How to set up Mercurial with ssl/security
10,166
Solution 1
Keep in mind Mercurial doesn't validate SSL certificates. It's safer to serve mercurial over SSH (which is easy to setup assuming your repo server has ssh on it).
If you want to use https, the official guide should have the steps in detail, I believe.
Solution 2
There are only a few steps:
- You setup your webserver with SSL support. We assume you know how to do this or that you can have someone else do it for you.
- You make the webserver run the
hgweb.cgi
script. This is a standard CGI script. There are also a WSGI version if you prefer -- both scripts come with the Mercurial source code. - You configure your webserver to authenticate users who try to POST to your server. Read-only operations like pull and clone use GET requests only, but write operations like push use POST. Again, we assume you know how to do this (with
.htaccess
files for Apache, say) or that you can have someone else do it. - You leave
push_ssl
at its default value (True
) and configureallow_push
to include the usernames that should be allowed to push.
See the web section of hgrc and the publishing repositories page on our wiki.
Author by
Sam Lee
Updated on June 04, 2022Comments
-
Sam Lee about 2 years
I've been following the hginit.com tutorial on how to use mercurial. Everything is going fine except it uses
push_ssl=False
. This does not work for my situation because I want pushes (and pulls if possible) to be secure. All the tutorials I've been able to find also usepush_ssl=False
. Can anyone give me pointers on how to set up ssl/security for Mercurial? Thanks. -
Gili about 13 yearsMercurial 1.6.4+ validates SSL certificates.