1
Serving Bazaar with Apache
2
==========================
1
===========================
2
Serving Bazaar with FastCGI
3
===========================
5
**This feature is EXPERIMENTAL and is NOT SECURE. It will allow access to
6
arbitrary files on your server.**
4
8
This document describes one way to set up a Bazaar HTTP smart server,
5
using Apache 2.0 and FastCGI or mod_python or mod_wsgi.
7
For more information on the smart server, and other ways to configure it
8
see the main `smart server documentation <server.html>`_.
9
using Apache 2.0 and FastCGI or mod_python.
13
14
You have a webserver already publishing `/srv/example.com/www/code` as
14
15
`http://example.com/code/...` with plain HTTP. It contains bzr branches and
29
30
LoadModule fastcgi_module /usr/lib/apache2/modules/mod_fastcgi.so
30
31
FastCgiIpcDir /var/lib/apache2/fastcgi
32
33
In our example, we're already serving `/srv/example.com/www/code` at
33
34
`http://example.com/code`, so our existing Apache configuration would look
45
46
Alias /code /srv/example.com/www/code
46
47
<Directory /srv/example.com/www/code>
47
Options Indexes FollowSymLinks
48
Options Indexes, FollowSymLinks
50
RewriteRule ^(.*/)?\.bzr/smart$ /srv/example.com/scripts/bzr-smart.fcgi
51
RewriteRule ^(.*/|)\.bzr/smart$ /srv/example.com/scripts/bzr-smart.fcgi
53
54
# bzr-smart.fcgi isn't under the DocumentRoot, so Alias it into the URL
54
55
# namespace so it can be executed.
55
56
Alias /srv/example.com/scripts/bzr-smart.fcgi /srv/example.com/scripts/bzr-smart.fcgi
80
81
Define the rewrite rules with mod_rewrite the same way as for FastCGI, except
83
RewriteRule ^(.*/)?\.bzr/smart$ /srv/example.com/scripts/bzr-smart.fcgi
84
RewriteRule ^(.*/|)\.bzr/smart$ /srv/example.com/scripts/bzr-smart.fcgi
87
RewriteRule ^(.*/)?\.bzr/smart$ /srv/example.com/scripts/bzr-smart.py
88
RewriteRule ^(.*/|)\.bzr/smart$ /srv/example.com/scripts/bzr-smart.py
89
90
Like with mod_fastcgi, we also define how our script is to be handled::
100
101
This instructs Apache to hand requests for any URL ending with `/.bzr/smart`
101
102
inside `/code` to a Bazaar smart server via mod_python.
103
NOTE: If you don't have bzrlib in your PATH, you will be need to change the
106
PythonPath "sys.path+['/srv/example.com/scripts']"
110
PythonPath "['/path/to/bzr']+sys.path+['/srv/example.com/scripts']"
113
104
Refer to the mod_python_ documentation for further information.
115
106
.. _mod_python: http://www.modpython.org/
121
First, configure mod_wsgi, e.g. enabling the mod with a2enmod wsgi.
122
We need to change it to handle all requests for URLs ending in `.bzr/smart`. It
125
WSGIScriptAliasMatch ^/code/.*/\.bzr/smart$ /srv/example.com/scripts/bzr.wsgi
127
#The three next lines allow regular GETs to work too
129
RewriteCond %{REQUEST_URI} !^/code/.*/\.bzr/smart$
130
RewriteRule ^/code/(.*/\.bzr/.*)$ /srv/example.com/www/code/$1 [L]
132
<Directory /srv/example.com/www/code>
133
WSGIApplicationGroup %{GLOBAL}
136
This instructs Apache to hand requests for any URL ending with `/.bzr/smart`
137
inside `/code` to a Bazaar smart server via WSGI, and any other URL inside
138
`/code` to be served directly by Apache.
140
Refer to the mod_wsgi_ documentation for further information.
142
.. _mod_wsgi: http://code.google.com/p/modwsgi/
144
109
Configuring Bazaar
145
110
------------------
156
121
from bzrlib.transport.http import wsgi
158
123
smart_server_app = wsgi.make_app(
159
root='/srv/example.com/www/code',
124
root='/srv/example.com/code',
161
126
path_var='REQUEST_URI',
166
129
fcgi.WSGIServer(smart_server_app).run()
168
131
The `fcgi` module can be found at http://svn.saddi.com/py-lib/trunk/fcgi.py. It
169
132
is part of flup_.
182
145
from bzrlib.transport.http import wsgi
184
147
smart_server_app = wsgi.make_app(
185
root='/srv/example.com/www/code',
148
root='/srv/example.com/code',
187
150
path_var='REQUEST_URI',
192
153
def handler(request):
193
154
"""Handle a single request."""
194
155
wsgi_server = modpywsgi.WSGIServer(smart_server_app)
195
156
return wsgi_server.run(request)
197
The `modpywsgi` module can be found at
198
http://ice.usq.edu.au/svn/ice/trunk/apps/ice-server/modpywsgi.py. It was
199
part of pocoo_. You sould make sure you place modpywsgi.py in the same
200
directory as bzr-smart.py (ie. /srv/example.com/scripts/).
202
.. _pocoo: http://dev.pocoo.org/projects/pocoo/
208
We've configured Apache to run the smart server at
209
`/srv/example.com/scripts/bzr.wsgi`. This is just a simple script we need
210
to write to configure a smart server, and glue it to the WSGI gateway.
211
Here's what it looks like::
213
from bzrlib.transport.http import wsgi
215
def application(environ, start_response):
217
root="/srv/example.com/www/code/",
220
enable_logging=False)
221
return app(environ, start_response)
158
The `modpywsgi` module can be found at http://trac.pocoo.org/wiki/ModPyWsgi. It
161
.. _pocoo: http://trac.pocoo.org/wiki/
226
Now you can use `bzr+http://` URLs or just `http://` URLs, e.g.::
166
Now you can use `bzr+http://` URLs, e.g.::
228
168
bzr log bzr+http://example.com/code/my-branch
258
199
.. _WSGI standard: http://www.python.org/dev/peps/pep-0333/
261
Pushing over the HTTP smart server
262
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
202
Pushing over ``bzr+http://``
203
----------------------------
264
It is possible to allow pushing data over the HTTP smart server. The
205
It is possible to allow pushing data over the http smart server. The
265
206
easiest way to do this, is to just supply ``readonly=False`` to the
266
207
``wsgi.make_app()`` call. But be careful, because the smart protocol does
267
208
not contain any Authentication. So if you enable write support, you will
268
209
want to restrict access to ``.bzr/smart`` URLs to restrict who can
269
actually write data on your system, e.g. in apache it looks like::
274
AuthUserFile /srv/example.com/conf/auth.passwd
280
At this time, it is not possible to allow some people to have read-only
281
access and others to have read-write access to the same URLs. Because at
282
the HTTP layer (which is doing the Authenticating), everything is just a
283
POST request. However, it would certainly be possible to have HTTPS
284
require authentication and use a writable server, and plain HTTP allow
287
If bzr gives an error like this when accessing your HTTPS site::
289
bzr: ERROR: Connection error: curl connection error (server certificate verification failed.
290
CAfile:/etc/ssl/certs/ca-certificates.crt CRLfile: none)
292
You can workaround it by using ``https+urllib`` rather than ``http`` in your
293
URL, or by uninstalling pycurl. See `bug 82086`_ for more details.
295
.. _bug 82086: https://bugs.launchpad.net/bzr/+bug/82086
210
actually write data on your system. At this time, it is not possible to
211
allow some people to have read-only access and others to have read-write
212
access to the same urls. Because at the HTTP layer (which is doing the
213
Authenticating), everything is just a POST request. However, it would
214
certainly be possible to have HTTPS require authentication and use a
215
writable server, and plain HTTP allow read-only access.
298
219
vim: ft=rst tw=74 et