upstream/kallithea Commit - r1226:f17fdbe8

1

.. _setup:

1

.. _setup:

2

3

Setup

3

Setup

4

=====

4

=====

5

6

7

Setting up RhodeCode

7

Setting up RhodeCode

8

--------------------------

8

--------------------------

9

10

First, you will need to create a RhodeCode configuration file. Run the following

10

First, you will need to create a RhodeCode configuration file. Run the following

11

command to do this::

11

command to do this::

12

13

paster make-config RhodeCode production.ini

13

paster make-config RhodeCode production.ini

14

15

- This will create the file `production.ini` in the current directory. This

15

- This will create the file `production.ini` in the current directory. This

16

configuration file contains the various settings for RhodeCode, e.g proxy port,

16

configuration file contains the various settings for RhodeCode, e.g proxy port,

17

email settings, usage of static files, cache, celery settings and logging.

17

email settings, usage of static files, cache, celery settings and logging.

18

19

20

Next, you need to create the databases used by RhodeCode. I recommend that you

20

Next, you need to create the databases used by RhodeCode. I recommend that you

21

use sqlite (default) or postgresql. If you choose a database other than the

21

use sqlite (default) or postgresql. If you choose a database other than the

22

default ensure you properly adjust the db url in your production.ini

22

default ensure you properly adjust the db url in your production.ini

23

configuration file to use this other database. Create the databases by running

23

configuration file to use this other database. Create the databases by running

24

the following command::

24

the following command::

25

26

paster setup-app production.ini

26

paster setup-app production.ini

27

28

This will prompt you for a "root" path. This "root" path is the location where

28

This will prompt you for a "root" path. This "root" path is the location where

29

RhodeCode will store all of its repositories on the current machine. After

29

RhodeCode will store all of its repositories on the current machine. After

30

entering this "root" path ``setup-app`` will also prompt you for a username and password

30

entering this "root" path ``setup-app`` will also prompt you for a username and password

31

for the initial admin account which ``setup-app`` sets up for you.

31

for the initial admin account which ``setup-app`` sets up for you.

32

33

- The ``setup-app`` command will create all of the needed tables and an admin

33

- The ``setup-app`` command will create all of the needed tables and an admin

34

account. When choosing a root path you can either use a new empty location, or a

34

account. When choosing a root path you can either use a new empty location, or a

35

location which already contains existing repositories. If you choose a location

35

location which already contains existing repositories. If you choose a location

36

which contains existing repositories RhodeCode will simply add all of the

36

which contains existing repositories RhodeCode will simply add all of the

37

repositories at the chosen location to it's database. (Note: make sure you

37

repositories at the chosen location to it's database. (Note: make sure you

38

specify the correct path to the root).

38

specify the correct path to the root).

39

- Note: the given path for mercurial_ repositories **must** be write accessible

39

- Note: the given path for mercurial_ repositories **must** be write accessible

40

for the application. It's very important since the RhodeCode web interface will

40

for the application. It's very important since the RhodeCode web interface will

41

work without write access, but when trying to do a push it will eventually fail

41

work without write access, but when trying to do a push it will eventually fail

42

with permission denied errors unless it has write access.

42

with permission denied errors unless it has write access.

43

44

You are now ready to use RhodeCode, to run it simply execute::

44

You are now ready to use RhodeCode, to run it simply execute::

45

46

paster serve production.ini

46

paster serve production.ini

47

48

- This command runs the RhodeCode server. The web app should be available at the

48

- This command runs the RhodeCode server. The web app should be available at the

49

127.0.0.1:5000. This ip and port is configurable via the production.ini

49

127.0.0.1:5000. This ip and port is configurable via the production.ini

50

file created in previous step

50

file created in previous step

51

- Use the admin account you created above when running ``setup-app`` to login to the web app.

51

- Use the admin account you created above when running ``setup-app`` to login to the web app.

52

- The default permissions on each repository is read, and the owner is admin.

52

- The default permissions on each repository is read, and the owner is admin.

53

Remember to update these if needed.

53

Remember to update these if needed.

54

- In the admin panel you can toggle ldap, anonymous, permissions settings. As

54

- In the admin panel you can toggle ldap, anonymous, permissions settings. As

55

well as edit more advanced options on users and repositories

55

well as edit more advanced options on users and repositories

56

57

Try copying your own mercurial repository into the "root" directory you are

57

Try copying your own mercurial repository into the "root" directory you are

58

using, then from within the RhodeCode web application choose Admin >

58

using, then from within the RhodeCode web application choose Admin >

59

repositories. Then choose Add New Repository. Add the repository you copied into

59

repositories. Then choose Add New Repository. Add the repository you copied into

60

the root. Test that you can browse your repository from within RhodeCode and then

60

the root. Test that you can browse your repository from within RhodeCode and then

61

try cloning your repository from RhodeCode with::

61

try cloning your repository from RhodeCode with::

62

63

hg clone http://127.0.0.1:5000/<repository name>

63

hg clone http://127.0.0.1:5000/<repository name>

64

65

where *repository name* is replaced by the name of your repository.

65

where *repository name* is replaced by the name of your repository.

66

67

Using RhodeCode with SSH

67

Using RhodeCode with SSH

68

------------------------

68

------------------------

69

70

RhodeCode currently only hosts repositories using http and https. (The addition of

70

RhodeCode currently only hosts repositories using http and https. (The addition of

71

ssh hosting is a planned future feature.) However you can easily use ssh in

71

ssh hosting is a planned future feature.) However you can easily use ssh in

72

parallel with RhodeCode. (Repository access via ssh is a standard "out of

72

parallel with RhodeCode. (Repository access via ssh is a standard "out of

73

the box" feature of mercurial_ and you can use this to access any of the

73

the box" feature of mercurial_ and you can use this to access any of the

74

repositories that RhodeCode is hosting. See PublishingRepositories_)

74

repositories that RhodeCode is hosting. See PublishingRepositories_)

75

76

RhodeCode repository structures are kept in directories with the same name

76

RhodeCode repository structures are kept in directories with the same name

77

as the project. When using repository groups, each group is a subdirectory.

77

as the project. When using repository groups, each group is a subdirectory.

78

This allows you to easily use ssh for accessing repositories.

78

This allows you to easily use ssh for accessing repositories.

79

80

In order to use ssh you need to make sure that your web-server and the users login

80

In order to use ssh you need to make sure that your web-server and the users login

81

accounts have the correct permissions set on the appropriate directories. (Note

81

accounts have the correct permissions set on the appropriate directories. (Note

82

that these permissions are independent of any permissions you have set up using

82

that these permissions are independent of any permissions you have set up using

83

the RhodeCode web interface.)

83

the RhodeCode web interface.)

84

85

If your main directory (the same as set in RhodeCode settings) is for example

85

If your main directory (the same as set in RhodeCode settings) is for example

86

set to **/home/hg** and the repository you are using is named `rhodecode`, then

86

set to **/home/hg** and the repository you are using is named `rhodecode`, then

87

to clone via ssh you should run::

87

to clone via ssh you should run::

88

89

hg clone ssh://user@server.com/home/hg/rhodecode

89

hg clone ssh://user@server.com/home/hg/rhodecode

90

91

Using other external tools such as mercurial-server_ or using ssh key based

91

Using other external tools such as mercurial-server_ or using ssh key based

92

authentication is fully supported.

92

authentication is fully supported.

93

94

Note: In an advanced setup, in order for your ssh access to use the same

94

Note: In an advanced setup, in order for your ssh access to use the same

95

permissions as set up via the RhodeCode web interface, you can create an

95

permissions as set up via the RhodeCode web interface, you can create an

96

authentication hook to connect to the rhodecode db and runs check functions for

96

authentication hook to connect to the rhodecode db and runs check functions for

97

permissions against that.

97

permissions against that.

98

99

Setting up Whoosh full text search

99

Setting up Whoosh full text search

100

----------------------------------

100

----------------------------------

101

102

Starting from version 1.1 the whoosh index can be build by using the paster

102

Starting from version 1.1 the whoosh index can be build by using the paster

103

command ``make-index``. To use ``make-index`` you must specify the configuration

103

command ``make-index``. To use ``make-index`` you must specify the configuration

104

file that stores the location of the index, and the location of the repositories

104

file that stores the location of the index, and the location of the repositories

105

(`--repo-location`).Starting from version 1.2 it is

105

(`--repo-location`).Starting from version 1.2 it is

106

also possible to specify a comma separated list of repositories (`--index-only`)

106

also possible to specify a comma separated list of repositories (`--index-only`)

107

to build index only on chooses repositories skipping any other found in repos

107

to build index only on chooses repositories skipping any other found in repos

108

location

108

location

109

110

You may optionally pass the option `-f` to enable a full index rebuild. Without

110

You may optionally pass the option `-f` to enable a full index rebuild. Without

111

the `-f` option, indexing will run always in "incremental" mode.

111

the `-f` option, indexing will run always in "incremental" mode.

112

113

For an incremental index build use::

113

For an incremental index build use::

114

115

paster make-index production.ini --repo-location=<location for repos>

115

paster make-index production.ini --repo-location=<location for repos>

116

117

For a full index rebuild use::

117

For a full index rebuild use::

118

119

paster make-index production.ini -f --repo-location=<location for repos>

119

paster make-index production.ini -f --repo-location=<location for repos>

120

121

122

building index just for chosen repositories is possible with such command::

122

building index just for chosen repositories is possible with such command::

123

124

paster make-index production.ini --repo-location=<location for repos> --index-only=vcs,rhodecode

124

paster make-index production.ini --repo-location=<location for repos> --index-only=vcs,rhodecode

125

126

127

In order to do periodical index builds and keep your index always up to date.

127

In order to do periodical index builds and keep your index always up to date.

128

It's recommended to do a crontab entry for incremental indexing.

128

It's recommended to do a crontab entry for incremental indexing.

129

An example entry might look like this::

129

An example entry might look like this::

130

131

/path/to/python/bin/paster /path/to/rhodecode/production.ini --repo-location=<location for repos>

131

/path/to/python/bin/paster /path/to/rhodecode/production.ini --repo-location=<location for repos>

132

133

When using incremental mode (the default) whoosh will check the last

133

When using incremental mode (the default) whoosh will check the last

134

modification date of each file and add it to be reindexed if a newer file is

134

modification date of each file and add it to be reindexed if a newer file is

135

available. The indexing daemon checks for any removed files and removes them

135

available. The indexing daemon checks for any removed files and removes them

136

from index.

136

from index.

137

138

If you want to rebuild index from scratch, you can use the `-f` flag as above,

138

If you want to rebuild index from scratch, you can use the `-f` flag as above,

139

or in the admin panel you can check `build from scratch` flag.

139

or in the admin panel you can check `build from scratch` flag.

140

141

142

Setting up LDAP support

142

Setting up LDAP support

143

-----------------------

143

-----------------------

144

145

RhodeCode starting from version 1.1 supports ldap authentication. In order

145

RhodeCode starting from version 1.1 supports ldap authentication. In order

146

to use LDAP, you have to install the python-ldap_ package. This package is available

146

to use LDAP, you have to install the python-ldap_ package. This package is available

147

via pypi, so you can install it by running

147

via pypi, so you can install it by running

148

149

::

149

::

150

151

easy_install python-ldap

151

easy_install python-ldap

152

153

::

153

::

154

155

pip install python-ldap

155

pip install python-ldap

156

157

.. note::

157

.. note::

158

python-ldap requires some certain libs on your system, so before installing

158

python-ldap requires some certain libs on your system, so before installing

159

it check that you have at least `openldap`, and `sasl` libraries.

159

it check that you have at least `openldap`, and `sasl` libraries.

160

161

LDAP settings are located in admin->ldap section,

161

LDAP settings are located in admin->ldap section,

162

163

Here's a typical ldap setup::

163

Here's a typical ldap setup::

164

165

Connection settings

165

Connection settings

166

Enable LDAP = checked

166

Enable LDAP = checked

167

Host = host.example.org

167

Host = host.example.org

168

Port = 389

168

Port = 389

169

Account = <account>

169

Account = <account>

170

Password = <password>

170

Password = <password>

171

Enable LDAPS = checked

171

Enable LDAPS = checked

172

Certificate Checks = DEMAND

172

Certificate Checks = DEMAND

173

174

Search settings

174

Search settings

175

Base DN = CN=users,DC=host,DC=example,DC=org

175

Base DN = CN=users,DC=host,DC=example,DC=org

176

LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))

176

LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))

177

LDAP Search Scope = SUBTREE

177

LDAP Search Scope = SUBTREE

178

179

Attribute mappings

179

Attribute mappings

180

Login Attribute = uid

180

Login Attribute = uid

181

First Name Attribute = firstName

181

First Name Attribute = firstName

182

Last Name Attribute = lastName

182

Last Name Attribute = lastName

183

E-mail Attribute = mail

183

E-mail Attribute = mail

184

185

.. _enable_ldap:

185

.. _enable_ldap:

186

187

Enable LDAP : required

187

Enable LDAP : required

188

Whether to use LDAP for authenticating users.

188

Whether to use LDAP for authenticating users.

189

190

.. _ldap_host:

190

.. _ldap_host:

191

192

Host : required

192

Host : required

193

LDAP server hostname or IP address.

193

LDAP server hostname or IP address.

194

195

.. _Port:

195

.. _Port:

196

197

Port : required

197

Port : required

198

389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.

198

389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.

199

200

.. _ldap_account:

200

.. _ldap_account:

201

202

Account : optional

202

Account : optional

203

Only required if the LDAP server does not allow anonymous browsing of

203

Only required if the LDAP server does not allow anonymous browsing of

204

records. This should be a special account for record browsing. This

204

records. This should be a special account for record browsing. This

205

will require `LDAP Password`_ below.

205

will require `LDAP Password`_ below.

206

207

.. _LDAP Password:

207

.. _LDAP Password:

208

209

Password : optional

209

Password : optional

210

Only required if the LDAP server does not allow anonymous browsing of

210

Only required if the LDAP server does not allow anonymous browsing of

211

records.

211

records.

212

213

.. _Enable LDAPS:

213

.. _Enable LDAPS:

214

215

Enable LDAPS : optional

215

Enable LDAPS : optional

216

Check this if SSL encryption is necessary for communication with the

216

Check this if SSL encryption is necessary for communication with the

217

LDAP server - it will likely require `Port`_ to be set to a different

217

LDAP server - it will likely require `Port`_ to be set to a different

218

value (standard LDAPS port is 636). When LDAPS is enabled then

218

value (standard LDAPS port is 636). When LDAPS is enabled then

219

`Certificate Checks`_ is required.

219

`Certificate Checks`_ is required.

220

221

.. _Certificate Checks:

221

.. _Certificate Checks:

222

223

Certificate Checks : optional

223

Certificate Checks : optional

224

How SSL certificates verification is handled - this is only useful when

224

How SSL certificates verification is handled - this is only useful when

225

`Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security while

225

`Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security while

226

the other options are susceptible to man-in-the-middle attacks. SSL

226

the other options are susceptible to man-in-the-middle attacks. SSL

227

certificates can be installed to /etc/openldap/cacerts so that the

227

certificates can be installed to /etc/openldap/cacerts so that the

228

DEMAND or HARD options can be used with self-signed certificates or

228

DEMAND or HARD options can be used with self-signed certificates or

229

certificates that do not have traceable certificates of authority.

229

certificates that do not have traceable certificates of authority.

230

231

NEVER

231

NEVER

232

A serve certificate will never be requested or checked.

232

A serve certificate will never be requested or checked.

233

234

ALLOW

234

ALLOW

235

A server certificate is requested. Failure to provide a

235

A server certificate is requested. Failure to provide a

236

certificate or providing a bad certificate will not terminate the

236

certificate or providing a bad certificate will not terminate the

237

session.

237

session.

238

239

TRY

239

TRY

240

A server certificate is requested. Failure to provide a

240

A server certificate is requested. Failure to provide a

241

certificate does not halt the session; providing a bad certificate

241

certificate does not halt the session; providing a bad certificate

242

halts the session.

242

halts the session.

243

244

DEMAND

244

DEMAND

245

A server certificate is requested and must be provided and

245

A server certificate is requested and must be provided and

246

authenticated for the session to proceed.

246

authenticated for the session to proceed.

247

248

HARD

248

HARD

249

The same as DEMAND.

249

The same as DEMAND.

250

251

.. _Base DN:

251

.. _Base DN:

252

253

Base DN : required

253

Base DN : required

254

The Distinguished Name (DN) where searches for users will be performed.

254

The Distinguished Name (DN) where searches for users will be performed.

255

Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.

255

Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.

256

257

.. _LDAP Filter:

257

.. _LDAP Filter:

258

259

LDAP Filter : optional

259

LDAP Filter : optional

260

A LDAP filter defined by RFC 2254. This is more useful when `LDAP

260

A LDAP filter defined by RFC 2254. This is more useful when `LDAP

261

Search Scope`_ is set to SUBTREE. The filter is useful for limiting

261

Search Scope`_ is set to SUBTREE. The filter is useful for limiting

262

which LDAP objects are identified as representing Users for

262

which LDAP objects are identified as representing Users for

263

authentication. The filter is augmented by `Login Attribute`_ below.

263

authentication. The filter is augmented by `Login Attribute`_ below.

264

This can commonly be left blank.

264

This can commonly be left blank.

265

266

.. _LDAP Search Scope:

266

.. _LDAP Search Scope:

267

268

LDAP Search Scope : required

268

LDAP Search Scope : required

269

This limits how far LDAP will search for a matching object.

269

This limits how far LDAP will search for a matching object.

270

271

BASE

271

BASE

272

Only allows searching of `Base DN`_ and is usually not what you

272

Only allows searching of `Base DN`_ and is usually not what you

273

want.

273

want.

274

275

ONELEVEL

275

ONELEVEL

276

Searches all entries under `Base DN`_, but not Base DN itself.

276

Searches all entries under `Base DN`_, but not Base DN itself.

277

278

SUBTREE

278

SUBTREE

279

Searches all entries below `Base DN`_, but not Base DN itself.

279

Searches all entries below `Base DN`_, but not Base DN itself.

280

When using SUBTREE `LDAP Filter`_ is useful to limit object

280

When using SUBTREE `LDAP Filter`_ is useful to limit object

281

location.

281

location.

282

283

.. _Login Attribute:

283

.. _Login Attribute:

284

285

Login Attribute : required

285

Login Attribute : required

286

The LDAP record attribute that will be matched as the USERNAME or

286

The LDAP record attribute that will be matched as the USERNAME or

287

ACCOUNT used to connect to RhodeCode. This will be added to `LDAP

287

ACCOUNT used to connect to RhodeCode. This will be added to `LDAP

288

Filter`_ for locating the User object. If `LDAP Filter`_ is specified as

288

Filter`_ for locating the User object. If `LDAP Filter`_ is specified as

289

"LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has

289

"LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has

290

connected as "jsmith" then the `LDAP Filter`_ will be augmented as below

290

connected as "jsmith" then the `LDAP Filter`_ will be augmented as below

291

::

291

::

292

293

(&(LDAPFILTER)(uid=jsmith))

293

(&(LDAPFILTER)(uid=jsmith))

294

295

.. _ldap_attr_firstname:

295

.. _ldap_attr_firstname:

296

297

First Name Attribute : required

297

First Name Attribute : required

298

The LDAP record attribute which represents the user's first name.

298

The LDAP record attribute which represents the user's first name.

299

300

.. _ldap_attr_lastname:

300

.. _ldap_attr_lastname:

301

302

Last Name Attribute : required

302

Last Name Attribute : required

303

The LDAP record attribute which represents the user's last name.

303

The LDAP record attribute which represents the user's last name.

304

305

.. _ldap_attr_email:

305

.. _ldap_attr_email:

306

307

Email Attribute : required

307

Email Attribute : required

308

The LDAP record attribute which represents the user's email address.

308

The LDAP record attribute which represents the user's email address.

309

310

If all data are entered correctly, and python-ldap_ is properly installed

310

If all data are entered correctly, and python-ldap_ is properly installed

311

users should be granted access to RhodeCode with ldap accounts. At this

311

users should be granted access to RhodeCode with ldap accounts. At this

312

time user information is copied from LDAP into the RhodeCode user database.

312

time user information is copied from LDAP into the RhodeCode user database.

313

This means that updates of an LDAP user object may not be reflected as a

313

This means that updates of an LDAP user object may not be reflected as a

314

user update in RhodeCode.

314

user update in RhodeCode.

315

316

If You have problems with LDAP access and believe You entered correct

316

If You have problems with LDAP access and believe You entered correct

317

information check out the RhodeCode logs, any error messages sent from LDAP

317

information check out the RhodeCode logs, any error messages sent from LDAP

318

will be saved there.

318

will be saved there.

319

320

Active Directory

320

Active Directory

321

''''''''''''''''

321

''''''''''''''''

322

323

RhodeCode can use Microsoft Active Directory for user authentication. This

323

RhodeCode can use Microsoft Active Directory for user authentication. This

324

is done through an LDAP or LDAPS connection to Active Directory. The

324

is done through an LDAP or LDAPS connection to Active Directory. The

325

following LDAP configuration settings are typical for using Active

325

following LDAP configuration settings are typical for using Active

326

Directory ::

326

Directory ::

327

328

Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local

328

Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local

329

Login Attribute = sAMAccountName

329

Login Attribute = sAMAccountName

330

First Name Attribute = givenName

330

First Name Attribute = givenName

331

Last Name Attribute = sn

331

Last Name Attribute = sn

332

E-mail Attribute = mail

332

E-mail Attribute = mail

333

334

All other LDAP settings will likely be site-specific and should be

334

All other LDAP settings will likely be site-specific and should be

335

appropriately configured.

335

appropriately configured.

336

337

Setting Up Celery

337

Setting Up Celery

338

-----------------

338

-----------------

339

340

Since version 1.1 celery is configured by the rhodecode ini configuration files.

340

Since version 1.1 celery is configured by the rhodecode ini configuration files.

341

Simply set use_celery=true in the ini file then add / change the configuration

341

Simply set use_celery=true in the ini file then add / change the configuration

342

variables inside the ini file.

342

variables inside the ini file.

343

344

Remember that the ini files use the format with '.' not with '_' like celery.

344

Remember that the ini files use the format with '.' not with '_' like celery.

345

So for example setting `BROKER_HOST` in celery means setting `broker.host` in

345

So for example setting `BROKER_HOST` in celery means setting `broker.host` in

346

the config file.

346

the config file.

347

348

In order to start using celery run::

348

In order to start using celery run::

349

350

paster celeryd <configfile.ini>

350

paster celeryd <configfile.ini>

351

352

353

.. note::

353

.. note::

354

Make sure you run this command from the same virtualenv, and with the same user

354

Make sure you run this command from the same virtualenv, and with the same user

355

that rhodecode runs.

355

that rhodecode runs.

356

357

HTTPS support

357

HTTPS support

358

-------------

358

-------------

359

360

There are two ways to enable https:

360

There are two ways to enable https:

361

362

- Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will

362

- Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will

363

recognize this headers and make proper https redirections

363

recognize this headers and make proper https redirections

364

- Alternatively, set `force_https = true` in the ini configuration to force using

364

- Alternatively, set `force_https = true` in the ini configuration to force using

365

https, no headers are needed than to enable https

365

https, no headers are needed than to enable https

366

367

368

Nginx virtual host example

368

Nginx virtual host example

369

--------------------------

369

--------------------------

370

371

Sample config for nginx using proxy::

371

Sample config for nginx using proxy::

372

373

server {

373

server {

374

listen 80;

374

listen 80;

375

server_name hg.myserver.com;

375

server_name hg.myserver.com;

376

access_log /var/log/nginx/rhodecode.access.log;

376

access_log /var/log/nginx/rhodecode.access.log;

377

error_log /var/log/nginx/rhodecode.error.log;

377

error_log /var/log/nginx/rhodecode.error.log;

378

location / {

378

location / {

379

root /var/www/rhodecode/rhodecode/public/;

379

root /var/www/rhodecode/rhodecode/public/;

380

if (!-f $request_filename){

380

if (!-f $request_filename){

381

proxy_pass http://127.0.0.1:5000;

381

proxy_pass http://127.0.0.1:5000;

382

}

382

}

383

#this is important if you want to use https !!!

383

#this is important if you want to use https !!!

384

proxy_set_header X-Url-Scheme $scheme;

384

proxy_set_header X-Url-Scheme $scheme;

385

include /etc/nginx/proxy.conf;

385

include /etc/nginx/proxy.conf;

386

}

386

}

387

}

387

}

388

389

Here's the proxy.conf. It's tuned so it will not timeout on long

389

Here's the proxy.conf. It's tuned so it will not timeout on long

390

pushes or large pushes::

390

pushes or large pushes::

391

392

proxy_redirect off;

392

proxy_redirect off;

393

proxy_set_header Host $host;

393

proxy_set_header Host $host;

394

proxy_set_header X-Host $http_host;

394

proxy_set_header X-Host $http_host;

395

proxy_set_header X-Real-IP $remote_addr;

395

proxy_set_header X-Real-IP $remote_addr;

396

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

396

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

397

proxy_set_header Proxy-host $proxy_host;

397

proxy_set_header Proxy-host $proxy_host;

398

client_max_body_size 400m;

398

client_max_body_size 400m;

399

client_body_buffer_size 128k;

399

client_body_buffer_size 128k;

400

proxy_buffering off;

400

proxy_buffering off;

401

proxy_connect_timeout 3600;

401

proxy_connect_timeout 3600;

402

proxy_send_timeout 3600;

402

proxy_send_timeout 3600;

403

proxy_read_timeout 3600;

403

proxy_read_timeout 3600;

404

proxy_buffer_size 16k;

404

proxy_buffer_size 16k;

405

proxy_buffers 4 16k;

405

proxy_buffers 4 16k;

406

proxy_busy_buffers_size 64k;

406

proxy_busy_buffers_size 64k;

407

proxy_temp_file_write_size 64k;

407

proxy_temp_file_write_size 64k;

408

409

Also, when using root path with nginx you might set the static files to false

409

Also, when using root path with nginx you might set the static files to false

410

in the production.ini file::

410

in the production.ini file::

411

412

[app:main]

412

[app:main]

413

use = egg:rhodecode

413

use = egg:rhodecode

414

full_stack = true

414

full_stack = true

415

static_files = false

415

static_files = false

416

lang=en

416

lang=en

417

cache_dir = %(here)s/data

417

cache_dir = %(here)s/data

418

419

In order to not have the statics served by the application. This improves speed.

419

In order to not have the statics served by the application. This improves speed.

420

421

422

Apache virtual host example

422

Apache virtual host example

423

---------------------------

423

---------------------------

424

425

Here is a sample configuration file for apache using proxy::

425

Here is a sample configuration file for apache using proxy::

426

427

427

428

ServerName hg.myserver.com

428

ServerName hg.myserver.com

429

ServerAlias hg.myserver.com

429

ServerAlias hg.myserver.com

430

431

431

432

Order allow,deny

432

Order allow,deny

433

Allow from all

433

Allow from all

434

</Proxy>

434

</Proxy>

435

436

#important !

436

#important !

437

#Directive to properly generate url (clone url) for pylons

437

#Directive to properly generate url (clone url) for pylons

438

ProxyPreserveHost On

438

ProxyPreserveHost On

439

440

#rhodecode instance

440

#rhodecode instance

441

ProxyPass / http://127.0.0.1:5000/

441

ProxyPass / http://127.0.0.1:5000/

442

ProxyPassReverse / http://127.0.0.1:5000/

442

ProxyPassReverse / http://127.0.0.1:5000/

443

444

#to enable https use line below

444

#to enable https use line below

445

#SetEnvIf X-Url-Scheme https HTTPS=1

445

#SetEnvIf X-Url-Scheme https HTTPS=1

446

447

</VirtualHost>

447

</VirtualHost>

448

449

450

Additional tutorial

450

Additional tutorial

451

http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons

451

http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons

452

453

454

Apache as subdirectory

454

Apache as subdirectory

455

----------------------

455

----------------------

456

457

458

Apache subdirectory part::

457

Apache subdirectory part::

459

458

460

459

461

ProxyPass http://127.0.0.1:5~~9542/rhodecode~~

460

ProxyPass http://127.0.0.1:5000/<someprefix>

462

ProxyPassReverse http://127.0.0.1:5~~9542/rhodecode~~

461

ProxyPassReverse http://127.0.0.1:5000/<someprefix>

463

SetEnvIf X-Url-Scheme https HTTPS=1

462

SetEnvIf X-Url-Scheme https HTTPS=1

464

</Location>

463

</Location>

465

464

466

Besides the regular apache setup you will need to add the following to your .ini file::

465

Besides the regular apache setup you will need to add the following to your .ini file::

467

466

468

filter-with = proxy-prefix

467

filter-with = proxy-prefix

469

468

470

Add the following at the end of the .ini file::

469

Add the following at the end of the .ini file::

471

470

472

[filter:proxy-prefix]

471

[filter:proxy-prefix]

473

use = egg:PasteDeploy#prefix

472

use = egg:PasteDeploy#prefix

474

prefix = /<someprefix>

473

prefix = /<someprefix>

475

474

476

475

476

then change <someprefix> into your choosen prefix

477

Apache's example FCGI config

478

Apache's example FCGI config

478

----------------------------

479

----------------------------

479

480

TODO !

481

TODO !

481

482

Other configuration files

483

Other configuration files

483

-------------------------

484

-------------------------

484

485

Some example init.d scripts can be found here, for debian and gentoo:

486

Some example init.d scripts can be found here, for debian and gentoo:

486

487

https://rhodeocode.org/rhodecode/files/tip/init.d

488

https://rhodeocode.org/rhodecode/files/tip/init.d

488

489

490

Troubleshooting

491

Troubleshooting

491

---------------

492

---------------

492

493

:Q: **Missing static files?**

494

:Q: **Missing static files?**

494

:A: Make sure either to set the `static_files = true` in the .ini file or

495

:A: Make sure either to set the `static_files = true` in the .ini file or

495

double check the root path for your http setup. It should point to

496

double check the root path for your http setup. It should point to

496

for example:

497

for example:

497

/home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public

498

/home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public

498

499

|

500

|

500

501

:Q: **Can't install celery/rabbitmq**

502

:Q: **Can't install celery/rabbitmq**

502

:A: Don't worry RhodeCode works without them too. No extra setup is required.

503

:A: Don't worry RhodeCode works without them too. No extra setup is required.

503

504

|

505

|

505

506

:Q: **Long lasting push timeouts?**

507

:Q: **Long lasting push timeouts?**

507

:A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts

508

:A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts

508

are caused by https server and not RhodeCode.

509

are caused by https server and not RhodeCode.

509

510

|

511

|

511

512

:Q: **Large pushes timeouts?**

513

:Q: **Large pushes timeouts?**

513

:A: Make sure you set a proper max_body_size for the http server.

514

:A: Make sure you set a proper max_body_size for the http server.

514

515

|

516

|

516

517

:Q: **Apache doesn't pass basicAuth on pull/push?**

518

:Q: **Apache doesn't pass basicAuth on pull/push?**

518

:A: Make sure you added `WSGIPassAuthorization true`.

519

:A: Make sure you added `WSGIPassAuthorization true`.

519

520

For further questions search the `Issues tracker`_, or post a message in the `google group rhodecode`_

521

For further questions search the `Issues tracker`_, or post a message in the `google group rhodecode`_

521

522

.. _virtualenv: http://pypi.python.org/pypi/virtualenv

523

.. _virtualenv: http://pypi.python.org/pypi/virtualenv

523

.. _python: http://www.python.org/

524

.. _python: http://www.python.org/

524

.. _mercurial: http://mercurial.selenic.com/

525

.. _mercurial: http://mercurial.selenic.com/

525

.. _celery: http://celeryproject.org/

526

.. _celery: http://celeryproject.org/

526

.. _rabbitmq: http://www.rabbitmq.com/

527

.. _rabbitmq: http://www.rabbitmq.com/

527

.. _python-ldap: http://www.python-ldap.org/

528

.. _python-ldap: http://www.python-ldap.org/

528

.. _mercurial-server: http://www.lshift.net/mercurial-server.html

529

.. _mercurial-server: http://www.lshift.net/mercurial-server.html

529

.. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories

530

.. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories

530

.. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues

531

.. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues

531

.. _google group rhodecode: http://groups.google.com/group/rhodecode No newline at end of file

532

.. _google group rhodecode: http://groups.google.com/group/rhodecode

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             .. _setup:
             Setup
             =====
             Setting up RhodeCode
             --------------------------
             First, you will need to create a RhodeCode configuration file. Run the following
             command to do this::
                 paster make-config RhodeCode production.ini
             - This will create the file `production.ini` in the current directory. This
               configuration file contains the various settings for RhodeCode, e.g proxy port,
               email settings, usage of static files, cache, celery settings and logging.
             Next, you need to create the databases used by RhodeCode. I recommend that you
             use sqlite (default) or postgresql. If you choose a database other than the
             default ensure you properly adjust the db url in your production.ini
             configuration file to use this other database. Create the databases by running
             the following command::
                 paster setup-app production.ini
             This will prompt you for a "root" path. This "root" path is the location where
             RhodeCode will store all of its repositories on the current machine. After
             entering this "root" path ``setup-app`` will also prompt you for a username and password
             for the initial admin account which ``setup-app`` sets up for you.
             - The ``setup-app`` command will create all of the needed tables and an admin
               account. When choosing a root path you can either use a new empty location, or a
               location which already contains existing repositories. If you choose a location
               which contains existing repositories RhodeCode will simply add all of the
               repositories at the chosen location to it's database. (Note: make sure you
               specify the correct path to the root).
             - Note: the given path for mercurial_ repositories **must** be write accessible
               for the application. It's very important since the RhodeCode web interface will
               work without write access, but when trying to do a push it will eventually fail
               with permission denied errors unless it has write access.
             You are now ready to use RhodeCode, to run it simply execute::
                 paster serve production.ini
             - This command runs the RhodeCode server. The web app should be available at the
 .0.0.1:5000. This ip and port is configurable via the production.ini
               file created in previous step
             - Use the admin account you created above when running ``setup-app`` to login to the web app.
             - The default permissions on each repository is read, and the owner is admin.
               Remember to update these if needed.
             - In the admin panel you can toggle ldap, anonymous, permissions settings. As
               well as edit more advanced options on users and repositories
             Try copying your own mercurial repository into the "root" directory you are
             using, then from within the RhodeCode web application choose Admin >
             repositories. Then choose Add New Repository. Add the repository you copied into
             the root. Test that you can browse your repository from within RhodeCode and then
             try cloning your repository from RhodeCode with::
                 hg clone http://127.0.0.1:5000/<repository name>
             where *repository name* is replaced by the name of your repository.
             Using RhodeCode with SSH
             ------------------------
             RhodeCode currently only hosts repositories using http and https. (The addition of
             ssh hosting is a planned future feature.) However you can easily use ssh in
             parallel with RhodeCode. (Repository access via ssh is a standard "out of
             the box" feature of mercurial_ and you can use this to access any of the
             repositories that RhodeCode is hosting. See PublishingRepositories_)
             RhodeCode repository structures are kept in directories with the same name
             as the project. When using repository groups, each group is a subdirectory.
             This allows you to easily use ssh for accessing repositories.
             In order to use ssh you need to make sure that your web-server and the users login
             accounts have the correct permissions set on the appropriate directories. (Note
             that these permissions are independent of any permissions you have set up using
             the RhodeCode web interface.)
             If your main directory (the same as set in RhodeCode settings) is for example
             set to **/home/hg** and the repository you are using is named `rhodecode`, then
             to clone via ssh you should run::
                 hg clone ssh://user@server.com/home/hg/rhodecode
             Using other external tools such as mercurial-server_ or using ssh key based
             authentication is fully supported.
             Note: In an advanced setup, in order for your ssh access to use the same
             permissions as set up via the RhodeCode web interface, you can create an
             authentication hook to connect to the rhodecode db and runs check functions for
             permissions against that.
             Setting up Whoosh full text search
             ----------------------------------
             Starting from version 1.1 the whoosh index can be build by using the paster
             command ``make-index``. To use ``make-index`` you must specify the configuration
             file that stores the location of the index, and the location of the repositories
             (`--repo-location`).Starting from version 1.2 it is
             also possible to specify a comma separated list of repositories (`--index-only`)
             to build index only on chooses repositories skipping any other found in repos
             location
             You may optionally pass the option `-f` to enable a full index rebuild. Without
             the `-f` option, indexing will run always in "incremental" mode.
             For an incremental index build use::
             	paster make-index production.ini --repo-location=<location for repos>
             For a full index rebuild use::
             	paster make-index production.ini -f --repo-location=<location for repos>
             building index just for chosen repositories is possible with such command::
              paster make-index production.ini --repo-location=<location for repos> --index-only=vcs,rhodecode
             In order to do periodical index builds and keep your index always up to date.
             It's recommended to do a crontab entry for incremental indexing.
             An example entry might look like this::
                 /path/to/python/bin/paster /path/to/rhodecode/production.ini --repo-location=<location for repos>
             When using incremental mode (the default) whoosh will check the last
             modification date of each file and add it to be reindexed if a newer file is
             available. The indexing daemon checks for any removed files and removes them
             from index.
             If you want to rebuild index from scratch, you can use the `-f` flag as above,
             or in the admin panel you can check `build from scratch` flag.
             Setting up LDAP support
             -----------------------
             RhodeCode starting from version 1.1 supports ldap authentication. In order
             to use LDAP, you have to install the python-ldap_ package. This package is available
             via pypi, so you can install it by running
             ::
                 easy_install python-ldap
             ::
                 pip install python-ldap
             .. note::
                python-ldap requires some certain libs on your system, so before installing
                it check that you have at least `openldap`, and `sasl` libraries.
             LDAP settings are located in admin->ldap section,
             Here's a typical ldap setup::
              Connection settings
              Enable LDAP          = checked
              Host                 = host.example.org
              Port                 = 389
              Account              = <account>
              Password             = <password>
              Enable LDAPS         = checked
              Certificate Checks   = DEMAND
              Search settings
              Base DN              = CN=users,DC=host,DC=example,DC=org
              LDAP Filter          = (&(objectClass=user)(!(objectClass=computer)))
              LDAP Search Scope    = SUBTREE
              Attribute mappings
              Login Attribute      = uid
              First Name Attribute = firstName
              Last Name Attribute  = lastName
              E-mail Attribute     = mail
             .. _enable_ldap:
             Enable LDAP : required
                 Whether to use LDAP for authenticating users.
             .. _ldap_host:
             Host : required
                 LDAP server hostname or IP address.
             .. _Port:
             Port : required
 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
             .. _ldap_account:
             Account : optional
                 Only required if the LDAP server does not allow anonymous browsing of
                 records.  This should be a special account for record browsing.  This
                 will require `LDAP Password`_ below.
             .. _LDAP Password:
             Password : optional
                 Only required if the LDAP server does not allow anonymous browsing of
                 records.
             .. _Enable LDAPS:
             Enable LDAPS : optional
                 Check this if SSL encryption is necessary for communication with the
                 LDAP server - it will likely require `Port`_ to be set to a different
                 value (standard LDAPS port is 636).  When LDAPS is enabled then
                 `Certificate Checks`_ is required.
             .. _Certificate Checks:
             Certificate Checks : optional
                 How SSL certificates verification is handled - this is only useful when
                 `Enable LDAPS`_ is enabled.  Only DEMAND or HARD offer full SSL security while
                 the other options are susceptible to man-in-the-middle attacks.  SSL
                 certificates can be installed to /etc/openldap/cacerts so that the
                 DEMAND or HARD options can be used with self-signed certificates or
                 certificates that do not have traceable certificates of authority.
                 NEVER
                     A serve certificate will never be requested or checked.
                 ALLOW
                     A server certificate is requested.  Failure to provide a
                     certificate or providing a bad certificate will not terminate the
                     session.
                 TRY
                     A server certificate is requested.  Failure to provide a
                     certificate does not halt the session; providing a bad certificate
                     halts the session.
                 DEMAND
                     A server certificate is requested and must be provided and
                     authenticated for the session to proceed.
                 HARD
                     The same as DEMAND.
             .. _Base DN:
             Base DN : required
                 The Distinguished Name (DN) where searches for users will be performed.
                 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
             .. _LDAP Filter:
             LDAP Filter : optional
                 A LDAP filter defined by RFC 2254.  This is more useful when `LDAP
                 Search Scope`_ is set to SUBTREE.  The filter is useful for limiting
                 which LDAP objects are identified as representing Users for
                 authentication.  The filter is augmented by `Login Attribute`_ below.
                 This can commonly be left blank.
             .. _LDAP Search Scope:
             LDAP Search Scope : required
                 This limits how far LDAP will search for a matching object.
                 BASE
                     Only allows searching of `Base DN`_ and is usually not what you
                     want.
                 ONELEVEL
                     Searches all entries under `Base DN`_, but not Base DN itself.
                 SUBTREE
                     Searches all entries below `Base DN`_, but not Base DN itself.
                     When using SUBTREE `LDAP Filter`_ is useful to limit object
                     location.
             .. _Login Attribute:
             Login Attribute : required
                 The LDAP record attribute that will be matched as the USERNAME or
                 ACCOUNT used to connect to RhodeCode.  This will be added to `LDAP
                 Filter`_ for locating the User object.  If `LDAP Filter`_ is specified as
                 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
                 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
                 ::
                     (&(LDAPFILTER)(uid=jsmith))
             .. _ldap_attr_firstname:
             First Name Attribute : required
                 The LDAP record attribute which represents the user's first name.
             .. _ldap_attr_lastname:
             Last Name Attribute : required
                 The LDAP record attribute which represents the user's last name.
             .. _ldap_attr_email:
             Email Attribute : required
                 The LDAP record attribute which represents the user's email address.
             If all data are entered correctly, and python-ldap_ is properly installed
             users should be granted access to RhodeCode with ldap accounts.  At this
             time user information is copied from LDAP into the RhodeCode user database.
             This means that updates of an LDAP user object may not be reflected as a
             user update in RhodeCode.
             If You have problems with LDAP access and believe You entered correct
             information check out the RhodeCode logs, any error messages sent from LDAP
             will be saved there.
             Active Directory
             ''''''''''''''''
             RhodeCode can use Microsoft Active Directory for user authentication.  This
             is done through an LDAP or LDAPS connection to Active Directory.  The
             following LDAP configuration settings are typical for using Active
             Directory ::
              Base DN              = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
              Login Attribute      = sAMAccountName
              First Name Attribute = givenName
              Last Name Attribute  = sn
              E-mail Attribute     = mail
             All other LDAP settings will likely be site-specific and should be
             appropriately configured.
             Setting Up Celery
             -----------------
             Since version 1.1 celery is configured by the rhodecode ini configuration files.
             Simply set use_celery=true in the ini file then add / change the configuration
             variables inside the ini file.
             Remember that the ini files use the format with '.' not with '_' like celery.
             So for example setting `BROKER_HOST` in celery means setting `broker.host` in
             the config file.
             In order to start using celery run::
              paster celeryd <configfile.ini>
             .. note::
                Make sure you run this command from the same virtualenv, and with the same user
                that rhodecode runs.
             HTTPS support
             -------------
             There are two ways to enable https:
             - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
               recognize this headers and make proper https redirections
             - Alternatively, set `force_https = true` in the ini configuration to force using
               https, no headers are needed than to enable https
             Nginx virtual host example
             --------------------------
             Sample config for nginx using proxy::
                 server {
                    listen          80;
                    server_name     hg.myserver.com;
                    access_log      /var/log/nginx/rhodecode.access.log;
                    error_log       /var/log/nginx/rhodecode.error.log;
                    location / {
                            root /var/www/rhodecode/rhodecode/public/;
                            if (!-f $request_filename){
                                proxy_pass      http://127.0.0.1:5000;
                            }
                            #this is important if you want to use https !!!
                            proxy_set_header X-Url-Scheme $scheme;
                            include         /etc/nginx/proxy.conf;
                    }
                 }
             Here's the proxy.conf. It's tuned so it will not timeout on long
             pushes or large pushes::
                 proxy_redirect              off;
                 proxy_set_header            Host $host;
                 proxy_set_header            X-Host $http_host;
                 proxy_set_header            X-Real-IP $remote_addr;
                 proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header            Proxy-host $proxy_host;
                 client_max_body_size        400m;
                 client_body_buffer_size     128k;
                 proxy_buffering             off;
                 proxy_connect_timeout       3600;
                 proxy_send_timeout          3600;
                 proxy_read_timeout          3600;
                 proxy_buffer_size           16k;
                 proxy_buffers               4 16k;
                 proxy_busy_buffers_size     64k;
                 proxy_temp_file_write_size  64k;
             Also, when using root path with nginx you might set the static files to false
             in the production.ini file::
                 [app:main]
                   use = egg:rhodecode
                   full_stack = true
                   static_files = false
                   lang=en
                   cache_dir = %(here)s/data
             In order to not have the statics served by the application. This improves speed.
             Apache virtual host example
             ---------------------------
             Here is a sample configuration file for apache using proxy::
                 <VirtualHost *:80>
                         ServerName hg.myserver.com
                         ServerAlias hg.myserver.com
                         <Proxy *>
                           Order allow,deny
                           Allow from all
                         </Proxy>
                         #important !
                         #Directive to properly generate url (clone url) for pylons
                         ProxyPreserveHost On
                         #rhodecode instance
                         ProxyPass / http://127.0.0.1:5000/
                         ProxyPassReverse / http://127.0.0.1:5000/
                         #to enable https use line below
                         #SetEnvIf X-Url-Scheme https HTTPS=1
                 </VirtualHost>
             Additional tutorial
             http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
             Apache as subdirectory
             ----------------------
             Apache subdirectory part::
-                <Location /rhodecode>
+                <Location /<someprefix> >
-                  ProxyPass http://127.0.0.1:59542/rhodecode
+                  ProxyPass http://127.0.0.1:5000/<someprefix>
-                  ProxyPassReverse http://127.0.0.1:59542/rhodecode
+                  ProxyPassReverse http://127.0.0.1:5000/<someprefix>
                   SetEnvIf X-Url-Scheme https HTTPS=1
                 </Location>
             Besides the regular apache setup you will need to add the following to your .ini file::
                 filter-with = proxy-prefix
             Add the following at the end of the .ini file::
                 [filter:proxy-prefix]
                 use = egg:PasteDeploy#prefix
                 prefix = /<someprefix>
+            then change <someprefix> into your choosen prefix
             Apache's example FCGI config
             ----------------------------
             TODO !
             Other configuration files
             -------------------------
             Some example init.d scripts can be found here, for debian and gentoo:
             https://rhodeocode.org/rhodecode/files/tip/init.d
             Troubleshooting
             ---------------
             :Q: **Missing static files?**
             :A: Make sure either to set the `static_files = true` in the .ini file or
                double check the root path for your http setup. It should point to
                for example:
                /home/my-virtual-python/lib/python2.6/site-packages/rhodecode/public
             |
             :Q: **Can't install celery/rabbitmq**
             :A: Don't worry RhodeCode works without them too. No extra setup is required.
             |
             :Q: **Long lasting push timeouts?**
             :A: Make sure you set a longer timeouts in your proxy/fcgi settings, timeouts
                 are caused by https server and not RhodeCode.
             |
             :Q: **Large pushes timeouts?**
             :A: Make sure you set a proper max_body_size for the http server.
             |
             :Q: **Apache doesn't pass basicAuth on pull/push?**
             :A: Make sure you added `WSGIPassAuthorization true`.
             For further questions search the `Issues tracker`_, or post a message in the `google group rhodecode`_
             .. _virtualenv: http://pypi.python.org/pypi/virtualenv
             .. _python: http://www.python.org/
             .. _mercurial: http://mercurial.selenic.com/
             .. _celery: http://celeryproject.org/
             .. _rabbitmq: http://www.rabbitmq.com/
             .. _python-ldap: http://www.python-ldap.org/
             .. _mercurial-server: http://www.lshift.net/mercurial-server.html
             .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
             .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
             .. _google group rhodecode: http://groups.google.com/group/rhodecode