Mercurial > kallithea

view docs/installation_iis.rst @ 4546:805ec49152c9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
simplehg: don't quiet Hg output for push I want to be able to see informational messages from e.g. the Hg Bugzilla extension. Here's output without the patch. This is identical to the output produced if the Bugzilla extension is disabled: remote: adding changesets remote: adding manifests remote: adding file changes remote: added 1 changesets with 1 changes to 1 files remote: Repository size .hg:158.2 kB repo:0 B total:158.2 kB remote: Last revision is now r324:6c03abbabb46 and with the patch: remote: adding changesets remote: adding manifests remote: adding file changes remote: added 1 changesets with 1 changes to 1 files remote: Repository size .hg:158.2 kB repo:0 B total:158.2 kB remote: Last revision is now r324:6c03abbabb46 remote: bug 3270 already knows about changeset 6c03abbabb46 The last line indicates that the Bugzilla bug text already contains an entry for that changeset. It's produced by a call to self.ui.status() in the extension. I think the point here is that the deleted code is ensuring that the remote hg (i.e. the Kallithea hg) always runs with the --quiet flag when receiving a push. This seems an arbitrary decision to me, and one that removes potentially useful information from the output. I believe this behaviour is different to that seen by the user if pushing to hgweb (I've not tried it, but inspected the hgweb source for setting quiet) and is certainly different to pushing over ssh.
author Jim Hague <jim.hague@acm.org>
date Thu, 17 Jul 2014 12:47:56 +0100
parents e69d34136be5
children 2dad9708c89f
line wrap: on
line source

.. _installation_iis:

Installing Kallithea on Microsoft Internet Information Services (IIS)
=====================================================================

The following is documented using IIS 7/8 terminology. There should be nothing
preventing you from applying this on IIS 6 well.

.. note::

    For the best security, it is strongly recommended to only host the site over
    a secure connection, e.g. using TLS.

Prerequisites
-------------

Apart from the normal requirements for Kallithea, it is also necessary to get an
ISAPI-WSGI bridge module, e.g. isapi-wsgi.

Installation
------------

The following will assume that your Kallithea is at ``c:\inetpub\kallithea`` and
will be served from the root of its own website. The changes to serve it in its
own virtual folder will be noted where appropriate.

Application Pool
................

Make sure that there is a unique application pool for the Kallithea application
with an identity that has read access to the Kallithea distribution.

The application pool does not need to be able to run any managed code. If you
are using a 32-bit Python installation, then you must enable 32 bit program in
the advanced settings for the application pool otherwise Python will not be able
to run on the website and consequently, Kallithea will not be able to run.

.. note::

    The application pool can be the same as an existing application pool as long
    as the requirements to Kallithea are enabled by the existing application
    pool.

ISAPI Handler
.............

The ISAPI handler needs to be generated from a custom file. Imagining that the
Kallithea installation is in ``c:\inetpub\kallithea``, we would have a file in
the same directory called, e.g. ``dispatch.py`` with the following contents::

    import sys

    if hasattr(sys, "isapidllhandle"):
        import win32traceutil

    import isapi_wsgi

    def __ExtensionFactory__():
        from paste.deploy import loadapp
        from paste.script.util.logging_config import fileConfig
        fileConfig('c:\\inetpub\\kallithea\\production.ini')
        application = loadapp('config:c:\\inetpub\\kallithea\\production.ini')

        def app(environ, start_response):
            user = environ.get('REMOTE_USER', None)
            if user is not None:
                os.environ['REMOTE_USER'] = user
            return application(environ, start_response)

        return isapi_wsgi.ISAPIThreadPoolHandler(app)

    if __name__=='__main__':
        from isapi.install import *
        params = ISAPIParameters()
        sm = [ScriptMapParams(Extension="*", Flags=0)]
        vd = VirtualDirParameters(Name="/",
                                  Description = "ISAPI-WSGI Echo Test",
                                  ScriptMaps = sm,
                                  ScriptMapUpdate = "replace")
        params.VirtualDirs = [vd]
        HandleCommandLine(params)

This script has two parts: First, when run directly using Python, it will
install a script map ISAPI handler into the root application of the default
website, and secondly it will be called from the ISAPI handler when invoked
from the website.

The ISAPI handler is registered to all file extensions, so it will automatically
be the one handling all requests to the website. When the website starts the
ISAPI handler, it will start a thread pool managed wrapper around the paster
middleware WSGI handler that Kallithea runs within and each HTTP request to the
site will be processed through this logic henceforth.

Authentication with Kallithea using IIS authentication modules
..............................................................

The recommended way to handle authentication with Kallithea using IIS is to let
IIS handle all the authentication and just pass it to Kallithea.

To move responsibility into IIS from Kallithea, we need to configure Kallithea
to let external systems handle authentication and then let Kallithea create the
user automatically. To do this, access the administration's authentication page
and enable the ``kallithea.lib.auth_modules.auth_container`` plugin. Once it is
added, enable it with the ``REMOTE_USER`` header and check *Clean username*.
Finally, save the changes on this page.

Switch to the administration's permissions page and disable anonymous access,
otherwise Kallithea will not attempt to use the authenticated user name. By
default, Kallithea will populate the list of users lazily as they log in. Either
disable external auth account activation and ensure that you pre-populate the
user database with an external tool, or set it to *Automatic activation of
external account*. Finally, save the changes.

The last necessary step is to enable the relevant authentication in IIS, e.g.
Windows authentication.

Troubleshooting
---------------

Typically, any issues in this setup will either be entirely in IIS or entirely
in Kallithea (or Kallithea's WSGI/paster middleware). Consequently, two
different options for finding issues exist: IIS' failed request tracking which
is great at finding issues until they exist inside Kallithea, at which point the
ISAPI-WSGI wrapper above uses ``win32traceutil``, which is part of ``pywin32``.

In order to dump output from WSGI using ``win32traceutil`` it is sufficient to
type the following in a console window::

    python -m win32traceutil

and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea
application itself) that are uncaught, will be printed here complete with stack
traces, making it a lot easier to identify issues.