February 23rd, 2011

glider

mercurial server (win 7)

basic configuration:
1. install python-2.6.6.msi
2. install mercurial-1.7.5.win32-py2.6.exe
3. create directory at "c:\inetpub\wwwroot\hg\"
4. unpack webapp.zip to created directory
5. create web application with root at created directory
6. make sure that application pool allows 32-bit applications (the switch is in advanced settings of pool configuration)
7. make sure that CGI for IIS is installed (turn windows features on/off > Internet Information Services > Application Development Features)
8. make sure that handler mappings contain the "Python" mapping with c:\Python26\python.exe -u "%s" command line (the list of mappings is in handler mappings section of site configuration)
9. make sure that the "Python" handler is allowed on the server
10. now navigate to http:///hgweb.cgi

authentication and authorization:
1. upon completion of previous steps the server works in anonymous mode, but most likely that's not what we wish
2. make sure that basic authentication for IIS is installed (turn windows features on/off > Internet Information Services > World Wide Web Services > Security)
3. disable anonymous authentication and enable basic authentication in IIS (the switch is in authentication section of site configuration)
note. neither NTLM, nor Negotiate will work, since they ain't understood by mercurial
4. navigate to http:///hgweb.cgi and it will now ask for credentials
5. enter your own credentials (or whatever user registered on your PC / in your domain)
6. if the credentials authenticate a user, browser will display all repositories that are visible to this user
note. this is how authorization works for mercurial server - you just grant/remove rights on file system level and that's it
7. now you might want to serve your repositories via HTTPS in order to protect credentials from being hijacked

now you will be able to:
1. view configured repositories via browser by navigating to http:///hgweb.cgi/
2. clone configured repositories via any hg client by using the very same url
3. push from clones into served repositories
4. restrict 1-3 to be available only to certain users