Distributed version control system mercurial (2): Web Server SETUP

For more information about the basic functions of mercurial, see distributed version control system mercurial (1): Introduction to the basic functions of mercurial

 

So far, there is no mature mercurial web server software, so if you need to access mercurial's data warehouse through the Web, you need to manually configure it step by step. This process is cumbersome, it should be said that this is a big problem between mercurial and SVN. However, compared with a very good tool that can provide services to itself every day, it is not a hassle.

 

Note: The installation procedure described below is only for Web servers. Each client simply needs to install tortoisehg with mercirual.

 

1. Environment and version

I used mercurial 2.1 with tortoisehg2.3.0. the Python version used by mercurial is 2.6.6.
The operating system is Windows Server 2008.

2. materials required for installation.

A) tortoisehg 2.3.0 (http://mercurial.selenic.com/downloads)

B) mercurial 2.1 Python 2.6 package-x86 Windows
Http://mercurial.selenic.com/downloads)

C) Python 2.6.6 (http://www.python.org/ftp/python/2.6.6/python-2.6.6.msi)

D) Iis URL rewrite component (http://www.iis.net/download/URLRewrite) (This component can only be used for iis7)

3. first install python2.6.6, then install mercurial's Python package, then install tortoisehg, and finally install the URL rewrite component. of course, the installation is not necessarily in this order, but if you do not know the order of installation, you can refer to my installation order.

4. Create a data warehouse directory on disk D, for example, D: \ mercurial. All repositories will be located under this directory.

5. Create an application in IIS and name it Hg (of course, whatever name you can call), point its physical path to D: \ mercurial, and edit its handler mappings ,:

Double-click handlers mappings. A actions list is displayed on the right. Click Add managed handler. A new window is displayed, as shown in the following figure:

6. Create a new text file under D: \ mercurial and rename it to test. cgi (note to modify it together with the extension). edit the file as follows:

Print 'status: 200 OK'

Print 'content-type: text/html'

Print

Print '<HTML> <body>

Save and browse test. cgi in IIS:

URL: http: // localhost/Hg/test. cgi

Interface:

If you can see the above interface, it indicates that the initial configuration is successful. Continue.

If an HTTP Error 404.2-not found is prompted

The "ISAPI and CGI restrictions" list settings on the Web server cannot provide the page you requested

Open the IIS manager, go to the server level, and find ISAPI and CGI restrictions in its function list ,:

Double-click to open it. The following lines must exist:

If it does not exist, click "add" on the right and enter the following information:

If it already exists but is disabled, enable it.

After that, open test. cgi again. The words it works should be displayed.

7. Create a text file under the D: \ mercurial directory, rename it as hgweb. cgi, and edit the content as follows:

#! /Usr/bin/ENV Python

#

# An example hgweb CGI script, edit as necessary

# See also http://mercurial.selenic.com/wiki/PublishingRepositories

# Path to repo or hgweb config to serve (see 'Hg help hgweb ')

Config = "D:/mercurial/hgweb. config"

# Uncomment and adjust if mercurial is not installed system-wide:

# Import sys; SYS. Path. insert (0, "/path/to/Python/lib ")

# Uncomment to send Python tracebacks to the browser if an error occurs:

# Import cgitb; cgitb. Enable ()

From mercurial import demandimport; demandimport. Enable ()

From mercurial. hgweb import hgweb, wsgicgi

Application = hgweb (config)

Wsgicgi. Launch (Application)

Create a text file under D: \ mercurial and rename it as hgweb. config. You can view http: // localhost/Hg/hgweb without writing any content. CGI. the following page should be displayed:

If the message "unexpected indent" is displayed, open the file and delete the spaces in front of each row.

8. the URL contains a hgweb. CGI is a very unpleasant thing, so the purpose of this step is to eliminate hgweb. CGI words. skip this step if you don't think it is necessary.

When you create an application in IIS, IIS automatically creates a web under the D: \ mercurial directory. config File, open this file in any text editor, in the system. add a rewrite section under the Handlers section under the webserver section. The final file content is as follows:

<?xml version="1.0" encoding="utf-8" ?><configuration>  <system.webServer>    


Open hgweb. config and write the following content:
[Web]
Baseurl =/HG
In this case, you can try to browse http: // localhost/HG. The result should be exactly the same as http: // localhost/Hg/hgweb. cgi.
9. Test anonymous accounts
Now, create a directory named test under D: \ mercurial and execute the command Hg Init (or the create repository here command of tortoisehg) in this directory to make it an HG repository. then browse http: // localhost/HG and you will see that the test project is listed:

In this case, you can clone the test project to another location. For example, run the following command in the console:
Hg clone http: // localhost/Hg/test D: \ test
Clone the test repository to D: \ test, create a text file under D: \ test, add & commit, and execute Hg push under D: \ test, mercurial returns an error message: SSL required.
Because SSL is not enabled at this time, although clone is allowed, mercurial does not allow push. There is a simple way to temporarily disable SSL check and enable hgweb. in the web section, add the push_ssl = false configuration, as shown below:
[Web]
Baseurl =/HG
Push_ssl = false
Then try push again. Mercurial will return another error message, ABORT: Authorization failed. because currently anonymous users are connected and anonymous users are prohibited from pushing by default. in the web section of config, add a configuration command: allow_push = *, as shown below:
[Web]
Allow_push = *
Baseurl =/HG
Push_ssl = false
Now try push again and it will be successful.
10. as a matter of fact, if security and permission management are not taken into account, we should say that mercurial's Web Server can be officially run, but in actual applications, security is impossible without consideration, therefore, we will gradually configure security and permission-related settings. first, enable SSL.
Open IIS and click to select the top-level server node. It has a server certificates option ,:

Double-click the server certificates option and Click create self-signed certificate in the actions list on the right. A small window is displayed, prompting you to enter a certificate name, such as hgtemp. OK, the certificate can be generated, as shown in:
 
Right-click the website node and choose edit bindings from the context menu ,:
 
This is where to edit the port to which the website is bound. By default, there should be a port 80 binding. Click Add to add a port 443, and then click Add to fill in the following table:
 
In addition, it is best to delete the original port 80 so that the website will not be allowed to access port 80 in the future, and it is necessary to use a safer https: // prefix for access.
You can also allow port 80 at the website level, but only configure the virtual directory Hg to require SSL.
Now, edit hgweb. config and delete push_ssl = false, indicating that the website must use SSL for the push action.
Run the clone command on the client first. Mercurial returns an error message. mercurial is very untrusted of the Self-signed certificate we just created. It does not recognize this certificate, however, there is an-insecure option that can be used to solve this problem. Execute the following command in the console:
 
The clone command can be successfully executed, but a warning will be returned. This warning is very important. It contains the fingerprint information and copies the fingerprint in the above warning (77: A4 ...... 23: 96), find the root directory of the current user (C: \ Users \ user_name), there should be a mercurial. INI, open the INI file in any text editor, and modify the file according to the following content:
[UI]
Username = Marvin Yan <MarvinYan@xxx.com>
[Hostfingerprints]
Localhost = 77: A4: 29: 03: BF: 27: 2b: BF: 83: D1: 7f: 30: 79: B7: 09: F6: 79: Cf: 23: 96
[Web]
Name =
The UI section should be configured after mercurial is installed. This is the mercurial user name and one of the most important basic configurations. Format: User Name <email address>.
There is also a web section. You do not need to write anything to the right of the name. Let mercurial automatically name the working directory.
Add a hostfingerprints section and write your own fingerprint in the above format.
Run the Hg command again. You can run the command successfully without adding the-insecure parameter or returning any warning.
Note: modification to mercurial. INI is performed on the client, that is, each client needs to perform this step to avoid security warnings. 
11. Authentication.
Open IIS and click the virtual directory Hg. the authentication and authorication Rules options are displayed on the right ,:
 
Double-click authentication to go to the authentication editing page. By default, anonymous authentication is enabled. Right-click and disable it so that users cannot access the website anonymously. right-click Basic Authentication and click Edit to go to the following Edit page:
 
Enter the domain (computer name) for authentication on the default domain and realm respectively. Note that if the mercurial server is in a domain, enter the domain name, in this way, all users in the domain can access the project and further filter the project by authorication. However, many subsequent operations are affected by the policies in the Domain Server, therefore, I personally do not recommend that you directly use the domain account. Unless you are also the administrator of the Domain Server, it doesn't matter.
Enter the computer name of the local machine instead of the domain name. In this way, the user for identity authentication is actually the windwos user of the local machine, and various controls are relatively free..
Finally, do not forget to check whether the basic authentication status has been changed to enable, and all other verifications are disable.
In authorication rules, the default value is allow all users. It is recommended that you do not need to modify it. Of course, you can also change it to specific user to only allow access by some users. because redundant accounts can be deleted in Windows user management to ensure that only valid accounts are left.
If you use a local account, note that new users added to the local machine generally belong to the user group. By default, the user group has only the read permission but no write permission on many folders, at this time, the server needs to write permissions to the user group in the root directory of the repo; otherwise, the following error will be thrown:
HTTP Error: 500 (D: \ mercurial \ repos \ EERP. web \. HG/store \ 00changelog. I :)
[Command Returned Code 255 Fri Mar 02 15:56:42 2012]
12. Automatic Verification
It is obviously too difficult to enter the user name and password each time you connect to the server. Mercurial also supports automatic verification. Open mercurial. ini in the root directory of the user, and add the [auth] section as follows:
[Auth]
Default. prefix = https: // localhost/
Default. Username = Marvin
Default. Password =
Here, default has no substantive significance, just for grouping. You can change default to any name.

So far, the entire web server and setup are complete.