20 September 2010

Mercurial on Synology (hg web)



I switched from a single Mercurial repository configuration (cf previous post) to one-per-project-so-multiple-repositories on my Synology.

All my projects would be stored on NAS, located under a specific directory  /volume1/repos , and browsable through internet at http://diskstation/hg

I was using ssh until now but someone suggested an hg web configuration: so, basically we are going to configure the native Apache web server to allow Mercurial transactions *and repositories browsing* via http/https.


This is how i did it, the 'minimal Apache fuss' way, dealing with a dedicated web directory via .htaccess/.htpasswd files: it's far from perfect, security speaking, as it does not follow every Apache recommendations. 
Sorry, but i didn't want to cripple this How-To with too much external considerations.

1) Requirements:
  • being able to telnet into your synology box
  • being able to ipkg packages
  • having mercurial installed
  • having nano installed, or mastering vi
  (cf previous post)

Note:
  • to edit text files, install nano with ipkg install nano
  • if you're editing files into windows through shared directories (using pspad ?) dont forget to save files the unix way (CR). Or Apache will fail @ parsing them.
2) Enable Web Service on Synology:
      Apache web service should now be 'live', and you should have a new 'web' shared directory in /volume1/web or /var/services/web (both paths are identical).

3) Creating a directory of Repositories (with correct credentials):
  • telnet into your diskstation, and type
    mkdir /volume1/repos/hg
    chown -R nobody:users /volume1/repos
  hgweb/apache would have problems to access repos otherwise (Error: abort: HTTP Error 500: Permission denied: .hg/store/lock), as processes are spawned with nobody:users credentials (check this with 'ps', looking at httpd processes group and user).
   could be good to create a shared repos/ directory (via syno control panel).
  • now create a /volume1/repos/hg/test repository, type :
     cd /volume1/repos/hg
     hg init test
     cd test
     nano test.txt (write some and save)
     hg add test.txt
     hg commit -u yourname -m first
  • create a /volume1/web/hg subdirectory
      cd /volume1/web
      mkdir hg
 
4) Time for Script and Config 
  • create a .htaccess file to allow script executions in /volume1/web/hg/.htaccess
    cd /volume1/web/hg (or cd /var/services/web/hg)
    nano .htaccess

    (.htaccess is an Apache config file specifying options for this specific directory
  • insert this:
AddHandler cgi-script .cgi
Options +FollowSymLinks +ExecCGI

AuthUserFile /var/services/web/hg/.htpasswd
AuthName "Protected Access"
AuthType Basic

Require valid-user
  In this directory, Apache is allowed to execute cgi scripts and will protect access with login/passwords. If you don't want a password protected directory, erase all but the two first lines.
  Then, to password access /volume1/web/hg/:
  • create a .htpasswd file in /volume1/web/hg/ to store login info
    cd /volume1/web/hg    

    nano .htpasswd
  now, get and modify the Mercurial web cgi script (into /volume1/web/hg)
  • get mercurial hgweb.cgi from there or via
      cd /volume1/web/hg 
    wget http://www.selenic.com/repo/hg-stable/raw-file/7cf258b2d0cc/hgweb.cgi 
  • rename it into index.cgi
      mv hgweb.cgi index.cgi 
  • flag this python script as executable, and assign credentials (thx anon)
      chmod u+x index.cgi 
      chown -R nobody:users index.cgi
  • create a symbolic link to your favorite python executable: 
      ln /opt/bin/python2.6 /opt/bin/python
  • change /volume1/web/hg/index.cgi first line to: 
     #!/opt/bin/python
  • change in index.cgi (thx Mike):
config = "/var/services/web/hg/hgweb.config"
  • create hgweb config file in /volume1/web/hg/hgweb.config
     nano /volume1/web/hg/hgweb.config
  • write
[collections]
/volume1/repos/hg = /volume1/repos/hg
this config file is parsed by hgweb.cgi (now index.cgi), and will allow it to scan the whole directory to build the repository list. They are other options to play with.
5?) Optionally, error feedbacks from Apache: 
  • edit apache config /usr/syno/apache/conf/httpd.conf-user
      nano /usr/syno/apache/conf/httpd.conf-user
  • to get log informations, change the line
      ErrorLog /dev/null
    into
      ErrorLog /var/log/httpd-error-user.log
  • save and restart apache
      /usr/syno/etc.defaults/rc.d/S97apache-user.sh restart
  • then, to access apache log
     cat /var/log/httpd-error-user.log|more

Final notes: 
  Use the latter two to pull/push changes from/into other repos.
  Mercurial pushes are only allowed through https: it's possible to change this behavior in hgweb.config. Otherwise, dont forget to open your router to port 443 transactions.
  And yes it's working: i'm using it every day :)
  With Redmine. Next post should be totally about RedMine.

References:




9 comments:

Unknown said...

I tried this but it doesn't seem to work for me. I have run it all step by step. the only line that confused me is:

and edit index.cgi first line to address your /obt/bin/python


I edited this line to say:
#!/obt/bin/python python

should it be?
#!/obt/bin/python

When i try to do to the web page i get the default synology missing page error.

additionally should we change
config = "path/to/blah blah blah" to
config = "/volume1/web/hg/hgweb.config"

?
My email is jmerkow.at.gmail.com any help would be awesome

Anonymous said...

hi,

it is
#!/opt/bin/python-2.6

Anonymous said...

To fix that Apache error, you need to:

chown -R nobody:users /volume1/web/hgweb/

where hgweb is the directory of the website where index.cgi is located.

Unknown said...

I've run into another problem with the Hg. For some reason, I keep running into this error when pushing an especially large changeset.

HTTP Error 500: No space left on device

I have PLENTY of space left. I googled this and tried using the solution I found online. But it doesn't seem to work.

Have you come across this problem? Potentially have a fix for the synology NAS.

Mike said...

Fantastic!!! Thx

in the manual change from to:

chown -R nobody:users
chown -R nobody:users index.cgi

in the manual add:

change in index.cgi:
config = "/var/services/web/hg/hgweb.config"

for those who do not trust websites that generate passwords (like me) download the htpasswd generator form apachefriends inside xampp apache bin bundle http://sourceforge.net/projects/xampp/files/

Ash said...

Thx for your time Mike, i inserted all your remarks into the manual :)

Anonymous said...

You should use the -s option for ln, because the default behavior would create an hard link.

mike said...

Thanks so much! That note about linux CR was also helpful. I use mercurial at work, which is configured differently, and have been pulling out my hair trying to get this to work on my synology box.

Robin van Ee said...

This doesn't work anymore. No matter what I do, the .cgi file won't run, always returning an error 500. I checked the .htaccess file a thousand times.

Apache 2.4 is installed through Synology's package manager (and Web Station is set to use it), but /usr/syno/apache/ doesn't exist.