kallithea Files · docs/usage/troubleshooting.rst

Files @ 070b8c39736f

Branch filter:

Location: kallithea/docs/usage/troubleshooting.rst

070b8c39736f 2.6 KiB text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw

Mads Kiilerich

auth: only use X- headers instead of wsgi.url_scheme if explicitly told so in url_scheme_header - drop https_fixup setting

Before, several X- headers would be trusted to overrule the actual connection
protocol (http or https) seen by the Kallithea WSGI server. That was mainly
when https_fixup were set, but it incorrectly also kicked in if https_fixup or
use_htsts were configured. The ambiguity of which headers were used also made
it less reliable. The proxy server not only had to be configured to set one of
the headers correctly, it also had to make sure other headers were not passed
on from the client. It would thus in some cases be possible for clients to fake
the connection scheme, and thus potentially be possible to bypass restrictions
configured in Kallithea.

Fixed by making it configurable which WSGI environment variable to use for the
protocol. Users can configure url_scheme_header to for example
HTTP_X_FORWARDED_PROTO instead of using the default wsgi.url_scheme .

This change is a bit similar to what is going on in the https_fixup middleware,
but is doing a bit more of what for example is happening in similar code in
werkzeug/middleware/proxy_fix.py .

The semantics of the old https_fixup were unsafe, so it has been dropped.
Admins that are upgrading must change their configuration to use the new
url_scheme_header option.

.. _troubleshooting:

===============
Troubleshooting
===============

:Q: **Missing static files?**
:A: Make sure either to set the ``static_files = true`` in the .ini file or
   double check the root path for your http setup. It should point to
   for example:
   ``/home/my-virtual-python/lib/python3.7/site-packages/kallithea/public``

|

:Q: **Can't install celery/rabbitmq?**
:A: Don't worry. Kallithea works without them, too. No extra setup is required.
    Try out the great Celery docs for further help.

|

:Q: **Long lasting push timeouts?**
:A: Make sure you set a longer timeout in your proxy/fcgi settings. Timeouts
    are caused by the http server and not Kallithea.

|

:Q: **Large pushes timeouts?**
:A: Make sure you set a proper ``max_body_size`` for the http server. Very often
    Apache, Nginx, or other http servers kill the connection due to to large
    body.

|

:Q: **Apache doesn't pass basicAuth on pull/push?**
:A: Make sure you added ``WSGIPassAuthorization true``.

|

:Q: **Git fails on push/pull?**
:A: Make sure you're using a WSGI http server that can handle chunked encoding
    such as ``waitress`` or ``gunicorn``.

|

:Q: **How can I use hooks in Kallithea?**
:A: If using Mercurial, use *Admin > Settings > Hooks* to install
    global hooks. Inside the hooks, you can use the current working directory to
    control different behaviour for different repositories.

    If using Git, install the hooks manually in each repository, for example by
    creating a file ``gitrepo/hooks/pre-receive``.
    Note that Kallithea uses the ``post-receive`` hook internally.
    Kallithea will not work properly if another post-receive hook is installed instead.
    You might also accidentally overwrite your own post-receive hook with the Kallithea hook.
    Instead, put your post-receive hook in ``post-receive-custom``, and the Kallithea hook will invoke it.

    You can also use Kallithea-extensions to connect to callback hooks,
    for both Git and Mercurial.

|

:Q: **Kallithea is slow for me, how can I make it faster?**
:A: See the :ref:`performance` section.

|

:Q: **UnicodeDecodeError on Apache mod_wsgi**
:A: Please read: https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/#if-you-get-a-unicodeencodeerror.

|

:Q: **Requests hanging on Windows**
:A: Please try out with disabled Antivirus software, there are some known problems with Eset Antivirus. Make sure
    you have installed the latest Windows patches (especially KB2789397).


.. _python: http://www.python.org/
.. _mercurial: https://www.mercurial-scm.org/
.. _celery: http://celeryproject.org/
.. _rabbitmq: http://www.rabbitmq.com/
.. _python-ldap: http://www.python-ldap.org/