.. _setup:
Setup
=====
Setting up RhodeCode
--------------------------
--------------------
First, you will need to create a RhodeCode configuration file. Run the
following command to do this::
paster make-config RhodeCode production.ini
- This will create the file `production.ini` in the current directory. This
configuration file contains the various settings for RhodeCode, e.g proxy
port, email settings, usage of static files, cache, celery settings and
logging.
Next, you need to create the databases used by RhodeCode. I recommend that you
use sqlite (default) or postgresql. If you choose a database other than the
default ensure you properly adjust the db url in your production.ini
configuration file to use this other database. Create the databases by running
the following command::
paster setup-app production.ini
This will prompt you for a "root" path. This "root" path is the location where
RhodeCode will store all of its repositories on the current machine. After
entering this "root" path ``setup-app`` will also prompt you for a username
and password for the initial admin account which ``setup-app`` sets up for you.
- The ``setup-app`` command will create all of the needed tables and an admin
account. When choosing a root path you can either use a new empty location,
or a location which already contains existing repositories. If you choose a
location which contains existing repositories RhodeCode will simply add all
of the repositories at the chosen location to it's database. (Note: make
sure you specify the correct path to the root).
- Note: the given path for mercurial_ repositories **must** be write accessible
for the application. It's very important since the RhodeCode web interface
will work without write access, but when trying to do a push it will
eventually fail with permission denied errors unless it has write access.
You are now ready to use RhodeCode, to run it simply execute::
paster serve production.ini
- This command runs the RhodeCode server. The web app should be available at the
127.0.0.1:5000. This ip and port is configurable via the production.ini
file created in previous step
- Use the admin account you created above when running ``setup-app`` to login
to the web app.
- The default permissions on each repository is read, and the owner is admin.
Remember to update these if needed.
- In the admin panel you can toggle ldap, anonymous, permissions settings. As
well as edit more advanced options on users and repositories
Try copying your own mercurial repository into the "root" directory you are
using, then from within the RhodeCode web application choose Admin >
repositories. Then choose Add New Repository. Add the repository you copied
into the root. Test that you can browse your repository from within RhodeCode
and then try cloning your repository from RhodeCode with::
hg clone http://127.0.0.1:5000/<repository name>
where *repository name* is replaced by the name of your repository.
Using RhodeCode with SSH
------------------------
RhodeCode currently only hosts repositories using http and https. (The addition
of ssh hosting is a planned future feature.) However you can easily use ssh in
parallel with RhodeCode. (Repository access via ssh is a standard "out of
the box" feature of mercurial_ and you can use this to access any of the
repositories that RhodeCode is hosting. See PublishingRepositories_)
RhodeCode repository structures are kept in directories with the same name
as the project. When using repository groups, each group is a subdirectory.
This allows you to easily use ssh for accessing repositories.
In order to use ssh you need to make sure that your web-server and the users
login accounts have the correct permissions set on the appropriate directories.
(Note that these permissions are independent of any permissions you have set up
using the RhodeCode web interface.)
If your main directory (the same as set in RhodeCode settings) is for example
set to **/home/hg** and the repository you are using is named `rhodecode`, then
to clone via ssh you should run::
hg clone ssh://user@server.com/home/hg/rhodecode
Using other external tools such as mercurial-server_ or using ssh key based
authentication is fully supported.
Note: In an advanced setup, in order for your ssh access to use the same
permissions as set up via the RhodeCode web interface, you can create an
authentication hook to connect to the rhodecode db and runs check functions for
permissions against that.
Setting up Whoosh full text search
----------------------------------
Starting from version 1.1 the whoosh index can be build by using the paster
@@ -279,194 +279,194 @@ LDAP Filter : optional
LDAP Search Scope : required
This limits how far LDAP will search for a matching object.
BASE
Only allows searching of `Base DN`_ and is usually not what you
want.
ONELEVEL
Searches all entries under `Base DN`_, but not Base DN itself.
SUBTREE
Searches all entries below `Base DN`_, but not Base DN itself.
When using SUBTREE `LDAP Filter`_ is useful to limit object
location.
.. _Login Attribute:
Login Attribute : required
The LDAP record attribute that will be matched as the USERNAME or
ACCOUNT used to connect to RhodeCode. This will be added to `LDAP
Filter`_ for locating the User object. If `LDAP Filter`_ is specified as
"LDAPFILTER", `Login Attribute`_ is specified as "uid" and the user has
connected as "jsmith" then the `LDAP Filter`_ will be augmented as below
::
(&(LDAPFILTER)(uid=jsmith))
.. _ldap_attr_firstname:
First Name Attribute : required
The LDAP record attribute which represents the user's first name.
.. _ldap_attr_lastname:
Last Name Attribute : required
The LDAP record attribute which represents the user's last name.
.. _ldap_attr_email:
Email Attribute : required
The LDAP record attribute which represents the user's email address.
If all data are entered correctly, and python-ldap_ is properly installed
users should be granted access to RhodeCode with ldap accounts. At this
time user information is copied from LDAP into the RhodeCode user database.
This means that updates of an LDAP user object may not be reflected as a
user update in RhodeCode.
If You have problems with LDAP access and believe You entered correct
information check out the RhodeCode logs, any error messages sent from LDAP
will be saved there.
Active Directory
''''''''''''''''
RhodeCode can use Microsoft Active Directory for user authentication. This
is done through an LDAP or LDAPS connection to Active Directory. The
following LDAP configuration settings are typical for using Active
Directory ::
Base DN = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local
Login Attribute = sAMAccountName
First Name Attribute = givenName
Last Name Attribute = sn
E-mail Attribute = mail
All other LDAP settings will likely be site-specific and should be
appropriately configured.
Setting Up Celery
-----------------
Since version 1.1 celery is configured by the rhodecode ini configuration files.
Simply set use_celery=true in the ini file then add / change the configuration
variables inside the ini file.
Remember that the ini files use the format with '.' not with '_' like celery.
So for example setting `BROKER_HOST` in celery means setting `broker.host` in
the config file.
In order to start using celery run::
paster celeryd <configfile.ini>
.. note::
Make sure you run this command from the same virtualenv, and with the same
user that rhodecode runs.
HTTPS support
-------------
There are two ways to enable https:
- Set HTTP_X_URL_SCHEME in your http server headers, than rhodecode will
recognize this headers and make proper https redirections
- Alternatively, set the `force_https = true` in the ini configuration to force
using https, no headers are needed than to enable https
- Alternatively, change the `force_https = true` flag in the ini configuration
to force using https, no headers are needed than to enable https
Nginx virtual host example
Sample config for nginx using proxy::
server {
listen 80;
server_name hg.myserver.com;
access_log /var/log/nginx/rhodecode.access.log;
error_log /var/log/nginx/rhodecode.error.log;
location / {
root /var/www/rhodecode/rhodecode/public/;
if (!-f $request_filename){
proxy_pass http://127.0.0.1:5000;
}
#this is important if you want to use https !!!
proxy_set_header X-Url-Scheme $scheme;
include /etc/nginx/proxy.conf;
Here's the proxy.conf. It's tuned so it will not timeout on long
pushes or large pushes::
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy-host $proxy_host;
client_max_body_size 400m;
client_body_buffer_size 128k;
proxy_buffering off;
proxy_connect_timeout 7200;
proxy_send_timeout 7200;
proxy_read_timeout 7200;
proxy_buffers 8 32k;
Also, when using root path with nginx you might set the static files to false
in the production.ini file::
[app:main]
use = egg:rhodecode
full_stack = true
static_files = false
lang=en
cache_dir = %(here)s/data
In order to not have the statics served by the application. This improves speed.
Apache virtual host example
---------------------------
Here is a sample configuration file for apache using proxy::
<VirtualHost *:80>
ServerName hg.myserver.com
ServerAlias hg.myserver.com
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
#important !
#Directive to properly generate url (clone url) for pylons
ProxyPreserveHost On
#rhodecode instance
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
#to enable https use line below
#SetEnvIf X-Url-Scheme https HTTPS=1
</VirtualHost>
Additional tutorial
http://wiki.pylonshq.com/display/pylonscookbook/Apache+as+a+reverse+proxy+for+Pylons
Apache as subdirectory
----------------------
Apache subdirectory part::
<Location /<someprefix> >
ProxyPass http://127.0.0.1:5000/<someprefix>
ProxyPassReverse http://127.0.0.1:5000/<someprefix>
SetEnvIf X-Url-Scheme https HTTPS=1
</Location>
Status change: