Mercurial Central Repository with fastcgi and nginx

by Herb on 4 March 2010

Documentation in this arena being slim, I felt it would be helpful to write a short article on my configuration. FastCGI examples are generally documented in about two or three blog posts on the subject, all of which have become dated. For the basic ground work take a look at streamhacker.

Firstly, the fastcgi process is unaware whether you are using HTTP or HTTPS, another fastcgi_param must be passed to solve the following error:

searching for changes
ssl required

fastcgi_param   HTTPS           on;

If you are having the following error, and you have ensured that HTTPS is functioning and allow_push = username is specified in the repo’s .hg/hgrc:

searching for changes
27 changesets found
abort: authorization failed

Then the fastcgi process isn’t receiving the username from nginx. Ensure that the following lines are added to your nginx config:

fastcgi_param   AUTH_USER       $remote_user;
fastcgi_param   REMOTE_USER     $remote_user;

Nginx is also liable to spit out a:

413 Request Entity Too Large

on your first major commit. This is because the max_body_size is set low by default and is unacceptable for a mercurial application. Ensure to add and modify this line to your needs:

client_max_body_size    100M;

my entire nginx vhost.conf

server {
    listen      443;
    server_name hg.DOMAIN.COM;

    ssl                  on;
    ssl_certificate      server.crt;
    ssl_certificate_key  server.key;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

        # Increase transfer size to accommodate large pushes
        client_max_body_size    100M;

        location / {
                auth_basic "Restricted Access";
                auth_basic_user_file /repo/sites/hg.DOMAIN.COM/mercurial_passwd;
                fastcgi_pass    127.0.0.1:9001;
                fastcgi_param   PATH_INFO       $fastcgi_script_name;
                fastcgi_param   AUTH_USER       $remote_user;
                fastcgi_param   REMOTE_USER     $remote_user;
                fastcgi_param   QUERY_STRING    $query_string;
                fastcgi_param   REQUEST_METHOD  $request_method;
                fastcgi_param   CONTENT_TYPE    $content_type;
                fastcgi_param   CONTENT_LENGTH  $content_length;
                fastcgi_param   SERVER_PROTOCOL $server_protocol;
                fastcgi_param   SERVER_PORT     $server_port;
                fastcgi_param   SERVER_NAME     $server_name;
                fastcgi_param   HTTPS           on;
        }
        location ~ /\.ht {
            deny  all;
        }
}

{ 0 comments }

mercurial clone from ssh with spaces

23 February 2010

hg clone ssh://user@host/path/to/repo

Is simple enough…

But what about when you have a repo called “big repo”. Took me a while to figure out (with ssh verbosity) that a combination of the regular special character ‘\’ and quotes is required for hg to call the right ssh command.

hg clone "ssh://user@host/path/to/big\ repo"

Read the full article →

A Simple Test

12 February 2010

A simple test this evening between two FreeBSD 8.0-RELEASE machines. OpenVPN 2.1.1 compile from ports (source).

gen2 i386, Pentium 4 2.0GHz 2.0GB circa 2003

[root@gen2 /usr/ports/security/openvpn]# make install
real 4m11.491s
user 1m46.402s
sys 0m26.863s

blackbox i386, Athlon Thunderbird 1.0GHz 512MB circa 2001

[root@blackbox /usr/ports/security/openvpn]# make install
real 6m9.970s
user 3m15.515s
sys 0m43.739s

Read the full article →

← Previous Entries