diff --git a/configs/development.ini b/configs/development.ini --- a/configs/development.ini +++ b/configs/development.ini @@ -1,24 +1,24 @@ - +## -*- coding: utf-8 -*- -################################################################################ -## RHODECODE COMMUNITY EDITION CONFIGURATION ## -################################################################################ +; ######################################### +; RHODECODE COMMUNITY EDITION CONFIGURATION +; ######################################### [DEFAULT] -## Debug flag sets all loggers to debug, and enables request tracking +; Debug flag sets all loggers to debug, and enables request tracking debug = true -################################################################################ -## EMAIL CONFIGURATION ## -## Uncomment and replace with the email address which should receive ## -## any error reports after an application crash ## -## Additionally these settings will be used by the RhodeCode mailing system ## -################################################################################ +; ######################################################################## +; EMAIL CONFIGURATION +; Uncomment and replace with the email address which should receive +; any error reports after an application crash +; Additionally these settings will be used by the RhodeCode mailing system +; ######################################################################## -## prefix all emails subjects with given prefix, helps filtering out emails +; prefix all emails subjects with given prefix, helps filtering out emails #email_prefix = [RhodeCode] -## email FROM address all mails will be sent +; email FROM address all mails will be sent #app_email_from = rhodecode-noreply@localhost #smtp_server = mail.server.com @@ -29,125 +29,139 @@ debug = true #smtp_use_ssl = true [server:main] -## COMMON ## +; COMMON HOST/IP CONFIG host = 127.0.0.1 port = 5000 -########################################################### -## WAITRESS WSGI SERVER - Recommended for Development #### -########################################################### +; ################################################## +; WAITRESS WSGI SERVER - Recommended for Development +; ################################################## +; use server type use = egg:waitress#main -## number of worker threads + +; number of worker threads threads = 5 -## MAX BODY SIZE 100GB + +; MAX BODY SIZE 100GB max_request_body_size = 107374182400 -## Use poll instead of select, fixes file descriptors limits problems. -## May not work on old windows systems. + +; Use poll instead of select, fixes file descriptors limits problems. +; May not work on old windows systems. asyncore_use_poll = true -########################## -## GUNICORN WSGI SERVER ## -########################## -## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini +; ########################### +; GUNICORN APPLICATION SERVER +; ########################### +; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini + +; Module to use, this setting shouldn't be changed #use = egg:gunicorn#main -## Sets the number of process workers. More workers means more concurrent connections -## RhodeCode can handle at the same time. Each additional worker also it increases -## memory usage as each has it's own set of caches. -## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more -## than 8-10 unless for really big deployments .e.g 700-1000 users. -## `instance_id = *` must be set in the [app:main] section below (which is the default) -## when using more than 1 worker. + +; Sets the number of process workers. More workers means more concurrent connections +; RhodeCode can handle at the same time. Each additional worker also it increases +; memory usage as each has it's own set of caches. +; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more +; than 8-10 unless for really big deployments .e.g 700-1000 users. +; `instance_id = *` must be set in the [app:main] section below (which is the default) +; when using more than 1 worker. #workers = 2 -## Gunicorn access log level +; Gunicorn access log level #loglevel = info -## process name visible in process list +; Process name visible in process list #proc_name = rhodecode -## type of worker class, one of sync, gevent -## recommended for bigger setup is using of of other than sync one +; Type of worker class, one of `sync`, `gevent` +; Recommended type is `gevent` #worker_class = gevent -## The maximum number of simultaneous clients. Valid only for Gevent +; The maximum number of simultaneous clients. Valid only for gevent #worker_connections = 10 -## max number of requests that worker will handle before being gracefully -## restarted, could prevent memory leaks +; Max number of requests that worker will handle before being gracefully restarted. +; Prevents memory leaks, jitter adds variability so not all workers are restarted at once. #max_requests = 1000 #max_requests_jitter = 30 -## amount of time a worker can spend with handling a request before it -## gets killed and restarted. Set to 6hrs +; Amount of time a worker can spend with handling a request before it +; gets killed and restarted. By default set to 21600 (6hrs) +; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h) #timeout = 21600 -## The maximum size of HTTP request line in bytes. -## 0 for unlimited +; The maximum size of HTTP request line in bytes. +; 0 for unlimited #limit_request_line = 0 -## Limit the number of HTTP headers fields in a request. -## By default this value is 100 and can't be larger than 32768. +; Limit the number of HTTP headers fields in a request. +; By default this value is 100 and can't be larger than 32768. #limit_request_fields = 32768 -## Limit the allowed size of an HTTP request header field. -## Value is a positive number or 0. -## Setting it to 0 will allow unlimited header field sizes. +; Limit the allowed size of an HTTP request header field. +; Value is a positive number or 0. +; Setting it to 0 will allow unlimited header field sizes. #limit_request_field_size = 0 -## Timeout for graceful workers restart. -## After receiving a restart signal, workers have this much time to finish -## serving requests. Workers still alive after the timeout (starting from the -## receipt of the restart signal) are force killed. +; Timeout for graceful workers restart. +; After receiving a restart signal, workers have this much time to finish +; serving requests. Workers still alive after the timeout (starting from the +; receipt of the restart signal) are force killed. +; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h) #graceful_timeout = 3600 # The number of seconds to wait for requests on a Keep-Alive connection. # Generally set in the 1-5 seconds range. #keepalive = 2 -## Maximum memory usage that each worker can use before it will receive a -## graceful restart signal, e.g 10MB = 10485760 (10 * 1024 * 1024) -# 0 = memory monitoring is disabled +; Maximum memory usage that each worker can use before it will receive a +; graceful restart signal 0 = memory monitoring is disabled +; Examples: 268435456 (256MB), 536870912 (512MB) +; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB) #memory_max_usage = 0 -## How often in seconds to check for memory usage for each gunicorn worker +; How often in seconds to check for memory usage for each gunicorn worker #memory_usage_check_interval = 60 -## Threshold value for which we don't recycle worker if GarbageCollection -## frees up enough resources. Before each restart we try to run GC on worker -## in case we get enough free memory after that, restart will not happen. +; Threshold value for which we don't recycle worker if GarbageCollection +; frees up enough resources. Before each restart we try to run GC on worker +; in case we get enough free memory after that, restart will not happen. #memory_usage_recovery_threshold = 0.8 -## prefix middleware for RhodeCode. -## recommended when using proxy setup. -## allows to set RhodeCode under a prefix in server. -## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well. -## And set your prefix like: `prefix = /custom_prefix` -## be sure to also set beaker.session.cookie_path = /custom_prefix if you need -## to make your cookies only work on prefix url + +; Prefix middleware for RhodeCode. +; recommended when using proxy setup. +; allows to set RhodeCode under a prefix in server. +; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well. +; And set your prefix like: `prefix = /custom_prefix` +; be sure to also set beaker.session.cookie_path = /custom_prefix if you need +; to make your cookies only work on prefix url [filter:proxy-prefix] use = egg:PasteDeploy#prefix prefix = / [app:main] -## The %(here)s variable will be replaced with the absolute path of parent directory -## of this file -## In addition ENVIRONMENT variables usage is possible, e.g -## sqlalchemy.db1.url = {ENV_RC_DB_URL} +; The %(here)s variable will be replaced with the absolute path of parent directory +; of this file +; In addition ENVIRONMENT variables usage is possible, e.g +; sqlalchemy.db1.url = {ENV_RC_DB_URL} use = egg:rhodecode-enterprise-ce -## enable proxy prefix middleware, defined above +; enable proxy prefix middleware, defined above #filter-with = proxy-prefix +; ############# +; DEBUG OPTIONS +; ############# + +pyramid.reload_templates = true + # During development the we want to have the debug toolbar enabled pyramid.includes = pyramid_debugtoolbar - rhodecode.lib.middleware.request_wrapper - -pyramid.reload_templates = true debugtoolbar.hosts = 0.0.0.0/0 debugtoolbar.exclude_prefixes = @@ -164,97 +178,100 @@ rhodecode.includes = # api prefix url rhodecode.api.url = /_admin/api - -## END RHODECODE PLUGINS ## +; enable debug style page +debug_style = true -## encryption key used to encrypt social plugin tokens, -## remote_urls with credentials etc, if not set it defaults to -## `beaker.session.secret` +; ################# +; END DEBUG OPTIONS +; ################# + +; encryption key used to encrypt social plugin tokens, +; remote_urls with credentials etc, if not set it defaults to +; `beaker.session.secret` #rhodecode.encrypted_values.secret = -## decryption strict mode (enabled by default). It controls if decryption raises -## `SignatureVerificationError` in case of wrong key, or damaged encryption data. +; decryption strict mode (enabled by default). It controls if decryption raises +; `SignatureVerificationError` in case of wrong key, or damaged encryption data. #rhodecode.encrypted_values.strict = false -## Pick algorithm for encryption. Either fernet (more secure) or aes (default) -## fernet is safer, and we strongly recommend switching to it. -## Due to backward compatibility aes is used as default. +; Pick algorithm for encryption. Either fernet (more secure) or aes (default) +; fernet is safer, and we strongly recommend switching to it. +; Due to backward compatibility aes is used as default. #rhodecode.encrypted_values.algorithm = fernet -## return gzipped responses from RhodeCode (static files/application) +; Return gzipped responses from RhodeCode (static files/application) gzip_responses = false -## auto-generate javascript routes file on startup +; Auto-generate javascript routes file on startup generate_js_files = false -## System global default language. -## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh +; System global default language. +; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh lang = en -## Perform a full repository scan and import on each server start. -## Settings this to true could lead to very long startup time. +; Perform a full repository scan and import on each server start. +; Settings this to true could lead to very long startup time. startup.import_repos = false -## Uncomment and set this path to use archive download cache. -## Once enabled, generated archives will be cached at this location -## and served from the cache during subsequent requests for the same archive of -## the repository. +; Uncomment and set this path to use archive download cache. +; Once enabled, generated archives will be cached at this location +; and served from the cache during subsequent requests for the same archive of +; the repository. #archive_cache_dir = /tmp/tarballcache -## URL at which the application is running. This is used for Bootstrapping -## requests in context when no web request is available. Used in ishell, or -## SSH calls. Set this for events to receive proper url for SSH calls. +; URL at which the application is running. This is used for Bootstrapping +; requests in context when no web request is available. Used in ishell, or +; SSH calls. Set this for events to receive proper url for SSH calls. app.base_url = http://rhodecode.local -## Unique application ID. Should be a random unique string for security. +; Unique application ID. Should be a random unique string for security. app_instance_uuid = rc-production -## Cut off limit for large diffs (size in bytes). If overall diff size on -## commit, or pull request exceeds this limit this diff will be displayed -## partially. E.g 512000 == 512Kb +; Cut off limit for large diffs (size in bytes). If overall diff size on +; commit, or pull request exceeds this limit this diff will be displayed +; partially. E.g 512000 == 512Kb cut_off_limit_diff = 512000 -## Cut off limit for large files inside diffs (size in bytes). Each individual -## file inside diff which exceeds this limit will be displayed partially. -## E.g 128000 == 128Kb +; Cut off limit for large files inside diffs (size in bytes). Each individual +; file inside diff which exceeds this limit will be displayed partially. +; E.g 128000 == 128Kb cut_off_limit_file = 128000 -## use cached version of vcs repositories everywhere. Recommended to be `true` +; Use cached version of vcs repositories everywhere. Recommended to be `true` vcs_full_cache = true -## Force https in RhodeCode, fixes https redirects, assumes it's always https. -## Normally this is controlled by proper http flags sent from http server +; Force https in RhodeCode, fixes https redirects, assumes it's always https. +; Normally this is controlled by proper flags sent from http server such as Nginx or Apache force_https = false -## use Strict-Transport-Security headers +; use Strict-Transport-Security headers use_htsts = false -# Set to true if your repos are exposed using the dumb protocol +; Set to true if your repos are exposed using the dumb protocol git_update_server_info = false -## RSS/ATOM feed options +; RSS/ATOM feed options rss_cut_off_limit = 256000 rss_items_per_page = 10 rss_include_diff = false -## gist URL alias, used to create nicer urls for gist. This should be an -## url that does rewrites to _admin/gists/{gistid}. -## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal -## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid} +; gist URL alias, used to create nicer urls for gist. This should be an +; url that does rewrites to _admin/gists/{gistid}. +; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal +; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid} gist_alias_url = -## List of views (using glob pattern syntax) that AUTH TOKENS could be -## used for access. -## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it -## came from the the logged in user who own this authentication token. -## Additionally @TOKEN syntax can be used to bound the view to specific -## authentication token. Such view would be only accessible when used together -## with this authentication token -## -## list of all views can be found under `/_admin/permissions/auth_token_access` -## The list should be "," separated and on a single line. -## -## Most common views to enable: +; List of views (using glob pattern syntax) that AUTH TOKENS could be +; used for access. +; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it +; came from the the logged in user who own this authentication token. +; Additionally @TOKEN syntax can be used to bound the view to specific +; authentication token. Such view would be only accessible when used together +; with this authentication token +; list of all views can be found under `/_admin/permissions/auth_token_access` +; The list should be "," separated and on a single line. +; Most common views to enable: + # RepoCommitsView:repo_commit_download # RepoCommitsView:repo_commit_patch # RepoCommitsView:repo_commit_raw @@ -265,173 +282,193 @@ gist_alias_url = # GistView:* api_access_controllers_whitelist = -## Default encoding used to convert from and to unicode -## can be also a comma separated list of encoding in case of mixed encodings +; Default encoding used to convert from and to unicode +; can be also a comma separated list of encoding in case of mixed encodings default_encoding = UTF-8 -## instance-id prefix -## a prefix key for this instance used for cache invalidation when running -## multiple instances of RhodeCode, make sure it's globally unique for -## all running RhodeCode instances. Leave empty if you don't use it +; instance-id prefix +; a prefix key for this instance used for cache invalidation when running +; multiple instances of RhodeCode, make sure it's globally unique for +; all running RhodeCode instances. Leave empty if you don't use it instance_id = -## Fallback authentication plugin. Set this to a plugin ID to force the usage -## of an authentication plugin also if it is disabled by it's settings. -## This could be useful if you are unable to log in to the system due to broken -## authentication settings. Then you can enable e.g. the internal RhodeCode auth -## module to log in again and fix the settings. -## -## Available builtin plugin IDs (hash is part of the ID): -## egg:rhodecode-enterprise-ce#rhodecode -## egg:rhodecode-enterprise-ce#pam -## egg:rhodecode-enterprise-ce#ldap -## egg:rhodecode-enterprise-ce#jasig_cas -## egg:rhodecode-enterprise-ce#headers -## egg:rhodecode-enterprise-ce#crowd +; Fallback authentication plugin. Set this to a plugin ID to force the usage +; of an authentication plugin also if it is disabled by it's settings. +; This could be useful if you are unable to log in to the system due to broken +; authentication settings. Then you can enable e.g. the internal RhodeCode auth +; module to log in again and fix the settings. +; Available builtin plugin IDs (hash is part of the ID): +; egg:rhodecode-enterprise-ce#rhodecode +; egg:rhodecode-enterprise-ce#pam +; egg:rhodecode-enterprise-ce#ldap +; egg:rhodecode-enterprise-ce#jasig_cas +; egg:rhodecode-enterprise-ce#headers +; egg:rhodecode-enterprise-ce#crowd + #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode -## Flag to control loading of legacy plugins in py:/path format +; Flag to control loading of legacy plugins in py:/path format auth_plugin.import_legacy_plugins = true -## alternative return HTTP header for failed authentication. Default HTTP -## response is 401 HTTPUnauthorized. Currently HG clients have troubles with -## handling that causing a series of failed authentication calls. -## Set this variable to 403 to return HTTPForbidden, or any other HTTP code -## This will be served instead of default 401 on bad authentication +; alternative return HTTP header for failed authentication. Default HTTP +; response is 401 HTTPUnauthorized. Currently HG clients have troubles with +; handling that causing a series of failed authentication calls. +; Set this variable to 403 to return HTTPForbidden, or any other HTTP code +; This will be served instead of default 401 on bad authentication auth_ret_code = -## use special detection method when serving auth_ret_code, instead of serving -## ret_code directly, use 401 initially (Which triggers credentials prompt) -## and then serve auth_ret_code to clients +; use special detection method when serving auth_ret_code, instead of serving +; ret_code directly, use 401 initially (Which triggers credentials prompt) +; and then serve auth_ret_code to clients auth_ret_code_detection = false -## locking return code. When repository is locked return this HTTP code. 2XX -## codes don't break the transactions while 4XX codes do +; locking return code. When repository is locked return this HTTP code. 2XX +; codes don't break the transactions while 4XX codes do lock_ret_code = 423 -## allows to change the repository location in settings page +; allows to change the repository location in settings page allow_repo_location_change = true -## allows to setup custom hooks in settings page +; allows to setup custom hooks in settings page allow_custom_hooks_settings = true -## Generated license token required for EE edition license. -## New generated token value can be found in Admin > settings > license page. +; Generated license token required for EE edition license. +; New generated token value can be found in Admin > settings > license page. license_token = -## This flag would hide sensitive information on the license page +; This flag hides sensitive information on the license page such as token, and license data license.hide_license_info = false -## supervisor connection uri, for managing supervisor and logs. +; supervisor connection uri, for managing supervisor and logs. supervisor.uri = -## supervisord group name/id we only want this RC instance to handle + +; supervisord group name/id we only want this RC instance to handle supervisor.group_id = dev -## Display extended labs settings +; Display extended labs settings labs_settings_active = true -## Custom exception store path, defaults to TMPDIR -## This is used to store exception from RhodeCode in shared directory +; Custom exception store path, defaults to TMPDIR +; This is used to store exception from RhodeCode in shared directory #exception_tracker.store_path = -## File store configuration. This is used to store and serve uploaded files +; File store configuration. This is used to store and serve uploaded files file_store.enabled = true -## Storage backend, available options are: local + +; Storage backend, available options are: local file_store.backend = local -## path to store the uploaded binaries + +; path to store the uploaded binaries file_store.storage_path = %(here)s/data/file_store -#################################### -### CELERY CONFIG #### -#################################### -## run: /path/to/celery worker \ -## -E --beat --app rhodecode.lib.celerylib.loader \ -## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \ -## --loglevel DEBUG --ini /path/to/rhodecode.ini +; ############# +; CELERY CONFIG +; ############# + +; run: /path/to/celery worker \ +; -E --beat --app rhodecode.lib.celerylib.loader \ +; --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \ +; --loglevel DEBUG --ini /path/to/rhodecode.ini use_celery = false -## connection url to the message broker (default redis) +; connection url to the message broker (default redis) celery.broker_url = redis://localhost:6379/8 -## rabbitmq example +; rabbitmq example #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost -## maximum tasks to execute before worker restart +; maximum tasks to execute before worker restart celery.max_tasks_per_child = 100 -## tasks will never be sent to the queue, but executed locally instead. +; tasks will never be sent to the queue, but executed locally instead. celery.task_always_eager = false -##################################### -### DOGPILE CACHE #### -##################################### -## Default cache dir for caches. Putting this into a ramdisk -## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require -## large amount of space +; ############# +; DOGPILE CACHE +; ############# + +; Default cache dir for caches. Putting this into a ramdisk can boost performance. +; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space cache_dir = %(here)s/data -## `cache_perms` cache settings for permission tree, auth TTL. +; ********************************************* +; `sql_cache_short` cache for heavy SQL queries +; Only supported backend is `memory_lru` +; ********************************************* +rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru +rc_cache.sql_cache_short.expiration_time = 30 + + +; ***************************************************** +; `cache_repo_longterm` cache for repo object instances +; Only supported backend is `memory_lru` +; ***************************************************** +rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru +; by default we use 30 Days, cache is still invalidated on push +rc_cache.cache_repo_longterm.expiration_time = 2592000 +; max items in LRU cache, set to smaller number to save memory, and expire last used caches +rc_cache.cache_repo_longterm.max_size = 10000 + + +; ************************************************* +; `cache_perms` cache for permission tree, auth TTL +; ************************************************* rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace rc_cache.cache_perms.expiration_time = 300 -## alternative `cache_perms` redis backend with distributed lock +; alternative `cache_perms` redis backend with distributed lock #rc_cache.cache_perms.backend = dogpile.cache.rc.redis #rc_cache.cache_perms.expiration_time = 300 -## redis_expiration_time needs to be greater then expiration_time + +; redis_expiration_time needs to be greater then expiration_time #rc_cache.cache_perms.arguments.redis_expiration_time = 7200 -#rc_cache.cache_perms.arguments.socket_timeout = 30 + #rc_cache.cache_perms.arguments.host = localhost #rc_cache.cache_perms.arguments.port = 6379 #rc_cache.cache_perms.arguments.db = 0 -## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends +#rc_cache.cache_perms.arguments.socket_timeout = 30 +; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends #rc_cache.cache_perms.arguments.distributed_lock = true -## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS + +; *************************************************** +; `cache_repo` cache for file tree, Readme, RSS FEEDS +; *************************************************** rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace rc_cache.cache_repo.expiration_time = 2592000 -## alternative `cache_repo` redis backend with distributed lock +; alternative `cache_repo` redis backend with distributed lock #rc_cache.cache_repo.backend = dogpile.cache.rc.redis #rc_cache.cache_repo.expiration_time = 2592000 -## redis_expiration_time needs to be greater then expiration_time + +; redis_expiration_time needs to be greater then expiration_time #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400 -#rc_cache.cache_repo.arguments.socket_timeout = 30 + #rc_cache.cache_repo.arguments.host = localhost #rc_cache.cache_repo.arguments.port = 6379 #rc_cache.cache_repo.arguments.db = 1 -## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends +#rc_cache.cache_repo.arguments.socket_timeout = 30 +; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends #rc_cache.cache_repo.arguments.distributed_lock = true -## cache settings for SQL queries, this needs to use memory type backend -rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru -rc_cache.sql_cache_short.expiration_time = 30 -## `cache_repo_longterm` cache for repo object instances, this needs to use memory -## type backend as the objects kept are not pickle serializable -rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru -## by default we use 96H, this is using invalidation on push anyway -rc_cache.cache_repo_longterm.expiration_time = 345600 -## max items in LRU cache, reduce this number to save memory, and expire last used -## cached objects -rc_cache.cache_repo_longterm.max_size = 10000 +; ############## +; BEAKER SESSION +; ############## - -#################################### -### BEAKER SESSION #### -#################################### - -## .session.type is type of storage options for the session, current allowed -## types are file, ext:memcached, ext:redis, ext:database, and memory (default). +; beaker.session.type is type of storage options for the logged users sessions. Current allowed +; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified). +; Fastest ones are Redis and ext:database beaker.session.type = file beaker.session.data_dir = %(here)s/data/sessions -## redis sessions +; Redis based sessions #beaker.session.type = ext:redis #beaker.session.url = redis://127.0.0.1:6379/2 -## db based session, fast, and allows easy management over logged in users +; DB based session, fast, and allows easy management over logged in users #beaker.session.type = ext:database #beaker.session.table_name = db_session #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode @@ -443,266 +480,275 @@ beaker.session.key = rhodecode beaker.session.secret = develop-rc-uytcxaz beaker.session.lock_dir = %(here)s/data/sessions/lock -## Secure encrypted cookie. Requires AES and AES python libraries -## you must disable beaker.session.secret to use this +; Secure encrypted cookie. Requires AES and AES python libraries +; you must disable beaker.session.secret to use this #beaker.session.encrypt_key = key_for_encryption #beaker.session.validate_key = validation_key -## sets session as invalid(also logging out user) if it haven not been -## accessed for given amount of time in seconds +; Sets session as invalid (also logging out user) if it haven not been +; accessed for given amount of time in seconds beaker.session.timeout = 2592000 beaker.session.httponly = true -## Path to use for the cookie. Set to prefix if you use prefix middleware + +; Path to use for the cookie. Set to prefix if you use prefix middleware #beaker.session.cookie_path = /custom_prefix -## uncomment for https secure cookie +; Set https secure cookie beaker.session.secure = false -## auto save the session to not to use .save() -beaker.session.auto = false - -## default cookie expiration time in seconds, set to `true` to set expire -## at browser close +; default cookie expiration time in seconds, set to `true` to set expire +; at browser close #beaker.session.cookie_expires = 3600 -################################### -## SEARCH INDEXING CONFIGURATION ## -################################### -## Full text search indexer is available in rhodecode-tools under -## `rhodecode-tools index` command +; ############################# +; SEARCH INDEXING CONFIGURATION +; ############################# -## WHOOSH Backend, doesn't require additional services to run -## it works good with few dozen repos +; Full text search indexer is available in rhodecode-tools under +; `rhodecode-tools index` command + +; WHOOSH Backend, doesn't require additional services to run +; it works good with few dozen repos search.module = rhodecode.lib.index.whoosh search.location = %(here)s/data/index -######################################## -### CHANNELSTREAM CONFIG #### -######################################## -## channelstream enables persistent connections and live notification -## in the system. It's also used by the chat system +; #################### +; CHANNELSTREAM CONFIG +; #################### + +; channelstream enables persistent connections and live notification +; in the system. It's also used by the chat system channelstream.enabled = false -## server address for channelstream server on the backend +; server address for channelstream server on the backend channelstream.server = 127.0.0.1:9800 -## location of the channelstream server from outside world -## use ws:// for http or wss:// for https. This address needs to be handled -## by external HTTP server such as Nginx or Apache -## see Nginx/Apache configuration examples in our docs +; location of the channelstream server from outside world +; use ws:// for http or wss:// for https. This address needs to be handled +; by external HTTP server such as Nginx or Apache +; see Nginx/Apache configuration examples in our docs channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream channelstream.secret = secret channelstream.history.location = %(here)s/channelstream_history -## Internal application path that Javascript uses to connect into. -## If you use proxy-prefix the prefix should be added before /_channelstream +; Internal application path that Javascript uses to connect into. +; If you use proxy-prefix the prefix should be added before /_channelstream channelstream.proxy_path = /_channelstream -################################### -## APPENLIGHT CONFIG ## -################################### +; ############################## +; MAIN RHODECODE DATABASE CONFIG +; ############################## + +#sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30 +#sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode +#sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8 +; pymysql is an alternative driver for MySQL, use in case of problems with default one +#sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode + +sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30 + +; see sqlalchemy docs for other advanced settings +; print the sql statements to output +sqlalchemy.db1.echo = false + +; recycle the connections after this amount of seconds +sqlalchemy.db1.pool_recycle = 3600 +sqlalchemy.db1.convert_unicode = true + +; the number of connections to keep open inside the connection pool. +; 0 indicates no limit +#sqlalchemy.db1.pool_size = 5 + +; The number of connections to allow in connection pool "overflow", that is +; connections that can be opened above and beyond the pool_size setting, +; which defaults to five. +#sqlalchemy.db1.max_overflow = 10 + +; Connection check ping, used to detect broken database connections +; could be enabled to better handle cases if MySQL has gone away errors +#sqlalchemy.db1.ping_connection = true + +; ########## +; VCS CONFIG +; ########## +vcs.server.enable = true +vcs.server = localhost:9900 + +; Web server connectivity protocol, responsible for web based VCS operations +; Available protocols are: +; `http` - use http-rpc backend (default) +vcs.server.protocol = http + +; Push/Pull operations protocol, available options are: +; `http` - use http-rpc backend (default) +vcs.scm_app_implementation = http + +; Push/Pull operations hooks protocol, available options are: +; `http` - use http-rpc backend (default) +vcs.hooks.protocol = http + +; Host on which this instance is listening for hooks. If vcsserver is in other location +; this should be adjusted. +vcs.hooks.host = 127.0.0.1 + +; Start VCSServer with this instance as a subprocess, useful for development +vcs.start_server = false + +; List of enabled VCS backends, available options are: +; `hg` - mercurial +; `git` - git +; `svn` - subversion +vcs.backends = hg, git, svn + +; Wait this number of seconds before killing connection to the vcsserver +vcs.connection_timeout = 3600 + +; Compatibility version when creating SVN repositories. Defaults to newest version when commented out. +; Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible +#vcs.svn.compatible_version = pre-1.8-compatible + -## Appenlight is tailored to work with RhodeCode, see -## http://appenlight.com for details how to obtain an account +; #################################################### +; Subversion proxy support (mod_dav_svn) +; Maps RhodeCode repo groups into SVN paths for Apache +; #################################################### + +; Enable or disable the config file generation. +svn.proxy.generate_config = false + +; Generate config file with `SVNListParentPath` set to `On`. +svn.proxy.list_parent_path = true + +; Set location and file name of generated config file. +svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf + +; alternative mod_dav config template. This needs to be a valid mako template +; Example template can be found in the source code: +; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako +#svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako + +; Used as a prefix to the `Location` block in the generated config file. +; In most cases it should be set to `/`. +svn.proxy.location_root = / + +; Command to reload the mod dav svn configuration on change. +; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh +; Make sure user who runs RhodeCode process is allowed to reload Apache +#svn.proxy.reload_cmd = /etc/init.d/apache2 reload + +; If the timeout expires before the reload command finishes, the command will +; be killed. Setting it to zero means no timeout. Defaults to 10 seconds. +#svn.proxy.reload_timeout = 10 + +; #################### +; SSH Support Settings +; #################### -## Appenlight integration enabled +; Defines if a custom authorized_keys file should be created and written on +; any change user ssh keys. Setting this to false also disables possibility +; of adding SSH keys by users from web interface. Super admins can still +; manage SSH Keys. +ssh.generate_authorized_keyfile = false + +; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding` +# ssh.authorized_keys_ssh_opts = + +; Path to the authorized_keys file where the generate entries are placed. +; It is possible to have multiple key files specified in `sshd_config` e.g. +; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode +ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode + +; Command to execute the SSH wrapper. The binary is available in the +; RhodeCode installation directory. +; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper +ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper + +; Allow shell when executing the ssh-wrapper command +ssh.wrapper_cmd_allow_shell = false + +; Enables logging, and detailed output send back to the client during SSH +; operations. Useful for debugging, shouldn't be used in production. +ssh.enable_debug_logging = true + +; Paths to binary executable, by default they are the names, but we can +; override them if we want to use a custom one +ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg +ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git +ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve + +; Enables SSH key generator web interface. Disabling this still allows users +; to add their own keys. +ssh.enable_ui_key_generator = true + + +; ################# +; APPENLIGHT CONFIG +; ################# + +; Appenlight is tailored to work with RhodeCode, see +; http://appenlight.rhodecode.com for details how to obtain an account + +; Appenlight integration enabled appenlight = false appenlight.server_url = https://api.appenlight.com appenlight.api_key = YOUR_API_KEY #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5 -## used for JS client +; used for JS client appenlight.api_public_key = YOUR_API_PUBLIC_KEY -## TWEAK AMOUNT OF INFO SENT HERE +; TWEAK AMOUNT OF INFO SENT HERE -## enables 404 error logging (default False) +; enables 404 error logging (default False) appenlight.report_404 = false -## time in seconds after request is considered being slow (default 1) +; time in seconds after request is considered being slow (default 1) appenlight.slow_request_time = 1 -## record slow requests in application -## (needs to be enabled for slow datastore recording and time tracking) +; record slow requests in application +; (needs to be enabled for slow datastore recording and time tracking) appenlight.slow_requests = true -## enable hooking to application loggers +; enable hooking to application loggers appenlight.logging = true -## minimum log level for log capture +; minimum log level for log capture appenlight.logging.level = WARNING -## send logs only from erroneous/slow requests -## (saves API quota for intensive logging) +; send logs only from erroneous/slow requests +; (saves API quota for intensive logging) appenlight.logging_on_error = false -## list of additional keywords that should be grabbed from environ object -## can be string with comma separated list of words in lowercase -## (by default client will always send following info: -## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that -## start with HTTP* this list be extended with additional keywords here +; list of additional keywords that should be grabbed from environ object +; can be string with comma separated list of words in lowercase +; (by default client will always send following info: +; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that +; start with HTTP* this list be extended with additional keywords here appenlight.environ_keys_whitelist = -## list of keywords that should be blanked from request object -## can be string with comma separated list of words in lowercase -## (by default client will always blank keys that contain following words -## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf' -## this list be extended with additional keywords set here +; list of keywords that should be blanked from request object +; can be string with comma separated list of words in lowercase +; (by default client will always blank keys that contain following words +; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf' +; this list be extended with additional keywords set here appenlight.request_keys_blacklist = -## list of namespaces that should be ignores when gathering log entries -## can be string with comma separated list of namespaces -## (by default the client ignores own entries: appenlight_client.client) +; list of namespaces that should be ignores when gathering log entries +; can be string with comma separated list of namespaces +; (by default the client ignores own entries: appenlight_client.client) appenlight.log_namespace_blacklist = -# enable debug style page -debug_style = true - -########################################### -### MAIN RHODECODE DATABASE CONFIG ### -########################################### -#sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30 -#sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode -#sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8 -# pymysql is an alternative driver for MySQL, use in case of problems with default one -#sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode - -sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30 - -# see sqlalchemy docs for other advanced settings - -## print the sql statements to output -sqlalchemy.db1.echo = false -## recycle the connections after this amount of seconds -sqlalchemy.db1.pool_recycle = 3600 - -## the number of connections to keep open inside the connection pool. -## 0 indicates no limit -#sqlalchemy.db1.pool_size = 5 - -## the number of connections to allow in connection pool "overflow", that is -## connections that can be opened above and beyond the pool_size setting, -## which defaults to five. -#sqlalchemy.db1.max_overflow = 10 - -## Connection check ping, used to detect broken database connections -## could be enabled to better handle cases if MySQL has gone away errors -#sqlalchemy.db1.ping_connection = true - -################## -### VCS CONFIG ### -################## -vcs.server.enable = true -vcs.server = localhost:9900 - -## Web server connectivity protocol, responsible for web based VCS operations -## Available protocols are: -## `http` - use http-rpc backend (default) -vcs.server.protocol = http - -## Push/Pull operations protocol, available options are: -## `http` - use http-rpc backend (default) -vcs.scm_app_implementation = http - -## Push/Pull operations hooks protocol, available options are: -## `http` - use http-rpc backend (default) -vcs.hooks.protocol = http - -## Host on which this instance is listening for hooks. If vcsserver is in other location -## this should be adjusted. -vcs.hooks.host = 127.0.0.1 - -vcs.server.log_level = debug -## Start VCSServer with this instance as a subprocess, useful for development -vcs.start_server = false - -## List of enabled VCS backends, available options are: -## `hg` - mercurial -## `git` - git -## `svn` - subversion -vcs.backends = hg, git, svn - -vcs.connection_timeout = 3600 -## Compatibility version when creating SVN repositories. Defaults to newest version when commented out. -## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible -#vcs.svn.compatible_version = pre-1.8-compatible - - -############################################################ -### Subversion proxy support (mod_dav_svn) ### -### Maps RhodeCode repo groups into SVN paths for Apache ### -############################################################ -## Enable or disable the config file generation. -svn.proxy.generate_config = false -## Generate config file with `SVNListParentPath` set to `On`. -svn.proxy.list_parent_path = true -## Set location and file name of generated config file. -svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf -## alternative mod_dav config template. This needs to be a mako template -#svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako -## Used as a prefix to the `Location` block in the generated config file. -## In most cases it should be set to `/`. -svn.proxy.location_root = / -## Command to reload the mod dav svn configuration on change. -## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh -## Make sure user who runs RhodeCode process is allowed to reload Apache -#svn.proxy.reload_cmd = /etc/init.d/apache2 reload -## If the timeout expires before the reload command finishes, the command will -## be killed. Setting it to zero means no timeout. Defaults to 10 seconds. -#svn.proxy.reload_timeout = 10 - -############################################################ -### SSH Support Settings ### -############################################################ - -## Defines if a custom authorized_keys file should be created and written on -## any change user ssh keys. Setting this to false also disables possibility -## of adding SSH keys by users from web interface. Super admins can still -## manage SSH Keys. -ssh.generate_authorized_keyfile = false - -## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding` -# ssh.authorized_keys_ssh_opts = - -## Path to the authorized_keys file where the generate entries are placed. -## It is possible to have multiple key files specified in `sshd_config` e.g. -## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode -ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode - -## Command to execute the SSH wrapper. The binary is available in the -## RhodeCode installation directory. -## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper -ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper - -## Allow shell when executing the ssh-wrapper command -ssh.wrapper_cmd_allow_shell = false - -## Enables logging, and detailed output send back to the client during SSH -## operations. Useful for debugging, shouldn't be used in production. -ssh.enable_debug_logging = true - -## Paths to binary executable, by default they are the names, but we can -## override them if we want to use a custom one -ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg -ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git -ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve - -## Enables SSH key generator web interface. Disabling this still allows users -## to add their own keys. -ssh.enable_ui_key_generator = true - - -## Dummy marker to add new entries after. -## Add any custom entries below. Please don't remove. +; Dummy marker to add new entries after. +; Add any custom entries below. Please don't remove this marker. custom.conf = 1 -################################ -### LOGGING CONFIGURATION #### -################################ +; ##################### +; LOGGING CONFIGURATION +; ##################### [loggers] keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper @@ -712,9 +758,9 @@ keys = console, console_sql [formatters] keys = generic, color_formatter, color_formatter_sql -############# -## LOGGERS ## -############# +; ####### +; LOGGERS +; ####### [logger_root] level = NOTSET handlers = console @@ -749,9 +795,9 @@ handlers = qualname = celery -############## -## HANDLERS ## -############## +; ######## +; HANDLERS +; ######## [handler_console] class = StreamHandler @@ -760,17 +806,17 @@ level = DEBUG formatter = color_formatter [handler_console_sql] -# "level = DEBUG" logs SQL queries and results. -# "level = INFO" logs SQL queries. -# "level = WARN" logs neither. (Recommended for production systems.) +; "level = DEBUG" logs SQL queries and results. +; "level = INFO" logs SQL queries. +; "level = WARN" logs neither. (Recommended for production systems.) class = StreamHandler args = (sys.stderr, ) level = WARN formatter = color_formatter_sql -################ -## FORMATTERS ## -################ +; ########## +; FORMATTERS +; ########## [formatter_generic] class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter diff --git a/configs/production.ini b/configs/production.ini --- a/configs/production.ini +++ b/configs/production.ini @@ -1,24 +1,22 @@ - +## -*- coding: utf-8 -*- -################################################################################ -## RHODECODE COMMUNITY EDITION CONFIGURATION ## -################################################################################ +; ######################################### +; RHODECODE COMMUNITY EDITION CONFIGURATION +; ######################################### [DEFAULT] -## Debug flag sets all loggers to debug, and enables request tracking +; Debug flag sets all loggers to debug, and enables request tracking debug = false -################################################################################ -## EMAIL CONFIGURATION ## -## Uncomment and replace with the email address which should receive ## -## any error reports after an application crash ## -## Additionally these settings will be used by the RhodeCode mailing system ## -################################################################################ +; ######################################################################## +; EMAIL CONFIGURATION +; These settings will be used by the RhodeCode mailing system +; ######################################################################## -## prefix all emails subjects with given prefix, helps filtering out emails +; prefix all emails subjects with given prefix, helps filtering out emails #email_prefix = [RhodeCode] -## email FROM address all mails will be sent +; email FROM address all mails will be sent #app_email_from = rhodecode-noreply@localhost #smtp_server = mail.server.com @@ -29,207 +27,200 @@ debug = false #smtp_use_ssl = true [server:main] -## COMMON ## +; COMMON HOST/IP CONFIG host = 127.0.0.1 port = 5000 -########################################################### -## WAITRESS WSGI SERVER - Recommended for Development #### -########################################################### -#use = egg:waitress#main -## number of worker threads -#threads = 5 -## MAX BODY SIZE 100GB -#max_request_body_size = 107374182400 -## Use poll instead of select, fixes file descriptors limits problems. -## May not work on old windows systems. -#asyncore_use_poll = true +; ########################### +; GUNICORN APPLICATION SERVER +; ########################### +; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini -########################## -## GUNICORN WSGI SERVER ## -########################## -## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini - +; Module to use, this setting shouldn't be changed use = egg:gunicorn#main -## Sets the number of process workers. More workers means more concurrent connections -## RhodeCode can handle at the same time. Each additional worker also it increases -## memory usage as each has it's own set of caches. -## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more -## than 8-10 unless for really big deployments .e.g 700-1000 users. -## `instance_id = *` must be set in the [app:main] section below (which is the default) -## when using more than 1 worker. + +; Sets the number of process workers. More workers means more concurrent connections +; RhodeCode can handle at the same time. Each additional worker also it increases +; memory usage as each has it's own set of caches. +; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more +; than 8-10 unless for really big deployments .e.g 700-1000 users. +; `instance_id = *` must be set in the [app:main] section below (which is the default) +; when using more than 1 worker. workers = 2 -## Gunicorn access log level +; Gunicorn access log level loglevel = info -## process name visible in process list +; Process name visible in process list proc_name = rhodecode -## type of worker class, one of sync, gevent -## recommended for bigger setup is using of of other than sync one +; Type of worker class, one of `sync`, `gevent` +; Recommended type is `gevent` worker_class = gevent -## The maximum number of simultaneous clients. Valid only for Gevent +; The maximum number of simultaneous clients per worker. Valid only for gevent worker_connections = 10 -## max number of requests that worker will handle before being gracefully -## restarted, could prevent memory leaks +; Max number of requests that worker will handle before being gracefully restarted. +; Prevents memory leaks, jitter adds variability so not all workers are restarted at once. max_requests = 1000 max_requests_jitter = 30 -## amount of time a worker can spend with handling a request before it -## gets killed and restarted. Set to 6hrs +; Amount of time a worker can spend with handling a request before it +; gets killed and restarted. By default set to 21600 (6hrs) +; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h) timeout = 21600 -## The maximum size of HTTP request line in bytes. -## 0 for unlimited +; The maximum size of HTTP request line in bytes. +; 0 for unlimited limit_request_line = 0 -## Limit the number of HTTP headers fields in a request. -## By default this value is 100 and can't be larger than 32768. +; Limit the number of HTTP headers fields in a request. +; By default this value is 100 and can't be larger than 32768. limit_request_fields = 32768 -## Limit the allowed size of an HTTP request header field. -## Value is a positive number or 0. -## Setting it to 0 will allow unlimited header field sizes. +; Limit the allowed size of an HTTP request header field. +; Value is a positive number or 0. +; Setting it to 0 will allow unlimited header field sizes. limit_request_field_size = 0 -## Timeout for graceful workers restart. -## After receiving a restart signal, workers have this much time to finish -## serving requests. Workers still alive after the timeout (starting from the -## receipt of the restart signal) are force killed. +; Timeout for graceful workers restart. +; After receiving a restart signal, workers have this much time to finish +; serving requests. Workers still alive after the timeout (starting from the +; receipt of the restart signal) are force killed. +; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h) graceful_timeout = 3600 # The number of seconds to wait for requests on a Keep-Alive connection. # Generally set in the 1-5 seconds range. keepalive = 2 -## Maximum memory usage that each worker can use before it will receive a -## graceful restart signal, e.g 10MB = 10485760 (10 * 1024 * 1024) -# 0 = memory monitoring is disabled +; Maximum memory usage that each worker can use before it will receive a +; graceful restart signal 0 = memory monitoring is disabled +; Examples: 268435456 (256MB), 536870912 (512MB) +; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB) memory_max_usage = 0 -## How often in seconds to check for memory usage for each gunicorn worker +; How often in seconds to check for memory usage for each gunicorn worker memory_usage_check_interval = 60 -## Threshold value for which we don't recycle worker if GarbageCollection -## frees up enough resources. Before each restart we try to run GC on worker -## in case we get enough free memory after that, restart will not happen. +; Threshold value for which we don't recycle worker if GarbageCollection +; frees up enough resources. Before each restart we try to run GC on worker +; in case we get enough free memory after that, restart will not happen. memory_usage_recovery_threshold = 0.8 -## prefix middleware for RhodeCode. -## recommended when using proxy setup. -## allows to set RhodeCode under a prefix in server. -## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well. -## And set your prefix like: `prefix = /custom_prefix` -## be sure to also set beaker.session.cookie_path = /custom_prefix if you need -## to make your cookies only work on prefix url + +; Prefix middleware for RhodeCode. +; recommended when using proxy setup. +; allows to set RhodeCode under a prefix in server. +; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well. +; And set your prefix like: `prefix = /custom_prefix` +; be sure to also set beaker.session.cookie_path = /custom_prefix if you need +; to make your cookies only work on prefix url [filter:proxy-prefix] use = egg:PasteDeploy#prefix prefix = / [app:main] -## The %(here)s variable will be replaced with the absolute path of parent directory -## of this file -## In addition ENVIRONMENT variables usage is possible, e.g -## sqlalchemy.db1.url = {ENV_RC_DB_URL} +; The %(here)s variable will be replaced with the absolute path of parent directory +; of this file +; In addition ENVIRONMENT variables usage is possible, e.g +; sqlalchemy.db1.url = {ENV_RC_DB_URL} use = egg:rhodecode-enterprise-ce -## enable proxy prefix middleware, defined above +; enable proxy prefix middleware, defined above #filter-with = proxy-prefix -## encryption key used to encrypt social plugin tokens, -## remote_urls with credentials etc, if not set it defaults to -## `beaker.session.secret` +; encryption key used to encrypt social plugin tokens, +; remote_urls with credentials etc, if not set it defaults to +; `beaker.session.secret` #rhodecode.encrypted_values.secret = -## decryption strict mode (enabled by default). It controls if decryption raises -## `SignatureVerificationError` in case of wrong key, or damaged encryption data. +; decryption strict mode (enabled by default). It controls if decryption raises +; `SignatureVerificationError` in case of wrong key, or damaged encryption data. #rhodecode.encrypted_values.strict = false -## Pick algorithm for encryption. Either fernet (more secure) or aes (default) -## fernet is safer, and we strongly recommend switching to it. -## Due to backward compatibility aes is used as default. +; Pick algorithm for encryption. Either fernet (more secure) or aes (default) +; fernet is safer, and we strongly recommend switching to it. +; Due to backward compatibility aes is used as default. #rhodecode.encrypted_values.algorithm = fernet -## return gzipped responses from RhodeCode (static files/application) +; Return gzipped responses from RhodeCode (static files/application) gzip_responses = false -## auto-generate javascript routes file on startup +; Auto-generate javascript routes file on startup generate_js_files = false -## System global default language. -## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh +; System global default language. +; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh lang = en -## Perform a full repository scan and import on each server start. -## Settings this to true could lead to very long startup time. +; Perform a full repository scan and import on each server start. +; Settings this to true could lead to very long startup time. startup.import_repos = false -## Uncomment and set this path to use archive download cache. -## Once enabled, generated archives will be cached at this location -## and served from the cache during subsequent requests for the same archive of -## the repository. +; Uncomment and set this path to use archive download cache. +; Once enabled, generated archives will be cached at this location +; and served from the cache during subsequent requests for the same archive of +; the repository. #archive_cache_dir = /tmp/tarballcache -## URL at which the application is running. This is used for Bootstrapping -## requests in context when no web request is available. Used in ishell, or -## SSH calls. Set this for events to receive proper url for SSH calls. +; URL at which the application is running. This is used for Bootstrapping +; requests in context when no web request is available. Used in ishell, or +; SSH calls. Set this for events to receive proper url for SSH calls. app.base_url = http://rhodecode.local -## Unique application ID. Should be a random unique string for security. +; Unique application ID. Should be a random unique string for security. app_instance_uuid = rc-production -## Cut off limit for large diffs (size in bytes). If overall diff size on -## commit, or pull request exceeds this limit this diff will be displayed -## partially. E.g 512000 == 512Kb +; Cut off limit for large diffs (size in bytes). If overall diff size on +; commit, or pull request exceeds this limit this diff will be displayed +; partially. E.g 512000 == 512Kb cut_off_limit_diff = 512000 -## Cut off limit for large files inside diffs (size in bytes). Each individual -## file inside diff which exceeds this limit will be displayed partially. -## E.g 128000 == 128Kb +; Cut off limit for large files inside diffs (size in bytes). Each individual +; file inside diff which exceeds this limit will be displayed partially. +; E.g 128000 == 128Kb cut_off_limit_file = 128000 -## use cached version of vcs repositories everywhere. Recommended to be `true` +; Use cached version of vcs repositories everywhere. Recommended to be `true` vcs_full_cache = true -## Force https in RhodeCode, fixes https redirects, assumes it's always https. -## Normally this is controlled by proper http flags sent from http server +; Force https in RhodeCode, fixes https redirects, assumes it's always https. +; Normally this is controlled by proper flags sent from http server such as Nginx or Apache force_https = false -## use Strict-Transport-Security headers +; use Strict-Transport-Security headers use_htsts = false -# Set to true if your repos are exposed using the dumb protocol +; Set to true if your repos are exposed using the dumb protocol git_update_server_info = false -## RSS/ATOM feed options +; RSS/ATOM feed options rss_cut_off_limit = 256000 rss_items_per_page = 10 rss_include_diff = false -## gist URL alias, used to create nicer urls for gist. This should be an -## url that does rewrites to _admin/gists/{gistid}. -## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal -## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid} +; gist URL alias, used to create nicer urls for gist. This should be an +; url that does rewrites to _admin/gists/{gistid}. +; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal +; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid} gist_alias_url = -## List of views (using glob pattern syntax) that AUTH TOKENS could be -## used for access. -## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it -## came from the the logged in user who own this authentication token. -## Additionally @TOKEN syntax can be used to bound the view to specific -## authentication token. Such view would be only accessible when used together -## with this authentication token -## -## list of all views can be found under `/_admin/permissions/auth_token_access` -## The list should be "," separated and on a single line. -## -## Most common views to enable: +; List of views (using glob pattern syntax) that AUTH TOKENS could be +; used for access. +; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it +; came from the the logged in user who own this authentication token. +; Additionally @TOKEN syntax can be used to bound the view to specific +; authentication token. Such view would be only accessible when used together +; with this authentication token +; list of all views can be found under `/_admin/permissions/auth_token_access` +; The list should be "," separated and on a single line. +; Most common views to enable: + # RepoCommitsView:repo_commit_download # RepoCommitsView:repo_commit_patch # RepoCommitsView:repo_commit_raw @@ -240,173 +231,190 @@ gist_alias_url = # GistView:* api_access_controllers_whitelist = -## Default encoding used to convert from and to unicode -## can be also a comma separated list of encoding in case of mixed encodings +; Default encoding used to convert from and to unicode +; can be also a comma separated list of encoding in case of mixed encodings default_encoding = UTF-8 -## instance-id prefix -## a prefix key for this instance used for cache invalidation when running -## multiple instances of RhodeCode, make sure it's globally unique for -## all running RhodeCode instances. Leave empty if you don't use it +; instance-id prefix +; a prefix key for this instance used for cache invalidation when running +; multiple instances of RhodeCode, make sure it's globally unique for +; all running RhodeCode instances. Leave empty if you don't use it instance_id = -## Fallback authentication plugin. Set this to a plugin ID to force the usage -## of an authentication plugin also if it is disabled by it's settings. -## This could be useful if you are unable to log in to the system due to broken -## authentication settings. Then you can enable e.g. the internal RhodeCode auth -## module to log in again and fix the settings. -## -## Available builtin plugin IDs (hash is part of the ID): -## egg:rhodecode-enterprise-ce#rhodecode -## egg:rhodecode-enterprise-ce#pam -## egg:rhodecode-enterprise-ce#ldap -## egg:rhodecode-enterprise-ce#jasig_cas -## egg:rhodecode-enterprise-ce#headers -## egg:rhodecode-enterprise-ce#crowd +; Fallback authentication plugin. Set this to a plugin ID to force the usage +; of an authentication plugin also if it is disabled by it's settings. +; This could be useful if you are unable to log in to the system due to broken +; authentication settings. Then you can enable e.g. the internal RhodeCode auth +; module to log in again and fix the settings. +; Available builtin plugin IDs (hash is part of the ID): +; egg:rhodecode-enterprise-ce#rhodecode +; egg:rhodecode-enterprise-ce#pam +; egg:rhodecode-enterprise-ce#ldap +; egg:rhodecode-enterprise-ce#jasig_cas +; egg:rhodecode-enterprise-ce#headers +; egg:rhodecode-enterprise-ce#crowd + #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode -## Flag to control loading of legacy plugins in py:/path format +; Flag to control loading of legacy plugins in py:/path format auth_plugin.import_legacy_plugins = true -## alternative return HTTP header for failed authentication. Default HTTP -## response is 401 HTTPUnauthorized. Currently HG clients have troubles with -## handling that causing a series of failed authentication calls. -## Set this variable to 403 to return HTTPForbidden, or any other HTTP code -## This will be served instead of default 401 on bad authentication +; alternative return HTTP header for failed authentication. Default HTTP +; response is 401 HTTPUnauthorized. Currently HG clients have troubles with +; handling that causing a series of failed authentication calls. +; Set this variable to 403 to return HTTPForbidden, or any other HTTP code +; This will be served instead of default 401 on bad authentication auth_ret_code = -## use special detection method when serving auth_ret_code, instead of serving -## ret_code directly, use 401 initially (Which triggers credentials prompt) -## and then serve auth_ret_code to clients +; use special detection method when serving auth_ret_code, instead of serving +; ret_code directly, use 401 initially (Which triggers credentials prompt) +; and then serve auth_ret_code to clients auth_ret_code_detection = false -## locking return code. When repository is locked return this HTTP code. 2XX -## codes don't break the transactions while 4XX codes do +; locking return code. When repository is locked return this HTTP code. 2XX +; codes don't break the transactions while 4XX codes do lock_ret_code = 423 -## allows to change the repository location in settings page +; allows to change the repository location in settings page allow_repo_location_change = true -## allows to setup custom hooks in settings page +; allows to setup custom hooks in settings page allow_custom_hooks_settings = true -## Generated license token required for EE edition license. -## New generated token value can be found in Admin > settings > license page. +; Generated license token required for EE edition license. +; New generated token value can be found in Admin > settings > license page. license_token = -## This flag would hide sensitive information on the license page +; This flag hides sensitive information on the license page such as token, and license data license.hide_license_info = false -## supervisor connection uri, for managing supervisor and logs. +; supervisor connection uri, for managing supervisor and logs. supervisor.uri = -## supervisord group name/id we only want this RC instance to handle + +; supervisord group name/id we only want this RC instance to handle supervisor.group_id = prod -## Display extended labs settings +; Display extended labs settings labs_settings_active = true -## Custom exception store path, defaults to TMPDIR -## This is used to store exception from RhodeCode in shared directory +; Custom exception store path, defaults to TMPDIR +; This is used to store exception from RhodeCode in shared directory #exception_tracker.store_path = -## File store configuration. This is used to store and serve uploaded files +; File store configuration. This is used to store and serve uploaded files file_store.enabled = true -## Storage backend, available options are: local + +; Storage backend, available options are: local file_store.backend = local -## path to store the uploaded binaries + +; path to store the uploaded binaries file_store.storage_path = %(here)s/data/file_store -#################################### -### CELERY CONFIG #### -#################################### -## run: /path/to/celery worker \ -## -E --beat --app rhodecode.lib.celerylib.loader \ -## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \ -## --loglevel DEBUG --ini /path/to/rhodecode.ini +; ############# +; CELERY CONFIG +; ############# + +; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini use_celery = false -## connection url to the message broker (default redis) +; connection url to the message broker (default redis) celery.broker_url = redis://localhost:6379/8 -## rabbitmq example +; rabbitmq example #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost -## maximum tasks to execute before worker restart +; maximum tasks to execute before worker restart celery.max_tasks_per_child = 100 -## tasks will never be sent to the queue, but executed locally instead. +; tasks will never be sent to the queue, but executed locally instead. celery.task_always_eager = false -##################################### -### DOGPILE CACHE #### -##################################### -## Default cache dir for caches. Putting this into a ramdisk -## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require -## large amount of space +; ############# +; DOGPILE CACHE +; ############# + +; Default cache dir for caches. Putting this into a ramdisk can boost performance. +; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space cache_dir = %(here)s/data -## `cache_perms` cache settings for permission tree, auth TTL. +; ********************************************* +; `sql_cache_short` cache for heavy SQL queries +; Only supported backend is `memory_lru` +; ********************************************* +rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru +rc_cache.sql_cache_short.expiration_time = 30 + + +; ***************************************************** +; `cache_repo_longterm` cache for repo object instances +; Only supported backend is `memory_lru` +; ***************************************************** +rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru +; by default we use 30 Days, cache is still invalidated on push +rc_cache.cache_repo_longterm.expiration_time = 2592000 +; max items in LRU cache, set to smaller number to save memory, and expire last used caches +rc_cache.cache_repo_longterm.max_size = 10000 + + +; ************************************************* +; `cache_perms` cache for permission tree, auth TTL +; ************************************************* rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace rc_cache.cache_perms.expiration_time = 300 -## alternative `cache_perms` redis backend with distributed lock +; alternative `cache_perms` redis backend with distributed lock #rc_cache.cache_perms.backend = dogpile.cache.rc.redis #rc_cache.cache_perms.expiration_time = 300 -## redis_expiration_time needs to be greater then expiration_time + +; redis_expiration_time needs to be greater then expiration_time #rc_cache.cache_perms.arguments.redis_expiration_time = 7200 -#rc_cache.cache_perms.arguments.socket_timeout = 30 + #rc_cache.cache_perms.arguments.host = localhost #rc_cache.cache_perms.arguments.port = 6379 #rc_cache.cache_perms.arguments.db = 0 -## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends +#rc_cache.cache_perms.arguments.socket_timeout = 30 +; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends #rc_cache.cache_perms.arguments.distributed_lock = true -## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS + +; *************************************************** +; `cache_repo` cache for file tree, Readme, RSS FEEDS +; *************************************************** rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace rc_cache.cache_repo.expiration_time = 2592000 -## alternative `cache_repo` redis backend with distributed lock +; alternative `cache_repo` redis backend with distributed lock #rc_cache.cache_repo.backend = dogpile.cache.rc.redis #rc_cache.cache_repo.expiration_time = 2592000 -## redis_expiration_time needs to be greater then expiration_time + +; redis_expiration_time needs to be greater then expiration_time #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400 -#rc_cache.cache_repo.arguments.socket_timeout = 30 + #rc_cache.cache_repo.arguments.host = localhost #rc_cache.cache_repo.arguments.port = 6379 #rc_cache.cache_repo.arguments.db = 1 -## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends +#rc_cache.cache_repo.arguments.socket_timeout = 30 +; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends #rc_cache.cache_repo.arguments.distributed_lock = true -## cache settings for SQL queries, this needs to use memory type backend -rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru -rc_cache.sql_cache_short.expiration_time = 30 -## `cache_repo_longterm` cache for repo object instances, this needs to use memory -## type backend as the objects kept are not pickle serializable -rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru -## by default we use 96H, this is using invalidation on push anyway -rc_cache.cache_repo_longterm.expiration_time = 345600 -## max items in LRU cache, reduce this number to save memory, and expire last used -## cached objects -rc_cache.cache_repo_longterm.max_size = 10000 +; ############## +; BEAKER SESSION +; ############## - -#################################### -### BEAKER SESSION #### -#################################### - -## .session.type is type of storage options for the session, current allowed -## types are file, ext:memcached, ext:redis, ext:database, and memory (default). +; beaker.session.type is type of storage options for the logged users sessions. Current allowed +; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified). +; Fastest ones are Redis and ext:database beaker.session.type = file beaker.session.data_dir = %(here)s/data/sessions -## redis sessions +; Redis based sessions #beaker.session.type = ext:redis #beaker.session.url = redis://127.0.0.1:6379/2 -## db based session, fast, and allows easy management over logged in users +; DB based session, fast, and allows easy management over logged in users #beaker.session.type = ext:database #beaker.session.table_name = db_session #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode @@ -418,268 +426,275 @@ beaker.session.key = rhodecode beaker.session.secret = production-rc-uytcxaz beaker.session.lock_dir = %(here)s/data/sessions/lock -## Secure encrypted cookie. Requires AES and AES python libraries -## you must disable beaker.session.secret to use this +; Secure encrypted cookie. Requires AES and AES python libraries +; you must disable beaker.session.secret to use this #beaker.session.encrypt_key = key_for_encryption #beaker.session.validate_key = validation_key -## sets session as invalid(also logging out user) if it haven not been -## accessed for given amount of time in seconds +; Sets session as invalid (also logging out user) if it haven not been +; accessed for given amount of time in seconds beaker.session.timeout = 2592000 beaker.session.httponly = true -## Path to use for the cookie. Set to prefix if you use prefix middleware + +; Path to use for the cookie. Set to prefix if you use prefix middleware #beaker.session.cookie_path = /custom_prefix -## uncomment for https secure cookie +; Set https secure cookie beaker.session.secure = false -## auto save the session to not to use .save() -beaker.session.auto = false - -## default cookie expiration time in seconds, set to `true` to set expire -## at browser close +; default cookie expiration time in seconds, set to `true` to set expire +; at browser close #beaker.session.cookie_expires = 3600 -################################### -## SEARCH INDEXING CONFIGURATION ## -################################### -## Full text search indexer is available in rhodecode-tools under -## `rhodecode-tools index` command +; ############################# +; SEARCH INDEXING CONFIGURATION +; ############################# -## WHOOSH Backend, doesn't require additional services to run -## it works good with few dozen repos +; Full text search indexer is available in rhodecode-tools under +; `rhodecode-tools index` command + +; WHOOSH Backend, doesn't require additional services to run +; it works good with few dozen repos search.module = rhodecode.lib.index.whoosh search.location = %(here)s/data/index -######################################## -### CHANNELSTREAM CONFIG #### -######################################## -## channelstream enables persistent connections and live notification -## in the system. It's also used by the chat system +; #################### +; CHANNELSTREAM CONFIG +; #################### + +; channelstream enables persistent connections and live notification +; in the system. It's also used by the chat system channelstream.enabled = false -## server address for channelstream server on the backend +; server address for channelstream server on the backend channelstream.server = 127.0.0.1:9800 -## location of the channelstream server from outside world -## use ws:// for http or wss:// for https. This address needs to be handled -## by external HTTP server such as Nginx or Apache -## see Nginx/Apache configuration examples in our docs +; location of the channelstream server from outside world +; use ws:// for http or wss:// for https. This address needs to be handled +; by external HTTP server such as Nginx or Apache +; see Nginx/Apache configuration examples in our docs channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream channelstream.secret = secret channelstream.history.location = %(here)s/channelstream_history -## Internal application path that Javascript uses to connect into. -## If you use proxy-prefix the prefix should be added before /_channelstream +; Internal application path that Javascript uses to connect into. +; If you use proxy-prefix the prefix should be added before /_channelstream channelstream.proxy_path = /_channelstream -## Live chat for commits/pull requests. Requires CHANNELSTREAM to be enabled -## and configured. (EE edition only) -chat.enabled = true + +; ############################## +; MAIN RHODECODE DATABASE CONFIG +; ############################## + +#sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30 +#sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode +#sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8 +; pymysql is an alternative driver for MySQL, use in case of problems with default one +#sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode + +sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode + +; see sqlalchemy docs for other advanced settings +; print the sql statements to output +sqlalchemy.db1.echo = false + +; recycle the connections after this amount of seconds +sqlalchemy.db1.pool_recycle = 3600 +sqlalchemy.db1.convert_unicode = true + +; the number of connections to keep open inside the connection pool. +; 0 indicates no limit +#sqlalchemy.db1.pool_size = 5 + +; The number of connections to allow in connection pool "overflow", that is +; connections that can be opened above and beyond the pool_size setting, +; which defaults to five. +#sqlalchemy.db1.max_overflow = 10 + +; Connection check ping, used to detect broken database connections +; could be enabled to better handle cases if MySQL has gone away errors +#sqlalchemy.db1.ping_connection = true + +; ########## +; VCS CONFIG +; ########## +vcs.server.enable = true +vcs.server = localhost:9900 + +; Web server connectivity protocol, responsible for web based VCS operations +; Available protocols are: +; `http` - use http-rpc backend (default) +vcs.server.protocol = http + +; Push/Pull operations protocol, available options are: +; `http` - use http-rpc backend (default) +vcs.scm_app_implementation = http + +; Push/Pull operations hooks protocol, available options are: +; `http` - use http-rpc backend (default) +vcs.hooks.protocol = http + +; Host on which this instance is listening for hooks. If vcsserver is in other location +; this should be adjusted. +vcs.hooks.host = 127.0.0.1 + +; Start VCSServer with this instance as a subprocess, useful for development +vcs.start_server = false + +; List of enabled VCS backends, available options are: +; `hg` - mercurial +; `git` - git +; `svn` - subversion +vcs.backends = hg, git, svn + +; Wait this number of seconds before killing connection to the vcsserver +vcs.connection_timeout = 3600 + +; Compatibility version when creating SVN repositories. Defaults to newest version when commented out. +; Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible +#vcs.svn.compatible_version = pre-1.8-compatible -################################### -## APPENLIGHT CONFIG ## -################################### +; #################################################### +; Subversion proxy support (mod_dav_svn) +; Maps RhodeCode repo groups into SVN paths for Apache +; #################################################### + +; Enable or disable the config file generation. +svn.proxy.generate_config = false + +; Generate config file with `SVNListParentPath` set to `On`. +svn.proxy.list_parent_path = true + +; Set location and file name of generated config file. +svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf + +; alternative mod_dav config template. This needs to be a valid mako template +; Example template can be found in the source code: +; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako +#svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako + +; Used as a prefix to the `Location` block in the generated config file. +; In most cases it should be set to `/`. +svn.proxy.location_root = / + +; Command to reload the mod dav svn configuration on change. +; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh +; Make sure user who runs RhodeCode process is allowed to reload Apache +#svn.proxy.reload_cmd = /etc/init.d/apache2 reload + +; If the timeout expires before the reload command finishes, the command will +; be killed. Setting it to zero means no timeout. Defaults to 10 seconds. +#svn.proxy.reload_timeout = 10 + +; #################### +; SSH Support Settings +; #################### -## Appenlight is tailored to work with RhodeCode, see -## http://appenlight.com for details how to obtain an account +; Defines if a custom authorized_keys file should be created and written on +; any change user ssh keys. Setting this to false also disables possibility +; of adding SSH keys by users from web interface. Super admins can still +; manage SSH Keys. +ssh.generate_authorized_keyfile = false + +; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding` +# ssh.authorized_keys_ssh_opts = + +; Path to the authorized_keys file where the generate entries are placed. +; It is possible to have multiple key files specified in `sshd_config` e.g. +; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode +ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode + +; Command to execute the SSH wrapper. The binary is available in the +; RhodeCode installation directory. +; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper +ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper + +; Allow shell when executing the ssh-wrapper command +ssh.wrapper_cmd_allow_shell = false -## Appenlight integration enabled +; Enables logging, and detailed output send back to the client during SSH +; operations. Useful for debugging, shouldn't be used in production. +ssh.enable_debug_logging = false + +; Paths to binary executable, by default they are the names, but we can +; override them if we want to use a custom one +ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg +ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git +ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve + +; Enables SSH key generator web interface. Disabling this still allows users +; to add their own keys. +ssh.enable_ui_key_generator = true + + +; ################# +; APPENLIGHT CONFIG +; ################# + +; Appenlight is tailored to work with RhodeCode, see +; http://appenlight.rhodecode.com for details how to obtain an account + +; Appenlight integration enabled appenlight = false appenlight.server_url = https://api.appenlight.com appenlight.api_key = YOUR_API_KEY #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5 -## used for JS client +; used for JS client appenlight.api_public_key = YOUR_API_PUBLIC_KEY -## TWEAK AMOUNT OF INFO SENT HERE +; TWEAK AMOUNT OF INFO SENT HERE -## enables 404 error logging (default False) +; enables 404 error logging (default False) appenlight.report_404 = false -## time in seconds after request is considered being slow (default 1) +; time in seconds after request is considered being slow (default 1) appenlight.slow_request_time = 1 -## record slow requests in application -## (needs to be enabled for slow datastore recording and time tracking) +; record slow requests in application +; (needs to be enabled for slow datastore recording and time tracking) appenlight.slow_requests = true -## enable hooking to application loggers +; enable hooking to application loggers appenlight.logging = true -## minimum log level for log capture +; minimum log level for log capture appenlight.logging.level = WARNING -## send logs only from erroneous/slow requests -## (saves API quota for intensive logging) +; send logs only from erroneous/slow requests +; (saves API quota for intensive logging) appenlight.logging_on_error = false -## list of additional keywords that should be grabbed from environ object -## can be string with comma separated list of words in lowercase -## (by default client will always send following info: -## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that -## start with HTTP* this list be extended with additional keywords here +; list of additional keywords that should be grabbed from environ object +; can be string with comma separated list of words in lowercase +; (by default client will always send following info: +; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that +; start with HTTP* this list be extended with additional keywords here appenlight.environ_keys_whitelist = -## list of keywords that should be blanked from request object -## can be string with comma separated list of words in lowercase -## (by default client will always blank keys that contain following words -## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf' -## this list be extended with additional keywords set here +; list of keywords that should be blanked from request object +; can be string with comma separated list of words in lowercase +; (by default client will always blank keys that contain following words +; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf' +; this list be extended with additional keywords set here appenlight.request_keys_blacklist = -## list of namespaces that should be ignores when gathering log entries -## can be string with comma separated list of namespaces -## (by default the client ignores own entries: appenlight_client.client) +; list of namespaces that should be ignores when gathering log entries +; can be string with comma separated list of namespaces +; (by default the client ignores own entries: appenlight_client.client) appenlight.log_namespace_blacklist = - -########################################### -### MAIN RHODECODE DATABASE CONFIG ### -########################################### -#sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30 -#sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode -#sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8 -# pymysql is an alternative driver for MySQL, use in case of problems with default one -#sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode - -sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode - -# see sqlalchemy docs for other advanced settings - -## print the sql statements to output -sqlalchemy.db1.echo = false -## recycle the connections after this amount of seconds -sqlalchemy.db1.pool_recycle = 3600 - -## the number of connections to keep open inside the connection pool. -## 0 indicates no limit -#sqlalchemy.db1.pool_size = 5 - -## the number of connections to allow in connection pool "overflow", that is -## connections that can be opened above and beyond the pool_size setting, -## which defaults to five. -#sqlalchemy.db1.max_overflow = 10 - -## Connection check ping, used to detect broken database connections -## could be enabled to better handle cases if MySQL has gone away errors -#sqlalchemy.db1.ping_connection = true - -################## -### VCS CONFIG ### -################## -vcs.server.enable = true -vcs.server = localhost:9900 - -## Web server connectivity protocol, responsible for web based VCS operations -## Available protocols are: -## `http` - use http-rpc backend (default) -vcs.server.protocol = http - -## Push/Pull operations protocol, available options are: -## `http` - use http-rpc backend (default) -vcs.scm_app_implementation = http - -## Push/Pull operations hooks protocol, available options are: -## `http` - use http-rpc backend (default) -vcs.hooks.protocol = http - -## Host on which this instance is listening for hooks. If vcsserver is in other location -## this should be adjusted. -vcs.hooks.host = 127.0.0.1 - -vcs.server.log_level = info -## Start VCSServer with this instance as a subprocess, useful for development -vcs.start_server = false - -## List of enabled VCS backends, available options are: -## `hg` - mercurial -## `git` - git -## `svn` - subversion -vcs.backends = hg, git, svn - -vcs.connection_timeout = 3600 -## Compatibility version when creating SVN repositories. Defaults to newest version when commented out. -## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible -#vcs.svn.compatible_version = pre-1.8-compatible - - -############################################################ -### Subversion proxy support (mod_dav_svn) ### -### Maps RhodeCode repo groups into SVN paths for Apache ### -############################################################ -## Enable or disable the config file generation. -svn.proxy.generate_config = false -## Generate config file with `SVNListParentPath` set to `On`. -svn.proxy.list_parent_path = true -## Set location and file name of generated config file. -svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf -## alternative mod_dav config template. This needs to be a mako template -#svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako -## Used as a prefix to the `Location` block in the generated config file. -## In most cases it should be set to `/`. -svn.proxy.location_root = / -## Command to reload the mod dav svn configuration on change. -## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh -## Make sure user who runs RhodeCode process is allowed to reload Apache -#svn.proxy.reload_cmd = /etc/init.d/apache2 reload -## If the timeout expires before the reload command finishes, the command will -## be killed. Setting it to zero means no timeout. Defaults to 10 seconds. -#svn.proxy.reload_timeout = 10 - -############################################################ -### SSH Support Settings ### -############################################################ - -## Defines if a custom authorized_keys file should be created and written on -## any change user ssh keys. Setting this to false also disables possibility -## of adding SSH keys by users from web interface. Super admins can still -## manage SSH Keys. -ssh.generate_authorized_keyfile = false - -## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding` -# ssh.authorized_keys_ssh_opts = - -## Path to the authorized_keys file where the generate entries are placed. -## It is possible to have multiple key files specified in `sshd_config` e.g. -## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode -ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode - -## Command to execute the SSH wrapper. The binary is available in the -## RhodeCode installation directory. -## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper -ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper - -## Allow shell when executing the ssh-wrapper command -ssh.wrapper_cmd_allow_shell = false - -## Enables logging, and detailed output send back to the client during SSH -## operations. Useful for debugging, shouldn't be used in production. -ssh.enable_debug_logging = false - -## Paths to binary executable, by default they are the names, but we can -## override them if we want to use a custom one -ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg -ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git -ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve - -## Enables SSH key generator web interface. Disabling this still allows users -## to add their own keys. -ssh.enable_ui_key_generator = true - - -## Dummy marker to add new entries after. -## Add any custom entries below. Please don't remove. +; Dummy marker to add new entries after. +; Add any custom entries below. Please don't remove this marker. custom.conf = 1 -################################ -### LOGGING CONFIGURATION #### -################################ +; ##################### +; LOGGING CONFIGURATION +; ##################### [loggers] keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper @@ -689,9 +704,9 @@ keys = console, console_sql [formatters] keys = generic, color_formatter, color_formatter_sql -############# -## LOGGERS ## -############# +; ####### +; LOGGERS +; ####### [logger_root] level = NOTSET handlers = console @@ -726,9 +741,9 @@ handlers = qualname = celery -############## -## HANDLERS ## -############## +; ######## +; HANDLERS +; ######## [handler_console] class = StreamHandler @@ -737,17 +752,17 @@ level = INFO formatter = generic [handler_console_sql] -# "level = DEBUG" logs SQL queries and results. -# "level = INFO" logs SQL queries. -# "level = WARN" logs neither. (Recommended for production systems.) +; "level = DEBUG" logs SQL queries and results. +; "level = INFO" logs SQL queries. +; "level = WARN" logs neither. (Recommended for production systems.) class = StreamHandler args = (sys.stderr, ) level = WARN formatter = generic -################ -## FORMATTERS ## -################ +; ########## +; FORMATTERS +; ########## [formatter_generic] class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter