System Administration¶
Apache HTTP Server configuration¶
Use the following example to configure your Apache HTTP virtual hosts file.
<VirtualHost *:80>
ServerName hg.myserver.com
ServerAlias hg.myserver.com
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
# important !
# Directive to properly generate url (clone url) for pylons
ProxyPreserveHost On
#rhodecode instance
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
# To enable https use line below
# SetEnvIf X-Url-Scheme https HTTPS=1
</VirtualHost>
Apache as subdirectory¶
Use the following example to configure Apache as a sub-directory.
<Location /<someprefix> > # Change <someprefix> into your chosen prefix
ProxyPass http://127.0.0.1:5000/<someprefix>
ProxyPassReverse http://127.0.0.1:5000/<someprefix>
SetEnvIf X-Url-Scheme https HTTPS=1
</Location>
In addition to the regular Apache setup you will need to add the following lines into the production.ini
file:
In the the
[app:main]
section of yourproduction.ini
file add the following line.filter-with = proxy-prefix
At the end of the
production.ini
file add the following section.[filter:proxy-prefix] use = egg:PasteDeploy prefix = /<someprefix> # Change <someprefix> into your chosen prefix
Apache virtual host reverse proxy example¶
Here is a sample configuration file for using Apache as a reverse proxy.
<VirtualHost *:80>
ServerName hg.myserver.com
ServerAlias hg.myserver.com
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
#important !
#Directive to properly generate url (clone url) for pylons
ProxyPreserveHost On
#rhodecode instance
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
#to enable https use line below
#SetEnvIf X-Url-Scheme https HTTPS=1
</VirtualHost>
Apache WSGI configuration¶
RhodeCode Enterprise can also be set up with Apache under mod_wsgi
. To configure this use the following steps.
Install
mod_wsgi
using the following command:aptitude install libapache2-mod-wsgi
.Note
If using a Debian-based distro, install he package
libapache2-mod-wsgi
Enable
mod_wsgi
using the following command:a2enmod wsgi
Create a
wsgi
dispatch script, using the following examples.WSGIDaemonProcess pylons \ threads=4 \ # check the python virtual env location python-path=/home/web/rhodecode/pyenv/lib/python2.6/site-packages # Check the install location WSGIScriptAlias / /home/web/rhodecode/dispatch.wsgi WSGIPassAuthorization On # user=www-data group=www-data # Enable if running Apache as root
Note
Do not set processes=num
in this configuration file. Running RhodeCode Enterprise in multiprocess mode with Apache is not
supported.
The following is an example wsgi
dispatch script.
import os
os.environ["HGENCODING"] = "UTF-8"
os.environ['PYTHON_EGG_CACHE'] = '/home/web/rhodecode/.egg-cache'
# Set the current dir
os.chdir('/home/web/rhodecode/')
import site
site.addsitedir("/home/web/rhodecode/pyenv/lib/python2.6/site-packages")
from paste.deploy import loadapp
from paste.script.util.logging_config import fileConfig
fileConfig('/home/web/rhodecode/production.ini')
application = loadapp('config:/home/web/rhodecode/production.ini')
Note
When using mod_wsgi the same version of Mercurial must be running in the RhodeCode Enterprise virtualenv
and in your system’s
Python environment.
Nginx Configuration¶
Use the following example to configure Nginx as a your web server.
upstream rc {
server 127.0.0.1:5000;
# add more instances for load balancing
# server 127.0.0.1:5001;
# server 127.0.0.1:5002;
}
## gist alias
server {
listen 443;
server_name gist.myserver.com;
access_log /var/log/nginx/gist.access.log;
error_log /var/log/nginx/gist.error.log;
ssl on;
ssl_certificate gist.rhodecode.myserver.com.crt;
ssl_certificate_key gist.rhodecode.myserver.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
ssl_prefer_server_ciphers on;
rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
}
server {
listen 443;
server_name rhodecode.myserver.com;
access_log /var/log/nginx/rhodecode.access.log;
error_log /var/log/nginx/rhodecode.error.log;
ssl on;
ssl_certificate rhodecode.myserver.com.crt;
ssl_certificate_key rhodecode.myserver.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
ssl_prefer_server_ciphers on;
## uncomment root directive if you want to serve static files by nginx
## requires static_files = false in .ini file
# root /path/to/installation/rhodecode/public;
include /etc/nginx/proxy.conf;
location / {
try_files $uri @rhode;
}
location @rhode {
proxy_pass http://rc;
}
}
Nginx tuning¶
Set the following properties in your /etc/nginx/nginx.conf
so it does not timeout during large pushes.
proxy_redirect off; proxy_set_header Host $host; ## needed for container auth # proxy_set_header REMOTE_USER $remote_user; # proxy_set_header X-Forwarded-User $remote_user; proxy_set_header X-Url-Scheme $scheme; proxy_set_header X-Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy-host $proxy_host; proxy_buffering off; proxy_connect_timeout 7200; proxy_send_timeout 7200; proxy_read_timeout 7200; proxy_buffers 8 32k; client_max_body_size 1024m; # Set this to a larger number if you experience timeouts client_body_buffer_size 128k; large_client_header_buffers 8 64k;
Tuning RhodeCode Enterprise¶
To customize your RhodeCode Enterprise 2.2.8 installation for maximum performance you may find some of the following methods useful.
Note
These instruction are specific to RhodeCode Enterprise 2.2.8.
Increase Database Performance¶
To increase database performance switch to database-based user sessions. File-based sessions are only suitable for smaller setups. The most common issue being file limit errors which occur if there are lots of session files. Therefore, in a large scale deployment, to give better performance, scalability, and maintainability we recommend switching from file-based sessions to database-based user sessions.
To switch to database-based user sessions uncomment the following section in your data/production.ini
file.
# db session beaker.session.type = ext:database # adjust this property to include your database credentials beaker.session.sa.url = postgresql://postgres:<pass>@localhost/rhodecode beaker.session.table_name = db_session
Increase Cache Size¶
When managing hundreds of repositories from the main RhodeCode Enterprise interface the system can become slow when the cache
expires. Increasing the cache expiration option improves the response times of the main user interface.
To increase your cache size, change the following default value in the data/production.ini
file. The value is
specified in seconds.
beaker.cache.sql_cache_long.expire=3600 # one day (86400) or a one week (604800)Note
The RhodeCode Enterprise cache automatically expires for changed repositories.
Move tmp
to HGFS¶
HGFS refers to Host Guest File Sharing, a feature of VMWare’s virtualization software. RhodeCode Enterprise components heavily use
the /tmp
folder, so moving your /tmp
folder into to a RAM-based HGFS can lead to a noticeable
performance boost.
Note
Additionally, for large repositories, greater than 5GB, you need to also increase the size of the tmp
folder. During
large pushes if there is not enough space in tmp
you may get error messages regarding space on disk or an
internal server error.
Change Default Encoding¶
RhodeCode Enterprise uses utf8
encoding by default. You can change the default encoding in the production.ini
file. To
change the default encoding used by RhodeCode Enterprise, set a new value for the default_encoding
.
## default encoding used to convert from and to unicode ## can be also a comma seperated list of encoding in case of mixed encodings default_encoding = utf8Note
Changing the default encoding will affect many parts of your RhodeCode Enterprise installation, including committers names, file names, and the encoding of commit messages. RhodeCode Enterprise can detect if the
chardet
library is installed. If thechardet
library is detected, RhodeCode Enterprise will fallback to using it if there are encode/decode errors.
Scale Horizontally¶
Horizontal scaling means adding more machines into your pool of resources. Horizontally scaling RhodeCode Enterprise gives a huge performance increase, especially under large traffic scenarios with a high number of requests. This is very beneficial when RhodeCode Enterprise is serving many users simultaneously, or if continuous integration servers are automatically pulling and pushing code.
To horizontally scale RhodeCode Enterprise you should use the following steps:
- In the
data/production.ini
file, setinstance_id = *
. This enables RhodeCode Enterprise to use multiple nodes. You must set this in the[app:main]
section of theproduction.ini
file. - Define the number of worker threads using the formula
(2 * NUM_CPU) - 1
. For example 4 CPU cores would lead to 2*4-1 = 7 workers. - For Posix environments we recommend using Gunicorn as it has a built-in support for multiple workers and load balancing. To enable Gunicorn use the following steps.
Comment out the following section from the
[server:main]
area in the defaultproduction.ini
file.# WAITRESS use = egg:waitress#main # number of worker threads threads = 5 # MAX BODY SIZE 100GB max_request_body_size = 107374182400 # use poll instead of select, fixes fd limits, may not work on old # windows systems. asyncore_use_poll = TrueInsert the following replacement code in the
[server:main]
section.# GUNICORN # run with gunicorn --log-config <inifile.ini> --paste <inifile.ini> use = egg:gunicorn#main # is set to more than one worker, recommended value is (2*NUMBER_OF_CPUS+1) workers = 5 # process name proc_name = rhodecode # type of worker class, one of sync, eventlet, gevent, tornado # recommended for bigger setup is using of of other than sync one worker_class = sync # max number of requests that worker will handle before beeing gracefully # restarted, could prevent memory leaks max_requests = 1000 # amount of time a worker can spend with handling a request before it # gets killed and restarted timeout = 36000Insert the following replacement code in the
[app:main]
section.# In the [app:main] section [app:main] # You must set `instance_id = *` instance_id = *Use the following command to run the RhodeCode Enterprise server with Gunicorn:
gunicorn --log-config <inifile.ini> --paste <inifile.ini>
4. On Windows you can use multiple paster
commands. To start multiple RhodeCode Enterprise servers and then load balance them
with an Nginx or Apache web server, use the following steps:
- Add the following
paster
variable to theproduction.ini
file[server:main] host = 0.0.0.0 port = %(port_var)s
- Run multiple RhodeCode Enterprise servers using the following command, but specifying different ports for each running version, for example
paster serve example.ini port_var=5000 paster serve example.ini port_var=5001Note
You should configure your load balancing accordingly. We recommend writing load balancing rules that will separate regular user traffic from automated process traffic like continuous servers or build bots.
If you scale across different machines, each RhodeCode Enterprise instance needs to store its data on a shared disk, preferably together with your repositories. This data directory contains template caches, a whoosh index, and is used for task locking to ensure safety across multiple instances. To do this, set the following properties in the
production.ini
file to set the shared location across all RhodeCode Enterprise instances.cache_dir = /file/path # set to shared directory location index_dir = /file/path # set to shared directory location beaker.cache.data_dir = /file/path # set to shared directory location beaker.cache.lock_dir = /file/path # set to shared directory locationNote
If Celery is used on each instance then you should run separate Celery instances, but the message broker should be the same for all of them. This excludes one RabbitMQ shared server.
Settings Management¶
All RhodeCode Enterprise settings can be set from the user interface, but in the event that it somehow becomes unavailable you can
use ishell
inside your RhodeCode Enterprise virtualenv
to carry out emergency measures.
Reset Admin Account Privileges¶
If you accidentally remove your admin privileges from the admin account you can restore them using ishell
. Use the
following example to reset your account.
# Where filename.ini is your production .ini
paster ishell filename.ini
# where username is your admin username
you = User.get_by_username('username')
you.admin = True
Session().add(you);Session().commit()
Set to read global .hgrc
file¶
By default, RhodeCode Enterprise does not read global hgrc
files in /etc/mercurial/hgrc
or /etc/mercurial/hgrc.d
because it
can lead to issues. This is set in the rhodecode_ui
table for which there is no UI. If you need to edit this you can
manually change the settings using SQL statements with ishell
. Use the following example to make changes to this
table.
paster ishell production.ini
In [4]: new_option = RhodeCodeUi()
In [5]: new_option.ui_section='web'
In [6]: new_option.ui_key='allow_push'
In [7]: new_option.ui_value='*'
In [8]: Session().add(new_option);Session().commit()
Removing User Problems¶
If you try to remove a user that has any of the following properties you may run into an error:
- open pull requests
- repository owner
- requested as code reviewer within a pull request
To remove a user with any of these properties you must first ensure that all their open pull requests or code review requests are closed. Once these are closed, reassign their repository groups or user groups to a different user. You can then remove that user without errors. To do this use the following steps:
Install ipython inside the RhodeCode Enterprise
virtualenv
With
ipython
installed you can useishell
to assign a new owner to a repository. Once the repository group has a new owner you can then remove that user from RhodeCode Enterprise. To reassign repository group or user group ownership, use the following example:# start ishell paster ishell production.ini # Display all user groups owned by USERNAME In [5]: target_groups = UserGroup.query().filter(UserGroup.user_id==USERNAME).all() # Change all user groups to NEWUSER ownership In [6]: for ug in target_groups: ....: ug.user_id = NEWUSER ....: Session().add(ug) ....: session().commit()
Manually Reset Password¶
If you need to manually reset a user password, use the following steps.
- Navigate to your RhodeCode Enterprise install location, and install ipython.
- Run the interactive RhodeCode Enterprise prompt
- Set a new password
Use the following code example to carry out these steps.
cd ~/rhodecode
# installs ipython
system/bin/pip install ipython
# starts the ishell interactive prompt
system/bin/paster ishell ~/rhodecode/data/production.ini
from rhodecode.lib.utils2 import generate_api_key
from rhodecode.lib.auth import get_crypt_password
# Enter the user name whose password you wish to change
my_user = 'USERNAME'
u = User.get_by_username(my_user)
# If this fails then the user does not exist
u.api_key = generate_api_key(my_user)
# Set the new password
u.password = get_crypt_password('PASSWORD')
Session().add(u)
Session().commit()
exit