1
===========================
2
Serving Bazaar with FastCGI
3
===========================
5
**This feature is EXPERIMENTAL and is NOT SECURE. It will allow access to
6
arbitrary files on your server.**
8
This document describes one way to set up a Bazaar HTTP smart server,
9
using Apache 2.0 and FastCGI or mod_python.
14
You have a webserver already publishing `/srv/example.com/www/code` as
15
`http://example.com/code/...` with plain HTTP. It contains bzr branches and
16
directories like `/srv/example.com/www/code/branch-one` and
17
`/srv/example.com/www/code/my-repo/branch-two`. You want to provide read-only
18
smart server access to these directories in addition to the existing HTTP
21
Configuring Apache 2.0
22
----------------------
27
First, configure mod_fastcgi, e.g. by adding lines like these to your
30
LoadModule fastcgi_module /usr/lib/apache2/modules/mod_fastcgi.so
31
FastCgiIpcDir /var/lib/apache2/fastcgi
33
In our example, we're already serving `/srv/example.com/www/code` at
34
`http://example.com/code`, so our existing Apache configuration would look
37
Alias /code /srv/example.com/www/code
38
<Directory /srv/example.com/www/code>
43
We need to change it to handle all requests for URLs ending in `.bzr/smart`. It
46
Alias /code /srv/example.com/www/code
47
<Directory /srv/example.com/www/code>
48
Options Indexes, FollowSymLinks
51
RewriteRule ^(.*/|)\.bzr/smart$ /srv/example.com/scripts/bzr-smart.fcgi
54
# bzr-smart.fcgi isn't under the DocumentRoot, so Alias it into the URL
55
# namespace so it can be executed.
56
Alias /srv/example.com/scripts/bzr-smart.fcgi /srv/example.com/scripts/bzr-smart.fcgi
57
<Directory /srv/example.com/scripts>
59
<Files bzr-smart.fcgi>
60
SetHandler fastcgi-script
64
This instructs Apache to hand requests for any URL ending with `/.bzr/smart`
65
inside `/code` to a Bazaar smart server via FastCGI.
67
Refer to the mod_rewrite_ and mod_fastcgi_ documentation for further
70
.. _mod_rewrite: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
71
.. _mod_fastcgi: http://www.fastcgi.com/mod_fastcgi/docs/mod_fastcgi.html
76
First, configure mod_python, e.g. by adding lines like these to your
79
LoadModule python_module /usr/lib/apache2/modules/mod_python.so
81
Define the rewrite rules with mod_rewrite the same way as for FastCGI, except
84
RewriteRule ^(.*/|)\.bzr/smart$ /srv/example.com/scripts/bzr-smart.fcgi
88
RewriteRule ^(.*/|)\.bzr/smart$ /srv/example.com/scripts/bzr-smart.py
90
Like with mod_fastcgi, we also define how our script is to be handled::
92
Alias /srv/example.com/scripts/bzr-smart.py /srv/example.com/scripts/bzr-smart.py
93
<Directory /srv/example.com/scripts>
95
PythonPath "sys.path+['/srv/example.com/scripts']"
96
AddHandler python-program .py
97
PythonHandler bzr-smart::handler
101
This instructs Apache to hand requests for any URL ending with `/.bzr/smart`
102
inside `/code` to a Bazaar smart server via mod_python.
104
Refer to the mod_python_ documentation for further information.
106
.. _mod_python: http://www.modpython.org/
115
We've configured Apache to run the smart server at
116
`/srv/example.com/scripts/bzr-smart.fcgi`. This is just a simple script we need
117
to write to configure a smart server, and glue it to the FastCGI gateway.
118
Here's what it looks like::
121
from bzrlib.transport.http import wsgi
123
smart_server_app = wsgi.make_app(
124
root='/srv/example.com/code',
126
path_var='REQUEST_URI',
129
fcgi.WSGIServer(smart_server_app).run()
131
The `fcgi` module can be found at http://svn.saddi.com/py-lib/trunk/fcgi.py. It
134
.. _flup: http://www.saddi.com/software/flup/
139
We've configured Apache to run the smart server at
140
`/srv/example.com/scripts/bzr-smart.py`. This is just a simple script we need
141
to write to configure a smart server, and glue it to the mod_python gateway.
142
Here's what it looks like::
145
from bzrlib.transport.http import wsgi
147
smart_server_app = wsgi.make_app(
148
root='/srv/example.com/code',
150
path_var='REQUEST_URI',
153
def handler(request):
154
"""Handle a single request."""
155
wsgi_server = modpywsgi.WSGIServer(smart_server_app)
156
return wsgi_server.run(request)
158
The `modpywsgi` module can be found at http://trac.pocoo.org/wiki/ModPyWsgi. It
161
.. _pocoo: http://trac.pocoo.org/wiki/
166
Now you can use `bzr+http://` URLs, e.g.::
168
bzr log bzr+http://example.com/code/my-branch
170
Plain HTTP access should continue to work::
172
bzr log http://example.com/code/my-branch
175
Advanced configuration
176
======================
178
Because the Bazaar HTTP smart server is a WSGI application, it can be used with
179
any 3rd-party WSGI middleware or server that conforms the WSGI standard. The
180
only requirements are:
182
* to construct a `SmartWSGIApp`, you need to specify a **root transport** that it
184
* each request's `environ` dict must have a **'bzrlib.relpath'** variable set.
186
The `make_app` helper used in the example constructs a `SmartWSGIApp` with a
187
transport based on the `root` path given to it, and calculates the
188
'bzrlib.relpath` for each request based on the `prefix` and `path_var`
189
arguments. In the example above, it will take the 'REQUEST_URI' (which is set
190
by Apache), strip the '/code/' prefix and the '/.bzr/smart' suffix, and set that
191
as the 'bzrlib.relpath', so that a request for '/code/foo/bar/.bzr/smart' will
192
result in a 'bzrlib.relpath' of 'foo/bzr'.
194
It's possible to configure a smart server for a non-local transport, or that
195
does arbitrary path translations, etc, by constructing a `SmartWSGIApp`
196
directly. Refer to the docstrings of `bzrlib.transport.http.wsgi` and the `WSGI
197
standard`_ for further information.
199
.. _WSGI standard: http://www.python.org/dev/peps/pep-0333/
202
Pushing over ``bzr+http://``
203
----------------------------
205
It is possible to allow pushing data over the http smart server. The
206
easiest way to do this, is to just supply ``readonly=False`` to the
207
``wsgi.make_app()`` call. But be careful, because the smart protocol does
208
not contain any Authentication. So if you enable write support, you will
209
want to restrict access to ``.bzr/smart`` URLs to restrict who can
210
actually write data on your system. At this time, it is not possible to
211
allow some people to have read-only access and others to have read-write
212
access to the same urls. Because at the HTTP layer (which is doing the
213
Authenticating), everything is just a POST request. However, it would
214
certainly be possible to have HTTPS require authentication and use a
215
writable server, and plain HTTP allow read-only access.