Fossil

Check-in [16e3cff648]
Login

Check-in [16e3cff648]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Several small refinements to prior check-ins.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | server-docs
Files: files | file ages | folders
SHA3-256: 16e3cff648aca9c4594f08341ce7f933b4d129a5f974692a21a31c79f4102ed6
User & Date: wyoung 2019-08-16 10:19:28.991
Context
2019-08-16
10:27
Converted the backwards-compatibility sections in www/server.wiki into identified hyperlinks to the new docs, which allows existing external ".../server.wiki#cgi" URLs and such to work without needing the near-empty sections containing only a hyperlink just to anchor the link. ... (check-in: 0bb59100f2 user: wyoung tags: server-docs)
10:19
Several small refinements to prior check-ins. ... (check-in: 16e3cff648 user: wyoung tags: server-docs)
10:11
Moved the "Serving via althttpd" material from www/ssl.wiki to a new document, www/server/any/althttpd.md, linked from www/server.wiki. ... (check-in: 2e19fcee33 user: wyoung tags: server-docs)
Changes
Unified Diff Ignore Whitespace Patch
Changes to www/server/any/scgi.md. 
40
41
42
43
44
45
46





47
48
49

function properly, but nginx does not provide this variable by default,
so it is necessary to provide it in the configuration.  Failure to do
this will cause Fossil to return an error.

The [example `fslsrv` script](/file/tools/fslsrv) shows off these same
concepts in a more complicated setting. You might want to mine that
script for ideas.






There is a [separate article](../../tls-nginx.md) showing how to add TLS
encryption to this basic SCGI + nginx setup.








>
>
>
>
>




40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

function properly, but nginx does not provide this variable by default,
so it is necessary to provide it in the configuration.  Failure to do
this will cause Fossil to return an error.

The [example `fslsrv` script](/file/tools/fslsrv) shows off these same
concepts in a more complicated setting. You might want to mine that
script for ideas.

You might want to next read one of the platform-specific versions of this
document, which goes into more detail:

*   [Debian/Ubuntu](../debian/nginx.md)

There is a [separate article](../../tls-nginx.md) showing how to add TLS
encryption to this basic SCGI + nginx setup.
Changes to www/server/debian/nginx.md. 
1
2
3
4
5
6
7
8

# Serving via nginx on Debian

This document is an extension of [the platform-independent SCGI
instructions][scgii], which may suffice for your purposes if your needs
are simple.

Here, we add more detailed information on nginx itself, plus details
about running it on Debian type OSes. We focus on Debian 10 (Buster) and

|








1
2
3
4
5
6
7
8

# Serving via nginx on Debian and Ubuntu

This document is an extension of [the platform-independent SCGI
instructions][scgii], which may suffice for your purposes if your needs
are simple.

Here, we add more detailed information on nginx itself, plus details
about running it on Debian type OSes. We focus on Debian 10 (Buster) and
Changes to www/ssl.wiki. 
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237



<h2 id="server">Fossil TLS Configuration: Server Side</h2>

Fossil's built-in HTTP server feature does not currently have a built-in
way to serve via HTTP over TLS, a.k.a. HTTPS, even when you've linked
Fossil to OpenSSL. To serve a Fossil repository via HTTPS, you must put
it behind some kind of HTTPS proxy.


<h3 id="stunnel">stunnel Alone</h3>

That's covered [./server/any/stunnel.md | elsewhere].


<h3 id="althttpd">stunnel + althttpd</h3>

That's covered [./server/any/althttpd.md | elsewhere].


<h3 id="nginx">nginx</h3>

If your needs are more complex than althttpd can handle or you'd prefer
to use only software available in your server operating system's package
repository, we recommend that you step up to [http://nginx.org/|nginx].
Setting this up is complex enough that we cover it [./tls-nginx.md|in a
separate document].


<h2 id="enforcing">Enforcing TLS Access</h2>

To use TLS encryption in cloning and syncing to a remote Fossil
repository, be sure to use the <tt>https:</tt> URI scheme in
<tt>clone</tt> and <tt>sync</tt> commands.  If your server is configured








|
|
|
<

|
<
<
<
<
|
|
<
<
<
<
<
<
<
<








204
205
206
207
208
209
210
211
212
213

214
215




216
217








218
219
220
221
222
223
224



<h2 id="server">Fossil TLS Configuration: Server Side</h2>

Fossil's built-in HTTP server feature does not currently have a built-in
way to serve via HTTP over TLS, a.k.a. HTTPS, even when you've linked
Fossil to OpenSSL. To serve a Fossil repository via HTTPS, you must put
it behind some kind of HTTPS proxy. We have a number of documents
elsewhere in this repository that cover your options for [./server.wiki
| serving Fossil repositories]. A few of the most useful of these are:


  *  <a id="stunnel"  href="./server/any/stunnel.md">Serving via stunnel</a>




  *  <a id="althttpd" href="./server/any/althttpd.md">Serving via stunnel + althttpd</a>
  *  <a id="nginx"    href="./server/any/scgi.md">Serving via SCGI (nginx)</a>










<h2 id="enforcing">Enforcing TLS Access</h2>

To use TLS encryption in cloning and syncing to a remote Fossil
repository, be sure to use the <tt>https:</tt> URI scheme in
<tt>clone</tt> and <tt>sync</tt> commands.  If your server is configured