Changeset - 570a4e40f0bb
Parent rev.
Child rev.
[Not reviewed]
default
0 2 0
Andrew Shadura - 11 years ago 2015-02-25 14:06:27
andrew@shadura.me
docs: improve issue tracker integration docs
2 files changed with 23 insertions and 7 deletions:
docs/changelog.rst
+chmod
docs/setup.rst
23
7
0 comments (0 inline, 0 general)
docs/changelog.rst
Show inline comments
 
modified file chmod 100755 => 100644
docs/setup.rst
Show inline comments
 
modified file chmod 100755 => 100644
 
@@ -354,203 +354,219 @@ Kallithea can use Microsoft Active Direc
 
is done through an LDAP or LDAPS connection to Active Directory.  The
 
following LDAP configuration settings are typical for using Active
 
Directory ::
 

			




	
	
	
		
 
 Base DN              = OU=SBSUsers,OU=Users,OU=MyBusiness,DC=v3sys,DC=local

			




	
	
	
		
 
 Login Attribute      = sAMAccountName

			




	
	
	
		
 
 First Name Attribute = givenName

			




	
	
	
		
 
 Last Name Attribute  = sn

			




	
	
	
		
 
 E-mail Attribute     = mail

			




	
	
	
		
 

			




	
	
	
		
 
All other LDAP settings will likely be site-specific and should be

			




	
	
	
		
 
appropriately configured.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Authentication by container or reverse-proxy

			




	
	
	
		
 
--------------------------------------------

			




	
	
	
		
 

			




	
	
	
		
 
Kallithea supports delegating the authentication

			




	
	
	
		
 
of users to its WSGI container, or to a reverse-proxy server through which all

			




	
	
	
		
 
clients access the application.

			




	
	
	
		
 

			




	
	
	
		
 
When these authentication methods are enabled in Kallithea, it uses the

			




	
	
	
		
 
username that the container/proxy (Apache/Nginx/etc) authenticated and doesn't

			




	
	
	
		
 
perform the authentication itself. The authorization, however, is still done by

			




	
	
	
		
 
Kallithea according to its settings.

			




	
	
	
		
 

			




	
	
	
		
 
When a user logs in for the first time using these authentication methods,

			




	
	
	
		
 
a matching user account is created in Kallithea with default permissions. An

			




	
	
	
		
 
administrator can then modify it using Kallithea's admin interface.

			




	
	
	
		
 
It's also possible for an administrator to create accounts and configure their

			




	
	
	
		
 
permissions before the user logs in for the first time.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Container-based authentication

			




	
	
	
		
 
''''''''''''''''''''''''''''''

			




	
	
	
		
 

			




	
	
	
		
 
In a container-based authentication setup, Kallithea reads the user name from

			




	
	
	
		
 
the ``REMOTE_USER`` server variable provided by the WSGI container.

			




	
	
	
		
 

			




	
	
	
		
 
After setting up your container (see `Apache's WSGI config`_), you'd need

			




	
	
	
		
 
to configure it to require authentication on the location configured for

			




	
	
	
		
 
Kallithea.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Proxy pass-through authentication

			




	
	
	
		
 
'''''''''''''''''''''''''''''''''

			




	
	
	
		
 

			




	
	
	
		
 
In a proxy pass-through authentication setup, Kallithea reads the user name

			




	
	
	
		
 
from the ``X-Forwarded-User`` request header, which should be configured to be

			




	
	
	
		
 
sent by the reverse-proxy server.

			




	
	
	
		
 

			




	
	
	
		
 
After setting up your proxy solution (see `Apache virtual host reverse proxy example`_,

			




	
	
	
		
 
`Apache as subdirectory`_ or `Nginx virtual host example`_), you'd need to

			




	
	
	
		
 
configure the authentication and add the username in a request header named

			




	
	
	
		
 
``X-Forwarded-User``.

			




	
	
	
		
 

			




	
	
	
		
 
For example, the following config section for Apache sets a subdirectory in a

			




	
	
	
		
 
reverse-proxy setup with basic auth::

			




	
	
	
		
 

			




	
	
	
		
 
    <Location /<someprefix> >

			




	
	
	
		
 
      ProxyPass http://127.0.0.1:5000/<someprefix>

			




	
	
	
		
 
      ProxyPassReverse http://127.0.0.1:5000/<someprefix>

			




	
	
	
		
 
      SetEnvIf X-Url-Scheme https HTTPS=1

			




	
	
	
		
 

			




	
	
	
		
 
      AuthType Basic

			




	
	
	
		
 
      AuthName "Kallithea authentication"

			




	
	
	
		
 
      AuthUserFile /home/web/kallithea/.htpasswd

			




	
	
	
		
 
      require valid-user

			




	
	
	
		
 

			




	
	
	
		
 
      RequestHeader unset X-Forwarded-User

			




	
	
	
		
 

			




	
	
	
		
 
      RewriteEngine On

			




	
	
	
		
 
      RewriteCond %{LA-U:REMOTE_USER} (.+)

			




	
	
	
		
 
      RewriteRule .* - [E=RU:%1]

			




	
	
	
		
 
      RequestHeader set X-Forwarded-User %{RU}e

			




	
	
	
		
 
    </Location>

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
.. note::

			




	
	
	
		
 
   If you enable proxy pass-through authentication, make sure your server is

			




	
	
	
		
 
   only accessible through the proxy. Otherwise, any client would be able to

			




	
	
	
		
 
   forge the authentication header and could effectively become authenticated

			




	
	
	
		
 
   using any account of their liking.

			




	
	
	
		
 

			




	
	
	
		
 
Integration with Issue trackers

			




	
	
	
		
 
-------------------------------

			




	
	
	
		
 

			




	
	
	
		
 
Kallithea provides a simple integration with issue trackers. It's possible

			




	
	
	
		
 
to define a regular expression that will fetch issue id stored in commit

			




	
	
	
		
 
messages and replace that with an url to this issue. To enable this simply

			




	
	
	
		
 
uncomment following variables in the ini file::

			




	
	
	
		
 

			




	
	
	
		
 
    issue_pat = (?:^#|\s#)(\w+)

			




	
	
	
		
 
    issue_server_link = https://myissueserver.com/{repo}/issue/{id}

			




	
	
	
		
 
    issue_prefix = #

			




	
	
	
		
 

			




	
	
	
		
 
`issue_pat` is the regular expression that will fetch issues from commit messages.

			




	
	
	
		
 
Default regex will match issues in format of #<number> eg. #300.

			




	
	
	
		
 
`issue_pat` is the regular expression describing which strings in

			




	
	
	
		
 
commit messages will be treated as issue references. A match group in

			




	
	
	
		
 
parentheses should be used to specify the actual issue id.

			




	
	
	
		
 

			




	
	
	
		
 
The default expression matches issues in the format '#<number>', e.g. '#300'.

			




	
	
	
		
 

			




	
	
	
		
 
Matched issues will be replace with the link specified as `issue_server_link`

			




	
	
	
		
 
{id} will be replaced with issue id, and {repo} with repository name.

			




	
	
	
		
 
Since the # is striped `issue_prefix` is added as a prefix to url.

			




	
	
	
		
 
`issue_prefix` can be something different than # if you pass

			




	
	
	
		
 
ISSUE- as issue prefix this will generate an url in format::

			




	
	
	
		
 
Matched issues are replaced with the link specified as `issue_server_link`

			




	
	
	
		
 
{id} is replaced with issue id, and {repo} with repository name.

			




	
	
	
		
 
Since the # is stripped away, `issue_prefix` is prepended to the link text.

			




	
	
	
		
 
`issue_prefix` doesn't necessarily need to be #: if you set issue

			




	
	
	
		
 
prefix to ISSUE- this will generate a URL in format::

			




	
	
	
		
 

			




	
	
	
		
 
  <a href="https://myissueserver.com/example_repo/issue/300">ISSUE-300</a>

			




	
	
	
		
 

			




	
	
	
		
 
If needed, more than one pattern can be specified by appending a unique suffix to

			




	
	
	
		
 
the variables. For example::

			




	
	
	
		
 

			




	
	
	
		
 
    issue_pat_wiki = (?:wiki-)(.+)

			




	
	
	
		
 
    issue_server_link_wiki = https://mywiki.com/{id}

			




	
	
	
		
 
    issue_prefix_wiki = WIKI-

			




	
	
	
		
 

			




	
	
	
		
 
With these settings, wiki pages can be referenced as wiki-some-id, and every

			




	
	
	
		
 
such reference will be transformed into::

			




	
	
	
		
 

			




	
	
	
		
 
  <a href="https://mywiki.com/some-id">WIKI-some-id</a>

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Hook management

			




	
	
	
		
 
---------------

			




	
	
	
		
 

			




	
	
	
		
 
Hooks can be managed in similar way to this used in .hgrc files.

			




	
	
	
		
 
To access hooks setting click `advanced setup` on Hooks section of Mercurial

			




	
	
	
		
 
Settings in Admin.

			




	
	
	
		
 

			




	
	
	
		
 
There are 4 built in hooks that cannot be changed (only enable/disable by

			




	
	
	
		
 
checkboxes on previos section).

			




	
	
	
		
 
To add another custom hook simply fill in first section with

			




	
	
	
		
 
<name>.<hook_type> and the second one with hook path. Example hooks

			




	
	
	
		
 
can be found at *kallithea.lib.hooks*.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Changing default encoding

			




	
	
	
		
 
-------------------------

			




	
	
	
		
 

			




	
	
	
		
 
By default Kallithea uses utf8 encoding, starting from 1.3 series this

			




	
	
	
		
 
can be changed, simply edit default_encoding in .ini file to desired one.

			




	
	
	
		
 
This affects many parts in Kallithea including committers names, filenames,

			




	
	
	
		
 
encoding of commit messages. In addition Kallithea can detect if `chardet`

			




	
	
	
		
 
library is installed. If `chardet` is detected Kallithea will fallback to it

			




	
	
	
		
 
when there are encode/decode errors.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Setting Up Celery

			




	
	
	
		
 
-----------------

			




	
	
	
		
 

			




	
	
	
		
 
Since version 1.1 celery is configured by the Kallithea ini configuration files.

			




	
	
	
		
 
Simply set use_celery=true in the ini file then add / change the configuration

			




	
	
	
		
 
variables inside the ini file.

			




	
	
	
		
 

			




	
	
	
		
 
Remember that the ini files use the format with '.' not with '_' like celery.

			




	
	
	
		
 
So for example setting `BROKER_HOST` in celery means setting `broker.host` in

			




	
	
	
		
 
the config file.

			




	
	
	
		
 

			




	
	
	
		
 
In order to start using celery run::

			




	
	
	
		
 

			




	
	
	
		
 
 paster celeryd <configfile.ini>

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
.. note::

			




	
	
	
		
 
   Make sure you run this command from the same virtualenv, and with the same

			




	
	
	
		
 
   user that Kallithea runs.

			




	
	
	
		
 

			




	
	
	
		
 
HTTPS support

			




	
	
	
		
 
-------------

			




	
	
	
		
 

			




	
	
	
		
 
Kallithea will by default generate URLs based on the WSGI environment.

			




	
	
	
		
 

			




	
	
	
		
 
Alternatively, you can use some special configuration settings to control

			




	
	
	
		
 
directly which scheme/protocol Kallithea will use when generating URLs:

			




	
	
	
		
 

			




	
	
	
		
 
- With `https_fixup = true`, the scheme will be taken from the HTTP_X_URL_SCHEME,

			




	
	
	
		
 
  HTTP_X_FORWARDED_SCHEME or HTTP_X_FORWARDED_PROTO HTTP header (default 'http').

			




	
	
	
		
 
- With `force_https = true` the default will be 'https'.

			




	
	
	
		
 
- With `use_htsts = true`, it will set Strict-Transport-Security when using https.

			




	
	
	
		
 

			




	
	
	
		
 
Nginx virtual host example

			




	
	
	
		
 
--------------------------

			




	
	
	
		
 

			




	
	
	
		
 
Sample config for nginx using proxy::

			




	
	
	
		
 

			




	
	
	
		
 
    upstream rc {

			




	
	
	
		
 
        server 127.0.0.1:5000;

			




	
	
	
		
 
        # add more instances for load balancing

			




	
	
	
		
 
        #server 127.0.0.1:5001;

			




	
	
	
		
 
        #server 127.0.0.1:5002;

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
    ## gist alias

			




	
	
	
		
 
    server {

			




	
	
	
		
 
       listen          443;

			




	
	
	
		
 
       server_name     gist.myserver.com;

			




	
	
	
		
 
       access_log      /var/log/nginx/gist.access.log;

			




	
	
	
		
 
       error_log       /var/log/nginx/gist.error.log;

			




	
	
	
		
 

			




	
	
	
		
 
       ssl on;

			




	
	
	
		
 
       ssl_certificate     gist.your.kallithea.server.crt;

			




	
	
	
		
 
       ssl_certificate_key gist.your.kallithea.server.key;

			




	
	
	
		
 

			




	
	
	
		
 
       ssl_session_timeout 5m;

			




	
	
	
		
 

			




	
	
	
		
 
       ssl_protocols SSLv3 TLSv1;

			




	
	
	
		
 
       ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;

			




	
	
	
		
 
       ssl_prefer_server_ciphers on;

			




	
	
	
		
 

			




	
	
	
		
 
       rewrite ^/(.+)$ https://your.kallithea.server/_admin/gists/$1;

			




	
	
	
		
 
       rewrite (.*)    https://your.kallithea.server/_admin/gists;

			




	
	
	
		
 
    }

			




	
	
	
		
 

			




	
	
	
		
 
    server {

			




	
	
	
		
 
       listen          443;

			




	
	
	
		
 
       server_name     your.kallithea.server;

			




	
	
	
		
 
       access_log      /var/log/nginx/kallithea.access.log;

			




	
	
	
		
 
       error_log       /var/log/nginx/kallithea.error.log;

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.