##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

Updated docs about LDAP failover server list option
marcink -
r2916:f6685a62 beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,724 +1,725 b''
1 1 .. _setup:
2 2
3 3 =====
4 4 Setup
5 5 =====
6 6
7 7
8 8 Setting up RhodeCode
9 9 --------------------
10 10
11 11 First, you will need to create a RhodeCode configuration file. Run the
12 12 following command to do this::
13 13
14 14 paster make-config RhodeCode production.ini
15 15
16 16 - This will create the file `production.ini` in the current directory. This
17 17 configuration file contains the various settings for RhodeCode, e.g proxy
18 18 port, email settings, usage of static files, cache, celery settings and
19 19 logging.
20 20
21 21
22 22 Next, you need to create the databases used by RhodeCode. I recommend that you
23 23 use postgresql or sqlite (default). If you choose a database other than the
24 24 default ensure you properly adjust the db url in your production.ini
25 25 configuration file to use this other database. RhodeCode currently supports
26 26 postgresql, sqlite and mysql databases. Create the database by running
27 27 the following command::
28 28
29 29 paster setup-rhodecode production.ini
30 30
31 31 This will prompt you for a "root" path. This "root" path is the location where
32 32 RhodeCode will store all of its repositories on the current machine. After
33 33 entering this "root" path ``setup-rhodecode`` will also prompt you for a username
34 34 and password for the initial admin account which ``setup-rhodecode`` sets
35 35 up for you.
36 36
37 37 setup process can be fully automated, example for lazy::
38 38
39 39 paster setup-rhodecode production.ini --user=marcink --password=secret --email=marcin@rhodecode.org --repos=/home/marcink/my_repos
40 40
41 41
42 42 - The ``setup-rhodecode`` command will create all of the needed tables and an
43 43 admin account. When choosing a root path you can either use a new empty
44 44 location, or a location which already contains existing repositories. If you
45 45 choose a location which contains existing repositories RhodeCode will simply
46 46 add all of the repositories at the chosen location to it's database.
47 47 (Note: make sure you specify the correct path to the root).
48 48 - Note: the given path for mercurial_ repositories **must** be write accessible
49 49 for the application. It's very important since the RhodeCode web interface
50 50 will work without write access, but when trying to do a push it will
51 51 eventually fail with permission denied errors unless it has write access.
52 52
53 53 You are now ready to use RhodeCode, to run it simply execute::
54 54
55 55 paster serve production.ini
56 56
57 57 - This command runs the RhodeCode server. The web app should be available at the
58 58 127.0.0.1:5000. This ip and port is configurable via the production.ini
59 59 file created in previous step
60 60 - Use the admin account you created above when running ``setup-rhodecode``
61 61 to login to the web app.
62 62 - The default permissions on each repository is read, and the owner is admin.
63 63 Remember to update these if needed.
64 64 - In the admin panel you can toggle ldap, anonymous, permissions settings. As
65 65 well as edit more advanced options on users and repositories
66 66
67 67 Optionally users can create `rcextensions` package that extends RhodeCode
68 68 functionality. To do this simply execute::
69 69
70 70 paster make-rcext production.ini
71 71
72 72 This will create `rcextensions` package in the same place that your `ini` file
73 73 lives. With `rcextensions` it's possible to add additional mapping for whoosh,
74 74 stats and add additional code into the push/pull/create/delete repo hooks.
75 75 For example for sending signals to build-bots such as jenkins.
76 76 Please see the `__init__.py` file inside `rcextensions` package
77 77 for more details.
78 78
79 79
80 80 Using RhodeCode with SSH
81 81 ------------------------
82 82
83 83 RhodeCode currently only hosts repositories using http and https. (The addition
84 84 of ssh hosting is a planned future feature.) However you can easily use ssh in
85 85 parallel with RhodeCode. (Repository access via ssh is a standard "out of
86 86 the box" feature of mercurial_ and you can use this to access any of the
87 87 repositories that RhodeCode is hosting. See PublishingRepositories_)
88 88
89 89 RhodeCode repository structures are kept in directories with the same name
90 90 as the project. When using repository groups, each group is a subdirectory.
91 91 This allows you to easily use ssh for accessing repositories.
92 92
93 93 In order to use ssh you need to make sure that your web-server and the users
94 94 login accounts have the correct permissions set on the appropriate directories.
95 95 (Note that these permissions are independent of any permissions you have set up
96 96 using the RhodeCode web interface.)
97 97
98 98 If your main directory (the same as set in RhodeCode settings) is for example
99 99 set to **/home/hg** and the repository you are using is named `rhodecode`, then
100 100 to clone via ssh you should run::
101 101
102 102 hg clone ssh://user@server.com/home/hg/rhodecode
103 103
104 104 Using other external tools such as mercurial-server_ or using ssh key based
105 105 authentication is fully supported.
106 106
107 107 Note: In an advanced setup, in order for your ssh access to use the same
108 108 permissions as set up via the RhodeCode web interface, you can create an
109 109 authentication hook to connect to the rhodecode db and runs check functions for
110 110 permissions against that.
111 111
112 112 Setting up Whoosh full text search
113 113 ----------------------------------
114 114
115 115 Starting from version 1.1 the whoosh index can be build by using the paster
116 116 command ``make-index``. To use ``make-index`` you must specify the configuration
117 117 file that stores the location of the index. You may specify the location of the
118 118 repositories (`--repo-location`). If not specified, this value is retrieved
119 119 from the RhodeCode database. This was required prior to 1.2. Starting from
120 120 version 1.2 it is also possible to specify a comma separated list of
121 121 repositories (`--index-only`) to build index only on chooses repositories
122 122 skipping any other found in repos location
123 123
124 124 You may optionally pass the option `-f` to enable a full index rebuild. Without
125 125 the `-f` option, indexing will run always in "incremental" mode.
126 126
127 127 For an incremental index build use::
128 128
129 129 paster make-index production.ini
130 130
131 131 For a full index rebuild use::
132 132
133 133 paster make-index production.ini -f
134 134
135 135
136 136 building index just for chosen repositories is possible with such command::
137 137
138 138 paster make-index production.ini --index-only=vcs,rhodecode
139 139
140 140
141 141 In order to do periodical index builds and keep your index always up to date.
142 142 It's recommended to do a crontab entry for incremental indexing.
143 143 An example entry might look like this::
144 144
145 145 /path/to/python/bin/paster make-index /path/to/rhodecode/production.ini
146 146
147 147 When using incremental mode (the default) whoosh will check the last
148 148 modification date of each file and add it to be reindexed if a newer file is
149 149 available. The indexing daemon checks for any removed files and removes them
150 150 from index.
151 151
152 152 If you want to rebuild index from scratch, you can use the `-f` flag as above,
153 153 or in the admin panel you can check `build from scratch` flag.
154 154
155 155
156 156 Setting up LDAP support
157 157 -----------------------
158 158
159 159 RhodeCode starting from version 1.1 supports ldap authentication. In order
160 160 to use LDAP, you have to install the python-ldap_ package. This package is
161 161 available via pypi, so you can install it by running
162 162
163 163 using easy_install::
164 164
165 165 easy_install python-ldap
166 166
167 167 using pip::
168 168
169 169 pip install python-ldap
170 170
171 171 .. note::
172 172 python-ldap requires some certain libs on your system, so before installing
173 173 it check that you have at least `openldap`, and `sasl` libraries.
174 174
175 175 LDAP settings are located in admin->ldap section,
176 176
177 177 Here's a typical ldap setup::
178 178
179 179 Connection settings
180 180 Enable LDAP = checked
181 181 Host = host.example.org
182 182 Port = 389
183 183 Account = <account>
184 184 Password = <password>
185 185 Connection Security = LDAPS connection
186 186 Certificate Checks = DEMAND
187 187
188 188 Search settings
189 189 Base DN = CN=users,DC=host,DC=example,DC=org
190 190 LDAP Filter = (&(objectClass=user)(!(objectClass=computer)))
191 191 LDAP Search Scope = SUBTREE
192 192
193 193 Attribute mappings
194 194 Login Attribute = uid
195 195 First Name Attribute = firstName
196 196 Last Name Attribute = lastName
197 197 E-mail Attribute = mail
198 198
199 199 .. _enable_ldap:
200 200
201 201 Enable LDAP : required
202 202 Whether to use LDAP for authenticating users.
203 203
204 204 .. _ldap_host:
205 205
206 206 Host : required
207 LDAP server hostname or IP address.
207 LDAP server hostname or IP address. Can be also a comma separated
208 list of servers to support LDAP fail-over.
208 209
209 210 .. _Port:
210 211
211 212 Port : required
212 213 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP.
213 214
214 215 .. _ldap_account:
215 216
216 217 Account : optional
217 218 Only required if the LDAP server does not allow anonymous browsing of
218 219 records. This should be a special account for record browsing. This
219 220 will require `LDAP Password`_ below.
220 221
221 222 .. _LDAP Password:
222 223
223 224 Password : optional
224 225 Only required if the LDAP server does not allow anonymous browsing of
225 226 records.
226 227
227 228 .. _Enable LDAPS:
228 229
229 230 Connection Security : required
230 231 Defines the connection to LDAP server
231 232
232 233 No encryption
233 234 Plain non encrypted connection
234 235
235 236 LDAPS connection
236 237 Enable ldaps connection. It will likely require `Port`_ to be set to
237 238 a different value (standard LDAPS port is 636). When LDAPS is enabled
238 239 then `Certificate Checks`_ is required.
239 240
240 241 START_TLS on LDAP connection
241 242 START TLS connection
242 243
243 244 .. _Certificate Checks:
244 245
245 246 Certificate Checks : optional
246 247 How SSL certificates verification is handled - this is only useful when
247 248 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security
248 249 while the other options are susceptible to man-in-the-middle attacks. SSL
249 250 certificates can be installed to /etc/openldap/cacerts so that the
250 251 DEMAND or HARD options can be used with self-signed certificates or
251 252 certificates that do not have traceable certificates of authority.
252 253
253 254 NEVER
254 255 A serve certificate will never be requested or checked.
255 256
256 257 ALLOW
257 258 A server certificate is requested. Failure to provide a
258 259 certificate or providing a bad certificate will not terminate the
259 260 session.
260 261
261 262 TRY
262 263 A server certificate is requested. Failure to provide a
263 264 certificate does not halt the session; providing a bad certificate
264 265 halts the session.
265 266
266 267 DEMAND
267 268 A server certificate is requested and must be provided and
268 269 authenticated for the session to proceed.
269 270
270 271 HARD
271 272 The same as DEMAND.
272 273
273 274 .. _Base DN:
274 275
275 276 Base DN : required
276 277 The Distinguished Name (DN) where searches for users will be performed.
277 278 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_.
278 279
279 280 .. _LDAP Filter:
280 281
281 282 LDAP Filter : optional
282 283 A LDAP filter defined by RFC 2254. This is more useful when `LDAP
283 284 Search Scope`_ is set to SUBTREE. The filter is useful for limiting
284 285 which LDAP objects are identified as representing Users for
285 286 authentication. The filter is augmented by `Login Attribute`_ below.
286 287 This can commonly be left blank.
287 288
288 289 .. _LDAP Search Scope:
289 290
290 291 LDAP Search Scope : required
291 292 This limits how far LDAP will search for a matching object.
292 293
293 294 BASE
294 295 Only allows searching of `Base DN`_ and is usually not what you
295 296 want.
296 297
297 298 ONELEVEL
298 299 Searches all entries under `Base DN`_, but not Base DN itself.
299 300
300 301 SUBTREE
301 302 Searches all entries below `Base DN`_, but not Base DN itself.
302 303 When using SUBTREE `LDAP Filter`_ is useful to limit object
303 304 location.
304 305
305 306 .. _Login Attribute:
306 307
307 308 Login Attribute : required
308 309 The LDAP record attribute that will be matched as the USERNAME or
309 310 ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
310 311 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
311 312 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
312 313 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
313 314 ::
314 315
315 316 (&(LDAPFILTER)(uid=jsmith))
316 317
317 318 .. _ldap_attr_firstname:
318 319
319 320 First Name Attribute : required
320 321 The LDAP record attribute which represents the user's first name.
321 322
322 323 .. _ldap_attr_lastname:
323 324
324 325 Last Name Attribute : required
325 326 The LDAP record attribute which represents the user's last name.
326 327
327 328 .. _ldap_attr_email:
328 329
329 330 Email Attribute : required
330 331 The LDAP record attribute which represents the user's email address.
331 332
332 333 If all data are entered correctly, and python-ldap_ is properly installed
333 334 users should be granted access to RhodeCode with ldap accounts. At this
334 335 time user information is copied from LDAP into the RhodeCode user database.
335 336 This means that updates of an LDAP user object may not be reflected as a
336 337 user update in RhodeCode.
337 338
338 339 If You have problems with LDAP access and believe You entered correct
339 340 information check out the RhodeCode logs, any error messages sent from LDAP
340 341 will be saved there.
341 342
342 343 Active Directory
343 344 ''''''''''''''''
344 345
345 346 RhodeCode can use Microsoft Active Directory for user authentication. This
346 347 is done through an LDAP or LDAPS connection to Active Directory. The
347 348 following LDAP configuration settings are typical for using Active
348 349 Directory ::
349 350
350 351 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
351 352 Login Attribute = sAMAccountName
352 353 First Name Attribute = givenName
353 354 Last Name Attribute = sn
354 355 E-mail Attribute = mail
355 356
356 357 All other LDAP settings will likely be site-specific and should be
357 358 appropriately configured.
358 359
359 360
360 361 Authentication by container or reverse-proxy
361 362 --------------------------------------------
362 363
363 364 Starting with version 1.3, RhodeCode supports delegating the authentication
364 365 of users to its WSGI container, or to a reverse-proxy server through which all
365 366 clients access the application.
366 367
367 368 When these authentication methods are enabled in RhodeCode, it uses the
368 369 username that the container/proxy (Apache/Nginx/etc) authenticated and doesn't
369 370 perform the authentication itself. The authorization, however, is still done by
370 371 RhodeCode according to its settings.
371 372
372 373 When a user logs in for the first time using these authentication methods,
373 374 a matching user account is created in RhodeCode with default permissions. An
374 375 administrator can then modify it using RhodeCode's admin interface.
375 376 It's also possible for an administrator to create accounts and configure their
376 377 permissions before the user logs in for the first time.
377 378
378 379 Container-based authentication
379 380 ''''''''''''''''''''''''''''''
380 381
381 382 In a container-based authentication setup, RhodeCode reads the user name from
382 383 the ``REMOTE_USER`` server variable provided by the WSGI container.
383 384
384 385 After setting up your container (see `Apache's WSGI config`_), you'd need
385 386 to configure it to require authentication on the location configured for
386 387 RhodeCode.
387 388
388 389 In order for RhodeCode to start using the provided username, you should set the
389 390 following in the [app:main] section of your .ini file::
390 391
391 392 container_auth_enabled = true
392 393
393 394
394 395 Proxy pass-through authentication
395 396 '''''''''''''''''''''''''''''''''
396 397
397 398 In a proxy pass-through authentication setup, RhodeCode reads the user name
398 399 from the ``X-Forwarded-User`` request header, which should be configured to be
399 400 sent by the reverse-proxy server.
400 401
401 402 After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,
402 403 `Apache as subdirectory`_ or `Nginx virtual host example`_), you'd need to
403 404 configure the authentication and add the username in a request header named
404 405 ``X-Forwarded-User``.
405 406
406 407 For example, the following config section for Apache sets a subdirectory in a
407 408 reverse-proxy setup with basic auth::
408 409
409 410 <Location /<someprefix> >
410 411 ProxyPass http://127.0.0.1:5000/<someprefix>
411 412 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
412 413 SetEnvIf X-Url-Scheme https HTTPS=1
413 414
414 415 AuthType Basic
415 416 AuthName "RhodeCode authentication"
416 417 AuthUserFile /home/web/rhodecode/.htpasswd
417 418 require valid-user
418 419
419 420 RequestHeader unset X-Forwarded-User
420 421
421 422 RewriteEngine On
422 423 RewriteCond %{LA-U:REMOTE_USER} (.+)
423 424 RewriteRule .* - [E=RU:%1]
424 425 RequestHeader set X-Forwarded-User %{RU}e
425 426 </Location>
426 427
427 428 In order for RhodeCode to start using the forwarded username, you should set
428 429 the following in the [app:main] section of your .ini file::
429 430
430 431 proxypass_auth_enabled = true
431 432
432 433 .. note::
433 434 If you enable proxy pass-through authentication, make sure your server is
434 435 only accessible through the proxy. Otherwise, any client would be able to
435 436 forge the authentication header and could effectively become authenticated
436 437 using any account of their liking.
437 438
438 439 Integration with Issue trackers
439 440 -------------------------------
440 441
441 442 RhodeCode provides a simple integration with issue trackers. It's possible
442 443 to define a regular expression that will fetch issue id stored in commit
443 444 messages and replace that with an url to this issue. To enable this simply
444 445 uncomment following variables in the ini file::
445 446
446 447 url_pat = (?:^#|\s#)(\w+)
447 448 issue_server_link = https://myissueserver.com/{repo}/issue/{id}
448 449 issue_prefix = #
449 450
450 451 `url_pat` is the regular expression that will fetch issues from commit messages.
451 452 Default regex will match issues in format of #<number> eg. #300.
452 453
453 454 Matched issues will be replace with the link specified as `issue_server_link`
454 455 {id} will be replaced with issue id, and {repo} with repository name.
455 456 Since the # is striped `issue_prefix` is added as a prefix to url.
456 457 `issue_prefix` can be something different than # if you pass
457 458 ISSUE- as issue prefix this will generate an url in format::
458 459
459 460 <a href="https://myissueserver.com/example_repo/issue/300">ISSUE-300</a>
460 461
461 462 Hook management
462 463 ---------------
463 464
464 465 Hooks can be managed in similar way to this used in .hgrc files.
465 466 To access hooks setting click `advanced setup` on Hooks section of Mercurial
466 467 Settings in Admin.
467 468
468 469 There are 4 built in hooks that cannot be changed (only enable/disable by
469 470 checkboxes on previos section).
470 471 To add another custom hook simply fill in first section with
471 472 <name>.<hook_type> and the second one with hook path. Example hooks
472 473 can be found at *rhodecode.lib.hooks*.
473 474
474 475
475 476 Changing default encoding
476 477 -------------------------
477 478
478 479 By default RhodeCode uses utf8 encoding, starting from 1.3 series this
479 480 can be changed, simply edit default_encoding in .ini file to desired one.
480 481 This affects many parts in rhodecode including commiters names, filenames,
481 482 encoding of commit messages. In addition RhodeCode can detect if `chardet`
482 483 library is installed. If `chardet` is detected RhodeCode will fallback to it
483 484 when there are encode/decode errors.
484 485
485 486
486 487 Setting Up Celery
487 488 -----------------
488 489
489 490 Since version 1.1 celery is configured by the rhodecode ini configuration files.
490 491 Simply set use_celery=true in the ini file then add / change the configuration
491 492 variables inside the ini file.
492 493
493 494 Remember that the ini files use the format with '.' not with '_' like celery.
494 495 So for example setting `BROKER_HOST` in celery means setting `broker.host` in
495 496 the config file.
496 497
497 498 In order to start using celery run::
498 499
499 500 paster celeryd <configfile.ini>
500 501
501 502
502 503 .. note::
503 504 Make sure you run this command from the same virtualenv, and with the same
504 505 user that rhodecode runs.
505 506
506 507 HTTPS support
507 508 -------------
508 509
509 510 There are two ways to enable https:
510 511
511 512 - Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
512 513 recognize this headers and make proper https redirections
513 514 - Alternatively, change the `force_https = true` flag in the ini configuration
514 515 to force using https, no headers are needed than to enable https
515 516
516 517
517 518 Nginx virtual host example
518 519 --------------------------
519 520
520 521 Sample config for nginx using proxy::
521 522
522 523 upstream rc {
523 524 server 127.0.0.1:5000;
524 525 # add more instances for load balancing
525 526 #server 127.0.0.1:5001;
526 527 #server 127.0.0.1:5002;
527 528 }
528 529
529 530 server {
530 531 listen 80;
531 532 server_name hg.myserver.com;
532 533 access_log /var/log/nginx/rhodecode.access.log;
533 534 error_log /var/log/nginx/rhodecode.error.log;
534 535
535 536 # uncomment if you have nginx with chunking module compiled
536 537 # fixes the issues of having to put postBuffer data for large git
537 538 # pushes
538 539 #chunkin on;
539 540 #error_page 411 = @my_411_error;
540 541 #location @my_411_error {
541 542 # chunkin_resume;
542 543 #}
543 544
544 545 # uncomment if you want to serve static files by nginx
545 546 #root /path/to/installation/rhodecode/public;
546 547
547 548 location / {
548 549 try_files $uri @rhode;
549 550 }
550 551
551 552 location @rhode {
552 553 proxy_pass http://rc;
553 554 include /etc/nginx/proxy.conf;
554 555 }
555 556
556 557 }
557 558
558 559 Here's the proxy.conf. It's tuned so it will not timeout on long
559 560 pushes or large pushes::
560 561
561 562 proxy_redirect off;
562 563 proxy_set_header Host $host;
563 564 proxy_set_header X-Url-Scheme $scheme;
564 565 proxy_set_header X-Host $http_host;
565 566 proxy_set_header X-Real-IP $remote_addr;
566 567 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
567 568 proxy_set_header Proxy-host $proxy_host;
568 569 client_max_body_size 400m;
569 570 client_body_buffer_size 128k;
570 571 proxy_buffering off;
571 572 proxy_connect_timeout 7200;
572 573 proxy_send_timeout 7200;
573 574 proxy_read_timeout 7200;
574 575 proxy_buffers 8 32k;
575 576
576 577 Also, when using root path with nginx you might set the static files to false
577 578 in the production.ini file::
578 579
579 580 [app:main]
580 581 use = egg:rhodecode
581 582 full_stack = true
582 583 static_files = false
583 584 lang=en
584 585 cache_dir = %(here)s/data
585 586
586 587 In order to not have the statics served by the application. This improves speed.
587 588
588 589
589 590 Apache virtual host reverse proxy example
590 591 -----------------------------------------
591 592
592 593 Here is a sample configuration file for apache using proxy::
593 594
594 595 <VirtualHost *:80>
595 596 ServerName hg.myserver.com
596 597 ServerAlias hg.myserver.com
597 598
598 599 <Proxy *>
599 600 Order allow,deny
600 601 Allow from all
601 602 </Proxy>
602 603
603 604 #important !
604 605 #Directive to properly generate url (clone url) for pylons
605 606 ProxyPreserveHost On
606 607
607 608 #rhodecode instance
608 609 ProxyPass / http://127.0.0.1:5000/
609 610 ProxyPassReverse / http://127.0.0.1:5000/
610 611
611 612 #to enable https use line below
612 613 #SetEnvIf X-Url-Scheme https HTTPS=1
613 614
614 615 </VirtualHost>
615 616
616 617
617 618 Additional tutorial
618 619 http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
619 620
620 621
621 622 Apache as subdirectory
622 623 ----------------------
623 624
624 625 Apache subdirectory part::
625 626
626 627 <Location /<someprefix> >
627 628 ProxyPass http://127.0.0.1:5000/<someprefix>
628 629 ProxyPassReverse http://127.0.0.1:5000/<someprefix>
629 630 SetEnvIf X-Url-Scheme https HTTPS=1
630 631 </Location>
631 632
632 633 Besides the regular apache setup you will need to add the following line
633 634 into [app:main] section of your .ini file::
634 635
635 636 filter-with = proxy-prefix
636 637
637 638 Add the following at the end of the .ini file::
638 639
639 640 [filter:proxy-prefix]
640 641 use = egg:PasteDeploy#prefix
641 642 prefix = /<someprefix>
642 643
643 644
644 645 then change <someprefix> into your choosen prefix
645 646
646 647 Apache's WSGI config
647 648 --------------------
648 649
649 650 Alternatively, RhodeCode can be set up with Apache under mod_wsgi. For
650 651 that, you'll need to:
651 652
652 653 - Install mod_wsgi. If using a Debian-based distro, you can install
653 654 the package libapache2-mod-wsgi::
654 655
655 656 aptitude install libapache2-mod-wsgi
656 657
657 658 - Enable mod_wsgi::
658 659
659 660 a2enmod wsgi
660 661
661 662 - Create a wsgi dispatch script, like the one below. Make sure you
662 663 check the paths correctly point to where you installed RhodeCode
663 664 and its Python Virtual Environment.
664 665 - Enable the WSGIScriptAlias directive for the wsgi dispatch script,
665 666 as in the following example. Once again, check the paths are
666 667 correctly specified.
667 668
668 669 Here is a sample excerpt from an Apache Virtual Host configuration file::
669 670
670 671 WSGIDaemonProcess pylons \
671 672 threads=4 \
672 673 python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages
673 674 WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi
674 675 WSGIPassAuthorization On
675 676
676 677 .. note::
677 678 when running apache as root please add: `user=www-data group=www-data`
678 679 into above configuration
679 680
680 681 .. note::
681 682 RhodeCode cannot be runned in multiprocess mode in apache, make sure
682 683 you don't specify `processes=num` directive in the config
683 684
684 685
685 686 Example wsgi dispatch script::
686 687
687 688 import os
688 689 os.environ["HGENCODING"] = "UTF-8"
689 690 os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
690 691
691 692 # sometimes it's needed to set the curent dir
692 693 os.chdir('/home/web/rhodecode/')
693 694
694 695 import site
695 696 site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
696 697
697 698 from paste.deploy import loadapp
698 699 from paste.script.util.logging_config import fileConfig
699 700
700 701 fileConfig('/home/web/rhodecode/production.ini')
701 702 application = loadapp('config:/home/web/rhodecode/production.ini')
702 703
703 704 Note: when using mod_wsgi you'll need to install the same version of
704 705 Mercurial that's inside RhodeCode's virtualenv also on the system's Python
705 706 environment.
706 707
707 708
708 709 Other configuration files
709 710 -------------------------
710 711
711 712 Some example init.d scripts can be found in init.d directory::
712 713
713 714 https://secure.rhodecode.org/rhodecode/files/beta/init.d
714 715
715 716 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
716 717 .. _python: http://www.python.org/
717 718 .. _mercurial: http://mercurial.selenic.com/
718 719 .. _celery: http://celeryproject.org/
719 720 .. _rabbitmq: http://www.rabbitmq.com/
720 721 .. _python-ldap: http://www.python-ldap.org/
721 722 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
722 723 .. _PublishingRepositories: http://mercurial.selenic.com/wiki/PublishingRepositories
723 724 .. _Issues tracker: https://bitbucket.org/marcinkuzminski/rhodecode/issues
724 725 .. _google group rhodecode: http://groups.google.com/group/rhodecode No newline at end of file
General Comments 0
You need to be logged in to leave comments. Login now