How to set up Mercurial with ssl/security

Question

I've been following the hginit.com tutorial on how to use mercurial. Everything is going fine except it uses push_ssl=False. This does not work for my situation because I want pushes (and pulls if possible) to be secure. All the tutorials I've been able to find also use push_ssl=False. Can anyone give me pointers on how to set up ssl/security for Mercurial? Thanks.

Answer 1

Keep in mind Mercurial doesn't validate SSL certificates. It's safer to serve mercurial over SSH (which is easy to setup assuming your repo server has ssh on it).

If you want to use https, the official guide should have the steps in detail, I believe.

Answer 2

There are only a few steps:

1. You setup your webserver with SSL support. We assume you know how to do this or that you can have someone else do it for you.
2. You make the webserver run the hgweb.cgi script. This is a standard CGI script. There are also a WSGI version if you prefer -- both scripts come with the Mercurial source code.
3. You configure your webserver to authenticate users who try to POST to your server. Read-only operations like pull and clone use GET requests only, but write operations like push use POST. Again, we assume you know how to do this (with .htaccess files for Apache, say) or that you can have someone else do it.
4. You leave push_ssl at its default value (True) and configure allow_push to include the usernames that should be allowed to push.

See the web section of hgrc and the publishing repositories page on our wiki.