Installing Mercurial 1.8.4 on IIS 7.5 as a Repository website

This blog covers setting up a Mercurial server on IIS 7.5. 

Recently I was asked to set up a version control system for my department. I did some research and choose Mercurial. I decided to install Mercurial on its own server,  which at first seemed simple enough. However, after googling around I found that there wasn’t a great deal of resources to work with. There were guides/tutorials out there but most were outdated. Thus, I’ve put together this easy-to-read/follow blog post.

---

Some things to note:

• I’m using VMware vSphere with Mercurial installed on a dedicated Windows Server 2008 R2 Datacenter VM.
• This post uses Mercurial 1.8.4.
• I created a 5GB secondary partition to hold repositories and wwwroot, labeled D:.

---

Getting Started:

These are some requirements you need to have/download:

1. Download the appropriate Mercurial build for your version of Windows, from here: Mercurial version 1.8.4. Download Page. Choose a Bundle package that contains Python 2.6.6. and Mercurial.
2. Download the “Web Platform Installer” onto the server.
   

---

Steps for setting up the Mercurial server:

1.  Install IIS 7.5. In “Server Manager”, scroll down under “Roles Summary”, click on “Add Roles” on the right.
   
2. Skip the intro page. The second page will display all the roles that the server can have; Choose “Web Server (IIS)”.
   
3. The next screen will be an “Introduction to Web Server (IIS)” skip this.
4. The next screen will be “Select Role Services”. Now there are alot of roles we want to install, leave all the default roles alone, we will not be uninstalling any of these.
   1. Under "Common HTTP Features": Check HTTP Redirection.
   2. Under "Application Development": Check CGI.
   3. Under  "Health and Diagnostics": Check Logging tools.
   4. Under "Security": Check Basic Authentication, URL Authorization, and IP and Domain Restrictions.
   5. Under  "Preformance": Check Dynamic Content Compression.
   6. Under "Management Tools":  Check IIS Management Scripts and Tools and Management Service.
5. Here is an example of all the roles that need to be checked.
   
6. Click next until the end and then close.
   
7. You should see the “Web Server (IIS)” added to “Roles” of the Server..

---

Installing and Setting up Mercurial:

1. Now install Mercurial 1.8.4. Double click the “mercurial-1.8.4.win-amd64-py2.6.exe” setup file.
   
2. Click next, install, then finish. Quick note: While installing Mercurial, if you do not see the “Python 2.6.6” like above, you probably didn’t choose the right edition (Mercurial with Python) when downloading the setup file.
3. Great, we now have Mercurial and Python downloaded and installed.

---

Implementing Mercurial as a Web Application:

A few things to note:

 

1. First, if you haven’t already, create a new volume to host your wwwroot and mercurial repository. I made mine “D:” with 5GB free space.
   
2. Open a browser and go to the URL “http://localhost/”. If you see the IIS7 welcome screen (below), then IIS is installed correctly.
   
3. Open IIS manager and delete the default site.
   
4. Create the “D:\inetpub\wwwroot\hg” folder structure. In a command prompt, this will work:
   cd D:\
mkdir D:\inetpub
mkdir D:\inetpub\wwwroot
mkdir D:\inetpub\wwwroot\hg
5. Run the following commands to move the logs and wwwroot to “D:”.  Reference:
   IIS7: Moving the INETPUB directory to another drive.
   • %windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/sites -siteDefaults.logfile.directory:"D:\inetpub\logs\logfiles"

   • %windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralBinaryLogFile.directory:"D:\inetpub\logs\logfiles"

   • %windir%\system32\inetsrv\appcmd set config -section:system.applicationHost/log -centralW3CLogFile.directory:"D:\inetpub\logs\logfiles"

   • reg add HKLM\Software\Microsoft\inetstp /v PathWWWRoot /t REG_SZ /d d:\inetpub\wwwroot

   • %windir%\system32\inetsrv\appcmd set vdir "Default Web Site/" -physicalPath:d:\inetpub\wwwroot

6. Next we want to create a new site “HgWeb” at “D:\inetpub\wwwroot”. Right Click on “Sites” and choose “Add Web Site”.
   
7.  For “Site Name:” use “HgWeb” and make the physical path “D:\inetpub\wwwroot“:
   
8. In “IIS Manager” you should now see your “HgWeb” site in the tree and under it an ‘hg’ folder.
   
9. Right Click and Select “Add Application” on your hg folder.
   
10. Set “hg” as the value of Alias and gave it a physical path of “D:\inetpub\wwwroot\hg“.
    
11. Now, go into “Handler Mappings” and we are going to “Add Script Map” for CGI.
    
12. For the “Request Path” enter:  " *.cgi "
13. For the Executable enter: " C:\Python26\python.exe -u "%s" "
14. For the Name enter: " Python ".
    
15. When you hit “OK”, the manager will throw a message, click “Yes”.
    
    
16. Your “wwwroot” should look like this.
    • wwwroot
      • Welcome.png
      • IISstart.htm
      • /hg (folder)

---

Test Python:

1. We are going to create a simple Python script that will allow us to see if our Python Handler Mapping is working.
2. Navigate to your “HgWeb site” directory in Windows Explorer, “D:\inetpub\wwwroot\hg”.
3. Add a new Text document named “test.cgi”, copy and paste this code inside of it, then save the file.

   print 'Status: 200 OK'
   print 'Content-Type: text/html'
   print
   print '<html><body><h1>It Works!</h1></body></html>'

4. Now open your browser and navigate to “http://localhost/hg/test.cgi”, you should see the following.
   
5. Awesome, that was a big step. Now, delete the “test.cgi” from D:\inetpub\wwwroot\hg.

---

Mercurial Configuration – “hgweb.cgi”

1. Check the “D:\inetpub\wwwroot\hg” folder. There should be a web.config file which was automatically generated by IIS after we made the cgi module.
2. Create 2 new blank files in your “D:\inetpub\wwwroot\hg” folder. Name one of them “hgweb.cgi” and the other “hgweb.config”.
3. Copy and Paste the following code into your “hgweb.cgi”. Reference “Running a Mercurial Server with IIS 7.5”.

---

#!/usr/bin/env python
#
# An example hgweb CGI script, edit as necessary
# See also http://mercurial.selenic.com/wiki/PublishingRepositories

# Path to repo or hgweb config to serve (see 'hg help hgweb')
config = "/inetpub/wwwroot/hg/hgweb.config"

# Uncomment and adjust if Mercurial is not installed system-wide:
#import sys; sys.path.insert(0, "/path/to/python/lib")

# Uncomment to send python tracebacks to the browser if an error occurs:
#import cgitb; cgitb.enable()

from mercurial import demandimport; demandimport.enable()
from mercurial.hgweb import hgweb, wsgicgi
application = hgweb(config)
wsgicgi.launch(application)

---

• Note: the lines beginning with ‘#’ are comments and can be removed.
  
  

4. Now the “/wwwroot/hg” folder should look like this.
   • hgweb.config
   • hgweb.cgi
5. Insert this code into your “hgweb.config”:
   • [web]
   • baseurl = /hg
6. Now let’s test the “hgweb.cgi” file. Open Internet Explorer and Navigate to “http://localhost/hg/hgweb.cgi” on the Mercurial server, and you should see the following.
   
7. Now that it’s up and running, we don’t want the “hgweb.cgi’ in our Web Address so let’s change that with URL rewrite 2.0.
8. Delete Welcome.png and IISstart.htm

---

Rewrite your URL to a more fancy Web address:

1. If you haven’t already, you will now need to download Web Platform Installer.
2. Open the download file named “wpilauncher_3_10.exe” and search for URL Rewrite 2.0.
   
3. Click Add –> then click install –> Click accept on the next menu.
   
4. Close and reopen IIS Manager.
5. Once it has restarted, navigate to “HgWeb/hg”, and select “URL Rewrite”.
   
6. Click “Add Rule(s)”, In the window that pops up, select “blank rule” click ok.
   
7. Name the rule “rewrite hgweb url“. Under the “Match URL” section under “Using” change this to “Wildcards“. Assign pattern to “*“.
   
8. Expand “Conditions”, click “Add”, the “Condition Input” should be “{REQUEST_FILENAME}“, we do not want to rewrite URL’s to any files, so under “Check if input string” choose “Is Not A FIle“.
   
9. Last Under the “Action” Section, In the section under “Rewrite URL:”, insert this code, "hgweb.cgi/{R:1}".
   
10. Once this is done, navigate back to http://localhost/hg, It should look identical to the last time we visited the page, but we’re now using the shortened url.
    

---

Create a Test Repository:

Next, let’s create a repository.

1. Make a folder for your repository.
   • mkdir D:\repositories
   • mkdir D:\repositories\testrepo
2. Edit your “hgweb.config” and add the following lines:
   • [paths]
   • testrepo = /repositories/testrepo
3. Change directories to “D:/Repositories/testrepo”.
   cd D:\Repositories\testrepo
   hg init
   
   

1. Open a browser and navigate to “http://localhost/hg”. You should see your new repository:
   
2. Now, lets add a file to the repository.
3. In the “D:\repositories\testrepo”, create a text file “test.txt” and write something like “this is a test” inside of the text file. Then let’s add and commit using these commands.
   • hg add
   • hg commit

            

---

Securing Mercurial:

1. To enable encryption, you must create a “Self-Signed Certificate” for Mercurial. Open “IIS manager”, click on <your server name> then choose “Server Certificates”.
2.  Select “Create Self-Signed Certificate” and give it the “friendly” name.
   
3. Expand your IIS server’s tree, and select the site “HgWeb”. Double-click “Authentication” and set “Anonymous” to “Enabled”. Make sure no other authentication providers are enabled.
   
4. Expand “HgWeb”, click on “hg” and under “Authentication” set “Basic Authentication” to “Enabled”. Make sure no other authentication providers are enabled.
   
5. Go back to “HgWeb” and click on “SSL Settings”, under “Client Certificates” choose “ignore”
   
6. Under “HgWeb” choose “hg”, click on “SSL Settings” and check the box “Require SSL”, and for client certificates, “ignore”.
   
7. Now we are going to redirect all http requests to “https://FQDN/hg&#8221;.
8. Navigate back to the “HgWeb” site and click on “HTTP Redirect”. Check the box “Redirect requests to this destination” and enter "https://<serverFQDN>/hg". Check the two boxes under “Redirect Behavior” and set the Status code to: “Found (302)”.
   
9. Now create 3 security groups in Active Directory: “Mercurial Users”, “ACL_Mercurial_AllowPush” and “ACL_Mercurial_AllowPull”.
10. Nest the two ACL groups inside the “Mercurial Users” group.
    
11. People in “Mercurial Users” will have the correct NTFS permissions required to push and pull to the server. However, the Mercurial Python application doesn’t allow group membership and requires additional configuration per-user.
12. To allow push\pull, each user must be entered into the appropriate “hgweb.config” area. To do this we will add this code under the “[web]” section of the hgweb.config file.
    • allow_push = <users allowed to push>
    • allow_pull = <users allowed to pull>

    

13. The next step is to Enable “URL Authorization”, Under “HgWeb”, select “hg” and click on “Authorization Rules”, then select “Add Allow Rule…”. Add a rule for “ACL_Mercurial_AllowPush and ACL_Mercurial_AllowPull”. They should look something like this;
    
14. NTFS permissions should be set up on the “D:\Repositories”. Users of the ACL_Mercurial_AllowPull should have permissions for: “Read & Execute”, “List folder contents” and “Read”.
    
15. ACL_Mercurial_Allow Push should have permissions for everything besides “Special Permissions”.
    
16. This should set up security for the site, if there are any questions this is what all my files ended up looking like.
17. “D:\” looks like:
    
18. Inetpub and wwwroot (web.config inside of wwwroot).
    
19. In the “hg” folder under “wwwroot”, there are three files, “web.config”, “hgweb.cgi” and “hgweb.config”
20. hg folder
    
    web.config
    
    hgweb.cgi
    
    hgweb.config
    

You should be done!

After your able to “hg push” you’re done setting up you’re Repository! My next post will be covering “Securing Mercurial Repositories”. This will dive into making our Mercurial Repositories more or less safer to use.

Side Note: If you liked/disliked this blog please leave a comment! I want to know what you think!