# HG changeset patch # User Martin Geisler # Date 1291197151 -3600 # Node ID 1cfaf11c63988b0bbeca2f815c276638b7efc4b5 # Parent 4fdb4b18eb3d6664dff49fed885841cac58107c7 hgrc.5: expand introduction for [web] section diff -r 4fdb4b18eb3d -r 1cfaf11c6398 doc/hgrc.5.txt --- a/doc/hgrc.5.txt Wed Dec 01 10:21:40 2010 +0100 +++ b/doc/hgrc.5.txt Wed Dec 01 10:52:31 2010 +0100 @@ -925,7 +925,29 @@ ``web`` """"""" -Web interface configuration. + +Web interface configuration. The settings in this section apply to +both the builtin webserver (started by :hg:`serve`) and the script you +run through a webserver (``hgweb.cgi`` and the derivatives for FastCGI +and WSGI). + +The Mercurial webserver does no authentication (it does not prompt for +usernames and passwords to validate *who* users are), but it does do +authorization (it grants or denies access for *authenticated users* +based on settings in this section). You must either configure your +webserver to do authentication for you, or disable the authorization +checks. + +For a quick setup in a trusted environment, e.g., a private LAN, where +you want it to accept pushes from anybody, you can use the following +command line:: + + $ hg --config web.allow_push=* --config web.push_ssl=False serve + +Note that this will allow anybody to push anything to the server and +that this should not be used for public servers. + +The full set of options is: ``accesslog`` Where to output the access log. Default is stdout.