2

I have RhodeCode working with http using the paster serve tool that it comes with...

I'm struggling to find a "simple" solution to get this running on HTTPS. A lot of discussion is about using Apache to do this on unix. Not a lot of info on how to do it on IIS.

I was looking at paster serve and it seems to be able to serve using HTTPS, but can't quite work out how to get this going.

However the real goal is just to serve RhodeCode over HTTPS in the simplest way possible ( all self contained would be brilliant).

Keith Nicholas
  • 165
  • 1
  • 1
  • 13
  • Is windows an absolute requirement? We're a Windows shop, but I host a Mercurial server on Linux and do AD auth for repo access. – jscott Dec 07 '12 at 01:58
  • 1
    yeah, the server it runs on is windows, and that server hosts a bunch of other tools also. It'd be a pain to try and get another server as this one is automatically backed up etc etc... – Keith Nicholas Dec 07 '12 at 02:47
  • Fair enough. I'll see if I can find the time to stand up an IIS box to test this as I wanted to try RhodeCode. – jscott Dec 07 '12 at 02:58

3 Answers3

2

First try to add in the paster config:

ssl_pem = *

This will generate a self signed certificate that will be used for the SSL listener.

If you want to use your own certificate export the key and the certificate in PEM format (BASE64 ASCII armoured DER) concatenate them in a file and change ssl_pem to point to this file.

From: http://pythonpaste.org/modules/httpserver.html

ssl_pem

This an optional SSL certificate file (via OpenSSL). You can supply * and a development-only certificate will be created for you, or you can generate a self-signed test PEM certificate file as follows:

$ openssl genrsa 1024 > host.key
$ chmod 400 host.key
$ openssl req -new -x509 -nodes -sha1 -days 365  \
              -key host.key > host.cert
$ cat host.cert host.key > host.pem
$ chmod 400 host.pem

See also the openssl man pages.

Mircea Vutcovici
  • 16,706
  • 4
  • 52
  • 80
  • 1
    And set the force_https = true flag in the ini configuration. Just to make proper https redirections in rhodecode's web interface (generate https:// links instead http://). – cadmi Dec 11 '12 at 12:26
  • for whatever reason, this doesn't seem to work.... and from what I can see from other people dealing with RhodeCode, it doesn't work for them either. – Keith Nicholas Dec 12 '12 at 19:51
  • Check if you have the listener started. If not you should have an exception in the logs. If the listener is started, then check if it is a SSL tunnel with: `openssl s_client -connect localhost:443`. – Mircea Vutcovici Dec 13 '12 at 19:44
0

http://www.wampserver.com/en/

provides a very simple way to setup a WAMP (Windows/Apache/MySQL/PHP) in a windows environment as a single installer, which gives you a compatible and mostly configured Apache/PHP stack. Any of the tutorials for UNIX based apache installs should work for windows, including SSL, with the exception of any apache module installations.

Otherwise, I have am lacking in knowledge of RhodeCode.

user1146281
  • 101
  • 1
  • 1
  • 3
0

Two ways to do this:

Proxy: Have IIS act as a reverse proxy with SSL, passing to the RhoneCode built-in server over non-SSL. Probably the easiest choice.

WSGI: Use ISAPI-WSGI to server RhoneCode directly, based on the example for Apache. Probably much harder.

Community
  • 1
Anton Cohen
  • 1,112
  • 6
  • 7