kallithea Changeset - 5a47ce11427c

Changeset - 5a47ce11427c

Parent rev.

Child rev.

[Not reviewed]

Merge default

0 3 0

Mads Kiilerich - 10 years ago 2016-04-04 23:34:30
madski@unity3d.com

Merge stable

3 files changed with 43 insertions and 16 deletions:

docs/installation_iis.rst

docs/setup.rst

kallithea/controllers/api/__init__.py

0 comments (0 inline, 0 general)

docs/installation_iis.rst

➞

Show inline comments

@@ @@ -6,12 +6,23 @@ Installing Kallithea on Microsoft Intern @@
 The following is documented using IIS 7/8 terminology. There should be nothing
 preventing you from applying this on IIS 6 well.
 .. note::
     Installing Kallithea under IIS can enable Single Sign-On to the Kallithea
     web interface from web browsers that can authenticate to the web server.
     (As an alternative to IIS, SSO is also possible with for example Apache and
     mod_sspi.)
     Mercurial and Git do however by default not support SSO on the client side
     and will still require some other kind of authentication.
     (An extension like hgssoauthentication_ might solve that.)
 .. note::
     For the best security, it is strongly recommended to only host the site over
     a secure connection, e.g. using TLS.
 Prerequisites
 -------------
@@ @@ -45,37 +56,42 @@ to run on the website and neither will K @@
 ISAPI handler
 ^^^^^^^^^^^^^
 The ISAPI handler can be generated using::
-    paster install-iis my.ini --root=/
+    paster install-iis my.ini --virtualdir=/
 This will generate a ``dispatch.py`` file in the current directory that contains
 the necessary components to finalize an installation into IIS. Once this file
 has been generated, it is necessary to run the following command due to the way
 that ISAPI-WSGI is made::
     python2 dispatch.py install
 This accomplishes two things: generating an ISAPI compliant DLL file,
 ``_dispatch.dll``, and installing a script map handler into IIS for the
-``--root`` specified above pointing to ``_dispatch.dll``.
+``--virtualdir`` specified above pointing to ``_dispatch.dll``.
 The ISAPI handler is registered to all file extensions, so it will automatically
-be the one handling all requests to the specified root. When the website starts
+be the one handling all requests to the specified virtual directory. When the website starts
 the ISAPI handler, it will start a thread pool managed wrapper around the paster
 middleware WSGI handler that Kallithea runs within and each HTTP request to the
 site will be processed through this logic henceforth.
 Authentication with Kallithea using IIS authentication modules
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 The recommended way to handle authentication with Kallithea using IIS is to let
 IIS handle all the authentication and just pass it to Kallithea.
 .. note::
     As an alternative without SSO, you can also use LDAP authentication with
     Active Directory, see :ref:`ldap-setup`.
 To move responsibility into IIS from Kallithea, we need to configure Kallithea
 to let external systems handle authentication and then let Kallithea create the
 user automatically. To do this, access the administration's authentication page
 and enable the ``kallithea.lib.auth_modules.auth_container`` plugin. Once it is
 added, enable it with the ``REMOTE_USER`` header and check *Clean username*.
 Finally, save the changes on this page.
@@ @@ -105,6 +121,9 @@ type the following in a console window:: @@
     python2 -m win32traceutil
 and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea
 application itself) that are uncaught, will be printed here complete with stack
 traces, making it a lot easier to identify issues.
 .. _hgssoauthenticatio: https://bitbucket.org/domruf/hgssoauthentication

docs/setup.rst

➞

Show inline comments

@@ @@ -134,12 +134,13 @@ modification date of each file and add i @@
 available. The indexing daemon checks for any removed files and removes them
 from index.
 If you want to rebuild the index from scratch, you can use the ``-f`` flag as above,
 or in the admin panel you can check the "build from scratch" checkbox.
 .. _ldap-setup:
 Setting up LDAP support
 -----------------------
 Kallithea supports LDAP authentication. In order
 to use LDAP, you have to install the python-ldap_ package. This package is
@@ @@ -764,40 +765,49 @@ that, you'll need to: @@
     aptitude install libapache2-mod-wsgi
 - Enable mod_wsgi::
     a2enmod wsgi
 - Add global Apache configuration to tell mod_wsgi that Python only will be
   used in the WSGI processes and shouldn't be initialized in the Apache
   processes::
     WSGIRestrictEmbedded On
 - Create a wsgi dispatch script, like the one below. Make sure you
   check that the paths correctly point to where you installed Kallithea
   and its Python Virtual Environment.
 - Enable the ``WSGIScriptAlias`` directive for the WSGI dispatch script,
   as in the following example. Once again, check the paths are
   correctly specified.
 Here is a sample excerpt from an Apache Virtual Host configuration file:
 .. code-block:: apache
     WSGIDaemonProcess kallithea \
         processes=1 threads=4 \
         python-path=/srv/kallithea/venv/lib/python2.7/site-packages
         threads=4 \
         python-home=/srv/kallithea/venv
     WSGIProcessGroup kallithea
     WSGIScriptAlias / /srv/kallithea/dispatch.wsgi
     WSGIPassAuthorization On
 Or if using a dispatcher WSGI script with proper virtualenv activation:
 .. code-block:: apache
     WSGIDaemonProcess kallithea processes=1 threads=4
     WSGIDaemonProcess kallithea threads=4
     WSGIProcessGroup kallithea
     WSGIScriptAlias / /srv/kallithea/dispatch.wsgi
     WSGIPassAuthorization On
 .. note::
    When running apache as root, please make sure it doesn't run Kallithea as
    root, for examply by adding: ``user=www-data group=www-data`` to the configuration.
 Apache will by default run as a special Apache user, on Linux systems
 usually ``www-data`` or ``apache``. If you need to have the repositories
 directory owned by a different user, use the user and group options to
 WSGIDaemonProcess to set the name of the user and group.
 Example WSGI dispatch script:
 .. code-block:: python
     import os
@@ @@ -807,17 +817,17 @@ Example WSGI dispatch script: @@
     # sometimes it's needed to set the curent dir
     os.chdir('/srv/kallithea/')
     import site
     site.addsitedir("/srv/kallithea/venv/lib/python2.7/site-packages")
-    from paste.deploy import loadapp
+    ini = '/srv/kallithea/my.ini'
     from paste.script.util.logging_config import fileConfig
     fileConfig('/srv/kallithea/my.ini')
     application = loadapp('config:/srv/kallithea/my.ini')
     fileConfig(ini)
     from paste.deploy import loadapp
     application = loadapp('config:' + ini)
 Or using proper virtualenv activation:
 .. code-block:: python
     activate_this = '/srv/kallithea/venv/bin/activate_this.py'

kallithea/controllers/api/__init__.py

➞

Show inline comments

@@ @@ -117,13 +117,12 @@ class JSONRPCController(WSGIController): @@
         else:
             length = environ['CONTENT_LENGTH'] or 0
             length = int(environ['CONTENT_LENGTH'])
             log.debug('Content-Length: %s', length)
         if length == 0:
             log.debug("Content-Length is 0")
             return jsonrpc_error(retid=self._req_id,
                                  message="Content-Length is 0")
         raw_body = environ['wsgi.input'].read(length)
         try:
@@ @@ -236,14 +235,13 @@ class JSONRPCController(WSGIController): @@
         def change_content(new_status, new_headers, new_exc_info=None):
             status.append(new_status)
             headers.extend(new_headers)
             exc_info.append(new_exc_info)
         output = WSGIController.__call__(self, environ, change_content)
         output = list(output)
         headers.append(('Content-Length', str(len(output[0]))))
         output = list(output) # expand iterator - just to ensure exact timing
         replace_header(headers, 'Content-Type', 'application/json')
         start_response(status[0], headers, exc_info[0])
         log.info('IP: %s Request to %s time: %.3fs' % (
             self._get_ip_addr(environ),
             safe_unicode(_get_access_path(environ)), time.time() - start)
+        )

0 comments (0 inline, 0 general)