##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

update docs for setup
marcink -
r1226:f17fdbe8 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,531 +1,532 b''
1 1 .. _setup:
2 2
3 3 Setup
4 4 =====
5 5
6 6
7 7 Setting up RhodeCode
8 8 --------------------------
9 9
10 10 First, you will need to create a RhodeCode configuration file. Run the following
11 11 command to do this::
12 12
13 13 paster make-config RhodeCode production.ini
14 14
15 15 - This will create the file `production.ini` in the current directory. This
16 16 configuration file contains the various settings for RhodeCode, e.g proxy port,
17 17 email settings, usage of static files, cache, celery settings and logging.
18 18
19 19
20 20 Next, you need to create the databases used by RhodeCode. I recommend that you
21 21 use sqlite (default) or postgresql. If you choose a database other than the
22 22 default ensure you properly adjust the db url in your production.ini
23 23 configuration file to use this other database. Create the databases by running
24 24 the following command::
25 25
26 26 paster setup-app production.ini
27 27
28 28 This will prompt you for a "root" path. This "root" path is the location where
29 29 RhodeCode will store all of its repositories on the current machine. After
30 30 entering this "root" path ``setup-app`` will also prompt you for a username and password
31 31 for the initial admin account which ``setup-app`` sets up for you.
32 32
33 33 - The ``setup-app`` command will create all of the needed tables and an admin
34 34 account. When choosing a root path you can either use a new empty location, or a
35 35 location which already contains existing repositories. If you choose a location
36 36 which contains existing repositories RhodeCode will simply add all of the
37 37 repositories at the chosen location to it's database. (Note: make sure you
38 38 specify the correct path to the root).
39 39 - Note: the given path for mercurial_ repositories **must** be write accessible
40 40 for the application. It's very important since the RhodeCode web interface will
41 41 work without write access, but when trying to do a push it will eventually fail
42 42 with permission denied errors unless it has write access.
43 43
44 44 You are now ready to use RhodeCode, to run it simply execute::
45 45
46 46 paster serve production.ini
47 47
48 48 - This command runs the RhodeCode server. The web app should be available at the
49 49 127.0.0.1:5000. This ip and port is configurable via the production.ini
50 50 file created in previous step
51 51 - Use the admin account you created above when running ``setup-app`` to login to the web app.
52 52 - The default permissions on each repository is read, and the owner is admin.
53 53 Remember to update these if needed.
54 54 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
55 55 well as edit more advanced options on users and repositories
56 56
57 57 Try copying your own mercurial repository into the "root" directory you are
58 58 using, then from within the RhodeCode web application choose Admin >
59 59 repositories. Then choose Add New Repository. Add the repository you copied into
60 60 the root. Test that you can browse your repository from within RhodeCode and then
61 61 try cloning your repository from RhodeCode with::
62 62
63 63 hg clone http://127.0.0.1:5000/<repository name>
64 64
65 65 where *repository name* is replaced by the name of your repository.
66 66
67 67 Using RhodeCode with SSH
68 68 ------------------------
69 69
70 70 RhodeCode currently only hosts repositories using http and https. (The addition of
71 71 ssh hosting is a planned future feature.) However you can easily use ssh in
72 72 parallel with RhodeCode. (Repository access via ssh is a standard "out of
73 73 the box" feature of mercurial_ and you can use this to access any of the
74 74 repositories that RhodeCode is hosting. See PublishingRepositories_)
75 75
76 76 RhodeCode repository structures are kept in directories with the same name
77 77 as the project. When using repository groups, each group is a subdirectory.
78 78 This allows you to easily use ssh for accessing repositories.
79 79
80 80 In order to use ssh you need to make sure that your web-server and the users login
81 81 accounts have the correct permissions set on the appropriate directories. (Note
82 82 that these permissions are independent of any permissions you have set up using
83 83 the RhodeCode web interface.)
84 84
85 85 If your main directory (the same as set in RhodeCode settings) is for example
86 86 set to **/home/hg** and the repository you are using is named `rhodecode`, then
87 87 to clone via ssh you should run::
88 88
89 89 hg clone ssh://user@server.com/home/hg/rhodecode
90 90
91 91 Using other external tools such as mercurial-server_ or using ssh key based
92 92 authentication is fully supported.
93 93
94 94 Note: In an advanced setup, in order for your ssh access to use the same
95 95 permissions as set up via the RhodeCode web interface, you can create an
96 96 authentication hook to connect to the rhodecode db and runs check functions for
97 97 permissions against that.
98 98
99 99 Setting up Whoosh full text search
100 100 ----------------------------------
101 101
102 102 Starting from version 1.1 the whoosh index can be build by using the paster
103 103 command ``make-index``. To use ``make-index`` you must specify the configuration
104 104 file that stores the location of the index, and the location of the repositories
105 105 (`--repo-location`).Starting from version 1.2 it is
106 106 also possible to specify a comma separated list of repositories (`--index-only`)
107 107 to build index only on chooses repositories skipping any other found in repos
108 108 location
109 109
110 110 You may optionally pass the option `-f` to enable a full index rebuild. Without
111 111 the `-f` option, indexing will run always in "incremental" mode.
112 112
113 113 For an incremental index build use::
114 114
115 115 paster make-index production.ini --repo-location=<location for repos>
116 116
117 117 For a full index rebuild use::
118 118
119 119 paster make-index production.ini -f --repo-location=<location for repos>
120 120
121 121
122 122 building index just for chosen repositories is possible with such command::
123 123
124 124 paster make-index production.ini --repo-location=<location for repos> --index-only=vcs,rhodecode
125 125
126 126
127 127 In order to do periodical index builds and keep your index always up to date.
128 128 It's recommended to do a crontab entry for incremental indexing.
129 129 An example entry might look like this::
130 130
131 131 /path/to/python/bin/paster /path/to/rhodecode/production.ini --repo-location=<location for repos>
132 132
133 133 When using incremental mode (the default) whoosh will check the last
134 134 modification date of each file and add it to be reindexed if a newer file is
135 135 available. The indexing daemon checks for any removed files and removes them
136 136 from index.
137 137
138 138 If you want to rebuild index from scratch, you can use the `-f` flag as above,
139 139 or in the admin panel you can check `build from scratch` flag.
140 140
141 141
142 142 Setting up LDAP support
143 143 -----------------------
144 144
145 145 RhodeCode starting from version 1.1 supports ldap authentication. In order
146 146 to use LDAP, you have to install the python-ldap_ package. This package is available
147 147 via pypi, so you can install it by running
148 148
149 149 ::
150 150
151 151 easy_install python-ldap
152 152
153 153 ::
154 154
155 155 pip install python-ldap
156 156
157 157 .. note::
158 158 python-ldap requires some certain libs on your system, so before installing
159 159 it check that you have at least `openldap`, and `sasl` libraries.
160 160
161 161 LDAP settings are located in admin->ldap section,
162 162
163 163 Here's a typical ldap setup::
164 164
165 165 Connection settings
166 166 Enable LDAP = checked
167 167 Host = host.example.org
168 168 Port = 389
169 169 Account = <account>
170 170 Password = <password>
171 171 Enable LDAPS = checked
172 172 Certificate Checks = DEMAND
173 173
174 174 Search settings
175 175 Base DN = CN=users,DC=host,DC=example,DC=org
176 176 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
177 177 LDAP Search Scope = SUBTREE
178 178
179 179 Attribute mappings
180 180 Login Attribute = uid
181 181 First Name Attribute = firstName
182 182 Last Name Attribute = lastName
183 183 E-mail Attribute = mail
184 184
185 185 .. _enable_ldap:
186 186
187 187 Enable LDAP : required
188 188 Whether to use LDAP for authenticating users.
189 189
190 190 .. _ldap_host:
191 191
192 192 Host : required
193 193 LDAP server hostname or IP address.
194 194
195 195 .. _Port:
196 196
197 197 Port : required
198 198 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
199 199
200 200 .. _ldap_account:
201 201
202 202 Account : optional
203 203 Only required if the LDAP server does not allow anonymous browsing of
204 204 records. This should be a special account for record browsing. This
205 205 will require `LDAP Password`_ below.
206 206
207 207 .. _LDAP Password:
208 208
209 209 Password : optional
210 210 Only required if the LDAP server does not allow anonymous browsing of
211 211 records.
212 212
213 213 .. _Enable LDAPS:
214 214
215 215 Enable LDAPS : optional
216 216 Check this if SSL encryption is necessary for communication with the
217 217 LDAP server - it will likely require `Port`_ to be set to a different
218 218 value (standard LDAPS port is 636). When LDAPS is enabled then
219 219 `Certificate Checks`_ is required.
220 220
221 221 .. _Certificate Checks:
222 222
223 223 Certificate Checks : optional
224 224 How SSL certificates verification is handled - this is only useful when
225 225 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security while
226 226 the other options are susceptible to man-in-the-middle attacks. SSL
227 227 certificates can be installed to /etc/openldap/cacerts so that the
228 228 DEMAND or HARD options can be used with self-signed certificates or
229 229 certificates that do not have traceable certificates of authority.
230 230
231 231 NEVER
232 232 A serve certificate will never be requested or checked.
233 233
234 234 ALLOW
235 235 A server certificate is requested. Failure to provide a
236 236 certificate or providing a bad certificate will not terminate the
237 237 session.
238 238
239 239 TRY
240 240 A server certificate is requested. Failure to provide a
241 241 certificate does not halt the session; providing a bad certificate
242 242 halts the session.
243 243
244 244 DEMAND
245 245 A server certificate is requested and must be provided and
246 246 authenticated for the session to proceed.
247 247
248 248 HARD
249 249 The same as DEMAND.
250 250
251 251 .. _Base DN:
252 252
253 253 Base DN : required
254 254 The Distinguished Name (DN) where searches for users will be performed.
255 255 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
256 256
257 257 .. _LDAP Filter:
258 258
259 259 LDAP Filter : optional
260 260 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
261 261 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
262 262 which LDAP objects are identified as representing Users for
263 263 authentication. The filter is augmented by `Login Attribute`_ below.
264 264 This can commonly be left blank.
265 265
266 266 .. _LDAP Search Scope:
267 267
268 268 LDAP Search Scope : required
269 269 This limits how far LDAP will search for a matching object.
270 270
271 271 BASE
272 272 Only allows searching of `Base DN`_ and is usually not what you
273 273 want.
274 274
275 275 ONELEVEL
276 276 Searches all entries under `Base DN`_, but not Base DN itself.
277 277
278 278 SUBTREE
279 279 Searches all entries below `Base DN`_, but not Base DN itself.
280 280 When using SUBTREE `LDAP Filter`_ is useful to limit object
281 281 location.
282 282
283 283 .. _Login Attribute:
284 284
285 285 Login Attribute : required
286 286 The LDAP record attribute that will be matched as the USERNAME or
287 287 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
288 288 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
289 289 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
290 290 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
291 291 ::
292 292
293 293 (&(LDAPFILTER)(uid=jsmith))
294 294
295 295 .. _ldap_attr_firstname:
296 296
297 297 First Name Attribute : required
298 298 The LDAP record attribute which represents the user's first name.
299 299
300 300 .. _ldap_attr_lastname:
301 301
302 302 Last Name Attribute : required
303 303 The LDAP record attribute which represents the user's last name.
304 304
305 305 .. _ldap_attr_email:
306 306
307 307 Email Attribute : required
308 308 The LDAP record attribute which represents the user's email address.
309 309
310 310 If all data are entered correctly, and python-ldap_ is properly installed
311 311 users should be granted access to RhodeCode with ldap accounts. At this
312 312 time user information is copied from LDAP into the RhodeCode user database.
313 313 This means that updates of an LDAP user object may not be reflected as a
314 314 user update in RhodeCode.
315 315
316 316 If You have problems with LDAP access and believe You entered correct
317 317 information check out the RhodeCode logs, any error messages sent from LDAP
318 318 will be saved there.
319 319
320 320 Active Directory
321 321 ''''''''''''''''
322 322
323 323 RhodeCode can use Microsoft Active Directory for user authentication. This
324 324 is done through an LDAP or LDAPS connection to Active Directory. The
325 325 following LDAP configuration settings are typical for using Active
326 326 Directory ::
327 327
328 328 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
329 329 Login Attribute = sAMAccountName
330 330 First Name Attribute = givenName
331 331 Last Name Attribute = sn
332 332 E-mail Attribute = mail
333 333
334 334 All other LDAP settings will likely be site-specific and should be
335 335 appropriately configured.
336 336
337 337 Setting Up Celery
338 338 -----------------
339 339
340 340 Since version 1.1 celery is configured by the rhodecode ini configuration files.
341 341 Simply set use_celery=true in the ini file then add / change the configuration
342 342 variables inside the ini file.
343 343
344 344 Remember that the ini files use the format with '.' not with '_' like celery.
345 345 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
346 346 the config file.
347 347
348 348 In order to start using celery run::
349 349
350 350 paster celeryd <configfile.ini>
351 351
352 352
353 353 .. note::
354 354 Make sure you run this command from the same virtualenv, and with the same user
355 355 that rhodecode runs.
356 356
357 357 HTTPS support
358 358 -------------
359 359
360 360 There are two ways to enable https:
361 361
362 362 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
363 363 recognize this headers and make proper https redirections
364 364 - Alternatively, set `force_https = true` in the ini configuration to force using
365 365 https, no headers are needed than to enable https
366 366
367 367
368 368 Nginx virtual host example
369 369 --------------------------
370 370
371 371 Sample config for nginx using proxy::
372 372
373 373 server {
374 374 listen 80;
375 375 server_name hg.myserver.com;
376 376 access_log /var/log/nginx/rhodecode.access.log;
377 377 error_log /var/log/nginx/rhodecode.error.log;
378 378 location / {
379 379 root /var/www/rhodecode/rhodecode/public/;
380 380 if (!-f $request_filename){
381 381 proxy_pass http://127.0.0.1:5000;
382 382 }
383 383 #this is important if you want to use https !!!
384 384 proxy_set_header X-Url-Scheme $scheme;
385 385 include /etc/nginx/proxy.conf;
386 386 }
387 387 }
388 388
389 389 Here's the proxy.conf. It's tuned so it will not timeout on long
390 390 pushes or large pushes::
391 391
392 392 proxy_redirect off;
393 393 proxy_set_header Host $host;
394 394 proxy_set_header X-Host $http_host;
395 395 proxy_set_header X-Real-IP $remote_addr;
396 396 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
397 397 proxy_set_header Proxy-host $proxy_host;
398 398 client_max_body_size 400m;
399 399 client_body_buffer_size 128k;
400 400 proxy_buffering off;
401 401 proxy_connect_timeout 3600;
402 402 proxy_send_timeout 3600;
403 403 proxy_read_timeout 3600;
404 404 proxy_buffer_size 16k;
405 405 proxy_buffers 4 16k;
406 406 proxy_busy_buffers_size 64k;
407 407 proxy_temp_file_write_size 64k;
408 408
409 409 Also, when using root path with nginx you might set the static files to false
410 410 in the production.ini file::
411 411
412 412 [app:main]
413 413 use = egg:rhodecode
414 414 full_stack = true
415 415 static_files = false
416 416 lang=en
417 417 cache_dir = %(here)s/data
418 418
419 419 In order to not have the statics served by the application. This improves speed.
420 420
421 421
422 422 Apache virtual host example
423 423 ---------------------------
424 424
425 425 Here is a sample configuration file for apache using proxy::
426 426
427 427 <VirtualHost *:80>
428 428 ServerName hg.myserver.com
429 429 ServerAlias hg.myserver.com
430 430
431 431 <Proxy *>
432 432 Order allow,deny
433 433 Allow from all
434 434 </Proxy>
435 435
436 436 #important !
437 437 #Directive to properly generate url (clone url) for pylons
438 438 ProxyPreserveHost On
439 439
440 440 #rhodecode instance
441 441 ProxyPass / http://127.0.0.1:5000/
442 442 ProxyPassReverse / http://127.0.0.1:5000/
443 443
444 444 #to enable https use line below
445 445 #SetEnvIf X-Url-Scheme https HTTPS=1
446 446
447 447 </VirtualHost>
448 448
449 449
450 450 Additional tutorial
451 451 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
452 452
453 453
454 454 Apache as subdirectory
455 455 ----------------------
456 456
457
458 457 Apache subdirectory part::
459 458
460 <Location /rhodecode>
461 ProxyPass http://127.0.0.1:59542/rhodecode
462 ProxyPassReverse http://127.0.0.1:59542/rhodecode
459 <Location /<someprefix> >
460 ProxyPass http://127.0.0.1:5000/<someprefix>
461 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
463 462 SetEnvIf X-Url-Scheme https HTTPS=1
464 463 </Location>
465 464
466 465 Besides the regular apache setup you will need to add the following to your .ini file::
467 466
468 467 filter-with = proxy-prefix
469 468
470 469 Add the following at the end of the .ini file::
471 470
472 471 [filter:proxy-prefix]
473 472 use = egg:PasteDeploy#prefix
474 473 prefix = /<someprefix>
475 474
476 475
476 then change <someprefix> into your choosen prefix
477
477 478 Apache's example FCGI config
478 479 ----------------------------
479 480
480 481 TODO !
481 482
482 483 Other configuration files
483 484 -------------------------
484 485
485 486 Some example init.d scripts can be found here, for debian and gentoo:
486 487
487 488 https://rhodeocode.org/rhodecode/files/tip/init.d
488 489
489 490
490 491 Troubleshooting
491 492 ---------------
492 493
493 494 :Q: **Missing static files?**
494 495 :A: Make sure either to set the `static_files = true` in the .ini file or
495 496 double check the root path for your http setup. It should point to
496 497 for example:
497 498 /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
498 499
499 500 |
500 501
501 502 :Q: **Can't install celery/rabbitmq**
502 503 :A: Don't worry RhodeCode works without them too. No extra setup is required.
503 504
504 505 |
505 506
506 507 :Q: **Long lasting push timeouts?**
507 508 :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
508 509 are caused by https server and not RhodeCode.
509 510
510 511 |
511 512
512 513 :Q: **Large pushes timeouts?**
513 514 :A: Make sure you set a proper max_body_size for the http server.
514 515
515 516 |
516 517
517 518 :Q: **Apache doesn't pass basicAuth on pull/push?**
518 519 :A: Make sure you added `WSGIPassAuthorization true`.
519 520
520 521 For further questions search the `Issues tracker`_, or post a message in the `google group rhodecode`_
521 522
522 523 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
523 524 .. _python: http://www.python.org/
524 525 .. _mercurial: http://mercurial.selenic.com/
525 526 .. _celery: http://celeryproject.org/
526 527 .. _rabbitmq: http://www.rabbitmq.com/
527 528 .. _python-ldap: http://www.python-ldap.org/
528 529 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
529 530 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
530 531 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
531 532 .. _google group rhodecode: http://groups.google.com/group/rhodecode No newline at end of file
General Comments 0
You need to be logged in to leave comments. Login now