diff --git a/configs/development.ini b/configs/development.ini --- a/configs/development.ini +++ b/configs/development.ini @@ -305,7 +305,7 @@ file_store.enabled = true file_store.backend = local ; path to store the uploaded binaries -file_store.storage_path = %(here)s/data/file_store +file_store.storage_path = /var/opt/rhodecode_data/file_store ; Uncomment and set this path to control settings for archive download cache. ; Generated repo archives will be cached at this location @@ -314,7 +314,7 @@ file_store.storage_path = %(here)s/data/ ; RhodeCode and vcsserver ; Default is $cache_dir/archive_cache if not set -archive_cache.store_dir = %(here)s/data/archive_cache +archive_cache.store_dir = /var/opt/rhodecode_data/tarballcache ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb archive_cache.cache_size_gb = 10 @@ -328,7 +328,7 @@ archive_cache.cache_shards = 10 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini -use_celery = false +use_celery = true ; path to store schedule database #celerybeat-schedule.path = @@ -354,7 +354,7 @@ celery.task_always_eager = false ; Default cache dir for caches. Putting this into a ramdisk can boost performance. ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space -cache_dir = %(here)s/data +cache_dir = /var/opt/rhodecode_data ; ********************************************* ; `sql_cache_short` cache for heavy SQL queries @@ -463,12 +463,12 @@ rc_cache.cache_repo.expiration_time = 25 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed ; types are file, ext:redis, ext:database, ext:memcached ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session -beaker.session.type = file -beaker.session.data_dir = %(here)s/data/sessions +#beaker.session.type = file +#beaker.session.data_dir = %(here)s/data/sessions ; Redis based sessions -#beaker.session.type = ext:redis -#beaker.session.url = redis://127.0.0.1:6379/2 +beaker.session.type = ext:redis +beaker.session.url = redis://redis:6379/2 ; DB based session, fast, and allows easy management over logged in users #beaker.session.type = ext:database @@ -480,7 +480,7 @@ beaker.session.data_dir = %(here)s/data/ beaker.session.key = rhodecode beaker.session.secret = develop-rc-uytcxaz -beaker.session.lock_dir = %(here)s/data/sessions/lock +beaker.session.lock_dir = /data_ramdisk/lock ; Secure encrypted cookie. Requires AES and AES python libraries ; you must disable beaker.session.secret to use this @@ -521,18 +521,18 @@ search.location = %(here)s/data/index ; channelstream enables persistent connections and live notification ; in the system. It's also used by the chat system -channelstream.enabled = false +channelstream.enabled = true ; server address for channelstream server on the backend -channelstream.server = 127.0.0.1:9800 +channelstream.server = channelstream:9800 ; location of the channelstream server from outside world ; use ws:// for http or wss:// for https. This address needs to be handled ; by external HTTP server such as Nginx or Apache ; see Nginx/Apache configuration examples in our docs channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream -channelstream.secret = secret -channelstream.history.location = %(here)s/channelstream_history +channelstream.secret = ENV_GENERATED +channelstream.history.location = /var/opt/rhodecode_data/channelstream_history ; Internal application path that Javascript uses to connect into. ; If you use proxy-prefix the prefix should be added before /_channelstream @@ -578,7 +578,7 @@ sqlalchemy.db1.pool_recycle = 3600 ; VCS CONFIG ; ########## vcs.server.enable = true -vcs.server = localhost:9900 +vcs.server = vcsserver:10010 ; Web server connectivity protocol, responsible for web based VCS operations ; Available protocols are: @@ -610,6 +610,15 @@ vcs.backends = hg, git, svn ; Wait this number of seconds before killing connection to the vcsserver vcs.connection_timeout = 3600 +; Cache flag to cache vcsserver remote calls locally +; It uses cache_region `cache_repo` +vcs.methods.cache = true + +; #################################################### +; Subversion proxy support (mod_dav_svn) +; Maps RhodeCode repo groups into SVN paths for Apache +; #################################################### + ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out. ; Set a numeric version for your current SVN e.g 1.8, or 1.12 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible @@ -621,23 +630,14 @@ vcs.svn.proxy.enabled = true ; host to connect to running SVN subsystem vcs.svn.proxy.host = http://svn:8090 -; Cache flag to cache vcsserver remote calls locally -; It uses cache_region `cache_repo` -vcs.methods.cache = true - -; #################################################### -; Subversion proxy support (mod_dav_svn) -; Maps RhodeCode repo groups into SVN paths for Apache -; #################################################### - ; Enable or disable the config file generation. -svn.proxy.generate_config = false +svn.proxy.generate_config = true ; Generate config file with `SVNListParentPath` set to `On`. svn.proxy.list_parent_path = true ; Set location and file name of generated config file. -svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf +svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf ; alternative mod_dav config template. This needs to be a valid mako template ; Example template can be found in the source code: @@ -665,7 +665,7 @@ svn.proxy.location_root = / ; any change user ssh keys. Setting this to false also disables possibility ; of adding SSH keys by users from web interface. Super admins can still ; manage SSH Keys. -ssh.generate_authorized_keyfile = false +ssh.generate_authorized_keyfile = true ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding` # ssh.authorized_keys_ssh_opts = @@ -673,12 +673,12 @@ ssh.generate_authorized_keyfile = false ; Path to the authorized_keys file where the generate entries are placed. ; It is possible to have multiple key files specified in `sshd_config` e.g. ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode -ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode +ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode ; Command to execute the SSH wrapper. The binary is available in the ; RhodeCode installation directory. -; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper -ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper +; e.g /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper +ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper ; Allow shell when executing the ssh-wrapper command ssh.wrapper_cmd_allow_shell = false @@ -689,73 +689,14 @@ ssh.enable_debug_logging = true ; Paths to binary executable, by default they are the names, but we can ; override them if we want to use a custom one -ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg -ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git -ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve +ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg +ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git +ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve ; Enables SSH key generator web interface. Disabling this still allows users ; to add their own keys. ssh.enable_ui_key_generator = true - -; ################# -; APPENLIGHT CONFIG -; ################# - -; Appenlight is tailored to work with RhodeCode, see -; http://appenlight.rhodecode.com for details how to obtain an account - -; Appenlight integration enabled -#appenlight = false - -#appenlight.server_url = https://api.appenlight.com -#appenlight.api_key = YOUR_API_KEY -#appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5 - -; used for JS client -#appenlight.api_public_key = YOUR_API_PUBLIC_KEY - -; TWEAK AMOUNT OF INFO SENT HERE - -; enables 404 error logging (default False) -#appenlight.report_404 = false - -; time in seconds after request is considered being slow (default 1) -#appenlight.slow_request_time = 1 - -; record slow requests in application -; (needs to be enabled for slow datastore recording and time tracking) -#appenlight.slow_requests = true - -; enable hooking to application loggers -#appenlight.logging = true - -; minimum log level for log capture -#ppenlight.logging.level = WARNING - -; send logs only from erroneous/slow requests -; (saves API quota for intensive logging) -#appenlight.logging_on_error = false - -; list of additional keywords that should be grabbed from environ object -; can be string with comma separated list of words in lowercase -; (by default client will always send following info: -; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that -; start with HTTP* this list be extended with additional keywords here -#appenlight.environ_keys_whitelist = - -; list of keywords that should be blanked from request object -; can be string with comma separated list of words in lowercase -; (by default client will always blank keys that contain following words -; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf' -; this list be extended with additional keywords set here -#appenlight.request_keys_blacklist = - -; list of namespaces that should be ignores when gathering log entries -; can be string with comma separated list of namespaces -; (by default the client ignores own entries: appenlight_client.client) -#appenlight.log_namespace_blacklist = - ; Statsd client config, this is used to send metrics to statsd ; We recommend setting statsd_exported and scrape them using Prometheus #statsd.enabled = false diff --git a/configs/production.ini b/configs/production.ini --- a/configs/production.ini +++ b/configs/production.ini @@ -105,7 +105,7 @@ startup.import_repos = false app.base_url = http://rhodecode.local ; Host at which the Service API is running. -app.service_api.host= http://rhodecode.local:10020 +app.service_api.host = http://rhodecode.local:10020 ; Secret for Service API authentication. app.service_api.token = @@ -256,7 +256,7 @@ file_store.enabled = true file_store.backend = local ; path to store the uploaded binaries -file_store.storage_path = %(here)s/data/file_store +file_store.storage_path = /var/opt/rhodecode_data/file_store ; Uncomment and set this path to control settings for archive download cache. ; Generated repo archives will be cached at this location @@ -265,7 +265,7 @@ file_store.storage_path = %(here)s/data/ ; RhodeCode and vcsserver ; Default is $cache_dir/archive_cache if not set -archive_cache.store_dir = %(here)s/data/archive_cache +archive_cache.store_dir = /var/opt/rhodecode_data/tarballcache ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb archive_cache.cache_size_gb = 40 @@ -279,7 +279,7 @@ archive_cache.cache_shards = 4 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini -use_celery = false +use_celery = true ; path to store schedule database #celerybeat-schedule.path = @@ -305,7 +305,7 @@ celery.task_always_eager = false ; Default cache dir for caches. Putting this into a ramdisk can boost performance. ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space -cache_dir = %(here)s/data +cache_dir = /var/opt/rhodecode_data ; ********************************************* ; `sql_cache_short` cache for heavy SQL queries @@ -414,12 +414,12 @@ rc_cache.cache_repo.expiration_time = 25 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed ; types are file, ext:redis, ext:database, ext:memcached ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session -beaker.session.type = file -beaker.session.data_dir = %(here)s/data/sessions +#beaker.session.type = file +#beaker.session.data_dir = %(here)s/data/sessions ; Redis based sessions -#beaker.session.type = ext:redis -#beaker.session.url = redis://127.0.0.1:6379/2 +beaker.session.type = ext:redis +beaker.session.url = redis://redis:6379/2 ; DB based session, fast, and allows easy management over logged in users #beaker.session.type = ext:database @@ -431,7 +431,7 @@ beaker.session.data_dir = %(here)s/data/ beaker.session.key = rhodecode beaker.session.secret = production-rc-uytcxaz -beaker.session.lock_dir = %(here)s/data/sessions/lock +beaker.session.lock_dir = /data_ramdisk/lock ; Secure encrypted cookie. Requires AES and AES python libraries ; you must disable beaker.session.secret to use this @@ -472,18 +472,18 @@ search.location = %(here)s/data/index ; channelstream enables persistent connections and live notification ; in the system. It's also used by the chat system -channelstream.enabled = false +channelstream.enabled = true ; server address for channelstream server on the backend -channelstream.server = 127.0.0.1:9800 +channelstream.server = channelstream:9800 ; location of the channelstream server from outside world ; use ws:// for http or wss:// for https. This address needs to be handled ; by external HTTP server such as Nginx or Apache ; see Nginx/Apache configuration examples in our docs channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream -channelstream.secret = secret -channelstream.history.location = %(here)s/channelstream_history +channelstream.secret = ENV_GENERATED +channelstream.history.location = /var/opt/rhodecode_data/channelstream_history ; Internal application path that Javascript uses to connect into. ; If you use proxy-prefix the prefix should be added before /_channelstream @@ -529,7 +529,7 @@ sqlalchemy.db1.pool_recycle = 3600 ; VCS CONFIG ; ########## vcs.server.enable = true -vcs.server = localhost:9900 +vcs.server = vcsserver:10010 ; Web server connectivity protocol, responsible for web based VCS operations ; Available protocols are: @@ -561,6 +561,15 @@ vcs.backends = hg, git, svn ; Wait this number of seconds before killing connection to the vcsserver vcs.connection_timeout = 3600 +; Cache flag to cache vcsserver remote calls locally +; It uses cache_region `cache_repo` +vcs.methods.cache = true + +; #################################################### +; Subversion proxy support (mod_dav_svn) +; Maps RhodeCode repo groups into SVN paths for Apache +; #################################################### + ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out. ; Set a numeric version for your current SVN e.g 1.8, or 1.12 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible @@ -572,23 +581,14 @@ vcs.svn.proxy.enabled = true ; host to connect to running SVN subsystem vcs.svn.proxy.host = http://svn:8090 -; Cache flag to cache vcsserver remote calls locally -; It uses cache_region `cache_repo` -vcs.methods.cache = true - -; #################################################### -; Subversion proxy support (mod_dav_svn) -; Maps RhodeCode repo groups into SVN paths for Apache -; #################################################### - ; Enable or disable the config file generation. -svn.proxy.generate_config = false +svn.proxy.generate_config = true ; Generate config file with `SVNListParentPath` set to `On`. svn.proxy.list_parent_path = true ; Set location and file name of generated config file. -svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf +svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf ; alternative mod_dav config template. This needs to be a valid mako template ; Example template can be found in the source code: @@ -616,7 +616,7 @@ svn.proxy.location_root = / ; any change user ssh keys. Setting this to false also disables possibility ; of adding SSH keys by users from web interface. Super admins can still ; manage SSH Keys. -ssh.generate_authorized_keyfile = false +ssh.generate_authorized_keyfile = true ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding` # ssh.authorized_keys_ssh_opts = @@ -624,12 +624,12 @@ ssh.generate_authorized_keyfile = false ; Path to the authorized_keys file where the generate entries are placed. ; It is possible to have multiple key files specified in `sshd_config` e.g. ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode -ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode +ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode ; Command to execute the SSH wrapper. The binary is available in the ; RhodeCode installation directory. -; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper -ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper +; e.g /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper +ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper ; Allow shell when executing the ssh-wrapper command ssh.wrapper_cmd_allow_shell = false @@ -640,73 +640,14 @@ ssh.enable_debug_logging = false ; Paths to binary executable, by default they are the names, but we can ; override them if we want to use a custom one -ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg -ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git -ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve +ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg +ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git +ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve ; Enables SSH key generator web interface. Disabling this still allows users ; to add their own keys. ssh.enable_ui_key_generator = true - -; ################# -; APPENLIGHT CONFIG -; ################# - -; Appenlight is tailored to work with RhodeCode, see -; http://appenlight.rhodecode.com for details how to obtain an account - -; Appenlight integration enabled -#appenlight = false - -#appenlight.server_url = https://api.appenlight.com -#appenlight.api_key = YOUR_API_KEY -#appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5 - -; used for JS client -#appenlight.api_public_key = YOUR_API_PUBLIC_KEY - -; TWEAK AMOUNT OF INFO SENT HERE - -; enables 404 error logging (default False) -#appenlight.report_404 = false - -; time in seconds after request is considered being slow (default 1) -#appenlight.slow_request_time = 1 - -; record slow requests in application -; (needs to be enabled for slow datastore recording and time tracking) -#appenlight.slow_requests = true - -; enable hooking to application loggers -#appenlight.logging = true - -; minimum log level for log capture -#ppenlight.logging.level = WARNING - -; send logs only from erroneous/slow requests -; (saves API quota for intensive logging) -#appenlight.logging_on_error = false - -; list of additional keywords that should be grabbed from environ object -; can be string with comma separated list of words in lowercase -; (by default client will always send following info: -; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that -; start with HTTP* this list be extended with additional keywords here -#appenlight.environ_keys_whitelist = - -; list of keywords that should be blanked from request object -; can be string with comma separated list of words in lowercase -; (by default client will always blank keys that contain following words -; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf' -; this list be extended with additional keywords set here -#appenlight.request_keys_blacklist = - -; list of namespaces that should be ignores when gathering log entries -; can be string with comma separated list of namespaces -; (by default the client ignores own entries: appenlight_client.client) -#appenlight.log_namespace_blacklist = - ; Statsd client config, this is used to send metrics to statsd ; We recommend setting statsd_exported and scrape them using Prometheus #statsd.enabled = false