HG 可以根据 allow_push 和allow_read对账户进行控制, 但是用户认证, 我们往往在nginx 的auth basic来做. 这个时候, proxy 到hgweb 无法识别账户
HG 可以根据 allow_push 和allow_read对账户进行控制, 但是用户认证, 我们往往在nginx 的auth basic来做.
这个时候, proxy 到hgweb 无法识别账户. 但是我们可以用fcgi的方式进行设置.
以fcgi方式运行hg 需要额外 flup支持, 并且只有fcgi模式可选. 脚本如下:
#!/usr/bin/python## An example FastCGI script for use with flup, edit as necessary# Path to repo or hgweb config to serve (see 'hg help hgweb')config = "/var/hg/config/hgweb.config"# Uncomment and adjust if Mercurial is not installed system-wide# (consult "installed modules" path from 'hg debuginstall'):#import sys; sys.path.insert(0, "/path/to/python/lib")# Uncomment to send python tracebacks to the browser if an error occurs:#import cgitb; cgitb.enable()from mercurial import demandimport; demandimport.enable()from mercurial.hgweb import hgwebfrom flup.server.fcgi import WSGIServerapplication = hgweb(config)WSGIServer(application,bindAddress=('/var/hg/fcgi.sock')).run()#WSGIServer(application).run()
对应 nginx 配置:
location / {
#auth_basic "Restricted";
#auth_basic_user_file /etc/nginx/protected.pass;
#Use flup to support Fastcgi
fastcgi_pass unix:/var/hg/fcgi.sock;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_NAME /;
fastcgi_param REMOTE_USER $remote_user;
}
则可以通过nginx 来做authenciation, 而hg 根据访问列表来做authorization 控制.
需要特别注意红色部分, 否则hg 的链接会计算错误.
.
