Mercurial > kallithea
view docs/administrator_guide/vcs_setup.rst @ 7367:c57d926edd39
auth: strip RFC4007 zone identifiers from IPv6 addresses before doing access control
If using IPv6, the request IP address might contain a '%' that the ipaddr
module that is used for IP filtering can't handle.
https://tools.ietf.org/html/rfc4007#section-11 specifies how IPv6 addresses can
have zone identifiers like trailing '%13' or '%eth0'. The zone identifier is
used to help distinguish *if* the same address should be available on multiple
interfaces. It *could* potentially have security implications in the odd case
where the same address is different on different interfaces. The IP whitelist
functionality does however not support zone filters, so there is no way users
can expect the zone to be relevant for IP filtering. We can thus safely strip
the zone index and only check for match on the other parts of the address.
author | Mads Kiilerich <mads@kiilerich.com> |
---|---|
date | Sat, 01 Sep 2018 01:12:13 +0200 |
parents | 52f823b92614 |
children |
line wrap: on
line source
.. _vcs_setup: ============================= Version control systems setup ============================= Kallithea supports Git and Mercurial repositories out-of-the-box. For Git, you do need the ``git`` command line client installed on the server. You can always disable Git or Mercurial support by editing the file ``kallithea/__init__.py`` and commenting out the backend. For example, to disable Git but keep Mercurial enabled: .. code-block:: python BACKENDS = { 'hg': 'Mercurial repository', #'git': 'Git repository', } Git-specific setup ------------------ Web server with chunked encoding ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Large Git pushes require an HTTP server with support for chunked encoding for POST. The Python web servers waitress_ and gunicorn_ (Linux only) can be used. By default, Kallithea uses waitress_ for `gearbox serve` instead of the built-in `paste` WSGI server. The web server used by gearbox is controlled in the .ini file:: use = egg:waitress#main or:: use = egg:gunicorn#main Also make sure to comment out the following options:: threadpool_workers = threadpool_max_requests = use_threadpool = Increasing Git HTTP POST buffer size ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If Git pushes fail with HTTP error code 411 (Length Required), you may need to increase the Git HTTP POST buffer. Run the following command as the user that runs Kallithea to set a global Git variable to this effect:: git config --global http.postBuffer 524288000 .. _waitress: http://pypi.python.org/pypi/waitress .. _gunicorn: http://pypi.python.org/pypi/gunicorn .. _subrepositories: http://mercurial.aragost.com/kick-start/en/subrepositories/