What is Mercurial ( HG )

We will not discuss this in here but probably everyone visited the homepage of the project : http://www.selenic.com/mercurial/wiki/ This DRCS has few advantages over others like CVS,SVN and many more. I will just say few of them in here :

Besides the nature of HG we will make in this howto a central server for committing work, let's say it's a central repository server which you need to create for your own reasons. Requirements in this howto are :

First let's start with nginx configuration over HTTPS.

Nginx Configuration

The configuration in nginx is not that hard but somewhat tricky, to make it easy i will give examples in here so there is better understanding from the viewer. Our needed section is actualy only over SSL and port 443 :

    server {
       listen       443;
       keepalive_timeout    70;
       server_name  <IP_ADDRESS> your.domain.org;

       ssl                  on;
       ssl_certificate      /usr/pkg/etc/nginx/cert.pem;
       ssl_certificate_key  /usr/pkg/etc/nginx/cert.key;
       ssl_session_cache    shared:SSL:10m;
       ssl_session_timeout  10m;

       access_log  /var/log/nginx-https-access.log;

       location / {

           auth_basic            "closed repository";
           auth_basic_user_file  access/htfile;
           fastcgi_pass   127.0.0.1:10000;
           fastcgi_param  SCRIPT_FILENAME /path/to/repo$fastcgi_script_name;
           fastcgi_param  PATH_INFO $uri;
           include        fastcgi_params;

       }

       location /project_a/ {

           auth_basic            "closed project";
           auth_basic_user_file  access/htfile;
           fastcgi_pass   127.0.0.1:10000;
           fastcgi_param  SCRIPT_FILENAME /path/to/repo$fastcgi_script_name;
           fastcgi_param  PATH_INFO $uri;
           include        fastcgi_params;

       }

   }

In this example make sure you change IP_ADDRESS, your.domain.org, project_a and /path/to/repo. Our access/htfile file for the particular base directory is located in nginx configuration folder which is your password file. In this example i use same file but if you however need different ro access for base / and project_a you may use different password files in order to separate the users.This way we define our read access to the repository.

To create our password file auth_basic_user_file htfile we need to use htpasswd or other tool to create it. We can do that with the following command :

# htpasswd -c <new_pass_file> <user_to_add>

With this we create the new password file and add username . Adding user to already existing file can be done with :

# htpasswd <your_pass_file> <user_to_add>

HG configs

I will start first with a simple config file of a project in your repository which will show how we handle our rw access.

our hgrc file looks like this :

[web]
style = gitweb
name = project_a
description = Description of Project_A
contact = foo@domain.org
allow_archive = bz2 gz zip
allow_push = user1,user2
push_ssl = false

As you can see from hgrc config file in your project .hg/ folder we use standard options for description, contact, name of the project. Important options in here is to describe what users have the right to write in this project we do this with allow_push. In our case user1 and user2 can write. Option push_ssl is set to false because we do not need to encrypt again the connection as it already passes through HTTPS. Next step is to make our main configuration files.

Copy your hgwebdir.fcgi to the repository folder and change the following line :

return hgwebdir("/path/to/repo/hgweb.config")

After that create in /path/to/repo file hgweb.config and include the following options or add more if you feel the need to :

[paths]
# projects
project_a = /path/to/repo/project_a
[web]
style = gitweb
[trusted]
user = *
group = *

Make sure you have every project listed in here. After all this is setup fix the permissions of your repository to match those of your web server in our case this is user nobody group nogroup. Next step is to start nginx web server. Make sure you have set the appropriate number of worker_processes in the configuration file and start our spawn-fcgi daemon with the following command :

 /root/spawn-fcgi -f /home/repo/hgwebdir.fcgi -a 127.0.0.1 -p 10000 -u nobody -g nogroup 2 > & 1

NOTE: please if you see any typos or incorrect information send me email at nkalev at bsdtrap dot org.