Mercurial > kallithea
comparison docs/setup.rst @ 7626:19af3fef3b34 stable
merge default to stable for 0.4.0
author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
---|---|
date | Sun, 31 Mar 2019 21:28:56 +0200 |
parents | 5e7eb3df806e |
children | ee37a78c6950 |
comparison
equal
deleted
inserted
replaced
7558:fdee9a036bee | 7626:19af3fef3b34 |
---|---|
9 -------------------- | 9 -------------------- |
10 | 10 |
11 First, you will need to create a Kallithea configuration file. Run the | 11 First, you will need to create a Kallithea configuration file. Run the |
12 following command to do so:: | 12 following command to do so:: |
13 | 13 |
14 paster make-config Kallithea my.ini | 14 kallithea-cli config-create my.ini |
15 | 15 |
16 This will create the file ``my.ini`` in the current directory. This | 16 This will create the file ``my.ini`` in the current directory. This |
17 configuration file contains the various settings for Kallithea, e.g. | 17 configuration file contains the various settings for Kallithea, e.g. |
18 proxy port, email settings, usage of static files, cache, Celery | 18 proxy port, email settings, usage of static files, cache, Celery |
19 settings, and logging. | 19 settings, and logging. Extra settings can be specified like:: |
20 | |
21 kallithea-cli config-create my.ini host=8.8.8.8 "[handler_console]" formatter=color_formatter | |
20 | 22 |
21 Next, you need to create the databases used by Kallithea. It is recommended to | 23 Next, you need to create the databases used by Kallithea. It is recommended to |
22 use PostgreSQL or SQLite (default). If you choose a database other than the | 24 use PostgreSQL or SQLite (default). If you choose a database other than the |
23 default, ensure you properly adjust the database URL in your ``my.ini`` | 25 default, ensure you properly adjust the database URL in your ``my.ini`` |
24 configuration file to use this other database. Kallithea currently supports | 26 configuration file to use this other database. Kallithea currently supports |
25 PostgreSQL, SQLite and MySQL databases. Create the database by running | 27 PostgreSQL, SQLite and MySQL databases. Create the database by running |
26 the following command:: | 28 the following command:: |
27 | 29 |
28 paster setup-db my.ini | 30 kallithea-cli db-create -c my.ini |
29 | 31 |
30 This will prompt you for a "root" path. This "root" path is the location where | 32 This will prompt you for a "root" path. This "root" path is the location where |
31 Kallithea will store all of its repositories on the current machine. After | 33 Kallithea will store all of its repositories on the current machine. After |
32 entering this "root" path ``setup-db`` will also prompt you for a username | 34 entering this "root" path ``db-create`` will also prompt you for a username |
33 and password for the initial admin account which ``setup-db`` sets | 35 and password for the initial admin account which ``db-create`` sets |
34 up for you. | 36 up for you. |
35 | 37 |
36 The ``setup-db`` values can also be given on the command line. | 38 The ``db-create`` values can also be given on the command line. |
37 Example:: | 39 Example:: |
38 | 40 |
39 paster setup-db my.ini --user=nn --password=secret --email=nn@example.com --repos=/srv/repos | 41 kallithea-cli db-create -c my.ini --user=nn --password=secret --email=nn@example.com --repos=/srv/repos |
40 | 42 |
41 The ``setup-db`` command will create all needed tables and an | 43 The ``db-create`` command will create all needed tables and an |
42 admin account. When choosing a root path you can either use a new | 44 admin account. When choosing a root path you can either use a new |
43 empty location, or a location which already contains existing | 45 empty location, or a location which already contains existing |
44 repositories. If you choose a location which contains existing | 46 repositories. If you choose a location which contains existing |
45 repositories Kallithea will add all of the repositories at the chosen | 47 repositories Kallithea will add all of the repositories at the chosen |
46 location to its database. (Note: make sure you specify the correct | 48 location to its database. (Note: make sure you specify the correct |
50 accessible for the application. It's very important since | 52 accessible for the application. It's very important since |
51 the Kallithea web interface will work without write access, | 53 the Kallithea web interface will work without write access, |
52 but when trying to do a push it will fail with permission | 54 but when trying to do a push it will fail with permission |
53 denied errors unless it has write access. | 55 denied errors unless it has write access. |
54 | 56 |
57 Finally, prepare the front-end by running:: | |
58 | |
59 kallithea-cli front-end-build | |
60 | |
55 You are now ready to use Kallithea. To run it simply execute:: | 61 You are now ready to use Kallithea. To run it simply execute:: |
56 | 62 |
57 paster serve my.ini | 63 gearbox serve -c my.ini |
58 | 64 |
59 - This command runs the Kallithea server. The web app should be available at | 65 - This command runs the Kallithea server. The web app should be available at |
60 http://127.0.0.1:5000. The IP address and port is configurable via the | 66 http://127.0.0.1:5000. The IP address and port is configurable via the |
61 configuration file created in the previous step. | 67 configuration file created in the previous step. |
62 - Log in to Kallithea using the admin account created when running ``setup-db``. | 68 - Log in to Kallithea using the admin account created when running ``db-create``. |
63 - The default permissions on each repository is read, and the owner is admin. | 69 - The default permissions on each repository is read, and the owner is admin. |
64 Remember to update these if needed. | 70 Remember to update these if needed. |
65 - In the admin panel you can toggle LDAP, anonymous, and permissions | 71 - In the admin panel you can toggle LDAP, anonymous, and permissions |
66 settings, as well as edit more advanced options on users and | 72 settings, as well as edit more advanced options on users and |
67 repositories. | 73 repositories. |
68 | 74 |
69 | 75 |
70 Extensions | 76 Internationalization (i18n support) |
71 ---------- | 77 ----------------------------------- |
72 | 78 |
73 Optionally one can create an ``rcextensions`` package that extends Kallithea | 79 The Kallithea web interface is automatically displayed in the user's preferred |
74 functionality. | 80 language, as indicated by the browser. Thus, different users may see the |
75 To generate a skeleton extensions package, run:: | 81 application in different languages. If the requested language is not available |
76 | 82 (because the translation file for that language does not yet exist or is |
77 paster make-rcext my.ini | 83 incomplete), the language specified in setting ``i18n.lang`` in the Kallithea |
78 | 84 configuration file is used as fallback. If no fallback language is explicitly |
79 This will create an ``rcextensions`` package next to the specified ``ini`` file. | 85 specified, English is used. |
80 With ``rcextensions`` it's possible to add additional mapping for whoosh, | 86 |
81 stats and add additional code into the push/pull/create/delete repo hooks, | 87 If you want to disable automatic language detection and instead configure a |
82 for example for sending signals to build-bots such as Jenkins. | 88 fixed language regardless of user preference, set ``i18n.enabled = false`` and |
83 | 89 set ``i18n.lang`` to the desired language (or leave empty for English). |
84 See the ``__init__.py`` file inside the generated ``rcextensions`` package | |
85 for more details. | |
86 | 90 |
87 | 91 |
88 Using Kallithea with SSH | 92 Using Kallithea with SSH |
89 ------------------------ | 93 ------------------------ |
90 | 94 |
127 | 131 |
128 .. __: https://whoosh.readthedocs.io/en/latest/ | 132 .. __: https://whoosh.readthedocs.io/en/latest/ |
129 | 133 |
130 For an incremental index build, run:: | 134 For an incremental index build, run:: |
131 | 135 |
132 paster make-index my.ini | 136 kallithea-cli index-create -c my.ini |
133 | 137 |
134 For a full index rebuild, run:: | 138 For a full index rebuild, run:: |
135 | 139 |
136 paster make-index my.ini -f | 140 kallithea-cli index-create -c my.ini --full |
137 | 141 |
138 The ``--repo-location`` option allows the location of the repositories to be overriden; | 142 The ``--repo-location`` option allows the location of the repositories to be overridden; |
139 usually, the location is retrieved from the Kallithea database. | 143 usually, the location is retrieved from the Kallithea database. |
140 | 144 |
141 The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list:: | 145 The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list:: |
142 | 146 |
143 paster make-index my.ini --index-only=vcs,kallithea | 147 kallithea-cli index-create -c my.ini --index-only=vcs,kallithea |
144 | 148 |
145 To keep your index up-to-date it is necessary to do periodic index builds; | 149 To keep your index up-to-date it is necessary to do periodic index builds; |
146 for this, it is recommended to use a crontab entry. Example:: | 150 for this, it is recommended to use a crontab entry. Example:: |
147 | 151 |
148 0 3 * * * /path/to/virtualenv/bin/paster make-index /path/to/kallithea/my.ini | 152 0 3 * * * /path/to/virtualenv/bin/kallithea-cli index-create -c /path/to/kallithea/my.ini |
149 | 153 |
150 When using incremental mode (the default), Whoosh will check the last | 154 When using incremental mode (the default), Whoosh will check the last |
151 modification date of each file and add it to be reindexed if a newer file is | 155 modification date of each file and add it to be reindexed if a newer file is |
152 available. The indexing daemon checks for any removed files and removes them | 156 available. The indexing daemon checks for any removed files and removes them |
153 from index. | 157 from index. |
154 | 158 |
155 If you want to rebuild the index from scratch, you can use the ``-f`` flag as above, | 159 If you want to rebuild the index from scratch, you can use the ``-f`` flag as above, |
156 or in the admin panel you can check the "build from scratch" checkbox. | 160 or in the admin panel you can check the "build from scratch" checkbox. |
157 | 161 |
158 .. _ldap-setup: | |
159 | |
160 Setting up LDAP support | |
161 ----------------------- | |
162 | |
163 Kallithea supports LDAP authentication. In order | |
164 to use LDAP, you have to install the python-ldap_ package. This package is | |
165 available via PyPI, so you can install it by running:: | |
166 | |
167 pip install python-ldap | |
168 | |
169 .. note:: ``python-ldap`` requires some libraries to be installed on | |
170 your system, so before installing it check that you have at | |
171 least the ``openldap`` and ``sasl`` libraries. | |
172 | |
173 Choose *Admin > Authentication*, click the ``kallithea.lib.auth_modules.auth_ldap`` button | |
174 and then *Save*, to enable the LDAP plugin and configure its settings. | |
175 | |
176 Here's a typical LDAP setup:: | |
177 | |
178 Connection settings | |
179 Enable LDAP = checked | |
180 Host = host.example.com | |
181 Port = 389 | |
182 Account = <account> | |
183 Password = <password> | |
184 Connection Security = LDAPS connection | |
185 Certificate Checks = DEMAND | |
186 | |
187 Search settings | |
188 Base DN = CN=users,DC=host,DC=example,DC=org | |
189 LDAP Filter = (&(objectClass=user)(!(objectClass=computer))) | |
190 LDAP Search Scope = SUBTREE | |
191 | |
192 Attribute mappings | |
193 Login Attribute = uid | |
194 First Name Attribute = firstName | |
195 Last Name Attribute = lastName | |
196 Email Attribute = mail | |
197 | |
198 If your user groups are placed in an Organisation Unit (OU) structure, the Search Settings configuration differs:: | |
199 | |
200 Search settings | |
201 Base DN = DC=host,DC=example,DC=org | |
202 LDAP Filter = (&(memberOf=CN=your user group,OU=subunit,OU=unit,DC=host,DC=example,DC=org)(objectClass=user)) | |
203 LDAP Search Scope = SUBTREE | |
204 | |
205 .. _enable_ldap: | |
206 | |
207 Enable LDAP : required | |
208 Whether to use LDAP for authenticating users. | |
209 | |
210 .. _ldap_host: | |
211 | |
212 Host : required | |
213 LDAP server hostname or IP address. Can be also a comma separated | |
214 list of servers to support LDAP fail-over. | |
215 | |
216 .. _Port: | |
217 | |
218 Port : required | |
219 389 for un-encrypted LDAP, 636 for SSL-encrypted LDAP. | |
220 | |
221 .. _ldap_account: | |
222 | |
223 Account : optional | |
224 Only required if the LDAP server does not allow anonymous browsing of | |
225 records. This should be a special account for record browsing. This | |
226 will require `LDAP Password`_ below. | |
227 | |
228 .. _LDAP Password: | |
229 | |
230 Password : optional | |
231 Only required if the LDAP server does not allow anonymous browsing of | |
232 records. | |
233 | |
234 .. _Enable LDAPS: | |
235 | |
236 Connection Security : required | |
237 Defines the connection to LDAP server | |
238 | |
239 No encryption | |
240 Plain non encrypted connection | |
241 | |
242 LDAPS connection | |
243 Enable LDAPS connections. It will likely require `Port`_ to be set to | |
244 a different value (standard LDAPS port is 636). When LDAPS is enabled | |
245 then `Certificate Checks`_ is required. | |
246 | |
247 START_TLS on LDAP connection | |
248 START TLS connection | |
249 | |
250 .. _Certificate Checks: | |
251 | |
252 Certificate Checks : optional | |
253 How SSL certificates verification is handled -- this is only useful when | |
254 `Enable LDAPS`_ is enabled. Only DEMAND or HARD offer full SSL security | |
255 while the other options are susceptible to man-in-the-middle attacks. SSL | |
256 certificates can be installed to /etc/openldap/cacerts so that the | |
257 DEMAND or HARD options can be used with self-signed certificates or | |
258 certificates that do not have traceable certificates of authority. | |
259 | |
260 NEVER | |
261 A serve certificate will never be requested or checked. | |
262 | |
263 ALLOW | |
264 A server certificate is requested. Failure to provide a | |
265 certificate or providing a bad certificate will not terminate the | |
266 session. | |
267 | |
268 TRY | |
269 A server certificate is requested. Failure to provide a | |
270 certificate does not halt the session; providing a bad certificate | |
271 halts the session. | |
272 | |
273 DEMAND | |
274 A server certificate is requested and must be provided and | |
275 authenticated for the session to proceed. | |
276 | |
277 HARD | |
278 The same as DEMAND. | |
279 | |
280 .. _Base DN: | |
281 | |
282 Base DN : required | |
283 The Distinguished Name (DN) where searches for users will be performed. | |
284 Searches can be controlled by `LDAP Filter`_ and `LDAP Search Scope`_. | |
285 | |
286 .. _LDAP Filter: | |
287 | |
288 LDAP Filter : optional | |
289 A LDAP filter defined by RFC 2254. This is more useful when `LDAP | |
290 Search Scope`_ is set to SUBTREE. The filter is useful for limiting | |
291 which LDAP objects are identified as representing Users for | |
292 authentication. The filter is augmented by `Login Attribute`_ below. | |
293 This can commonly be left blank. | |
294 | |
295 .. _LDAP Search Scope: | |
296 | |
297 LDAP Search Scope : required | |
298 This limits how far LDAP will search for a matching object. | |
299 | |
300 BASE | |
301 Only allows searching of `Base DN`_ and is usually not what you | |
302 want. | |
303 | |
304 ONELEVEL | |
305 Searches all entries under `Base DN`_, but not Base DN itself. | |
306 | |
307 SUBTREE | |
308 Searches all entries below `Base DN`_, but not Base DN itself. | |
309 When using SUBTREE `LDAP Filter`_ is useful to limit object | |
310 location. | |
311 | |
312 .. _Login Attribute: | |
313 | |
314 Login Attribute : required | |
315 The LDAP record attribute that will be matched as the USERNAME or | |
316 ACCOUNT used to connect to Kallithea. This will be added to `LDAP | |
317 Filter`_ for locating the User object. If `LDAP Filter`_ is specified as | |
318 "LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has | |
319 connected as "jsmith" then the `LDAP Filter`_ will be augmented as below | |
320 :: | |
321 | |
322 (&(LDAPFILTER)(uid=jsmith)) | |
323 | |
324 .. _ldap_attr_firstname: | |
325 | |
326 First Name Attribute : required | |
327 The LDAP record attribute which represents the user's first name. | |
328 | |
329 .. _ldap_attr_lastname: | |
330 | |
331 Last Name Attribute : required | |
332 The LDAP record attribute which represents the user's last name. | |
333 | |
334 .. _ldap_attr_email: | |
335 | |
336 Email Attribute : required | |
337 The LDAP record attribute which represents the user's email address. | |
338 | |
339 If all data are entered correctly, and python-ldap_ is properly installed | |
340 users should be granted access to Kallithea with LDAP accounts. At this | |
341 time user information is copied from LDAP into the Kallithea user database. | |
342 This means that updates of an LDAP user object may not be reflected as a | |
343 user update in Kallithea. | |
344 | |
345 If You have problems with LDAP access and believe You entered correct | |
346 information check out the Kallithea logs, any error messages sent from LDAP | |
347 will be saved there. | |
348 | |
349 Active Directory | |
350 '''''''''''''''' | |
351 | |
352 Kallithea can use Microsoft Active Directory for user authentication. This | |
353 is done through an LDAP or LDAPS connection to Active Directory. The | |
354 following LDAP configuration settings are typical for using Active | |
355 Directory :: | |
356 | |
357 Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local | |
358 Login Attribute = sAMAccountName | |
359 First Name Attribute = givenName | |
360 Last Name Attribute = sn | |
361 Email Attribute = mail | |
362 | |
363 All other LDAP settings will likely be site-specific and should be | |
364 appropriately configured. | |
365 | |
366 | |
367 Authentication by container or reverse-proxy | |
368 -------------------------------------------- | |
369 | |
370 Kallithea supports delegating the authentication | |
371 of users to its WSGI container, or to a reverse-proxy server through which all | |
372 clients access the application. | |
373 | |
374 When these authentication methods are enabled in Kallithea, it uses the | |
375 username that the container/proxy (Apache or Nginx, etc.) provides and doesn't | |
376 perform the authentication itself. The authorization, however, is still done by | |
377 Kallithea according to its settings. | |
378 | |
379 When a user logs in for the first time using these authentication methods, | |
380 a matching user account is created in Kallithea with default permissions. An | |
381 administrator can then modify it using Kallithea's admin interface. | |
382 | |
383 It's also possible for an administrator to create accounts and configure their | |
384 permissions before the user logs in for the first time, using the :ref:`create-user` API. | |
385 | |
386 Container-based authentication | |
387 '''''''''''''''''''''''''''''' | |
388 | |
389 In a container-based authentication setup, Kallithea reads the user name from | |
390 the ``REMOTE_USER`` server variable provided by the WSGI container. | |
391 | |
392 After setting up your container (see `Apache with mod_wsgi`_), you'll need | |
393 to configure it to require authentication on the location configured for | |
394 Kallithea. | |
395 | |
396 Proxy pass-through authentication | |
397 ''''''''''''''''''''''''''''''''' | |
398 | |
399 In a proxy pass-through authentication setup, Kallithea reads the user name | |
400 from the ``X-Forwarded-User`` request header, which should be configured to be | |
401 sent by the reverse-proxy server. | |
402 | |
403 After setting up your proxy solution (see `Apache virtual host reverse proxy example`_, | |
404 `Apache as subdirectory`_ or `Nginx virtual host example`_), you'll need to | |
405 configure the authentication and add the username in a request header named | |
406 ``X-Forwarded-User``. | |
407 | |
408 For example, the following config section for Apache sets a subdirectory in a | |
409 reverse-proxy setup with basic auth: | |
410 | |
411 .. code-block:: apache | |
412 | |
413 <Location /someprefix> | |
414 ProxyPass http://127.0.0.1:5000/someprefix | |
415 ProxyPassReverse http://127.0.0.1:5000/someprefix | |
416 SetEnvIf X-Url-Scheme https HTTPS=1 | |
417 | |
418 AuthType Basic | |
419 AuthName "Kallithea authentication" | |
420 AuthUserFile /srv/kallithea/.htpasswd | |
421 Require valid-user | |
422 | |
423 RequestHeader unset X-Forwarded-User | |
424 | |
425 RewriteEngine On | |
426 RewriteCond %{LA-U:REMOTE_USER} (.+) | |
427 RewriteRule .* - [E=RU:%1] | |
428 RequestHeader set X-Forwarded-User %{RU}e | |
429 </Location> | |
430 | |
431 .. note:: | |
432 If you enable proxy pass-through authentication, make sure your server is | |
433 only accessible through the proxy. Otherwise, any client would be able to | |
434 forge the authentication header and could effectively become authenticated | |
435 using any account of their liking. | |
436 | |
437 | 162 |
438 Integration with issue trackers | 163 Integration with issue trackers |
439 ------------------------------- | 164 ------------------------------- |
440 | 165 |
441 Kallithea provides a simple integration with issue trackers. It's possible | 166 Kallithea provides a simple integration with issue trackers. It's possible |
442 to define a regular expression that will match an issue ID in commit messages, | 167 to define a regular expression that will match an issue ID in commit messages, |
443 and have that replaced with a URL to the issue. To enable this simply | 168 and have that replaced with a URL to the issue. |
444 uncomment the following variables in the ini file:: | 169 |
445 | 170 This is achieved with following three variables in the ini file:: |
446 issue_pat = (?:^#|\s#)(\w+) | 171 |
447 issue_server_link = https://issues.example.com/{repo}/issue/{id} | 172 issue_pat = #(\d+) |
448 issue_prefix = # | 173 issue_server_link = https://issues.example.com/{repo}/issue/\1 |
174 issue_sub = | |
449 | 175 |
450 ``issue_pat`` is the regular expression describing which strings in | 176 ``issue_pat`` is the regular expression describing which strings in |
451 commit messages will be treated as issue references. A match group in | 177 commit messages will be treated as issue references. The expression can/should |
452 parentheses should be used to specify the actual issue id. | 178 have one or more parenthesized groups that can later be referred to in |
453 | 179 ``issue_server_link`` and ``issue_sub`` (see below). If you prefer, named groups |
454 The default expression matches issues in the format ``#<number>``, e.g., ``#300``. | 180 can be used instead of simple parenthesized groups. |
181 | |
182 If the pattern should only match if it is preceded by whitespace, add the | |
183 following string before the actual pattern: ``(?:^|(?<=\s))``. | |
184 If the pattern should only match if it is followed by whitespace, add the | |
185 following string after the actual pattern: ``(?:$|(?=\s))``. | |
186 These expressions use lookbehind and lookahead assertions of the Python regular | |
187 expression module to avoid the whitespace to be part of the actual pattern, | |
188 otherwise the link text will also contain that whitespace. | |
455 | 189 |
456 Matched issue references are replaced with the link specified in | 190 Matched issue references are replaced with the link specified in |
457 ``issue_server_link``. ``{id}`` is replaced with the issue ID, and | 191 ``issue_server_link``, in which any backreferences are resolved. Backreferences |
458 ``{repo}`` with the repository name. Since the # is stripped away, | 192 can be ``\1``, ``\2``, ... or for named groups ``\g<groupname>``. |
459 ``issue_prefix`` is prepended to the link text. ``issue_prefix`` doesn't | 193 The special token ``{repo}`` is replaced with the full repository path |
460 necessarily need to be ``#``: if you set issue prefix to ``ISSUE-`` this will | 194 (including repository groups), while token ``{repo_name}`` is replaced with the |
461 generate a URL in the format: | 195 repository name (without repository groups). |
196 | |
197 The link text is determined by ``issue_sub``, which can be a string containing | |
198 backreferences to the groups specified in ``issue_pat``. If ``issue_sub`` is | |
199 empty, then the text matched by ``issue_pat`` is used verbatim. | |
200 | |
201 The example settings shown above match issues in the format ``#<number>``. | |
202 This will cause the text ``#300`` to be transformed into a link: | |
462 | 203 |
463 .. code-block:: html | 204 .. code-block:: html |
464 | 205 |
465 <a href="https://issues.example.com/example_repo/issue/300">ISSUE-300</a> | 206 <a href="https://issues.example.com/example_repo/issue/300">#300</a> |
207 | |
208 The following example transforms a text starting with either of 'pullrequest', | |
209 'pull request' or 'PR', followed by an optional space, then a pound character | |
210 (#) and one or more digits, into a link with the text 'PR #' followed by the | |
211 digits:: | |
212 | |
213 issue_pat = (pullrequest|pull request|PR) ?#(\d+) | |
214 issue_server_link = https://issues.example.com/\2 | |
215 issue_sub = PR #\2 | |
216 | |
217 The following example demonstrates how to require whitespace before the issue | |
218 reference in order for it to be recognized, such that the text ``issue#123`` will | |
219 not cause a match, but ``issue #123`` will:: | |
220 | |
221 issue_pat = (?:^|(?<=\s))#(\d+) | |
222 issue_server_link = https://issues.example.com/\1 | |
223 issue_sub = | |
466 | 224 |
467 If needed, more than one pattern can be specified by appending a unique suffix to | 225 If needed, more than one pattern can be specified by appending a unique suffix to |
468 the variables. For example:: | 226 the variables. For example, also demonstrating the use of named groups:: |
469 | 227 |
470 issue_pat_wiki = (?:wiki-)(.+) | 228 issue_pat_wiki = wiki-(?P<pagename>\S+) |
471 issue_server_link_wiki = https://wiki.example.com/{id} | 229 issue_server_link_wiki = https://wiki.example.com/\g<pagename> |
472 issue_prefix_wiki = WIKI- | 230 issue_sub_wiki = WIKI-\g<pagename> |
473 | 231 |
474 With these settings, wiki pages can be referenced as wiki-some-id, and every | 232 With these settings, wiki pages can be referenced as wiki-some-id, and every |
475 such reference will be transformed into: | 233 such reference will be transformed into: |
476 | 234 |
477 .. code-block:: html | 235 .. code-block:: html |
478 | 236 |
479 <a href="https://wiki.example.com/some-id">WIKI-some-id</a> | 237 <a href="https://wiki.example.com/some-id">WIKI-some-id</a> |
238 | |
239 Refer to the `Python regular expression documentation`_ for more details about | |
240 the supported syntax in ``issue_pat``, ``issue_server_link`` and ``issue_sub``. | |
480 | 241 |
481 | 242 |
482 Hook management | 243 Hook management |
483 --------------- | 244 --------------- |
484 | 245 |
500 This affects many parts in Kallithea including user names, filenames, and | 261 This affects many parts in Kallithea including user names, filenames, and |
501 encoding of commit messages. In addition Kallithea can detect if the ``chardet`` | 262 encoding of commit messages. In addition Kallithea can detect if the ``chardet`` |
502 library is installed. If ``chardet`` is detected Kallithea will fallback to it | 263 library is installed. If ``chardet`` is detected Kallithea will fallback to it |
503 when there are encode/decode errors. | 264 when there are encode/decode errors. |
504 | 265 |
266 The Mercurial encoding is configurable as ``hgencoding``. It is similar to | |
267 setting the ``HGENCODING`` environment variable, but will override it. | |
268 | |
505 | 269 |
506 Celery configuration | 270 Celery configuration |
507 -------------------- | 271 -------------------- |
508 | 272 |
509 Kallithea can use the distributed task queue system Celery_ to run tasks like | 273 Kallithea can use the distributed task queue system Celery_ to run tasks like |
529 Celery. So for example setting `BROKER_HOST` in Celery means setting | 293 Celery. So for example setting `BROKER_HOST` in Celery means setting |
530 `broker.host` in the configuration file. | 294 `broker.host` in the configuration file. |
531 | 295 |
532 To start the Celery process, run:: | 296 To start the Celery process, run:: |
533 | 297 |
534 paster celeryd <configfile.ini> | 298 kallithea-cli celery-run -c my.ini |
299 | |
300 Extra options to the Celery worker can be passed after ``--`` - see ``-- -h`` | |
301 for more info. | |
535 | 302 |
536 .. note:: | 303 .. note:: |
537 Make sure you run this command from the same virtualenv, and with the same | 304 Make sure you run this command from the same virtualenv, and with the same |
538 user that Kallithea runs. | 305 user that Kallithea runs. |
539 | 306 |
549 - With ``https_fixup = true``, the scheme will be taken from the | 316 - With ``https_fixup = true``, the scheme will be taken from the |
550 ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header | 317 ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header |
551 (default ``http``). | 318 (default ``http``). |
552 - With ``force_https = true`` the default will be ``https``. | 319 - With ``force_https = true`` the default will be ``https``. |
553 - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https. | 320 - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https. |
321 | |
322 .. _nginx_virtual_host: | |
554 | 323 |
555 | 324 |
556 Nginx virtual host example | 325 Nginx virtual host example |
557 -------------------------- | 326 -------------------------- |
558 | 327 |
604 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5; | 373 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5; |
605 ssl_prefer_server_ciphers on; | 374 ssl_prefer_server_ciphers on; |
606 | 375 |
607 ## uncomment root directive if you want to serve static files by nginx | 376 ## uncomment root directive if you want to serve static files by nginx |
608 ## requires static_files = false in .ini file | 377 ## requires static_files = false in .ini file |
609 #root /path/to/installation/kallithea/public; | 378 #root /srv/kallithea/kallithea/kallithea/public; |
610 include /etc/nginx/proxy.conf; | 379 include /etc/nginx/proxy.conf; |
611 location / { | 380 location / { |
612 try_files $uri @kallithea; | 381 try_files $uri @kallithea; |
613 } | 382 } |
614 | 383 |
638 proxy_buffers 8 32k; | 407 proxy_buffers 8 32k; |
639 client_max_body_size 1024m; | 408 client_max_body_size 1024m; |
640 client_body_buffer_size 128k; | 409 client_body_buffer_size 128k; |
641 large_client_header_buffers 8 64k; | 410 large_client_header_buffers 8 64k; |
642 | 411 |
412 .. _apache_virtual_host_reverse_proxy: | |
413 | |
643 | 414 |
644 Apache virtual host reverse proxy example | 415 Apache virtual host reverse proxy example |
645 ----------------------------------------- | 416 ----------------------------------------- |
646 | 417 |
647 Here is a sample configuration file for Apache using proxy: | 418 Here is a sample configuration file for Apache using proxy: |
659 # Order allow,deny | 430 # Order allow,deny |
660 # Allow from all | 431 # Allow from all |
661 </Proxy> | 432 </Proxy> |
662 | 433 |
663 #important ! | 434 #important ! |
664 #Directive to properly generate url (clone url) for pylons | 435 #Directive to properly generate url (clone url) for Kallithea |
665 ProxyPreserveHost On | 436 ProxyPreserveHost On |
666 | 437 |
667 #kallithea instance | 438 #kallithea instance |
668 ProxyPass / http://127.0.0.1:5000/ | 439 ProxyPass / http://127.0.0.1:5000/ |
669 ProxyPassReverse / http://127.0.0.1:5000/ | 440 ProxyPassReverse / http://127.0.0.1:5000/ |
673 </VirtualHost> | 444 </VirtualHost> |
674 | 445 |
675 Additional tutorial | 446 Additional tutorial |
676 http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons | 447 http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons |
677 | 448 |
449 .. _apache_subdirectory: | |
450 | |
678 | 451 |
679 Apache as subdirectory | 452 Apache as subdirectory |
680 ---------------------- | 453 ---------------------- |
681 | 454 |
682 Apache subdirectory part: | 455 Apache subdirectory part: |
683 | 456 |
684 .. code-block:: apache | 457 .. code-block:: apache |
685 | 458 |
686 <Location /<someprefix> > | 459 <Location /PREFIX > |
687 ProxyPass http://127.0.0.1:5000/<someprefix> | 460 ProxyPass http://127.0.0.1:5000/PREFIX |
688 ProxyPassReverse http://127.0.0.1:5000/<someprefix> | 461 ProxyPassReverse http://127.0.0.1:5000/PREFIX |
689 SetEnvIf X-Url-Scheme https HTTPS=1 | 462 SetEnvIf X-Url-Scheme https HTTPS=1 |
690 </Location> | 463 </Location> |
691 | 464 |
692 Besides the regular apache setup you will need to add the following line | 465 Besides the regular apache setup you will need to add the following line |
693 into ``[app:main]`` section of your .ini file:: | 466 into ``[app:main]`` section of your .ini file:: |
696 | 469 |
697 Add the following at the end of the .ini file:: | 470 Add the following at the end of the .ini file:: |
698 | 471 |
699 [filter:proxy-prefix] | 472 [filter:proxy-prefix] |
700 use = egg:PasteDeploy#prefix | 473 use = egg:PasteDeploy#prefix |
701 prefix = /<someprefix> | 474 prefix = /PREFIX |
702 | 475 |
703 then change ``<someprefix>`` into your chosen prefix | 476 then change ``PREFIX`` into your chosen prefix |
477 | |
478 .. _apache_mod_wsgi: | |
704 | 479 |
705 | 480 |
706 Apache with mod_wsgi | 481 Apache with mod_wsgi |
707 -------------------- | 482 -------------------- |
708 | 483 |
753 Apache will by default run as a special Apache user, on Linux systems | 528 Apache will by default run as a special Apache user, on Linux systems |
754 usually ``www-data`` or ``apache``. If you need to have the repositories | 529 usually ``www-data`` or ``apache``. If you need to have the repositories |
755 directory owned by a different user, use the user and group options to | 530 directory owned by a different user, use the user and group options to |
756 WSGIDaemonProcess to set the name of the user and group. | 531 WSGIDaemonProcess to set the name of the user and group. |
757 | 532 |
758 .. note:: | |
759 If running Kallithea in multiprocess mode, | |
760 make sure you set ``instance_id = *`` in the configuration so each process | |
761 gets it's own cache invalidation key. | |
762 | |
763 Example WSGI dispatch script: | 533 Example WSGI dispatch script: |
764 | 534 |
765 .. code-block:: python | 535 .. code-block:: python |
766 | 536 |
767 import os | 537 import os |
768 os.environ["HGENCODING"] = "UTF-8" | |
769 os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache' | 538 os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache' |
770 | 539 |
771 # sometimes it's needed to set the curent dir | 540 # sometimes it's needed to set the current dir |
772 os.chdir('/srv/kallithea/') | 541 os.chdir('/srv/kallithea/') |
773 | 542 |
774 import site | 543 import site |
775 site.addsitedir("/srv/kallithea/venv/lib/python2.7/site-packages") | 544 site.addsitedir("/srv/kallithea/venv/lib/python2.7/site-packages") |
776 | 545 |
777 ini = '/srv/kallithea/my.ini' | 546 ini = '/srv/kallithea/my.ini' |
778 from paste.script.util.logging_config import fileConfig | 547 from logging.config import fileConfig |
779 fileConfig(ini) | 548 fileConfig(ini) |
780 from paste.deploy import loadapp | 549 from paste.deploy import loadapp |
781 application = loadapp('config:' + ini) | 550 application = loadapp('config:' + ini) |
782 | 551 |
783 Or using proper virtualenv activation: | 552 Or using proper virtualenv activation: |
789 | 558 |
790 import os | 559 import os |
791 os.environ['HOME'] = '/srv/kallithea' | 560 os.environ['HOME'] = '/srv/kallithea' |
792 | 561 |
793 ini = '/srv/kallithea/kallithea.ini' | 562 ini = '/srv/kallithea/kallithea.ini' |
794 from paste.script.util.logging_config import fileConfig | 563 from logging.config import fileConfig |
795 fileConfig(ini) | 564 fileConfig(ini) |
796 from paste.deploy import loadapp | 565 from paste.deploy import loadapp |
797 application = loadapp('config:' + ini) | 566 application = loadapp('config:' + ini) |
798 | 567 |
799 | 568 |
806 .. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ . | 575 .. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ . |
807 | 576 |
808 | 577 |
809 .. _virtualenv: http://pypi.python.org/pypi/virtualenv | 578 .. _virtualenv: http://pypi.python.org/pypi/virtualenv |
810 .. _python: http://www.python.org/ | 579 .. _python: http://www.python.org/ |
580 .. _Python regular expression documentation: https://docs.python.org/2/library/re.html | |
811 .. _Mercurial: https://www.mercurial-scm.org/ | 581 .. _Mercurial: https://www.mercurial-scm.org/ |
812 .. _Celery: http://celeryproject.org/ | 582 .. _Celery: http://celeryproject.org/ |
813 .. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html | 583 .. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html |
814 .. _RabbitMQ: http://www.rabbitmq.com/ | 584 .. _RabbitMQ: http://www.rabbitmq.com/ |
815 .. _Redis: http://redis.io/ | 585 .. _Redis: http://redis.io/ |
816 .. _python-ldap: http://www.python-ldap.org/ | |
817 .. _mercurial-server: http://www.lshift.net/mercurial-server.html | 586 .. _mercurial-server: http://www.lshift.net/mercurial-server.html |
818 .. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories | 587 .. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories |