``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header

  (default ``http``).

- With ``force_https = true`` the default will be ``https``.

- With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.

.. _nginx_virtual_host:

Nginx virtual host example

--------------------------

Sample config for Nginx using proxy:

.. code-block:: nginx

    upstream kallithea {

        server 127.0.0.1:5000;

        # add more instances for load balancing

        #server 127.0.0.1:5001;

        #server 127.0.0.1:5002;

    }

    ## gist alias

    server {

       listen          443;

       server_name     gist.example.com;

       access_log      /var/log/nginx/gist.access.log;

       error_log       /var/log/nginx/gist.error.log;

       ssl on;

       ssl_certificate     gist.your.kallithea.server.crt;

       ssl_certificate_key gist.your.kallithea.server.key;

       ssl_session_timeout 5m;

       ssl_protocols SSLv3 TLSv1;

       ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

       ssl_prefer_server_ciphers on;

       rewrite ^/(.+)$ https://kallithea.example.com/_admin/gists/$1;

       rewrite (.*)    https://kallithea.example.com/_admin/gists;

    }

    server {

       listen          443;

       server_name     kallithea.example.com

       access_log      /var/log/nginx/kallithea.access.log;

       error_log       /var/log/nginx/kallithea.error.log;

       ssl on;

       ssl_certificate     your.kallithea.server.crt;

       ssl_certificate_key your.kallithea.server.key;

       ssl_session_timeout 5m;

       ssl_protocols SSLv3 TLSv1;

       ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

       ssl_prefer_server_ciphers on;

       ## uncomment root directive if you want to serve static files by nginx

       ## requires static_files = false in .ini file

       #root /srv/kallithea/kallithea/kallithea/public;

       include         /etc/nginx/proxy.conf;

       location / {

            try_files $uri @kallithea;

       }

       location @kallithea {

            proxy_pass      http://127.0.0.1:5000;

       }

    }

Here's the proxy.conf. It's tuned so it will not timeout on long

pushes or large pushes::

    proxy_redirect              off;

    proxy_set_header            Host $host;

    ## needed for container auth

    #proxy_set_header            REMOTE_USER $remote_user;

    #proxy_set_header            X-Forwarded-User $remote_user;

    proxy_set_header            X-Url-Scheme $scheme;

    proxy_set_header            X-Host $http_host;

    proxy_set_header            X-Real-IP $remote_addr;

    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header            Proxy-host $proxy_host;

    proxy_buffering             off;

    proxy_connect_timeout       7200;

    proxy_send_timeout          7200;

    proxy_read_timeout          7200;

    proxy_buffers               8 32k;

    client_max_body_size        1024m;

    client_body_buffer_size     128k;

    large_client_header_buffers 8 64k;

.. _apache_virtual_host_reverse_proxy:

Apache virtual host reverse proxy example

-----------------------------------------

Here is a sample configuration file for Apache using proxy:

.. code-block:: apache

    <VirtualHost *:80>

            ServerName kallithea.example.com

            <Proxy *>

              # For Apache 2.4 and later:

              Require all granted

              # For Apache 2.2 and earlier, instead use:

              # Order allow,deny

              # Allow from all

            </Proxy>

            #important !

            #Directive to properly generate url (clone url) for Kallithea

            ProxyPreserveHost On

            #kallithea instance

            ProxyPass / http://127.0.0.1:5000/

            ProxyPassReverse / http://127.0.0.1:5000/

            #to enable https use line below

            #SetEnvIf X-Url-Scheme https HTTPS=1

    </VirtualHost>

Additional tutorial

http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons

.. _apache_subdirectory:

Apache as subdirectory

----------------------

Apache subdirectory part:

.. code-block:: apache

    <Location /PREFIX >

      ProxyPass http://127.0.0.1:5000/PREFIX

      ProxyPassReverse http://127.0.0.1:5000/PREFIX

      SetEnvIf X-Url-Scheme https HTTPS=1

    </Location>

Besides the regular apache setup you will need to add the following line

into ``[app:main]`` section of your .ini file::

    filter-with = proxy-prefix

Add the following at the end of the .ini file::

    [filter:proxy-prefix]

    use = egg:PasteDeploy#prefix

    prefix = /PREFIX

then change ``PREFIX`` into your chosen prefix

.. _apache_mod_wsgi:

Apache with mod_wsgi

--------------------

Alternatively, Kallithea can be set up with Apache under mod_wsgi. For

that, you'll need to:

- Install mod_wsgi. If using a Debian-based distro, you can install

  the package libapache2-mod-wsgi::

    aptitude install libapache2-mod-wsgi

- Enable mod_wsgi::

    a2enmod wsgi

- Add global Apache configuration to tell mod_wsgi that Python only will be

  used in the WSGI processes and shouldn't be initialized in the Apache

  processes::

    WSGIRestrictEmbedded On

- Create a WSGI dispatch script, like the one below. Make sure you

  check that the paths correctly point to where you installed Kallithea

  and its Python Virtual Environment.

  .. code-block:: python

      import os

      # sometimes it's needed to set the current dir

      os.chdir('/srv/kallithea/')

      import site

      site.addsitedir("/srv/kallithea/venv/lib/python3.7/site-packages")

      ini = '/srv/kallithea/my.ini'

      from logging.config import fileConfig

      fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})

      from paste.deploy import loadapp

      application = loadapp('config:' + ini)

  Or using proper virtualenv activation:

  .. code-block:: python

      activate_this = '/srv/kallithea/venv/bin/activate_this.py'

      execfile(activate_this, dict(__file__=activate_this))

      import os

      os.environ['HOME'] = '/srv/kallithea'

      ini = '/srv/kallithea/kallithea.ini'

      from logging.config import fileConfig

      fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})

      from paste.deploy import loadapp

      application = loadapp('config:' + ini)

- Add the necessary ``WSGI*`` directives to the Apache Virtual Host configuration

  file, like in the example below. Notice that the WSGI dispatch script created

  above is referred to with the ``WSGIScriptAlias`` directive.

  The default locale settings Apache provides for web services are often not

  adequate, with `C` as the default language and `ASCII` as the encoding.

  Instead, use the ``lang`` parameter of ``WSGIDaemonProcess`` to specify a

  suitable locale. See also the :ref:`overview` section and the

  `WSGIDaemonProcess documentation`_.

  Apache will by default run as a special Apache user, on Linux systems

  usually ``www-data`` or ``apache``. If you need to have the repositories

  directory owned by a different user, use the user and group options to

  WSGIDaemonProcess to set the name of the user and group.

  Once again, check that all paths are correctly specified.

  .. code-block:: apache

      WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \

          python-home=/srv/kallithea/venv lang=C.UTF-8

      WSGIProcessGroup kallithea

      WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

      WSGIPassAuthorization On

  Or if using a dispatcher WSGI script with proper virtualenv activation:

  .. code-block:: apache

      WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 lang=en_US.utf8

      WSGIProcessGroup kallithea

      WSGIScriptAlias / /srv/kallithea/dispatch.wsgi

      WSGIPassAuthorization On

Other configuration files

-------------------------

A number of `example init.d scripts`__ can be found in

the ``init.d`` directory of the Kallithea source.

.. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ .

.. _python: http://www.python.org/

.. _Python regular expression documentation: https://docs.python.org/2/library/re.html

.. _Mercurial: https://www.mercurial-scm.org/

.. _Celery: http://celeryproject.org/

.. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html

.. _RabbitMQ: http://www.rabbitmq.com/

.. _Redis: http://redis.io/

.. _mercurial-server: http://www.lshift.net/mercurial-server.html

.. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories

.. _WSGIDaemonProcess documentation: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html

#!/bin/sh -e

########################################

#### THIS IS A DEBIAN INIT.D SCRIPT ####

########################################

### BEGIN INIT INFO

# Provides:          kallithea

# Required-Start:    $all

# Required-Stop:     $all

# Default-Start:     2 3 4 5

# Default-Stop:      0 1 6

# Short-Description: starts instance of kallithea

# Description:       starts instance of kallithea using start-stop-daemon

### END INIT INFO

APP_NAME="kallithea"

APP_HOMEDIR="opt"

APP_PATH="/$APP_HOMEDIR/$APP_NAME"

CONF_NAME="production.ini"

PID_PATH="$APP_PATH/$APP_NAME.pid"

LOG_PATH="$APP_PATH/$APP_NAME.log"

PYTHON_PATH="/$APP_HOMEDIR/$APP_NAME-venv"

RUN_AS="root"

DAEMON="$PYTHON_PATH/bin/gearbox"

DAEMON_OPTS="serve --daemon \

 --user=$RUN_AS \

 --group=$RUN_AS \

 --pid-file=$PID_PATH \

 --log-file=$LOG_PATH -c $APP_PATH/$CONF_NAME"

start() {

  echo "Starting $APP_NAME"

      --start --quiet \

      --pidfile $PID_PATH \

      --user $RUN_AS \

      --exec $DAEMON -- $DAEMON_OPTS

}

stop() {

  echo "Stopping $APP_NAME"

  start-stop-daemon -d $APP_PATH \

      --stop --quiet \

      --pidfile $PID_PATH || echo "$APP_NAME - Not running!"

  if [ -f $PID_PATH ]; then

    rm $PID_PATH

  fi

}

status() {

  echo -n "Checking status of $APP_NAME ... "

  pid=`cat $PID_PATH`

  status=`ps ax | grep $pid | grep -ve grep`

  if [ "$?" -eq 0 ]; then

    echo "running"

  else

    echo "NOT running"

  fi

}

case "$1" in

  status)

   status

    ;;

  start)

    start

    ;;

  stop)

    stop

    ;;

  restart)

    echo "Restarting $APP_NAME"

    ### stop ###

    stop

    wait

    ### start ###

    start

    ;;

  *)

    echo "Usage: $0 {start|stop|restart}"

    exit 1

esac

#!/sbin/runscript

########################################

#### THIS IS AN GENTOO INIT.D SCRIPT####

########################################

APP_NAME="kallithea"

APP_HOMEDIR="username/python_workspace"

APP_PATH="/home/$APP_HOMEDIR/$APP_NAME"

CONF_NAME="production.ini"

PID_PATH="$APP_PATH/$APP_NAME.pid"

LOG_PATH="$APP_PATH/$APP_NAME.log"

PYTHON_PATH="/home/$APP_HOMEDIR/v-env"

RUN_AS="username"

DAEMON="$PYTHON_PATH/bin/gearbox"

DAEMON_OPTS="serve --daemon \

--user=$RUN_AS \

--group=$RUN_AS \

--pid-file=$PID_PATH \

--log-file=$LOG_PATH -c $APP_PATH/$CONF_NAME"

#extra options

opts="${opts} restartdelay"

depend() {

    need nginx

}

start() {

    ebegin "Starting $APP_NAME"

        --start --quiet \

        --pidfile $PID_PATH \

        --user $RUN_AS \

        --exec $DAEMON -- $DAEMON_OPTS

    eend $?

}

stop() {

    ebegin "Stopping $APP_NAME"

    start-stop-daemon -d $APP_PATH \

        --stop --quiet \

        --pidfile $PID_PATH || echo "$APP_NAME - Not running!"

    if [ -f $PID_PATH ]; then

        rm $PID_PATH

    fi

    eend $?

}

restartdelay() {

    #stop()

    echo "sleep3"

    sleep 3

    #start()

}

#!/bin/sh

########################################

#### THIS IS A REDHAT INIT.D SCRIPT ####

########################################

##################################################

#

# Kallithea server startup script

# Recommended default-startup: 2 3 4 5

# Recommended default-stop: 0 1 6

#

##################################################

APP_NAME="kallithea"

# the location of your app

# since this is a web app, it should go in /var/www

APP_PATH="/var/www/$APP_NAME"

CONF_NAME="production.ini"

# write to wherever the PID should be stored, just ensure

# that the user you run gearbox as has the appropriate permissions

# same goes for the log file

PID_PATH="/var/run/kallithea/pid"

LOG_PATH="/var/log/kallithea/kallithea.log"

# replace this with the path to the virtual environment you

# made for Kallithea

PYTHON_PATH="/opt/python_virtualenvironments/kallithea-venv"

RUN_AS="kallithea"

DAEMON="$PYTHON_PATH/bin/gearbox"

DAEMON_OPTS="serve --daemon \

    --user=$RUN_AS \

    --group=$RUN_AS \

    --pid-file=$PID_PATH \

    --log-file=$LOG_PATH -c $APP_PATH/$CONF_NAME"

DESC="kallithea-server"

LOCK_FILE="/var/lock/subsys/$APP_NAME"

# source CentOS init functions

. /etc/init.d/functions

RETVAL=0

remove_pid () {

  rm -f ${PID_PATH}

  rmdir `dirname ${PID_PATH}`

}

ensure_pid_dir () {

  PID_DIR=`dirname ${PID_PATH}`

  if [ ! -d ${PID_DIR} ] ; then

    mkdir -p ${PID_DIR}

    chown -R ${RUN_AS}:${RUN_AS} ${PID_DIR}

    chmod 755 ${PID_DIR}

  fi

}

start_kallithea () {

    ensure_pid_dir

        --user $RUN_AS "$DAEMON $DAEMON_OPTS"

    RETVAL=$?

    [ $RETVAL -eq 0 ] && touch $LOCK_FILE

    return $RETVAL

}

stop_kallithea () {

    if [ -e $LOCK_FILE ]; then

      killproc -p $PID_PATH

      RETVAL=$?

      rm -f $LOCK_FILE

      rm -f $PID_PATH

    else

      RETVAL=1

    fi

    return $RETVAL

}

status_kallithea() {

  if [ -e $LOCK_FILE ]; then

    # exit with non-zero to indicate failure

    RETVAL=1

  else

    RETVAL=0

  fi

  return $RETVAL

}

restart_kallithea () {

    stop_kallithea

    start_kallithea

    RETVAL=$?

}

case "$1" in

  start)

    echo -n $"Starting $DESC: "

    start_kallithea

    echo

    ;;

  stop)

    echo -n $"Stopping $DESC: "

    stop_kallithea

    echo

    ;;

  status)

    status_kallithea

    RETVAL=$?

    if [ ! $RETVAL -eq 0 ]; then

      echo "Kallithea server is running..."

    else

      echo "Kallithea server is stopped."

    fi

    ;;

  restart)

    echo -n $"Restarting $DESC: "

    restart_kallithea

    echo

    ;;

  *)

    echo $"Usage: $0 {start|stop|restart|status}"

    RETVAL=1

    ;;

esac

exit $RETVAL