I've been following the hginit.com tutorial on how to use mercurial. Everything is going fine except it uses push_ssl=False. This does not work for my situation because I want pushes (and pulls if possible) to be secure. All the tutorials I've been able to find also use push_ssl=False. Can anyone give me pointers on how to set up ssl/security for Mercurial? Thanks.
views:
394answers:
2
+4
A:
Keep in mind Mercurial doesn't validate SSL certificates. It's safer to serve mercurial over SSH (which is easy to setup assuming your repo server has ssh on it).
If you want to use https, the official http://mercurial.selenic.com/wiki/HgWebDirStepByStep should have the steps in detail, I believe.
rlotun
2010-03-31 19:51:10
+1
A:
There are only a few steps:
- You setup your webserver with SSL support. We assume you know how to do this or that you can have someone else do it for you.
- You make the webserver run the
hgweb.cgiscript. This is a standard CGI script. There are also a WSGI version if you prefer -- both scripts come with the Mercurial source code. - You configure your webserver to authenticate users who try to POST to your server. Read-only operations like pull and clone use GET requests only, but write operations like push use POST. Again, we assume you know how to do this (with
.htaccessfiles for Apache, say) or that you can have someone else do it. - You leave
push_sslat its default value (True) and configureallow_pushto include the usernames that should be allowed to push.
See the web section of hgrc and the publishing repositories page on our wiki.
Martin Geisler
2010-04-02 09:10:46