This directory is a Django project which contains hgwebproxy as a
Django application. These are some notes on installation and
configuration of hgwebproxy.

hgwebproxy was written by Jesper Noehr (jesper@noehr.org), with minor
modifications by Faheem Mitha (faheem@email.unc.edu). It uses code
from https://bitbucket.org/jespern/cx/.  Hgwebproxy uses Django as a
proxy for hgweb. In other words, when the request is sent to hgweb,
Django gets it and relays it to hgweb, and then intercepts the
response from hgweb, and can do post-processing on it if
necessary. This has two advantages. One, hgweb can use Django's
pre-existing database of users and passwords. Secondly, this makes it
possible to use Django templating with hgweb.

It has been tested under Debian etch with Apache 2,2 and mod_wsgi
(libapache2-mod-wsgi) and Django 1.0, with the following apache
config. The wsgi script is in apache/django.wsgi. This configuration
was largely copied from

WSGIScriptAlias /hg /var/django/hg/apache/django.wsgi
WSGIPassAuthorization On
<Directory /var/django/hg/apache>
    Order deny,allow
    Allow from all

The WSGIPassAuthorization line is necessary to enable the hgwebproxy
to handle authorization rather than Apache. See
for further information.

It can also be run using Django's built-in webserver (python manage.py

This project uses sqlite as the database by default, so you will need
to install python-pysqlite2 and sqlite3. Note also that the project
directory and the sqlite database file (db by default) need to be
readable and writable by the apache user (www-data for Debian). One
way of doing so is to set the group for these to www-data and make
them group writable.

The hgweb config is in hgwebproxy/hgweb.conf, and may be changed as

The default authentication config is to have all requests
authenticated. To authenticate against only 'POST' requests, as is
appropriate if you desire the repositories to be world-readable, but
only writable by authenticated users, see comments in the hgroot view
in hgwebproxy/views.py. Hgwebproxy uses Django's underlying database
of users and passwords. See basic_auth in hgwebproxy/views.py for

By default with the Apache configuration given above, the repositories
are viewable at the url /servername/hg/.

At first sight, it seems simpler to use Django authentication instead
of having the application doing the authentication. The reason for
doing it this way is so the authentication will work with hg command
line operations.

In other words, operations of the form

hg clone/pull/push https://servername/hg/faheem/test

can use basic_auth.

An alternative and preferable method is to use Django authentication
for the browser, and basic_auth for the command line. This is a
planned enhancement.

Faheem Mitha <faheem@email.unc.edu> and Jesper Noehr <jesper@noehr.org>
September 2008.