Show More
| @@ -0,0 +1,133 b'' | |||||
|
|
1 | .. _installation_iis: | |||
|
|
2 | ||||
|
|
3 | Installing Kallithea on Microsoft Internet Information Services (IIS) | |||
|
|
4 | ===================================================================== | |||
|
|
5 | ||||
|
|
6 | The following is documented using IIS 7/8 terminology. There should be nothing | |||
|
|
7 | preventing you from applying this on IIS 6 well. | |||
|
|
8 | ||||
|
|
9 | .. note:: | |||
|
|
10 | ||||
|
|
11 | For the best security, it is strongly recommended to only host the site over | |||
|
|
12 | a secure connection, e.g. using TLS. | |||
|
|
13 | ||||
|
|
14 | Prerequisites | |||
|
|
15 | ------------- | |||
|
|
16 | ||||
|
|
17 | Apart from the normal requirements for Kallithea, it is also necessary to get an | |||
|
|
18 | ISAPI-WSGI bridge module, e.g. isapi-wsgi. | |||
|
|
19 | ||||
|
|
20 | Installation | |||
|
|
21 | ------------ | |||
|
|
22 | ||||
|
|
23 | The following will assume that your Kallithea is at ``c:\inetpub\kallithea`` and | |||
|
|
24 | will be served from the root of its own website. The changes to serve it in its | |||
|
|
25 | own virtual folder will be noted where appropriate. | |||
|
|
26 | ||||
|
|
27 | Application Pool | |||
|
|
28 | ................ | |||
|
|
29 | ||||
|
|
30 | Make sure that there is a unique application pool for the Kallithea application | |||
|
|
31 | with an identity that has read access to the Kallithea distribution. | |||
|
|
32 | ||||
|
|
33 | The application pool does not need to be able to run any managed code. If you | |||
|
|
34 | are using a 32-bit Python installation, then you must enable 32 bit program in | |||
|
|
35 | the advanced settings for the application pool otherwise Python will not be able | |||
|
|
36 | to run on the website and consequently, Kallithea will not be able to run. | |||
|
|
37 | ||||
|
|
38 | .. note:: | |||
|
|
39 | ||||
|
|
40 | The application pool can be the same as an existing application pool as long | |||
|
|
41 | as the requirements to Kallithea are enabled by the existing application | |||
|
|
42 | pool. | |||
|
|
43 | ||||
|
|
44 | ISAPI Handler | |||
|
|
45 | ............. | |||
|
|
46 | ||||
|
|
47 | The ISAPI handler needs to be generated from a custom file. Imagining that the | |||
|
|
48 | Kallithea installation is in ``c:\inetpub\kallithea``, we would have a file in | |||
|
|
49 | the same directory called, e.g. ``dispatch.py`` with the following contents:: | |||
|
|
50 | ||||
|
|
51 | import sys | |||
|
|
52 | ||||
|
|
53 | if hasattr(sys, "isapidllhandle"): | |||
|
|
54 | import win32traceutil | |||
|
|
55 | ||||
|
|
56 | import isapi_wsgi | |||
|
|
57 | ||||
|
|
58 | def __ExtensionFactory__(): | |||
|
|
59 | from paste.deploy import loadapp | |||
|
|
60 | from paste.script.util.logging_config import fileConfig | |||
|
|
61 | fileConfig('c:\\inetpub\\kallithea\\production.ini') | |||
|
|
62 | application = loadapp('config:c:\\inetpub\\kallithea\\production.ini') | |||
|
|
63 | ||||
|
|
64 | def app(environ, start_response): | |||
|
|
65 | user = environ.get('REMOTE_USER', None) | |||
|
|
66 | if user is not None: | |||
|
|
67 | os.environ['REMOTE_USER'] = user | |||
|
|
68 | return application(environ, start_response) | |||
|
|
69 | ||||
|
|
70 | return isapi_wsgi.ISAPIThreadPoolHandler(app) | |||
|
|
71 | ||||
|
|
72 | if __name__=='__main__': | |||
|
|
73 | from isapi.install import * | |||
|
|
74 | params = ISAPIParameters() | |||
|
|
75 | sm = [ScriptMapParams(Extension="*", Flags=0)] | |||
|
|
76 | vd = VirtualDirParameters(Name="/", | |||
|
|
77 | Description = "ISAPI-WSGI Echo Test", | |||
|
|
78 | ScriptMaps = sm, | |||
|
|
79 | ScriptMapUpdate = "replace") | |||
|
|
80 | params.VirtualDirs = [vd] | |||
|
|
81 | HandleCommandLine(params) | |||
|
|
82 | ||||
|
|
83 | This script has two parts: First, when run directly using Python, it will | |||
|
|
84 | install a script map ISAPI handler into the root application of the default | |||
|
|
85 | website, and secondly it will be called from the ISAPI handler when invoked | |||
|
|
86 | from the website. | |||
|
|
87 | ||||
|
|
88 | The ISAPI handler is registered to all file extensions, so it will automatically | |||
|
|
89 | be the one handling all requests to the website. When the website starts the | |||
|
|
90 | ISAPI handler, it will start a thread pool managed wrapper around the paster | |||
|
|
91 | middleware WSGI handler that Kallithea runs within and each HTTP request to the | |||
|
|
92 | site will be processed through this logic henceforth. | |||
|
|
93 | ||||
|
|
94 | Authentication with Kallithea using IIS authentication modules | |||
|
|
95 | .............................................................. | |||
|
|
96 | ||||
|
|
97 | The recommended way to handle authentication with Kallithea using IIS is to let | |||
|
|
98 | IIS handle all the authentication and just pass it to Kallithea. | |||
|
|
99 | ||||
|
|
100 | To move responsibility into IIS from Kallithea, we need to configure Kallithea | |||
|
|
101 | to let external systems handle authentication and then let Kallithea create the | |||
|
|
102 | user automatically. To do this, access the administration's authentication page | |||
|
|
103 | and enable the ``kallithea.lib.auth_modules.auth_container`` plugin. Once it is | |||
|
|
104 | added, enable it with the ``REMOTE_USER`` header and check *Clean username*. | |||
|
|
105 | Finally, save the changes on this page. | |||
|
|
106 | ||||
|
|
107 | Switch to the administration's permissions page and disable anonymous access, | |||
|
|
108 | otherwise Kallithea will not attempt to use the authenticated user name. By | |||
|
|
109 | default, Kallithea will populate the list of users lazily as they log in. Either | |||
|
|
110 | disable external auth account activation and ensure that you pre-populate the | |||
|
|
111 | user database with an external tool, or set it to *Automatic activation of | |||
|
|
112 | external account*. Finally, save the changes. | |||
|
|
113 | ||||
|
|
114 | The last necessary step is to enable the relevant authentication in IIS, e.g. | |||
|
|
115 | Windows authentication. | |||
|
|
116 | ||||
|
|
117 | Troubleshooting | |||
|
|
118 | --------------- | |||
|
|
119 | ||||
|
|
120 | Typically, any issues in this setup will either be entirely in IIS or entirely | |||
|
|
121 | in Kallithea (or Kallithea's WSGI/paster middleware). Consequently, two | |||
|
|
122 | different options for finding issues exist: IIS' failed request tracking which | |||
|
|
123 | is great at finding issues until they exist inside Kallithea, at which point the | |||
|
|
124 | ISAPI-WSGI wrapper above uses ``win32traceutil``, which is part of ``pywin32``. | |||
|
|
125 | ||||
|
|
126 | In order to dump output from WSGI using ``win32traceutil`` it is sufficient to | |||
|
|
127 | type the following in a console window:: | |||
|
|
128 | ||||
|
|
129 | python -m win32traceutil | |||
|
|
130 | ||||
|
|
131 | and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea | |||
|
|
132 | application itself) that are uncaught, will be printed here complete with stack | |||
|
|
133 | traces, making it a lot easier to identify issues. | |||
General Comments 0
You need to be logged in to leave comments.
Login now