HTTP auth requires allow = *(star)
Scott Davies
scott at webdrive.co.nz
Wed Dec 12 04:32:47 UTC 2012
Hi all,
I am making a bunch of Mercurial repositories available on a server for
my company. My problem is that I can only get Mercurial to work
correctly with HTTP authorization through nginx/uwsgi if these settings
are in a repository's hgrc file:
allow_push = *
allow_true = *
These are the versions of what I'm using:
Ubuntu 12.04
Nginx 1.1.19
Mercurial 2.0.2
Python 2.73
uWSGI 1.4.3
My nginx config file for my /var/www/hg_repos directory looks like this:
location /hg {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/hg_passwords;
root /var/www/hg_repos;
uwsgi_pass unix:///tmp/hg_repos.sock;
uwsgi_modifier1 30;
include uwsgi_params;
uwsgi_param SCRIPT_NAME /hg;
}
Also in the /var/www/hg_repos directory I have two files "hgweb.config"
and "hgweb_wsgi.py" which work fine to serve up the repos. However, when
a user tries to run any read command on a repository if "allow_read" is
not "*", or when a user tries to run any clone/push command on a
repository if "allow_push" is not "*", this appears in the Nginx server
logs at least three times:
...no user/password was provided for basic authentication...
It's like Nginx takes the username and password, and does not pass this
to Mercurial.
This is the kind of output I receive if allow_push/read is not "*":
$ hg clone --debug http://localhost/hg/repo1
using http://localhost/hg/repo1
sending capabilities command
using auth.cpr.* for authentication
http auth: user scott, password **********
destination directory: repo1
query 1; heads
sending batch command
http auth: user scott, password **********
requesting all changes
sending getbundle command
http auth: user scott, password **********
abort: authorization failed
So I can do HTTP authentication on the server through Nginx basic auth,
but the hgrc files for repos there have to be set to allow_read/push =
"*". Not specify the users I want to. Darn! Hoping someone can help?
Yes, I have read this:
http://bz.selenic.com/show_bug.cgi?id=3567
Regards,
Scott D.
More information about the Mercurial
mailing list