|
Size: 1713
Comment:
|
Size: 4029
Comment: Add hgweb w/uwsgi stubs and raw contents
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## page was renamed from HgServeNginx <<Include(A:style)>> <<Include(A:dated)>> = Configure Nginx = This page explains Nginx-specific configuration for publishing repositories with the hgweb and reverse-proxy methods. <<TableOfContents>> == hgweb (with uwsgi) == === uwsgi configuration === /etc/uwsgi/apps-available/hgweb.ini {{{ [uwsgi] processes = 2 socket = /run/uwsgi/app/hgweb/socket chdir = /var/www/hg wsgi-file = hgweb.wsgi uid = www-data gid = www-data }}} === hgweb configuration === hgweb.wsgi {{{ config = "/var/www/hg/hgweb.config" import os os.environ["HGENCODING"] = "UTF-8" import cgitb; cgitb.enable() from mercurial import demandimport; demandimport.enable() from mercurial.hgweb import hgweb application = hgweb(config) }}} hgweb.config {{{ [paths] / = /var/www/hg/repos/* [web] style = gitweb baseurl = http://mygoodserver.org/hg/ contact = Who knows! staticurl = /hg/static }}} === nginx configuration === /etc/nginx/sites-available/default {{{ server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /var/www; index index.html index.htm; # Make site accessible from http://localhost/ server_name localhost mygoodserver mygoodserver.org; location /hg/ { uwsgi_pass unix:/run/uwsgi/app/hgweb/socket; include uwsgi_params; uwsgi_param SERVER_ADDR $server_addr; uwsgi_param REMOTE_USER $remote_user; #Note 1 uwsgi_modifier1 30; uwsgi_param SCRIPT_NAME /hg; #Note 2 limit_except GET HEAD { allow 192.168.10.0/24; allow 127.0.0.1; allow ::1; deny all; auth_basic "Mercurial repository"; auth_basic_user_file /var/www/hg/.htpasswd; } } location /hg/static { alias /usr/share/mercurial/templates/static/; expires 30d; } } }}} == Reverse proxy == |
|
| Line 3: | Line 91: |
| ==== Configure Nginx ==== | This method relies on a running "hg serve" instance. The web server is only a reverse proxy, transactions as submitted to running mercurial instance. |
| Line 21: | Line 110: |
| } | |
| Line 24: | Line 114: |
| ==== Configure htpasswd ==== `cd` into the root directory of your repos (i.e. /var/hg/repos), and run `htpasswd -c htpasswd <user-name>` and supply a password. If you want to give a new user commit rights, simply `cd` back to that directory and run `htpasswd <user-name>`. |
=== Configure htpasswd === `cd` into the root directory of your repos (i.e. /var/hg/repos), and run `htpasswd -c <file-name> <user-name>` and supply a password. If you want to give a new user commit rights, simply `cd` back to that directory and run `htpasswd <file-name> <user-name>`. |
| Line 27: | Line 117: |
| ==== Configure hg ==== | === Configure hg === |
| Line 30: | Line 120: |
| ==== Serve ==== | === Serve === |
|
This page does not meet our Note:
This page appears to contain material that is no longer relevant. Please help improve this page by updating its content.
Configure Nginx
This page explains Nginx-specific configuration for publishing repositories with the hgweb and reverse-proxy methods.
Contents
1. hgweb (with uwsgi)
1.1. uwsgi configuration
/etc/uwsgi/apps-available/hgweb.ini
[uwsgi] processes = 2 socket = /run/uwsgi/app/hgweb/socket chdir = /var/www/hg wsgi-file = hgweb.wsgi uid = www-data gid = www-data
1.2. hgweb configuration
hgweb.wsgi
config = "/var/www/hg/hgweb.config" import os os.environ["HGENCODING"] = "UTF-8" import cgitb; cgitb.enable() from mercurial import demandimport; demandimport.enable() from mercurial.hgweb import hgweb application = hgweb(config)
hgweb.config
[paths] / = /var/www/hg/repos/* [web] style = gitweb baseurl = http://mygoodserver.org/hg/ contact = Who knows! staticurl = /hg/static
1.3. nginx configuration
/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost mygoodserver mygoodserver.org;
location /hg/ {
uwsgi_pass unix:/run/uwsgi/app/hgweb/socket;
include uwsgi_params;
uwsgi_param SERVER_ADDR $server_addr;
uwsgi_param REMOTE_USER $remote_user;
#Note 1
uwsgi_modifier1 30;
uwsgi_param SCRIPT_NAME /hg;
#Note 2
limit_except GET HEAD {
allow 192.168.10.0/24;
allow 127.0.0.1;
allow ::1;
deny all;
auth_basic "Mercurial repository";
auth_basic_user_file /var/www/hg/.htpasswd;
}
}
location /hg/static {
alias /usr/share/mercurial/templates/static/;
expires 30d;
}
}
2. Reverse proxy
This is a solution I found for hosting personal projects. I was already using Nginx, didn't want to mess with (Fast)CGI, but still wanted some basic authentication for pushing. This method allows repositories to be served using hg serve, and then be cloned and accessed via the web interface anonymously, but HTTP authentication is required for pushing.
This method relies on a running "hg serve" instance. The web server is only a reverse proxy, transactions as submitted to running mercurial instance.
The first step is to configure Nginx.
server {
listen 80;
server_name <your-server-name>; # standard stuff
access_log /path/to/access/log;
error_log /path/to/error/log;
location / {
limit_except GET { # do this for all requests but GETS
auth_basic "Restricted";
auth_basic_user_file /path/to/htpasswd/file;
proxy_pass http://localhost:8000;
}
proxy_pass http://localhost:8000; # or wherever hg serve is running
}
}
2.1. Configure htpasswd
cd into the root directory of your repos (i.e. /var/hg/repos), and run htpasswd -c <file-name> <user-name> and supply a password. If you want to give a new user commit rights, simply cd back to that directory and run htpasswd <file-name> <user-name>.
2.2. Configure hg
The final step is to configure your repository's hgrc file, located at <repo-name>/.hg/hgrc. The import things in hgrc are to make sure that, in the [web] section, push_ssl is set to false and allow_push is set to *.
2.3. Serve
Now run hg serve as normal, and you should be able to access the web interface and clone the repository with no authentication, but to push to the central repository you need to have a user name and password from the htpasswd file.