Mercurial Central Repository with fastcgi and nginx

by Herb on 4 March 2010

Documentation in this arena being slim, I felt it would be helpful to write a short article on my configuration. FastCGI examples are generally documented in about two or three blog posts on the subject, all of which have become dated. For the basic ground work take a look at streamhacker.

Firstly, the fastcgi process is unaware whether you are using HTTP or HTTPS, another fastcgi_param must be passed to solve the following error:

searching for changes
ssl required

fastcgi_param   HTTPS           on;

If you are having the following error, and you have ensured that HTTPS is functioning and allow_push = username is specified in the repo’s .hg/hgrc:

searching for changes
27 changesets found
abort: authorization failed

Then the fastcgi process isn’t receiving the username from nginx. Ensure that the following lines are added to your nginx config:

fastcgi_param   AUTH_USER       $remote_user;
fastcgi_param   REMOTE_USER     $remote_user;

Nginx is also liable to spit out a:

413 Request Entity Too Large

on your first major commit. This is because the max_body_size is set low by default and is unacceptable for a mercurial application. Ensure to add and modify this line to your needs:

client_max_body_size    100M;

my entire nginx vhost.conf

server {
    listen      443;
    server_name hg.DOMAIN.COM;

    ssl                  on;
    ssl_certificate      server.crt;
    ssl_certificate_key  server.key;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

        # Increase transfer size to accommodate large pushes
        client_max_body_size    100M;

        location / {
                auth_basic "Restricted Access";
                auth_basic_user_file /repo/sites/hg.DOMAIN.COM/mercurial_passwd;
                fastcgi_pass    127.0.0.1:9001;
                fastcgi_param   PATH_INFO       $fastcgi_script_name;
                fastcgi_param   AUTH_USER       $remote_user;
                fastcgi_param   REMOTE_USER     $remote_user;
                fastcgi_param   QUERY_STRING    $query_string;
                fastcgi_param   REQUEST_METHOD  $request_method;
                fastcgi_param   CONTENT_TYPE    $content_type;
                fastcgi_param   CONTENT_LENGTH  $content_length;
                fastcgi_param   SERVER_PROTOCOL $server_protocol;
                fastcgi_param   SERVER_PORT     $server_port;
                fastcgi_param   SERVER_NAME     $server_name;
                fastcgi_param   HTTPS           on;
        }
        location ~ /\.ht {
            deny  all;
        }
}

{ 1 comment }

mercurial clone from ssh with spaces

23 February 2010

hg clone ssh://user@host/path/to/repo

Is simple en [...]

Read the full article →

A Simple Test

12 February 2010

A simple test this evening between two FreeBSD 8.0-RELE [...]

Read the full article →

← Previous Entries