Diff for /wikisrc/tutorials/how_to_configure_mercurial_over_https.mdwn between versions 1.1 and 1.2

version 1.1, 2011/11/20 20:55:21 version 1.2, 2012/02/05 07:14:36
Line 1 Line 1
 #   What is Mercurial ( HG )  #   What is Mercurial ( HG ) 
   
 We will not discuss this in here but probably everyone visited the homepage of the project : [http://www.selenic.com/mercurial/wiki/][3] This DRCS has few advantages over others like CVS,SVN and many more. I will just say few of them in here :  We will not discuss this in here but probably everyone visited the homepage of the project : [http://www.selenic.com/mercurial/wiki/][3] This DRCS has few advantages over others like CVS,SVN and many more. I will just say few of them in here : 
   
    [3]: http://www.selenic.com/mercurial/wiki/ (http://www.selenic.com/mercurial/wiki/)     [3]: http://www.selenic.com/mercurial/wiki/ (http://www.selenic.com/mercurial/wiki/)
   
   * It is easy to learn and use.    * It is easy to learn and use. 
   * It is lightweight.    * It is lightweight. 
   * It scales excellently.    * It scales excellently. 
   * It is easy to customise.    * It is easy to customise. 
   
 Besides the nature of HG we will make in this howto a central server for committing work, let's say it's a central repository server which you need to create for your own reasons. Requirements in this howto are :  Besides the nature of HG we will make in this howto a central server for committing work, let's say it's a central repository server which you need to create for your own reasons. Requirements in this howto are : 
   
   * nginx 0.6.x or better    * nginx 0.6.x or better 
   * repository    * repository 
   * mercurial 0.9.5 or better    * mercurial 0.9.5 or better 
   * spawn-fcgi from lighttpd    * spawn-fcgi from lighttpd 
   * zip 2.32 or better    * zip 2.32 or better 
   * python 2.5 or better    * python 2.5 or better 
   * htpasswd from Apache    * htpasswd from Apache 
   
 First let's start with nginx configuration over HTTPS.  First let's start with nginx configuration over HTTPS. 
   
 ##   Nginx Configuration  ##   Nginx Configuration 
   
 The configuration in nginx is not that hard but somewhat tricky, to make it easy i will give examples in here so there is better understanding from the viewer. Our needed section is actualy only over SSL and port 443 :  The configuration in nginx is not that hard but somewhat tricky, to make it easy i will give examples in here so there is better understanding from the viewer. Our needed section is actualy only over SSL and port 443 : 
          
         server {          server {
            listen       443;             listen       443;
            keepalive_timeout    70;             keepalive_timeout    70;
            server_name  <IP_ADDRESS> your.domain.org;             server_name  <IP_ADDRESS> your.domain.org;
                         
            ssl                  on;             ssl                  on;
            ssl_certificate      /usr/pkg/etc/nginx/cert.pem;             ssl_certificate      /usr/pkg/etc/nginx/cert.pem;
            ssl_certificate_key  /usr/pkg/etc/nginx/cert.key;             ssl_certificate_key  /usr/pkg/etc/nginx/cert.key;
            ssl_session_cache    shared:SSL:10m;             ssl_session_cache    shared:SSL:10m;
            ssl_session_timeout  10m;             ssl_session_timeout  10m;
                         
            access_log  /var/log/nginx-https-access.log;             access_log  /var/log/nginx-https-access.log;
                         
            location / {             location / {
                      
                auth_basic            "closed repository";                 auth_basic            "closed repository";
                auth_basic_user_file  access/htfile;                 auth_basic_user_file  access/htfile;
                fastcgi_pass   127.0.0.1:10000;                 fastcgi_pass   127.0.0.1:10000;
                fastcgi_param  SCRIPT_FILENAME /path/to/repo$fastcgi_script_name;                 fastcgi_param  SCRIPT_FILENAME /path/to/repo$fastcgi_script_name;
                fastcgi_param  PATH_INFO $uri;                 fastcgi_param  PATH_INFO $uri;
                include        fastcgi_params;                 include        fastcgi_params;
                 
            }             }
                         
            location /project_a/ {             location /project_a/ {
                                 
                auth_basic            "closed project";                 auth_basic            "closed project";
                auth_basic_user_file  access/htfile;                 auth_basic_user_file  access/htfile;
                fastcgi_pass   127.0.0.1:10000;                 fastcgi_pass   127.0.0.1:10000;
                fastcgi_param  SCRIPT_FILENAME /path/to/repo$fastcgi_script_name;                 fastcgi_param  SCRIPT_FILENAME /path/to/repo$fastcgi_script_name;
                fastcgi_param  PATH_INFO $uri;                 fastcgi_param  PATH_INFO $uri;
                include        fastcgi_params;                 include        fastcgi_params;
                         
            }             }
                 
        }         }
          
   
 In this example make sure you change IP_ADDRESS, your.domain.org, project_a and /path/to/repo. Our access/htfile file for the particular base directory is located in nginx configuration folder which is your password file. In this example i use same file but if you however need different ro access for base / and project_a you may use different password files in order to separate the users.This way we define our read access to the repository.  In this example make sure you change IP_ADDRESS, your.domain.org, project_a and /path/to/repo. Our access/htfile file for the particular base directory is located in nginx configuration folder which is your password file. In this example i use same file but if you however need different ro access for base / and project_a you may use different password files in order to separate the users.This way we define our read access to the repository. 
   
 To create our password file auth_basic_user_file htfile we need to use htpasswd or other tool to create it. We can do that with the following command :  To create our password file auth_basic_user_file htfile we need to use htpasswd or other tool to create it. We can do that with the following command : 
          
     # htpasswd -c <new_pass_file> <user_to_add>      # htpasswd -c <new_pass_file> <user_to_add>
          
   
 With this we create the new password file and add username <user_to_add>. Adding user to already existing file can be done with :  With this we create the new password file and add username <user_to_add>. Adding user to already existing file can be done with : 
          
     # htpasswd <your_pass_file> <user_to_add>      # htpasswd <your_pass_file> <user_to_add>
          
   
 ##   HG configs  ##   HG configs 
   
 I will start first with a simple config file of a project in your repository which will show how we handle our rw access.  I will start first with a simple config file of a project in your repository which will show how we handle our rw access. 
   
 our hgrc file looks like this :  our hgrc file looks like this : 
          
     [web]      [web]
     style = gitweb      style = gitweb
     name = project_a      name = project_a
     description = Description of Project_A      description = Description of Project_A
     contact = foo@domain.org      contact = foo@domain.org
     allow_archive = bz2 gz zip      allow_archive = bz2 gz zip
     allow_push = user1,user2      allow_push = user1,user2
     push_ssl = false      push_ssl = false
          
   
 As you can see from hgrc config file in your project .hg/ folder we use standard options for description, contact, name of the project. Important options in here is to describe what users have the right to write in this project we do this with allow_push. In our case user1 and user2 can write. Option push_ssl is set to false because we do not need to encrypt again the connection as it already passes through HTTPS. Next step is to make our main configuration files.  As you can see from hgrc config file in your project .hg/ folder we use standard options for description, contact, name of the project. Important options in here is to describe what users have the right to write in this project we do this with allow_push. In our case user1 and user2 can write. Option push_ssl is set to false because we do not need to encrypt again the connection as it already passes through HTTPS. Next step is to make our main configuration files. 
   
 Copy your hgwebdir.fcgi to the repository folder and change the following line :  Copy your hgwebdir.fcgi to the repository folder and change the following line : 
          
     return hgwebdir("/path/to/repo/hgweb.config")      return hgwebdir("/path/to/repo/hgweb.config")
          
   
 After that create in /path/to/repo file hgweb.config and include the following options or add more if you feel the need to :  After that create in /path/to/repo file hgweb.config and include the following options or add more if you feel the need to : 
          
     [paths]      [paths]
     # projects      # projects
     project_a = /path/to/repo/project_a      project_a = /path/to/repo/project_a
     [web]      [web]
     style = gitweb      style = gitweb
     [trusted]      [trusted]
     user = *      user = *
     group = *      group = *
          
   
 Make sure you have every project listed in here. After all this is setup fix the permissions of your repository to match those of your web server in our case this is user nobody group nogroup. Next step is to start nginx web server. Make sure you have set the appropriate number of worker_processes in the configuration file and start our spawn-fcgi daemon with the following command :  Make sure you have every project listed in here. After all this is setup fix the permissions of your repository to match those of your web server in our case this is user nobody group nogroup. Next step is to start nginx web server. Make sure you have set the appropriate number of worker_processes in the configuration file and start our spawn-fcgi daemon with the following command : 
          
      /root/spawn-fcgi -f /home/repo/hgwebdir.fcgi -a 127.0.0.1 -p 10000 -u nobody -g nogroup 2 > & 1       /root/spawn-fcgi -f /home/repo/hgwebdir.fcgi -a 127.0.0.1 -p 10000 -u nobody -g nogroup 2 > & 1
          
   
 NOTE: please if you see any typos or incorrect information send me email at nkalev at bsdtrap dot org.  NOTE: please if you see any typos or incorrect information send me email at nkalev at bsdtrap dot org. 
   

Removed from v.1.1  
changed lines
  Added in v.1.2


CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb