Fossil SCM
Updates to the SCGI documentation.
Commit
30a122a05e984e409c92551c9c37582e6f8e1eb8
Parent
5d4400400ae467c…
1 file changed
+11
-1
+11
-1
| --- www/server.wiki | ||
| +++ www/server.wiki | ||
| @@ -198,11 +198,11 @@ | ||
| 198 | 198 | and respond to the SimpleCGI or SCGI protocol rather than raw HTTP. This can |
| 199 | 199 | be used in combination with a webserver (such as [http://nginx.org|Nginx]) |
| 200 | 200 | that does not support CGI. A typical Nginx configuration to support SCGI |
| 201 | 201 | with Fossil would look something like this: |
| 202 | 202 | <blockquote><pre> |
| 203 | -location ~ ^/demo_project/ { | |
| 203 | +location /demo_project/ { | |
| 204 | 204 | include scgi_params; |
| 205 | 205 | scgi_pass localhost:9000; |
| 206 | 206 | scgi_param SCRIPT_NAME "/demo_project"; |
| 207 | 207 | } |
| 208 | 208 | </pre></blockquote> |
| @@ -216,10 +216,20 @@ | ||
| 216 | 216 | <p> |
| 217 | 217 | All of the features of the stand-alone server mode described above, |
| 218 | 218 | such as the ability to serve a directory full of Fossil repositories |
| 219 | 219 | rather than just a single repository, work the same way in SCGI mode. |
| 220 | 220 | </p> |
| 221 | +<p> | |
| 222 | +For security, it is probably a good idea to add the --localhost option | |
| 223 | +to the [/help/server|fossil server] command to prevent Fossil from accepting | |
| 224 | +off-site connections. Add one might want to specify the listening TCP port | |
| 225 | +number, rather than letting Fossil choose one for itself, just to avoid | |
| 226 | +ambiguity. A typical command to start a Fossil SCGI server | |
| 227 | +would be something like this: | |
| 228 | +<blockquote><pre> | |
| 229 | +fossil server $REPOSITORY --scgi --localhost --port 9000 | |
| 230 | +</pre></blockquote> | |
| 221 | 231 | </blockquote> |
| 222 | 232 | |
| 223 | 233 | <h2>Securing a repository with SSL</h2><blockquote> |
| 224 | 234 | <p> |
| 225 | 235 | Using either CGI or SCGI, it is trivial to use SSL to |
| 226 | 236 |
| --- www/server.wiki | |
| +++ www/server.wiki | |
| @@ -198,11 +198,11 @@ | |
| 198 | and respond to the SimpleCGI or SCGI protocol rather than raw HTTP. This can |
| 199 | be used in combination with a webserver (such as [http://nginx.org|Nginx]) |
| 200 | that does not support CGI. A typical Nginx configuration to support SCGI |
| 201 | with Fossil would look something like this: |
| 202 | <blockquote><pre> |
| 203 | location ~ ^/demo_project/ { |
| 204 | include scgi_params; |
| 205 | scgi_pass localhost:9000; |
| 206 | scgi_param SCRIPT_NAME "/demo_project"; |
| 207 | } |
| 208 | </pre></blockquote> |
| @@ -216,10 +216,20 @@ | |
| 216 | <p> |
| 217 | All of the features of the stand-alone server mode described above, |
| 218 | such as the ability to serve a directory full of Fossil repositories |
| 219 | rather than just a single repository, work the same way in SCGI mode. |
| 220 | </p> |
| 221 | </blockquote> |
| 222 | |
| 223 | <h2>Securing a repository with SSL</h2><blockquote> |
| 224 | <p> |
| 225 | Using either CGI or SCGI, it is trivial to use SSL to |
| 226 |
| --- www/server.wiki | |
| +++ www/server.wiki | |
| @@ -198,11 +198,11 @@ | |
| 198 | and respond to the SimpleCGI or SCGI protocol rather than raw HTTP. This can |
| 199 | be used in combination with a webserver (such as [http://nginx.org|Nginx]) |
| 200 | that does not support CGI. A typical Nginx configuration to support SCGI |
| 201 | with Fossil would look something like this: |
| 202 | <blockquote><pre> |
| 203 | location /demo_project/ { |
| 204 | include scgi_params; |
| 205 | scgi_pass localhost:9000; |
| 206 | scgi_param SCRIPT_NAME "/demo_project"; |
| 207 | } |
| 208 | </pre></blockquote> |
| @@ -216,10 +216,20 @@ | |
| 216 | <p> |
| 217 | All of the features of the stand-alone server mode described above, |
| 218 | such as the ability to serve a directory full of Fossil repositories |
| 219 | rather than just a single repository, work the same way in SCGI mode. |
| 220 | </p> |
| 221 | <p> |
| 222 | For security, it is probably a good idea to add the --localhost option |
| 223 | to the [/help/server|fossil server] command to prevent Fossil from accepting |
| 224 | off-site connections. Add one might want to specify the listening TCP port |
| 225 | number, rather than letting Fossil choose one for itself, just to avoid |
| 226 | ambiguity. A typical command to start a Fossil SCGI server |
| 227 | would be something like this: |
| 228 | <blockquote><pre> |
| 229 | fossil server $REPOSITORY --scgi --localhost --port 9000 |
| 230 | </pre></blockquote> |
| 231 | </blockquote> |
| 232 | |
| 233 | <h2>Securing a repository with SSL</h2><blockquote> |
| 234 | <p> |
| 235 | Using either CGI or SCGI, it is trivial to use SSL to |
| 236 |