Professional Documents
Culture Documents
Sharing source with Mercurial is not hard. There is quite a good guide at Martin’s Blog and, indeed,
first part of this post will mostly follow his setup.
Sharing sources with password authentication is still not hard but (at least from my perspective) is
not obvious. This post will document my efforts of creating private and password protected
Mercurial storage.
This procedure is tested on Ubuntu 10.04.1 LTS but I would expect it to work on older versions as
well.
Additionally we need to create file named “/srv/hg/cgi-bin/hgweb.config” (do not forget to sudo)
with following lines:
[collections]
/srv/hg/ = /srv/hg/
In newer Mercurial installations you also need to edit “/srv/hg/cgi-bin/hgweb.cgi” in order to fix
config parameter. Just change example config line with:
config = "/srv/hg/cgi-bin/hgweb.config"
Lines under Location are ones that ensure privacy of our repository.
We can now disable default web site and enable new one (and we can ignore all warnings) together
with changes of ownership and rights:
Thing that we are missing is “/srv/hg/.htpasswd” file. We can create all users we need with htpasswd
command:
All further users are then added with slightly modified command (notice that -c is missing):
[web]
push_ssl=false
allow_push=testuser
This allows for using http (instead of https) and allows access to our “testuser” (if there are no
restricturons, just put * for user name). Very last step in setup is actually allowing apache to use our
repository for writing. Easiest thing to do here is just transferring ownership to it:
Finally we can use “http://192.168.0.2/hgweb.cgi/TestRepo/” for pushing and pulling data from any
Mercurial client.
Before restarting Apache we need to create few things (key, certificate signing request, certificate)
and easiest way is to create it ourself (write whatever you want for organization details):
$ openssl x509 -req -days 36500 -in https.csr -signkey https.key -out https.crt
Signature ok
subject=...
Getting Private key
Once keys are created we must enter following lines in “/etc/apache2/sites-available/hg” (I left other
stuff for clarity):
NameVirtualHost *
<VirtualHost *>
ServerAdmin webmaster@localhost
DocumentRoot /srv/hg/cgi-bin
<Directory "/srv/hg/cgi-bin/">
SetHandler cgi-script
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/hg.log
<Location />
AuthType Basic
AuthName "Mercurial"
AuthUserFile /srv/hg/.htpasswd
Require valid-user
</Location>
RewriteEngine on
RewriteRule (.*) /srv/hg/cgi-bin/hgweb.cgi/$1
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /srv/hg/https.crt
SSLCertificateKeyFile /srv/hg/https.key
</VirtualHost>
$ /etc/init.d/apache2 restart
* Restarting web server apache2
[warn] NameVirtualHost *:80 has no VirtualHosts
... waiting [warn] NameVirtualHost *:80 has no VirtualHosts
After these changes Mercurial is listening ONLY on https. Since we made self-signed certificate,
browser will complain about verification, but that is quite normal.
Solution lies in editing “/etc/apache2/sites-available/hg” to have two configurations – one for http
and one for https:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /srv/hg/cgi-bin
<Directory "/srv/hg/cgi-bin/">
SetHandler cgi-script
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/hg.log
<Location />
AuthType Basic
AuthName "Mercurial"
AuthUserFile /srv/hg/.htpasswd
Require valid-user
</Location>
RewriteEngine on
RewriteRule (.*) /srv/hg/cgi-bin/hgweb.cgi/$1
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /srv/hg/cgi-bin
<Directory "/srv/hg/cgi-bin/">
SetHandler cgi-script
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/hg.log
<Location />
AuthType Basic
AuthName "Mercurial"
AuthUserFile /srv/hg/.htpasswd
Require valid-user
</Location>
RewriteEngine on
RewriteRule (.*) /srv/hg/cgi-bin/hgweb.cgi/$1
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /srv/hg/https.crt
SSLCertificateKeyFile /srv/hg/https.key
</VirtualHost>
After quick Apache restart your Mercurial will answer both http and https requests.