36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
-
+
-
+
|
Fossil server, with links to more detailed instructions specific to
particular systems, should you want extra help.</p>
<h2 id="prep">Repository Prep</h2>
<p>Prior to serving a Fossil repository to others, consider running <a
href="$ROOT/help?cmd=ui"><tt>fossil ui</tt></a> locally and taking these
href="$ROOT/help/ui"><tt>fossil ui</tt></a> locally and taking these
minimum recommended preparation steps:</p>
<ol>
<li><p>Fossil creates only one user in a <a
href="$ROOT/help?cmd=new">new repository</a> and gives it the <a
href="$ROOT/help/new">new repository</a> and gives it the <a
href="../caps/admin-v-setup.md#apsu">all-powerful Setup capability</a>.
The 10-digit random password generated for that user is fairly strong
against remote attack, even without explicit password guess rate
limiting, but because that user has so much power, you may want to
give it a much stronger password under Admin → Users.</a></li>
<li><p>Run the Admin → Security-Audit tool to verify that other
|
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
-
+
-
+
-
+
-
+
|
<h3 id="cgi">CGI</h3>
<p>Most ordinary web servers can <a href="any/cgi.md">run Fossil as a
CGI script</a>. This method is known to work with Apache,
<tt>lighttpd</tt>, and <a
href="any/althttpd.md"><tt>althttpd</tt></a>. The Fossil server
administrator places a <a href="$ROOT/help?cmd=cgi">short CGI script</a> in
administrator places a <a href="$ROOT/help/cgi">short CGI script</a> in
the web server's document hierarchy and when a client requests the URL
that corresponds to that script, Fossil runs and generates the
response.</p>
<p>CGI is a good choice for merging Fossil into an existing web site,
particularly on hosts that have CGI set up and working.
The Fossil <a href="../selfhost.wiki">self-hosting repositories</a> are
implemented with CGI underneath <tt>althttpd</tt>.</p>
<h3 id="slist">Socket Listener</h3>
<p>Socket listener daemons such as
<a id="inetd" href="any/inetd.md"><tt>inetd</tt></a>, <a id="xinetd"
href="any/xinetd.md"><tt>xinetd</tt></a>, <a id="stunnel"
href="any/stunnel.md"><tt>stunnel</tt></a>, <a
href="macos/service.md"><tt>launchd</tt></a>, and <a
href="debian/service.md"><tt>systemd</tt></a>
can be configured to invoke the the
<a href="$ROOT/help?cmd=http"><tt>fossil http</tt></a> command to handle
<a href="$ROOT/help/http"><tt>fossil http</tt></a> command to handle
each incoming HTTP request. The "<tt>fossil http</tt>" command reads
the HTTP request off of standard input, computes an appropriate
reply, and writes the reply on standard output. There is a separate
invocation of the "<tt>fossil http</tt>" command for each HTTP request.
The socket listener daemon takes care of relaying content to and from
the client, and (in the case of <a href="any/stunnel.md">stunnel</a>)
handling TLS decryption and encryption.
<h3 id="standalone">Stand-alone HTTP Server</h3>
<p>This is the <a href="any/none.md">easiest method</a>.
A stand-alone server uses the
<a href="$ROOT/help?cmd=server"><tt>fossil server</tt></a> command to run a
<a href="$ROOT/help/server"><tt>fossil server</tt></a> command to run a
process that listens for incoming HTTP requests on a socket and then
dispatches a copy of itself to deal with each incoming request. You can
expose Fossil directly to the clients in this way or you can interpose a
<a href="https://en.wikipedia.org/wiki/Reverse_proxy">reverse proxy</a>
layer between the clients and Fossil.</p>
<h3 id="scgi">SCGI</h3>
<p>The Fossil standalone server can also handle <a href="any/scgi.md">SCGI</a>.
When the <a href="$ROOT/help?cmd=server"><tt>fossil server</tt></a> command is
When the <a href="$ROOT/help/server"><tt>fossil server</tt></a> command is
run with the extra <tt>--scgi</tt> option, it listens for incoming
SCGI requests rather than HTTP requests. This allows Fossil to
respond to requests from web servers <a href="debian/nginx.md">such as
nginx</a> that don't support CGI. SCGI is a simpler protocol to proxy
than HTTP, since the HTTP doesn't have to be re-interpreted in terms of
the proxy's existing HTTP implementation, but it's more complex to set
up because you also have to set up an SCGI-to-HTTP proxy for it. It is
|
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
-
+
|
<li><p>If the repository includes <a
href="../embeddeddoc.wiki">embedded documentation</a>, consider
activating the search feature (Admin → Search) so that visitors can do
full-text search on your documentation.</p></li>
<li><p>Now that others can be making changes to the repository,
consider monitoring them via <a href="../alerts.md">email alerts</a>
or the <a href="$ROOT/help?cmd=/timeline.rss">timeline RSS
or the <a href="$ROOT/help/www/timeline.rss">timeline RSS
feed</a>.</p></li>
<li><p>Turn on the various logging features.</p></li>
</ol>
<p>Reload the Admin → Security-Audit page occasionally during this
process to double check that you have not mistakenly configured the
|