462 462 Hook management
463 463 ---------------
464 464
465 465 Hooks can be managed in similar way to this used in .hgrc files.
466 466 To access hooks setting click `advanced setup` on Hooks section of Mercurial
467 467 Settings in Admin.
468 468
469 469 There are 4 built in hooks that cannot be changed (only enable/disable by
470 470 checkboxes on previos section).
471 471 To add another custom hook simply fill in first section with
472 472 <name>.<hook_type> and the second one with hook path. Example hooks
473 473 can be found at *rhodecode.lib.hooks*.
474 474
475 475
476 476 Changing default encoding
477 477 -------------------------
478 478
479 479 By default RhodeCode uses utf8 encoding, starting from 1.3 series this
480 480 can be changed, simply edit default_encoding in .ini file to desired one.
481 481 This affects many parts in rhodecode including commiters names, filenames,
482 482 encoding of commit messages. In addition RhodeCode can detect if `chardet`
483 483 library is installed. If `chardet` is detected RhodeCode will fallback to it
484 484 when there are encode/decode errors.
485 485
486 486
487 487 Setting Up Celery
488 488 -----------------
489 489
490 490 Since version 1.1 celery is configured by the rhodecode ini configuration files.
491 491 Simply set use_celery=true in the ini file then add / change the configuration
492 492 variables inside the ini file.
493 493
494 494 Remember that the ini files use the format with '.' not with '_' like celery.
495 495 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
496 496 the config file.
497 497
498 498 In order to start using celery run::
499 499
500 500 paster celeryd <configfile.ini>
501 501
502 502
503 503 .. note::
504 504 Make sure you run this command from the same virtualenv, and with the same
505 505 user that rhodecode runs.
506 506
507 507 HTTPS support
508 508 -------------
509 509
510 510 There are two ways to enable https:
511 511
512 512 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
513 513 recognize this headers and make proper https redirections
514 514 - Alternatively, change the `force_https = true` flag in the ini configuration
515 515 to force using https, no headers are needed than to enable https
516 516
517 517
518 518 Nginx virtual host example
519 519 --------------------------
520 520
521 521 Sample config for nginx using proxy::
522 522
523 523 upstream rc {
524 524 server 127.0.0.1:5000;
525 525 # add more instances for load balancing
526 526 #server 127.0.0.1:5001;
527 527 #server 127.0.0.1:5002;
528 528 }
529 529
530 530 server {
531 listen 80;
532 server_name hg.myserver.com;
531 listen 443;
532 server_name rhodecode.myserver.com;
533 533 access_log /var/log/nginx/rhodecode.access.log;
534 534 error_log /var/log/nginx/rhodecode.error.log;
535 535
536 ssl on;
537 ssl_certificate rhodecode.myserver.com.crt;
538 ssl_certificate_key rhodecode.myserver.com.key;
539
540 ssl_session_timeout 5m;
541
542 ssl_protocols SSLv3 TLSv1;
543 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
544 ssl_prefer_server_ciphers on;
545
536 546 # uncomment if you have nginx with chunking module compiled
537 547 # fixes the issues of having to put postBuffer data for large git
538 548 # pushes
539 549 #chunkin on;
540 550 #error_page 411 = @my_411_error;
541 551 #location @my_411_error {
542 552 # chunkin_resume;
543 553 #}
544 554
545 555 # uncomment if you want to serve static files by nginx
546 556 #root /path/to/installation/rhodecode/public;
547 557
548 558 location / {
549 559 try_files $uri @rhode;
550 560 }
551 561
552 562 location @rhode {
553 563 proxy_pass http://rc;
554 564 include /etc/nginx/proxy.conf;
555 565 }
556 566
557 567 }
558 568
559 569 Here's the proxy.conf. It's tuned so it will not timeout on long
560 570 pushes or large pushes::
561 571
562 572 proxy_redirect off;
563 573 proxy_set_header Host $host;
564 574 proxy_set_header X-Url-Scheme $scheme;
565 575 proxy_set_header X-Host $http_host;
566 576 proxy_set_header X-Real-IP $remote_addr;
567 577 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
568 578 proxy_set_header Proxy-host $proxy_host;
569 579 client_max_body_size 400m;
570 580 client_body_buffer_size 128k;
571 581 proxy_buffering off;
572 582 proxy_connect_timeout 7200;
573 583 proxy_send_timeout 7200;
574 584 proxy_read_timeout 7200;
575 585 proxy_buffers 8 32k;
576 586
577 587 Also, when using root path with nginx you might set the static files to false
578 588 in the production.ini file::
579 589
580 590 [app:main]
581 591 use = egg:rhodecode
582 592 full_stack = true
583 593 static_files = false
584 594 lang=en
585 595 cache_dir = %(here)s/data
586 596
587 597 In order to not have the statics served by the application. This improves speed.
588 598
589 599
590 600 Apache virtual host reverse proxy example
591 601 -----------------------------------------
592 602
593 603 Here is a sample configuration file for apache using proxy::
594 604
595 605 <VirtualHost *:80>
596 606 ServerName hg.myserver.com
597 607 ServerAlias hg.myserver.com
598 608
599 609 <Proxy *>
600 610 Order allow,deny
601 611 Allow from all
602 612 </Proxy>
603 613
604 614 #important !
605 615 #Directive to properly generate url (clone url) for pylons
606 616 ProxyPreserveHost On
607 617
608 618 #rhodecode instance
609 619 ProxyPass / http://127.0.0.1:5000/
610 620 ProxyPassReverse / http://127.0.0.1:5000/
611 621
612 622 #to enable https use line below
613 623 #SetEnvIf X-Url-Scheme https HTTPS=1
614 624
615 625 </VirtualHost>
616 626
617 627
618 628 Additional tutorial
619 629 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
620 630
621 631
622 632 Apache as subdirectory
623 633 ----------------------
624 634
625 635 Apache subdirectory part::
626 636
627 637 <Location /<someprefix> >
628 638 ProxyPass http://127.0.0.1:5000/<someprefix>
629 639 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
630 640 SetEnvIf X-Url-Scheme https HTTPS=1
631 641 </Location>
632 642
633 643 Besides the regular apache setup you will need to add the following line
634 644 into [app:main] section of your .ini file::
635 645
636 646 filter-with = proxy-prefix
637 647
638 648 Add the following at the end of the .ini file::
639 649
640 650 [filter:proxy-prefix]
641 651 use = egg:PasteDeploy#prefix
642 652 prefix = /<someprefix>
643 653
644 654
645 655 then change <someprefix> into your choosen prefix
646 656
647 657 Apache's WSGI config
648 658 --------------------
649 659
650 660 Alternatively, RhodeCode can be set up with Apache under mod_wsgi. For
651 661 that, you'll need to:
652 662
653 663 - Install mod_wsgi. If using a Debian-based distro, you can install
654 664 the package libapache2-mod-wsgi::
655 665
656 666 aptitude install libapache2-mod-wsgi
657 667
658 668 - Enable mod_wsgi::
659 669
660 670 a2enmod wsgi
661 671
662 672 - Create a wsgi dispatch script, like the one below. Make sure you
663 673 check the paths correctly point to where you installed RhodeCode
664 674 and its Python Virtual Environment.
665 675 - Enable the WSGIScriptAlias directive for the wsgi dispatch script,
666 676 as in the following example. Once again, check the paths are
667 677 correctly specified.
668 678
669 679 Here is a sample excerpt from an Apache Virtual Host configuration file::
670 680
671 681 WSGIDaemonProcess pylons \
672 682 threads=4 \
673 683 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
674 684 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
675 685 WSGIPassAuthorization On
676 686
677 687 .. note::
678 688 when running apache as root please add: `user=www-data group=www-data`
679 689 into above configuration
680 690
681 691 .. note::
682 692 RhodeCode cannot be runned in multiprocess mode in apache, make sure
683 693 you don't specify `processes=num` directive in the config
684 694
685 695
686 696 Example wsgi dispatch script::
687 697
688 698 import os
689 699 os.environ["HGENCODING"] = "UTF-8"
690 700 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
691 701
692 702 # sometimes it's needed to set the curent dir
693 703 os.chdir('/home/web/rhodecode/')
694 704
695 705 import site
696 706 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
697 707
698 708 from paste.deploy import loadapp
699 709 from paste.script.util.logging_config import fileConfig
700 710
701 711 fileConfig('/home/web/rhodecode/production.ini')
702 712 application = loadapp('config:/home/web/rhodecode/production.ini')
703 713
704 714 Note: when using mod_wsgi you'll need to install the same version of
705 715 Mercurial that's inside RhodeCode's virtualenv also on the system's Python
706 716 environment.
707 717
708 718
709 719 Other configuration files
710 720 -------------------------
711 721
712 722 Some example init.d scripts can be found in init.d directory::
713 723
714 724 https://secure.rhodecode.org/rhodecode/files/beta/init.d
715 725
716 726 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
717 727 .. _python: http://www.python.org/
718 728 .. _mercurial: http://mercurial.selenic.com/
719 729 .. _celery: http://celeryproject.org/
720 730 .. _rabbitmq: http://www.rabbitmq.com/
721 731 .. _python-ldap: http://www.python-ldap.org/
722 732 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
723 733 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
724 734 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
725 735 .. _google group rhodecode: http://groups.google.com/group/rhodecode
General Comments 0
You need to be logged in to leave comments. Login now