##// END OF EJS Templates
feat(config): deprecated old ssh wrapper command and make the v2 the default one
super-admin -
r5495:09f6cf66 default
parent child Browse files
Show More
@@ -1,856 +1,857 b''
1
1
2 ; #########################################
2 ; #########################################
3 ; RHODECODE COMMUNITY EDITION CONFIGURATION
3 ; RHODECODE COMMUNITY EDITION CONFIGURATION
4 ; #########################################
4 ; #########################################
5
5
6 [DEFAULT]
6 [DEFAULT]
7 ; Debug flag sets all loggers to debug, and enables request tracking
7 ; Debug flag sets all loggers to debug, and enables request tracking
8 debug = true
8 debug = true
9
9
10 ; ########################################################################
10 ; ########################################################################
11 ; EMAIL CONFIGURATION
11 ; EMAIL CONFIGURATION
12 ; These settings will be used by the RhodeCode mailing system
12 ; These settings will be used by the RhodeCode mailing system
13 ; ########################################################################
13 ; ########################################################################
14
14
15 ; prefix all emails subjects with given prefix, helps filtering out emails
15 ; prefix all emails subjects with given prefix, helps filtering out emails
16 #email_prefix = [RhodeCode]
16 #email_prefix = [RhodeCode]
17
17
18 ; email FROM address all mails will be sent
18 ; email FROM address all mails will be sent
19 #app_email_from = rhodecode-noreply@localhost
19 #app_email_from = rhodecode-noreply@localhost
20
20
21 #smtp_server = mail.server.com
21 #smtp_server = mail.server.com
22 #smtp_username =
22 #smtp_username =
23 #smtp_password =
23 #smtp_password =
24 #smtp_port =
24 #smtp_port =
25 #smtp_use_tls = false
25 #smtp_use_tls = false
26 #smtp_use_ssl = true
26 #smtp_use_ssl = true
27
27
28 [server:main]
28 [server:main]
29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
30 ; Host port for gunicorn are controlled by gunicorn_conf.py
30 ; Host port for gunicorn are controlled by gunicorn_conf.py
31 host = 127.0.0.1
31 host = 127.0.0.1
32 port = 10020
32 port = 10020
33
33
34
34
35 ; ###########################
35 ; ###########################
36 ; GUNICORN APPLICATION SERVER
36 ; GUNICORN APPLICATION SERVER
37 ; ###########################
37 ; ###########################
38
38
39 ; run with gunicorn --config gunicorn_conf.py --paste rhodecode.ini
39 ; run with gunicorn --config gunicorn_conf.py --paste rhodecode.ini
40
40
41 ; Module to use, this setting shouldn't be changed
41 ; Module to use, this setting shouldn't be changed
42 use = egg:gunicorn#main
42 use = egg:gunicorn#main
43
43
44 ; Prefix middleware for RhodeCode.
44 ; Prefix middleware for RhodeCode.
45 ; recommended when using proxy setup.
45 ; recommended when using proxy setup.
46 ; allows to set RhodeCode under a prefix in server.
46 ; allows to set RhodeCode under a prefix in server.
47 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
47 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
48 ; And set your prefix like: `prefix = /custom_prefix`
48 ; And set your prefix like: `prefix = /custom_prefix`
49 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
49 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
50 ; to make your cookies only work on prefix url
50 ; to make your cookies only work on prefix url
51 [filter:proxy-prefix]
51 [filter:proxy-prefix]
52 use = egg:PasteDeploy#prefix
52 use = egg:PasteDeploy#prefix
53 prefix = /
53 prefix = /
54
54
55 [app:main]
55 [app:main]
56 ; The %(here)s variable will be replaced with the absolute path of parent directory
56 ; The %(here)s variable will be replaced with the absolute path of parent directory
57 ; of this file
57 ; of this file
58 ; Each option in the app:main can be override by an environmental variable
58 ; Each option in the app:main can be override by an environmental variable
59 ;
59 ;
60 ;To override an option:
60 ;To override an option:
61 ;
61 ;
62 ;RC_<KeyName>
62 ;RC_<KeyName>
63 ;Everything should be uppercase, . and - should be replaced by _.
63 ;Everything should be uppercase, . and - should be replaced by _.
64 ;For example, if you have these configuration settings:
64 ;For example, if you have these configuration settings:
65 ;rc_cache.repo_object.backend = foo
65 ;rc_cache.repo_object.backend = foo
66 ;can be overridden by
66 ;can be overridden by
67 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
67 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
68
68
69 use = egg:rhodecode-enterprise-ce
69 use = egg:rhodecode-enterprise-ce
70
70
71 ; enable proxy prefix middleware, defined above
71 ; enable proxy prefix middleware, defined above
72 #filter-with = proxy-prefix
72 #filter-with = proxy-prefix
73
73
74 ; #############
74 ; #############
75 ; DEBUG OPTIONS
75 ; DEBUG OPTIONS
76 ; #############
76 ; #############
77
77
78 pyramid.reload_templates = true
78 pyramid.reload_templates = true
79
79
80 # During development the we want to have the debug toolbar enabled
80 # During development the we want to have the debug toolbar enabled
81 pyramid.includes =
81 pyramid.includes =
82 pyramid_debugtoolbar
82 pyramid_debugtoolbar
83
83
84 debugtoolbar.hosts = 0.0.0.0/0
84 debugtoolbar.hosts = 0.0.0.0/0
85 debugtoolbar.exclude_prefixes =
85 debugtoolbar.exclude_prefixes =
86 /css
86 /css
87 /fonts
87 /fonts
88 /images
88 /images
89 /js
89 /js
90
90
91 ## RHODECODE PLUGINS ##
91 ## RHODECODE PLUGINS ##
92 rhodecode.includes =
92 rhodecode.includes =
93 rhodecode.api
93 rhodecode.api
94
94
95
95
96 # api prefix url
96 # api prefix url
97 rhodecode.api.url = /_admin/api
97 rhodecode.api.url = /_admin/api
98
98
99 ; enable debug style page
99 ; enable debug style page
100 debug_style = true
100 debug_style = true
101
101
102 ; #################
102 ; #################
103 ; END DEBUG OPTIONS
103 ; END DEBUG OPTIONS
104 ; #################
104 ; #################
105
105
106 ; encryption key used to encrypt social plugin tokens,
106 ; encryption key used to encrypt social plugin tokens,
107 ; remote_urls with credentials etc, if not set it defaults to
107 ; remote_urls with credentials etc, if not set it defaults to
108 ; `beaker.session.secret`
108 ; `beaker.session.secret`
109 #rhodecode.encrypted_values.secret =
109 #rhodecode.encrypted_values.secret =
110
110
111 ; decryption strict mode (enabled by default). It controls if decryption raises
111 ; decryption strict mode (enabled by default). It controls if decryption raises
112 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
112 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
113 #rhodecode.encrypted_values.strict = false
113 #rhodecode.encrypted_values.strict = false
114
114
115 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
115 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
116 ; fernet is safer, and we strongly recommend switching to it.
116 ; fernet is safer, and we strongly recommend switching to it.
117 ; Due to backward compatibility aes is used as default.
117 ; Due to backward compatibility aes is used as default.
118 #rhodecode.encrypted_values.algorithm = fernet
118 #rhodecode.encrypted_values.algorithm = fernet
119
119
120 ; Return gzipped responses from RhodeCode (static files/application)
120 ; Return gzipped responses from RhodeCode (static files/application)
121 gzip_responses = false
121 gzip_responses = false
122
122
123 ; Auto-generate javascript routes file on startup
123 ; Auto-generate javascript routes file on startup
124 generate_js_files = false
124 generate_js_files = false
125
125
126 ; System global default language.
126 ; System global default language.
127 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
127 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
128 lang = en
128 lang = en
129
129
130 ; Perform a full repository scan and import on each server start.
130 ; Perform a full repository scan and import on each server start.
131 ; Settings this to true could lead to very long startup time.
131 ; Settings this to true could lead to very long startup time.
132 startup.import_repos = false
132 startup.import_repos = false
133
133
134 ; URL at which the application is running. This is used for Bootstrapping
134 ; URL at which the application is running. This is used for Bootstrapping
135 ; requests in context when no web request is available. Used in ishell, or
135 ; requests in context when no web request is available. Used in ishell, or
136 ; SSH calls. Set this for events to receive proper url for SSH calls.
136 ; SSH calls. Set this for events to receive proper url for SSH calls.
137 app.base_url = http://rhodecode.local
137 app.base_url = http://rhodecode.local
138
138
139 ; Host at which the Service API is running.
139 ; Host at which the Service API is running.
140 app.service_api.host = http://rhodecode.local:10020
140 app.service_api.host = http://rhodecode.local:10020
141
141
142 ; Secret for Service API authentication.
142 ; Secret for Service API authentication.
143 app.service_api.token =
143 app.service_api.token =
144
144
145 ; Unique application ID. Should be a random unique string for security.
145 ; Unique application ID. Should be a random unique string for security.
146 app_instance_uuid = rc-production
146 app_instance_uuid = rc-production
147
147
148 ; Cut off limit for large diffs (size in bytes). If overall diff size on
148 ; Cut off limit for large diffs (size in bytes). If overall diff size on
149 ; commit, or pull request exceeds this limit this diff will be displayed
149 ; commit, or pull request exceeds this limit this diff will be displayed
150 ; partially. E.g 512000 == 512Kb
150 ; partially. E.g 512000 == 512Kb
151 cut_off_limit_diff = 512000
151 cut_off_limit_diff = 512000
152
152
153 ; Cut off limit for large files inside diffs (size in bytes). Each individual
153 ; Cut off limit for large files inside diffs (size in bytes). Each individual
154 ; file inside diff which exceeds this limit will be displayed partially.
154 ; file inside diff which exceeds this limit will be displayed partially.
155 ; E.g 128000 == 128Kb
155 ; E.g 128000 == 128Kb
156 cut_off_limit_file = 128000
156 cut_off_limit_file = 128000
157
157
158 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
158 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
159 vcs_full_cache = true
159 vcs_full_cache = true
160
160
161 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
161 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
162 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
162 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
163 force_https = false
163 force_https = false
164
164
165 ; use Strict-Transport-Security headers
165 ; use Strict-Transport-Security headers
166 use_htsts = false
166 use_htsts = false
167
167
168 ; Set to true if your repos are exposed using the dumb protocol
168 ; Set to true if your repos are exposed using the dumb protocol
169 git_update_server_info = false
169 git_update_server_info = false
170
170
171 ; RSS/ATOM feed options
171 ; RSS/ATOM feed options
172 rss_cut_off_limit = 256000
172 rss_cut_off_limit = 256000
173 rss_items_per_page = 10
173 rss_items_per_page = 10
174 rss_include_diff = false
174 rss_include_diff = false
175
175
176 ; gist URL alias, used to create nicer urls for gist. This should be an
176 ; gist URL alias, used to create nicer urls for gist. This should be an
177 ; url that does rewrites to _admin/gists/{gistid}.
177 ; url that does rewrites to _admin/gists/{gistid}.
178 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
178 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
179 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
179 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
180 gist_alias_url =
180 gist_alias_url =
181
181
182 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
182 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
183 ; used for access.
183 ; used for access.
184 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
184 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
185 ; came from the the logged in user who own this authentication token.
185 ; came from the the logged in user who own this authentication token.
186 ; Additionally @TOKEN syntax can be used to bound the view to specific
186 ; Additionally @TOKEN syntax can be used to bound the view to specific
187 ; authentication token. Such view would be only accessible when used together
187 ; authentication token. Such view would be only accessible when used together
188 ; with this authentication token
188 ; with this authentication token
189 ; list of all views can be found under `/_admin/permissions/auth_token_access`
189 ; list of all views can be found under `/_admin/permissions/auth_token_access`
190 ; The list should be "," separated and on a single line.
190 ; The list should be "," separated and on a single line.
191 ; Most common views to enable:
191 ; Most common views to enable:
192
192
193 # RepoCommitsView:repo_commit_download
193 # RepoCommitsView:repo_commit_download
194 # RepoCommitsView:repo_commit_patch
194 # RepoCommitsView:repo_commit_patch
195 # RepoCommitsView:repo_commit_raw
195 # RepoCommitsView:repo_commit_raw
196 # RepoCommitsView:repo_commit_raw@TOKEN
196 # RepoCommitsView:repo_commit_raw@TOKEN
197 # RepoFilesView:repo_files_diff
197 # RepoFilesView:repo_files_diff
198 # RepoFilesView:repo_archivefile
198 # RepoFilesView:repo_archivefile
199 # RepoFilesView:repo_file_raw
199 # RepoFilesView:repo_file_raw
200 # GistView:*
200 # GistView:*
201 api_access_controllers_whitelist =
201 api_access_controllers_whitelist =
202
202
203 ; Default encoding used to convert from and to unicode
203 ; Default encoding used to convert from and to unicode
204 ; can be also a comma separated list of encoding in case of mixed encodings
204 ; can be also a comma separated list of encoding in case of mixed encodings
205 default_encoding = UTF-8
205 default_encoding = UTF-8
206
206
207 ; instance-id prefix
207 ; instance-id prefix
208 ; a prefix key for this instance used for cache invalidation when running
208 ; a prefix key for this instance used for cache invalidation when running
209 ; multiple instances of RhodeCode, make sure it's globally unique for
209 ; multiple instances of RhodeCode, make sure it's globally unique for
210 ; all running RhodeCode instances. Leave empty if you don't use it
210 ; all running RhodeCode instances. Leave empty if you don't use it
211 instance_id =
211 instance_id =
212
212
213 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
213 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
214 ; of an authentication plugin also if it is disabled by it's settings.
214 ; of an authentication plugin also if it is disabled by it's settings.
215 ; This could be useful if you are unable to log in to the system due to broken
215 ; This could be useful if you are unable to log in to the system due to broken
216 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
216 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
217 ; module to log in again and fix the settings.
217 ; module to log in again and fix the settings.
218 ; Available builtin plugin IDs (hash is part of the ID):
218 ; Available builtin plugin IDs (hash is part of the ID):
219 ; egg:rhodecode-enterprise-ce#rhodecode
219 ; egg:rhodecode-enterprise-ce#rhodecode
220 ; egg:rhodecode-enterprise-ce#pam
220 ; egg:rhodecode-enterprise-ce#pam
221 ; egg:rhodecode-enterprise-ce#ldap
221 ; egg:rhodecode-enterprise-ce#ldap
222 ; egg:rhodecode-enterprise-ce#jasig_cas
222 ; egg:rhodecode-enterprise-ce#jasig_cas
223 ; egg:rhodecode-enterprise-ce#headers
223 ; egg:rhodecode-enterprise-ce#headers
224 ; egg:rhodecode-enterprise-ce#crowd
224 ; egg:rhodecode-enterprise-ce#crowd
225
225
226 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
226 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
227
227
228 ; Flag to control loading of legacy plugins in py:/path format
228 ; Flag to control loading of legacy plugins in py:/path format
229 auth_plugin.import_legacy_plugins = true
229 auth_plugin.import_legacy_plugins = true
230
230
231 ; alternative return HTTP header for failed authentication. Default HTTP
231 ; alternative return HTTP header for failed authentication. Default HTTP
232 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
232 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
233 ; handling that causing a series of failed authentication calls.
233 ; handling that causing a series of failed authentication calls.
234 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
234 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
235 ; This will be served instead of default 401 on bad authentication
235 ; This will be served instead of default 401 on bad authentication
236 auth_ret_code =
236 auth_ret_code =
237
237
238 ; use special detection method when serving auth_ret_code, instead of serving
238 ; use special detection method when serving auth_ret_code, instead of serving
239 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
239 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
240 ; and then serve auth_ret_code to clients
240 ; and then serve auth_ret_code to clients
241 auth_ret_code_detection = false
241 auth_ret_code_detection = false
242
242
243 ; locking return code. When repository is locked return this HTTP code. 2XX
243 ; locking return code. When repository is locked return this HTTP code. 2XX
244 ; codes don't break the transactions while 4XX codes do
244 ; codes don't break the transactions while 4XX codes do
245 lock_ret_code = 423
245 lock_ret_code = 423
246
246
247 ; Filesystem location were repositories should be stored
247 ; Filesystem location were repositories should be stored
248 repo_store.path = /var/opt/rhodecode_repo_store
248 repo_store.path = /var/opt/rhodecode_repo_store
249
249
250 ; allows to setup custom hooks in settings page
250 ; allows to setup custom hooks in settings page
251 allow_custom_hooks_settings = true
251 allow_custom_hooks_settings = true
252
252
253 ; Generated license token required for EE edition license.
253 ; Generated license token required for EE edition license.
254 ; New generated token value can be found in Admin > settings > license page.
254 ; New generated token value can be found in Admin > settings > license page.
255 license_token =
255 license_token =
256
256
257 ; This flag hides sensitive information on the license page such as token, and license data
257 ; This flag hides sensitive information on the license page such as token, and license data
258 license.hide_license_info = false
258 license.hide_license_info = false
259
259
260 ; supervisor connection uri, for managing supervisor and logs.
260 ; supervisor connection uri, for managing supervisor and logs.
261 supervisor.uri =
261 supervisor.uri =
262
262
263 ; supervisord group name/id we only want this RC instance to handle
263 ; supervisord group name/id we only want this RC instance to handle
264 supervisor.group_id = dev
264 supervisor.group_id = dev
265
265
266 ; Display extended labs settings
266 ; Display extended labs settings
267 labs_settings_active = true
267 labs_settings_active = true
268
268
269 ; Custom exception store path, defaults to TMPDIR
269 ; Custom exception store path, defaults to TMPDIR
270 ; This is used to store exception from RhodeCode in shared directory
270 ; This is used to store exception from RhodeCode in shared directory
271 #exception_tracker.store_path =
271 #exception_tracker.store_path =
272
272
273 ; Send email with exception details when it happens
273 ; Send email with exception details when it happens
274 #exception_tracker.send_email = false
274 #exception_tracker.send_email = false
275
275
276 ; Comma separated list of recipients for exception emails,
276 ; Comma separated list of recipients for exception emails,
277 ; e.g admin@rhodecode.com,devops@rhodecode.com
277 ; e.g admin@rhodecode.com,devops@rhodecode.com
278 ; Can be left empty, then emails will be sent to ALL super-admins
278 ; Can be left empty, then emails will be sent to ALL super-admins
279 #exception_tracker.send_email_recipients =
279 #exception_tracker.send_email_recipients =
280
280
281 ; optional prefix to Add to email Subject
281 ; optional prefix to Add to email Subject
282 #exception_tracker.email_prefix = [RHODECODE ERROR]
282 #exception_tracker.email_prefix = [RHODECODE ERROR]
283
283
284 ; File store configuration. This is used to store and serve uploaded files
284 ; File store configuration. This is used to store and serve uploaded files
285 file_store.enabled = true
285 file_store.enabled = true
286
286
287 ; Storage backend, available options are: local
287 ; Storage backend, available options are: local
288 file_store.backend = local
288 file_store.backend = local
289
289
290 ; path to store the uploaded binaries and artifacts
290 ; path to store the uploaded binaries and artifacts
291 file_store.storage_path = /var/opt/rhodecode_data/file_store
291 file_store.storage_path = /var/opt/rhodecode_data/file_store
292
292
293
293
294 ; Redis url to acquire/check generation of archives locks
294 ; Redis url to acquire/check generation of archives locks
295 archive_cache.locking.url = redis://redis:6379/1
295 archive_cache.locking.url = redis://redis:6379/1
296
296
297 ; Storage backend, only 'filesystem' and 'objectstore' are available now
297 ; Storage backend, only 'filesystem' and 'objectstore' are available now
298 archive_cache.backend.type = filesystem
298 archive_cache.backend.type = filesystem
299
299
300 ; url for s3 compatible storage that allows to upload artifacts
300 ; url for s3 compatible storage that allows to upload artifacts
301 ; e.g http://minio:9000
301 ; e.g http://minio:9000
302 archive_cache.objectstore.url = http://s3-minio:9000
302 archive_cache.objectstore.url = http://s3-minio:9000
303
303
304 ; key for s3 auth
304 ; key for s3 auth
305 archive_cache.objectstore.key = key
305 archive_cache.objectstore.key = key
306
306
307 ; secret for s3 auth
307 ; secret for s3 auth
308 archive_cache.objectstore.secret = secret
308 archive_cache.objectstore.secret = secret
309
309
310 ;region for s3 storage
310 ;region for s3 storage
311 archive_cache.objectstore.region = eu-central-1
311 archive_cache.objectstore.region = eu-central-1
312
312
313 ; number of sharded buckets to create to distribute archives across
313 ; number of sharded buckets to create to distribute archives across
314 ; default is 8 shards
314 ; default is 8 shards
315 archive_cache.objectstore.bucket_shards = 8
315 archive_cache.objectstore.bucket_shards = 8
316
316
317 ; a top-level bucket to put all other shards in
317 ; a top-level bucket to put all other shards in
318 ; objects will be stored in rhodecode-archive-cache/shard-N based on the bucket_shards number
318 ; objects will be stored in rhodecode-archive-cache/shard-N based on the bucket_shards number
319 archive_cache.objectstore.bucket = rhodecode-archive-cache
319 archive_cache.objectstore.bucket = rhodecode-archive-cache
320
320
321 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
321 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
322 archive_cache.objectstore.retry = false
322 archive_cache.objectstore.retry = false
323
323
324 ; number of seconds to wait for next try using retry
324 ; number of seconds to wait for next try using retry
325 archive_cache.objectstore.retry_backoff = 1
325 archive_cache.objectstore.retry_backoff = 1
326
326
327 ; how many tries do do a retry fetch from this backend
327 ; how many tries do do a retry fetch from this backend
328 archive_cache.objectstore.retry_attempts = 10
328 archive_cache.objectstore.retry_attempts = 10
329
329
330 ; Default is $cache_dir/archive_cache if not set
330 ; Default is $cache_dir/archive_cache if not set
331 ; Generated repo archives will be cached at this location
331 ; Generated repo archives will be cached at this location
332 ; and served from the cache during subsequent requests for the same archive of
332 ; and served from the cache during subsequent requests for the same archive of
333 ; the repository. This path is important to be shared across filesystems and with
333 ; the repository. This path is important to be shared across filesystems and with
334 ; RhodeCode and vcsserver
334 ; RhodeCode and vcsserver
335 archive_cache.filesystem.store_dir = /var/opt/rhodecode_data/archive_cache
335 archive_cache.filesystem.store_dir = /var/opt/rhodecode_data/archive_cache
336
336
337 ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb
337 ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb
338 archive_cache.filesystem.cache_size_gb = 1
338 archive_cache.filesystem.cache_size_gb = 1
339
339
340 ; Eviction policy used to clear out after cache_size_gb limit is reached
340 ; Eviction policy used to clear out after cache_size_gb limit is reached
341 archive_cache.filesystem.eviction_policy = least-recently-stored
341 archive_cache.filesystem.eviction_policy = least-recently-stored
342
342
343 ; By default cache uses sharding technique, this specifies how many shards are there
343 ; By default cache uses sharding technique, this specifies how many shards are there
344 ; default is 8 shards
344 ; default is 8 shards
345 archive_cache.filesystem.cache_shards = 8
345 archive_cache.filesystem.cache_shards = 8
346
346
347 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
347 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
348 archive_cache.filesystem.retry = false
348 archive_cache.filesystem.retry = false
349
349
350 ; number of seconds to wait for next try using retry
350 ; number of seconds to wait for next try using retry
351 archive_cache.filesystem.retry_backoff = 1
351 archive_cache.filesystem.retry_backoff = 1
352
352
353 ; how many tries do do a retry fetch from this backend
353 ; how many tries do do a retry fetch from this backend
354 archive_cache.filesystem.retry_attempts = 10
354 archive_cache.filesystem.retry_attempts = 10
355
355
356
356
357 ; #############
357 ; #############
358 ; CELERY CONFIG
358 ; CELERY CONFIG
359 ; #############
359 ; #############
360
360
361 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
361 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
362
362
363 use_celery = true
363 use_celery = true
364
364
365 ; path to store schedule database
365 ; path to store schedule database
366 #celerybeat-schedule.path =
366 #celerybeat-schedule.path =
367
367
368 ; connection url to the message broker (default redis)
368 ; connection url to the message broker (default redis)
369 celery.broker_url = redis://redis:6379/8
369 celery.broker_url = redis://redis:6379/8
370
370
371 ; results backend to get results for (default redis)
371 ; results backend to get results for (default redis)
372 celery.result_backend = redis://redis:6379/8
372 celery.result_backend = redis://redis:6379/8
373
373
374 ; rabbitmq example
374 ; rabbitmq example
375 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
375 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
376
376
377 ; maximum tasks to execute before worker restart
377 ; maximum tasks to execute before worker restart
378 celery.max_tasks_per_child = 20
378 celery.max_tasks_per_child = 20
379
379
380 ; tasks will never be sent to the queue, but executed locally instead.
380 ; tasks will never be sent to the queue, but executed locally instead.
381 celery.task_always_eager = false
381 celery.task_always_eager = false
382
382
383 ; #############
383 ; #############
384 ; DOGPILE CACHE
384 ; DOGPILE CACHE
385 ; #############
385 ; #############
386
386
387 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
387 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
388 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
388 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
389 cache_dir = /var/opt/rhodecode_data
389 cache_dir = /var/opt/rhodecode_data
390
390
391 ; *********************************************
391 ; *********************************************
392 ; `sql_cache_short` cache for heavy SQL queries
392 ; `sql_cache_short` cache for heavy SQL queries
393 ; Only supported backend is `memory_lru`
393 ; Only supported backend is `memory_lru`
394 ; *********************************************
394 ; *********************************************
395 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
395 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
396 rc_cache.sql_cache_short.expiration_time = 30
396 rc_cache.sql_cache_short.expiration_time = 30
397
397
398
398
399 ; *****************************************************
399 ; *****************************************************
400 ; `cache_repo_longterm` cache for repo object instances
400 ; `cache_repo_longterm` cache for repo object instances
401 ; Only supported backend is `memory_lru`
401 ; Only supported backend is `memory_lru`
402 ; *****************************************************
402 ; *****************************************************
403 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
403 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
404 ; by default we use 30 Days, cache is still invalidated on push
404 ; by default we use 30 Days, cache is still invalidated on push
405 rc_cache.cache_repo_longterm.expiration_time = 2592000
405 rc_cache.cache_repo_longterm.expiration_time = 2592000
406 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
406 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
407 rc_cache.cache_repo_longterm.max_size = 10000
407 rc_cache.cache_repo_longterm.max_size = 10000
408
408
409
409
410 ; *********************************************
410 ; *********************************************
411 ; `cache_general` cache for general purpose use
411 ; `cache_general` cache for general purpose use
412 ; for simplicity use rc.file_namespace backend,
412 ; for simplicity use rc.file_namespace backend,
413 ; for performance and scale use rc.redis
413 ; for performance and scale use rc.redis
414 ; *********************************************
414 ; *********************************************
415 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
415 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
416 rc_cache.cache_general.expiration_time = 43200
416 rc_cache.cache_general.expiration_time = 43200
417 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
417 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
418 #rc_cache.cache_general.arguments.filename = /tmp/cache_general_db
418 #rc_cache.cache_general.arguments.filename = /tmp/cache_general_db
419
419
420 ; alternative `cache_general` redis backend with distributed lock
420 ; alternative `cache_general` redis backend with distributed lock
421 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
421 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
422 #rc_cache.cache_general.expiration_time = 300
422 #rc_cache.cache_general.expiration_time = 300
423
423
424 ; redis_expiration_time needs to be greater then expiration_time
424 ; redis_expiration_time needs to be greater then expiration_time
425 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
425 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
426
426
427 #rc_cache.cache_general.arguments.host = localhost
427 #rc_cache.cache_general.arguments.host = localhost
428 #rc_cache.cache_general.arguments.port = 6379
428 #rc_cache.cache_general.arguments.port = 6379
429 #rc_cache.cache_general.arguments.db = 0
429 #rc_cache.cache_general.arguments.db = 0
430 #rc_cache.cache_general.arguments.socket_timeout = 30
430 #rc_cache.cache_general.arguments.socket_timeout = 30
431 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
431 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
432 #rc_cache.cache_general.arguments.distributed_lock = true
432 #rc_cache.cache_general.arguments.distributed_lock = true
433
433
434 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
434 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
435 #rc_cache.cache_general.arguments.lock_auto_renewal = true
435 #rc_cache.cache_general.arguments.lock_auto_renewal = true
436
436
437 ; *************************************************
437 ; *************************************************
438 ; `cache_perms` cache for permission tree, auth TTL
438 ; `cache_perms` cache for permission tree, auth TTL
439 ; for simplicity use rc.file_namespace backend,
439 ; for simplicity use rc.file_namespace backend,
440 ; for performance and scale use rc.redis
440 ; for performance and scale use rc.redis
441 ; *************************************************
441 ; *************************************************
442 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
442 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
443 rc_cache.cache_perms.expiration_time = 3600
443 rc_cache.cache_perms.expiration_time = 3600
444 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
444 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
445 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms_db
445 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms_db
446
446
447 ; alternative `cache_perms` redis backend with distributed lock
447 ; alternative `cache_perms` redis backend with distributed lock
448 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
448 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
449 #rc_cache.cache_perms.expiration_time = 300
449 #rc_cache.cache_perms.expiration_time = 300
450
450
451 ; redis_expiration_time needs to be greater then expiration_time
451 ; redis_expiration_time needs to be greater then expiration_time
452 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
452 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
453
453
454 #rc_cache.cache_perms.arguments.host = localhost
454 #rc_cache.cache_perms.arguments.host = localhost
455 #rc_cache.cache_perms.arguments.port = 6379
455 #rc_cache.cache_perms.arguments.port = 6379
456 #rc_cache.cache_perms.arguments.db = 0
456 #rc_cache.cache_perms.arguments.db = 0
457 #rc_cache.cache_perms.arguments.socket_timeout = 30
457 #rc_cache.cache_perms.arguments.socket_timeout = 30
458 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
458 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
459 #rc_cache.cache_perms.arguments.distributed_lock = true
459 #rc_cache.cache_perms.arguments.distributed_lock = true
460
460
461 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
461 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
462 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
462 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
463
463
464 ; ***************************************************
464 ; ***************************************************
465 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
465 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
466 ; for simplicity use rc.file_namespace backend,
466 ; for simplicity use rc.file_namespace backend,
467 ; for performance and scale use rc.redis
467 ; for performance and scale use rc.redis
468 ; ***************************************************
468 ; ***************************************************
469 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
469 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
470 rc_cache.cache_repo.expiration_time = 2592000
470 rc_cache.cache_repo.expiration_time = 2592000
471 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
471 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
472 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo_db
472 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo_db
473
473
474 ; alternative `cache_repo` redis backend with distributed lock
474 ; alternative `cache_repo` redis backend with distributed lock
475 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
475 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
476 #rc_cache.cache_repo.expiration_time = 2592000
476 #rc_cache.cache_repo.expiration_time = 2592000
477
477
478 ; redis_expiration_time needs to be greater then expiration_time
478 ; redis_expiration_time needs to be greater then expiration_time
479 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
479 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
480
480
481 #rc_cache.cache_repo.arguments.host = localhost
481 #rc_cache.cache_repo.arguments.host = localhost
482 #rc_cache.cache_repo.arguments.port = 6379
482 #rc_cache.cache_repo.arguments.port = 6379
483 #rc_cache.cache_repo.arguments.db = 1
483 #rc_cache.cache_repo.arguments.db = 1
484 #rc_cache.cache_repo.arguments.socket_timeout = 30
484 #rc_cache.cache_repo.arguments.socket_timeout = 30
485 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
485 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
486 #rc_cache.cache_repo.arguments.distributed_lock = true
486 #rc_cache.cache_repo.arguments.distributed_lock = true
487
487
488 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
488 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
489 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
489 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
490
490
491 ; ##############
491 ; ##############
492 ; BEAKER SESSION
492 ; BEAKER SESSION
493 ; ##############
493 ; ##############
494
494
495 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
495 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
496 ; types are file, ext:redis, ext:database, ext:memcached
496 ; types are file, ext:redis, ext:database, ext:memcached
497 ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session
497 ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session
498 #beaker.session.type = file
498 #beaker.session.type = file
499 #beaker.session.data_dir = %(here)s/data/sessions
499 #beaker.session.data_dir = %(here)s/data/sessions
500
500
501 ; Redis based sessions
501 ; Redis based sessions
502 beaker.session.type = ext:redis
502 beaker.session.type = ext:redis
503 beaker.session.url = redis://redis:6379/2
503 beaker.session.url = redis://redis:6379/2
504
504
505 ; DB based session, fast, and allows easy management over logged in users
505 ; DB based session, fast, and allows easy management over logged in users
506 #beaker.session.type = ext:database
506 #beaker.session.type = ext:database
507 #beaker.session.table_name = db_session
507 #beaker.session.table_name = db_session
508 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
508 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
509 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
509 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
510 #beaker.session.sa.pool_recycle = 3600
510 #beaker.session.sa.pool_recycle = 3600
511 #beaker.session.sa.echo = false
511 #beaker.session.sa.echo = false
512
512
513 beaker.session.key = rhodecode
513 beaker.session.key = rhodecode
514 beaker.session.secret = develop-rc-uytcxaz
514 beaker.session.secret = develop-rc-uytcxaz
515 beaker.session.lock_dir = /data_ramdisk/lock
515 beaker.session.lock_dir = /data_ramdisk/lock
516
516
517 ; Secure encrypted cookie. Requires AES and AES python libraries
517 ; Secure encrypted cookie. Requires AES and AES python libraries
518 ; you must disable beaker.session.secret to use this
518 ; you must disable beaker.session.secret to use this
519 #beaker.session.encrypt_key = key_for_encryption
519 #beaker.session.encrypt_key = key_for_encryption
520 #beaker.session.validate_key = validation_key
520 #beaker.session.validate_key = validation_key
521
521
522 ; Sets session as invalid (also logging out user) if it haven not been
522 ; Sets session as invalid (also logging out user) if it haven not been
523 ; accessed for given amount of time in seconds
523 ; accessed for given amount of time in seconds
524 beaker.session.timeout = 2592000
524 beaker.session.timeout = 2592000
525 beaker.session.httponly = true
525 beaker.session.httponly = true
526
526
527 ; Path to use for the cookie. Set to prefix if you use prefix middleware
527 ; Path to use for the cookie. Set to prefix if you use prefix middleware
528 #beaker.session.cookie_path = /custom_prefix
528 #beaker.session.cookie_path = /custom_prefix
529
529
530 ; Set https secure cookie
530 ; Set https secure cookie
531 beaker.session.secure = false
531 beaker.session.secure = false
532
532
533 ; default cookie expiration time in seconds, set to `true` to set expire
533 ; default cookie expiration time in seconds, set to `true` to set expire
534 ; at browser close
534 ; at browser close
535 #beaker.session.cookie_expires = 3600
535 #beaker.session.cookie_expires = 3600
536
536
537 ; #############################
537 ; #############################
538 ; SEARCH INDEXING CONFIGURATION
538 ; SEARCH INDEXING CONFIGURATION
539 ; #############################
539 ; #############################
540
540
541 ; Full text search indexer is available in rhodecode-tools under
541 ; Full text search indexer is available in rhodecode-tools under
542 ; `rhodecode-tools index` command
542 ; `rhodecode-tools index` command
543
543
544 ; WHOOSH Backend, doesn't require additional services to run
544 ; WHOOSH Backend, doesn't require additional services to run
545 ; it works good with few dozen repos
545 ; it works good with few dozen repos
546 search.module = rhodecode.lib.index.whoosh
546 search.module = rhodecode.lib.index.whoosh
547 search.location = %(here)s/data/index
547 search.location = %(here)s/data/index
548
548
549 ; ####################
549 ; ####################
550 ; CHANNELSTREAM CONFIG
550 ; CHANNELSTREAM CONFIG
551 ; ####################
551 ; ####################
552
552
553 ; channelstream enables persistent connections and live notification
553 ; channelstream enables persistent connections and live notification
554 ; in the system. It's also used by the chat system
554 ; in the system. It's also used by the chat system
555
555
556 channelstream.enabled = true
556 channelstream.enabled = true
557
557
558 ; server address for channelstream server on the backend
558 ; server address for channelstream server on the backend
559 channelstream.server = channelstream:9800
559 channelstream.server = channelstream:9800
560
560
561 ; location of the channelstream server from outside world
561 ; location of the channelstream server from outside world
562 ; use ws:// for http or wss:// for https. This address needs to be handled
562 ; use ws:// for http or wss:// for https. This address needs to be handled
563 ; by external HTTP server such as Nginx or Apache
563 ; by external HTTP server such as Nginx or Apache
564 ; see Nginx/Apache configuration examples in our docs
564 ; see Nginx/Apache configuration examples in our docs
565 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
565 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
566 channelstream.secret = ENV_GENERATED
566 channelstream.secret = ENV_GENERATED
567 channelstream.history.location = /var/opt/rhodecode_data/channelstream_history
567 channelstream.history.location = /var/opt/rhodecode_data/channelstream_history
568
568
569 ; Internal application path that Javascript uses to connect into.
569 ; Internal application path that Javascript uses to connect into.
570 ; If you use proxy-prefix the prefix should be added before /_channelstream
570 ; If you use proxy-prefix the prefix should be added before /_channelstream
571 channelstream.proxy_path = /_channelstream
571 channelstream.proxy_path = /_channelstream
572
572
573
573
574 ; ##############################
574 ; ##############################
575 ; MAIN RHODECODE DATABASE CONFIG
575 ; MAIN RHODECODE DATABASE CONFIG
576 ; ##############################
576 ; ##############################
577
577
578 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
578 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
579 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
579 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
580 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
580 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
581 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
581 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
582 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
582 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
583
583
584 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
584 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
585
585
586 ; see sqlalchemy docs for other advanced settings
586 ; see sqlalchemy docs for other advanced settings
587 ; print the sql statements to output
587 ; print the sql statements to output
588 sqlalchemy.db1.echo = false
588 sqlalchemy.db1.echo = false
589
589
590 ; recycle the connections after this amount of seconds
590 ; recycle the connections after this amount of seconds
591 sqlalchemy.db1.pool_recycle = 3600
591 sqlalchemy.db1.pool_recycle = 3600
592
592
593 ; the number of connections to keep open inside the connection pool.
593 ; the number of connections to keep open inside the connection pool.
594 ; 0 indicates no limit
594 ; 0 indicates no limit
595 ; the general calculus with gevent is:
595 ; the general calculus with gevent is:
596 ; if your system allows 500 concurrent greenlets (max_connections) that all do database access,
596 ; if your system allows 500 concurrent greenlets (max_connections) that all do database access,
597 ; then increase pool size + max overflow so that they add up to 500.
597 ; then increase pool size + max overflow so that they add up to 500.
598 #sqlalchemy.db1.pool_size = 5
598 #sqlalchemy.db1.pool_size = 5
599
599
600 ; The number of connections to allow in connection pool "overflow", that is
600 ; The number of connections to allow in connection pool "overflow", that is
601 ; connections that can be opened above and beyond the pool_size setting,
601 ; connections that can be opened above and beyond the pool_size setting,
602 ; which defaults to five.
602 ; which defaults to five.
603 #sqlalchemy.db1.max_overflow = 10
603 #sqlalchemy.db1.max_overflow = 10
604
604
605 ; Connection check ping, used to detect broken database connections
605 ; Connection check ping, used to detect broken database connections
606 ; could be enabled to better handle cases if MySQL has gone away errors
606 ; could be enabled to better handle cases if MySQL has gone away errors
607 #sqlalchemy.db1.ping_connection = true
607 #sqlalchemy.db1.ping_connection = true
608
608
609 ; ##########
609 ; ##########
610 ; VCS CONFIG
610 ; VCS CONFIG
611 ; ##########
611 ; ##########
612 vcs.server.enable = true
612 vcs.server.enable = true
613 vcs.server = vcsserver:10010
613 vcs.server = vcsserver:10010
614
614
615 ; Web server connectivity protocol, responsible for web based VCS operations
615 ; Web server connectivity protocol, responsible for web based VCS operations
616 ; Available protocols are:
616 ; Available protocols are:
617 ; `http` - use http-rpc backend (default)
617 ; `http` - use http-rpc backend (default)
618 vcs.server.protocol = http
618 vcs.server.protocol = http
619
619
620 ; Push/Pull operations protocol, available options are:
620 ; Push/Pull operations protocol, available options are:
621 ; `http` - use http-rpc backend (default)
621 ; `http` - use http-rpc backend (default)
622 vcs.scm_app_implementation = http
622 vcs.scm_app_implementation = http
623
623
624 ; Push/Pull operations hooks protocol, available options are:
624 ; Push/Pull operations hooks protocol, available options are:
625 ; `http` - use http-rpc backend (default)
625 ; `http` - use http-rpc backend (default)
626 ; `celery` - use celery based hooks
626 ; `celery` - use celery based hooks
627 vcs.hooks.protocol = http
627 vcs.hooks.protocol = http
628
628
629 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
629 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
630 ; accessible via network.
630 ; accessible via network.
631 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
631 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
632 vcs.hooks.host = *
632 vcs.hooks.host = *
633
633
634 ; Start VCSServer with this instance as a subprocess, useful for development
634 ; Start VCSServer with this instance as a subprocess, useful for development
635 vcs.start_server = false
635 vcs.start_server = false
636
636
637 ; List of enabled VCS backends, available options are:
637 ; List of enabled VCS backends, available options are:
638 ; `hg` - mercurial
638 ; `hg` - mercurial
639 ; `git` - git
639 ; `git` - git
640 ; `svn` - subversion
640 ; `svn` - subversion
641 vcs.backends = hg, git, svn
641 vcs.backends = hg, git, svn
642
642
643 ; Wait this number of seconds before killing connection to the vcsserver
643 ; Wait this number of seconds before killing connection to the vcsserver
644 vcs.connection_timeout = 3600
644 vcs.connection_timeout = 3600
645
645
646 ; Cache flag to cache vcsserver remote calls locally
646 ; Cache flag to cache vcsserver remote calls locally
647 ; It uses cache_region `cache_repo`
647 ; It uses cache_region `cache_repo`
648 vcs.methods.cache = true
648 vcs.methods.cache = true
649
649
650 ; ####################################################
650 ; ####################################################
651 ; Subversion proxy support (mod_dav_svn)
651 ; Subversion proxy support (mod_dav_svn)
652 ; Maps RhodeCode repo groups into SVN paths for Apache
652 ; Maps RhodeCode repo groups into SVN paths for Apache
653 ; ####################################################
653 ; ####################################################
654
654
655 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
655 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
656 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
656 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
657 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
657 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
658 #vcs.svn.compatible_version = 1.8
658 #vcs.svn.compatible_version = 1.8
659
659
660 ; Redis connection settings for svn integrations logic
660 ; Redis connection settings for svn integrations logic
661 ; This connection string needs to be the same on ce and vcsserver
661 ; This connection string needs to be the same on ce and vcsserver
662 vcs.svn.redis_conn = redis://redis:6379/0
662 vcs.svn.redis_conn = redis://redis:6379/0
663
663
664 ; Enable SVN proxy of requests over HTTP
664 ; Enable SVN proxy of requests over HTTP
665 vcs.svn.proxy.enabled = true
665 vcs.svn.proxy.enabled = true
666
666
667 ; host to connect to running SVN subsystem
667 ; host to connect to running SVN subsystem
668 vcs.svn.proxy.host = http://svn:8090
668 vcs.svn.proxy.host = http://svn:8090
669
669
670 ; Enable or disable the config file generation.
670 ; Enable or disable the config file generation.
671 svn.proxy.generate_config = true
671 svn.proxy.generate_config = true
672
672
673 ; Generate config file with `SVNListParentPath` set to `On`.
673 ; Generate config file with `SVNListParentPath` set to `On`.
674 svn.proxy.list_parent_path = true
674 svn.proxy.list_parent_path = true
675
675
676 ; Set location and file name of generated config file.
676 ; Set location and file name of generated config file.
677 svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf
677 svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf
678
678
679 ; alternative mod_dav config template. This needs to be a valid mako template
679 ; alternative mod_dav config template. This needs to be a valid mako template
680 ; Example template can be found in the source code:
680 ; Example template can be found in the source code:
681 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
681 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
682 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
682 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
683
683
684 ; Used as a prefix to the `Location` block in the generated config file.
684 ; Used as a prefix to the `Location` block in the generated config file.
685 ; In most cases it should be set to `/`.
685 ; In most cases it should be set to `/`.
686 svn.proxy.location_root = /
686 svn.proxy.location_root = /
687
687
688 ; Command to reload the mod dav svn configuration on change.
688 ; Command to reload the mod dav svn configuration on change.
689 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
689 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
690 ; Make sure user who runs RhodeCode process is allowed to reload Apache
690 ; Make sure user who runs RhodeCode process is allowed to reload Apache
691 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
691 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
692
692
693 ; If the timeout expires before the reload command finishes, the command will
693 ; If the timeout expires before the reload command finishes, the command will
694 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
694 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
695 #svn.proxy.reload_timeout = 10
695 #svn.proxy.reload_timeout = 10
696
696
697 ; ####################
697 ; ####################
698 ; SSH Support Settings
698 ; SSH Support Settings
699 ; ####################
699 ; ####################
700
700
701 ; Defines if a custom authorized_keys file should be created and written on
701 ; Defines if a custom authorized_keys file should be created and written on
702 ; any change user ssh keys. Setting this to false also disables possibility
702 ; any change user ssh keys. Setting this to false also disables possibility
703 ; of adding SSH keys by users from web interface. Super admins can still
703 ; of adding SSH keys by users from web interface. Super admins can still
704 ; manage SSH Keys.
704 ; manage SSH Keys.
705 ssh.generate_authorized_keyfile = true
705 ssh.generate_authorized_keyfile = true
706
706
707 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
707 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
708 # ssh.authorized_keys_ssh_opts =
708 # ssh.authorized_keys_ssh_opts =
709
709
710 ; Path to the authorized_keys file where the generate entries are placed.
710 ; Path to the authorized_keys file where the generate entries are placed.
711 ; It is possible to have multiple key files specified in `sshd_config` e.g.
711 ; It is possible to have multiple key files specified in `sshd_config` e.g.
712 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
712 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
713 ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode
713 ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode
714
714
715 ; Command to execute the SSH wrapper. The binary is available in the
715 ; Command to execute the SSH wrapper. The binary is available in the
716 ; RhodeCode installation directory.
716 ; RhodeCode installation directory.
717 ; legacy: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
717 ; legacy: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
718 ; new rewrite: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2
718 ; new rewrite: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2
719 ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
719 #DEPRECATED: ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
720 ssh.wrapper_cmd.v2 = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2
720
721
721 ; Allow shell when executing the ssh-wrapper command
722 ; Allow shell when executing the ssh-wrapper command
722 ssh.wrapper_cmd_allow_shell = false
723 ssh.wrapper_cmd_allow_shell = false
723
724
724 ; Enables logging, and detailed output send back to the client during SSH
725 ; Enables logging, and detailed output send back to the client during SSH
725 ; operations. Useful for debugging, shouldn't be used in production.
726 ; operations. Useful for debugging, shouldn't be used in production.
726 ssh.enable_debug_logging = true
727 ssh.enable_debug_logging = true
727
728
728 ; Paths to binary executable, by default they are the names, but we can
729 ; Paths to binary executable, by default they are the names, but we can
729 ; override them if we want to use a custom one
730 ; override them if we want to use a custom one
730 ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg
731 ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg
731 ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git
732 ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git
732 ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve
733 ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve
733
734
734 ; Enables SSH key generator web interface. Disabling this still allows users
735 ; Enables SSH key generator web interface. Disabling this still allows users
735 ; to add their own keys.
736 ; to add their own keys.
736 ssh.enable_ui_key_generator = true
737 ssh.enable_ui_key_generator = true
737
738
738 ; Statsd client config, this is used to send metrics to statsd
739 ; Statsd client config, this is used to send metrics to statsd
739 ; We recommend setting statsd_exported and scrape them using Prometheus
740 ; We recommend setting statsd_exported and scrape them using Prometheus
740 #statsd.enabled = false
741 #statsd.enabled = false
741 #statsd.statsd_host = 0.0.0.0
742 #statsd.statsd_host = 0.0.0.0
742 #statsd.statsd_port = 8125
743 #statsd.statsd_port = 8125
743 #statsd.statsd_prefix =
744 #statsd.statsd_prefix =
744 #statsd.statsd_ipv6 = false
745 #statsd.statsd_ipv6 = false
745
746
746 ; configure logging automatically at server startup set to false
747 ; configure logging automatically at server startup set to false
747 ; to use the below custom logging config.
748 ; to use the below custom logging config.
748 ; RC_LOGGING_FORMATTER
749 ; RC_LOGGING_FORMATTER
749 ; RC_LOGGING_LEVEL
750 ; RC_LOGGING_LEVEL
750 ; env variables can control the settings for logging in case of autoconfigure
751 ; env variables can control the settings for logging in case of autoconfigure
751
752
752 #logging.autoconfigure = true
753 #logging.autoconfigure = true
753
754
754 ; specify your own custom logging config file to configure logging
755 ; specify your own custom logging config file to configure logging
755 #logging.logging_conf_file = /path/to/custom_logging.ini
756 #logging.logging_conf_file = /path/to/custom_logging.ini
756
757
757 ; Dummy marker to add new entries after.
758 ; Dummy marker to add new entries after.
758 ; Add any custom entries below. Please don't remove this marker.
759 ; Add any custom entries below. Please don't remove this marker.
759 custom.conf = 1
760 custom.conf = 1
760
761
761
762
762 ; #####################
763 ; #####################
763 ; LOGGING CONFIGURATION
764 ; LOGGING CONFIGURATION
764 ; #####################
765 ; #####################
765
766
766 [loggers]
767 [loggers]
767 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
768 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
768
769
769 [handlers]
770 [handlers]
770 keys = console, console_sql
771 keys = console, console_sql
771
772
772 [formatters]
773 [formatters]
773 keys = generic, json, color_formatter, color_formatter_sql
774 keys = generic, json, color_formatter, color_formatter_sql
774
775
775 ; #######
776 ; #######
776 ; LOGGERS
777 ; LOGGERS
777 ; #######
778 ; #######
778 [logger_root]
779 [logger_root]
779 level = NOTSET
780 level = NOTSET
780 handlers = console
781 handlers = console
781
782
782 [logger_sqlalchemy]
783 [logger_sqlalchemy]
783 level = INFO
784 level = INFO
784 handlers = console_sql
785 handlers = console_sql
785 qualname = sqlalchemy.engine
786 qualname = sqlalchemy.engine
786 propagate = 0
787 propagate = 0
787
788
788 [logger_beaker]
789 [logger_beaker]
789 level = DEBUG
790 level = DEBUG
790 handlers =
791 handlers =
791 qualname = beaker.container
792 qualname = beaker.container
792 propagate = 1
793 propagate = 1
793
794
794 [logger_rhodecode]
795 [logger_rhodecode]
795 level = DEBUG
796 level = DEBUG
796 handlers =
797 handlers =
797 qualname = rhodecode
798 qualname = rhodecode
798 propagate = 1
799 propagate = 1
799
800
800 [logger_ssh_wrapper]
801 [logger_ssh_wrapper]
801 level = DEBUG
802 level = DEBUG
802 handlers =
803 handlers =
803 qualname = ssh_wrapper
804 qualname = ssh_wrapper
804 propagate = 1
805 propagate = 1
805
806
806 [logger_celery]
807 [logger_celery]
807 level = DEBUG
808 level = DEBUG
808 handlers =
809 handlers =
809 qualname = celery
810 qualname = celery
810
811
811
812
812 ; ########
813 ; ########
813 ; HANDLERS
814 ; HANDLERS
814 ; ########
815 ; ########
815
816
816 [handler_console]
817 [handler_console]
817 class = StreamHandler
818 class = StreamHandler
818 args = (sys.stderr, )
819 args = (sys.stderr, )
819 level = DEBUG
820 level = DEBUG
820 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
821 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
821 ; This allows sending properly formatted logs to grafana loki or elasticsearch
822 ; This allows sending properly formatted logs to grafana loki or elasticsearch
822 formatter = color_formatter
823 formatter = color_formatter
823
824
824 [handler_console_sql]
825 [handler_console_sql]
825 ; "level = DEBUG" logs SQL queries and results.
826 ; "level = DEBUG" logs SQL queries and results.
826 ; "level = INFO" logs SQL queries.
827 ; "level = INFO" logs SQL queries.
827 ; "level = WARN" logs neither. (Recommended for production systems.)
828 ; "level = WARN" logs neither. (Recommended for production systems.)
828 class = StreamHandler
829 class = StreamHandler
829 args = (sys.stderr, )
830 args = (sys.stderr, )
830 level = WARN
831 level = WARN
831 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
832 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
832 ; This allows sending properly formatted logs to grafana loki or elasticsearch
833 ; This allows sending properly formatted logs to grafana loki or elasticsearch
833 formatter = color_formatter_sql
834 formatter = color_formatter_sql
834
835
835 ; ##########
836 ; ##########
836 ; FORMATTERS
837 ; FORMATTERS
837 ; ##########
838 ; ##########
838
839
839 [formatter_generic]
840 [formatter_generic]
840 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
841 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
841 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
842 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
842 datefmt = %Y-%m-%d %H:%M:%S
843 datefmt = %Y-%m-%d %H:%M:%S
843
844
844 [formatter_color_formatter]
845 [formatter_color_formatter]
845 class = rhodecode.lib.logging_formatter.ColorFormatter
846 class = rhodecode.lib.logging_formatter.ColorFormatter
846 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
847 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
847 datefmt = %Y-%m-%d %H:%M:%S
848 datefmt = %Y-%m-%d %H:%M:%S
848
849
849 [formatter_color_formatter_sql]
850 [formatter_color_formatter_sql]
850 class = rhodecode.lib.logging_formatter.ColorFormatterSql
851 class = rhodecode.lib.logging_formatter.ColorFormatterSql
851 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
852 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
852 datefmt = %Y-%m-%d %H:%M:%S
853 datefmt = %Y-%m-%d %H:%M:%S
853
854
854 [formatter_json]
855 [formatter_json]
855 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
856 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
856 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
857 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
@@ -1,824 +1,825 b''
1
1
2 ; #########################################
2 ; #########################################
3 ; RHODECODE COMMUNITY EDITION CONFIGURATION
3 ; RHODECODE COMMUNITY EDITION CONFIGURATION
4 ; #########################################
4 ; #########################################
5
5
6 [DEFAULT]
6 [DEFAULT]
7 ; Debug flag sets all loggers to debug, and enables request tracking
7 ; Debug flag sets all loggers to debug, and enables request tracking
8 debug = false
8 debug = false
9
9
10 ; ########################################################################
10 ; ########################################################################
11 ; EMAIL CONFIGURATION
11 ; EMAIL CONFIGURATION
12 ; These settings will be used by the RhodeCode mailing system
12 ; These settings will be used by the RhodeCode mailing system
13 ; ########################################################################
13 ; ########################################################################
14
14
15 ; prefix all emails subjects with given prefix, helps filtering out emails
15 ; prefix all emails subjects with given prefix, helps filtering out emails
16 #email_prefix = [RhodeCode]
16 #email_prefix = [RhodeCode]
17
17
18 ; email FROM address all mails will be sent
18 ; email FROM address all mails will be sent
19 #app_email_from = rhodecode-noreply@localhost
19 #app_email_from = rhodecode-noreply@localhost
20
20
21 #smtp_server = mail.server.com
21 #smtp_server = mail.server.com
22 #smtp_username =
22 #smtp_username =
23 #smtp_password =
23 #smtp_password =
24 #smtp_port =
24 #smtp_port =
25 #smtp_use_tls = false
25 #smtp_use_tls = false
26 #smtp_use_ssl = true
26 #smtp_use_ssl = true
27
27
28 [server:main]
28 [server:main]
29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
30 ; Host port for gunicorn are controlled by gunicorn_conf.py
30 ; Host port for gunicorn are controlled by gunicorn_conf.py
31 host = 127.0.0.1
31 host = 127.0.0.1
32 port = 10020
32 port = 10020
33
33
34
34
35 ; ###########################
35 ; ###########################
36 ; GUNICORN APPLICATION SERVER
36 ; GUNICORN APPLICATION SERVER
37 ; ###########################
37 ; ###########################
38
38
39 ; run with gunicorn --config gunicorn_conf.py --paste rhodecode.ini
39 ; run with gunicorn --config gunicorn_conf.py --paste rhodecode.ini
40
40
41 ; Module to use, this setting shouldn't be changed
41 ; Module to use, this setting shouldn't be changed
42 use = egg:gunicorn#main
42 use = egg:gunicorn#main
43
43
44 ; Prefix middleware for RhodeCode.
44 ; Prefix middleware for RhodeCode.
45 ; recommended when using proxy setup.
45 ; recommended when using proxy setup.
46 ; allows to set RhodeCode under a prefix in server.
46 ; allows to set RhodeCode under a prefix in server.
47 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
47 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
48 ; And set your prefix like: `prefix = /custom_prefix`
48 ; And set your prefix like: `prefix = /custom_prefix`
49 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
49 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
50 ; to make your cookies only work on prefix url
50 ; to make your cookies only work on prefix url
51 [filter:proxy-prefix]
51 [filter:proxy-prefix]
52 use = egg:PasteDeploy#prefix
52 use = egg:PasteDeploy#prefix
53 prefix = /
53 prefix = /
54
54
55 [app:main]
55 [app:main]
56 ; The %(here)s variable will be replaced with the absolute path of parent directory
56 ; The %(here)s variable will be replaced with the absolute path of parent directory
57 ; of this file
57 ; of this file
58 ; Each option in the app:main can be override by an environmental variable
58 ; Each option in the app:main can be override by an environmental variable
59 ;
59 ;
60 ;To override an option:
60 ;To override an option:
61 ;
61 ;
62 ;RC_<KeyName>
62 ;RC_<KeyName>
63 ;Everything should be uppercase, . and - should be replaced by _.
63 ;Everything should be uppercase, . and - should be replaced by _.
64 ;For example, if you have these configuration settings:
64 ;For example, if you have these configuration settings:
65 ;rc_cache.repo_object.backend = foo
65 ;rc_cache.repo_object.backend = foo
66 ;can be overridden by
66 ;can be overridden by
67 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
67 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
68
68
69 use = egg:rhodecode-enterprise-ce
69 use = egg:rhodecode-enterprise-ce
70
70
71 ; enable proxy prefix middleware, defined above
71 ; enable proxy prefix middleware, defined above
72 #filter-with = proxy-prefix
72 #filter-with = proxy-prefix
73
73
74 ; encryption key used to encrypt social plugin tokens,
74 ; encryption key used to encrypt social plugin tokens,
75 ; remote_urls with credentials etc, if not set it defaults to
75 ; remote_urls with credentials etc, if not set it defaults to
76 ; `beaker.session.secret`
76 ; `beaker.session.secret`
77 #rhodecode.encrypted_values.secret =
77 #rhodecode.encrypted_values.secret =
78
78
79 ; decryption strict mode (enabled by default). It controls if decryption raises
79 ; decryption strict mode (enabled by default). It controls if decryption raises
80 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
80 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
81 #rhodecode.encrypted_values.strict = false
81 #rhodecode.encrypted_values.strict = false
82
82
83 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
83 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
84 ; fernet is safer, and we strongly recommend switching to it.
84 ; fernet is safer, and we strongly recommend switching to it.
85 ; Due to backward compatibility aes is used as default.
85 ; Due to backward compatibility aes is used as default.
86 #rhodecode.encrypted_values.algorithm = fernet
86 #rhodecode.encrypted_values.algorithm = fernet
87
87
88 ; Return gzipped responses from RhodeCode (static files/application)
88 ; Return gzipped responses from RhodeCode (static files/application)
89 gzip_responses = false
89 gzip_responses = false
90
90
91 ; Auto-generate javascript routes file on startup
91 ; Auto-generate javascript routes file on startup
92 generate_js_files = false
92 generate_js_files = false
93
93
94 ; System global default language.
94 ; System global default language.
95 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
95 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
96 lang = en
96 lang = en
97
97
98 ; Perform a full repository scan and import on each server start.
98 ; Perform a full repository scan and import on each server start.
99 ; Settings this to true could lead to very long startup time.
99 ; Settings this to true could lead to very long startup time.
100 startup.import_repos = false
100 startup.import_repos = false
101
101
102 ; URL at which the application is running. This is used for Bootstrapping
102 ; URL at which the application is running. This is used for Bootstrapping
103 ; requests in context when no web request is available. Used in ishell, or
103 ; requests in context when no web request is available. Used in ishell, or
104 ; SSH calls. Set this for events to receive proper url for SSH calls.
104 ; SSH calls. Set this for events to receive proper url for SSH calls.
105 app.base_url = http://rhodecode.local
105 app.base_url = http://rhodecode.local
106
106
107 ; Host at which the Service API is running.
107 ; Host at which the Service API is running.
108 app.service_api.host = http://rhodecode.local:10020
108 app.service_api.host = http://rhodecode.local:10020
109
109
110 ; Secret for Service API authentication.
110 ; Secret for Service API authentication.
111 app.service_api.token =
111 app.service_api.token =
112
112
113 ; Unique application ID. Should be a random unique string for security.
113 ; Unique application ID. Should be a random unique string for security.
114 app_instance_uuid = rc-production
114 app_instance_uuid = rc-production
115
115
116 ; Cut off limit for large diffs (size in bytes). If overall diff size on
116 ; Cut off limit for large diffs (size in bytes). If overall diff size on
117 ; commit, or pull request exceeds this limit this diff will be displayed
117 ; commit, or pull request exceeds this limit this diff will be displayed
118 ; partially. E.g 512000 == 512Kb
118 ; partially. E.g 512000 == 512Kb
119 cut_off_limit_diff = 512000
119 cut_off_limit_diff = 512000
120
120
121 ; Cut off limit for large files inside diffs (size in bytes). Each individual
121 ; Cut off limit for large files inside diffs (size in bytes). Each individual
122 ; file inside diff which exceeds this limit will be displayed partially.
122 ; file inside diff which exceeds this limit will be displayed partially.
123 ; E.g 128000 == 128Kb
123 ; E.g 128000 == 128Kb
124 cut_off_limit_file = 128000
124 cut_off_limit_file = 128000
125
125
126 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
126 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
127 vcs_full_cache = true
127 vcs_full_cache = true
128
128
129 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
129 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
130 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
130 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
131 force_https = false
131 force_https = false
132
132
133 ; use Strict-Transport-Security headers
133 ; use Strict-Transport-Security headers
134 use_htsts = false
134 use_htsts = false
135
135
136 ; Set to true if your repos are exposed using the dumb protocol
136 ; Set to true if your repos are exposed using the dumb protocol
137 git_update_server_info = false
137 git_update_server_info = false
138
138
139 ; RSS/ATOM feed options
139 ; RSS/ATOM feed options
140 rss_cut_off_limit = 256000
140 rss_cut_off_limit = 256000
141 rss_items_per_page = 10
141 rss_items_per_page = 10
142 rss_include_diff = false
142 rss_include_diff = false
143
143
144 ; gist URL alias, used to create nicer urls for gist. This should be an
144 ; gist URL alias, used to create nicer urls for gist. This should be an
145 ; url that does rewrites to _admin/gists/{gistid}.
145 ; url that does rewrites to _admin/gists/{gistid}.
146 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
146 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
147 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
147 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
148 gist_alias_url =
148 gist_alias_url =
149
149
150 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
150 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
151 ; used for access.
151 ; used for access.
152 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
152 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
153 ; came from the the logged in user who own this authentication token.
153 ; came from the the logged in user who own this authentication token.
154 ; Additionally @TOKEN syntax can be used to bound the view to specific
154 ; Additionally @TOKEN syntax can be used to bound the view to specific
155 ; authentication token. Such view would be only accessible when used together
155 ; authentication token. Such view would be only accessible when used together
156 ; with this authentication token
156 ; with this authentication token
157 ; list of all views can be found under `/_admin/permissions/auth_token_access`
157 ; list of all views can be found under `/_admin/permissions/auth_token_access`
158 ; The list should be "," separated and on a single line.
158 ; The list should be "," separated and on a single line.
159 ; Most common views to enable:
159 ; Most common views to enable:
160
160
161 # RepoCommitsView:repo_commit_download
161 # RepoCommitsView:repo_commit_download
162 # RepoCommitsView:repo_commit_patch
162 # RepoCommitsView:repo_commit_patch
163 # RepoCommitsView:repo_commit_raw
163 # RepoCommitsView:repo_commit_raw
164 # RepoCommitsView:repo_commit_raw@TOKEN
164 # RepoCommitsView:repo_commit_raw@TOKEN
165 # RepoFilesView:repo_files_diff
165 # RepoFilesView:repo_files_diff
166 # RepoFilesView:repo_archivefile
166 # RepoFilesView:repo_archivefile
167 # RepoFilesView:repo_file_raw
167 # RepoFilesView:repo_file_raw
168 # GistView:*
168 # GistView:*
169 api_access_controllers_whitelist =
169 api_access_controllers_whitelist =
170
170
171 ; Default encoding used to convert from and to unicode
171 ; Default encoding used to convert from and to unicode
172 ; can be also a comma separated list of encoding in case of mixed encodings
172 ; can be also a comma separated list of encoding in case of mixed encodings
173 default_encoding = UTF-8
173 default_encoding = UTF-8
174
174
175 ; instance-id prefix
175 ; instance-id prefix
176 ; a prefix key for this instance used for cache invalidation when running
176 ; a prefix key for this instance used for cache invalidation when running
177 ; multiple instances of RhodeCode, make sure it's globally unique for
177 ; multiple instances of RhodeCode, make sure it's globally unique for
178 ; all running RhodeCode instances. Leave empty if you don't use it
178 ; all running RhodeCode instances. Leave empty if you don't use it
179 instance_id =
179 instance_id =
180
180
181 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
181 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
182 ; of an authentication plugin also if it is disabled by it's settings.
182 ; of an authentication plugin also if it is disabled by it's settings.
183 ; This could be useful if you are unable to log in to the system due to broken
183 ; This could be useful if you are unable to log in to the system due to broken
184 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
184 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
185 ; module to log in again and fix the settings.
185 ; module to log in again and fix the settings.
186 ; Available builtin plugin IDs (hash is part of the ID):
186 ; Available builtin plugin IDs (hash is part of the ID):
187 ; egg:rhodecode-enterprise-ce#rhodecode
187 ; egg:rhodecode-enterprise-ce#rhodecode
188 ; egg:rhodecode-enterprise-ce#pam
188 ; egg:rhodecode-enterprise-ce#pam
189 ; egg:rhodecode-enterprise-ce#ldap
189 ; egg:rhodecode-enterprise-ce#ldap
190 ; egg:rhodecode-enterprise-ce#jasig_cas
190 ; egg:rhodecode-enterprise-ce#jasig_cas
191 ; egg:rhodecode-enterprise-ce#headers
191 ; egg:rhodecode-enterprise-ce#headers
192 ; egg:rhodecode-enterprise-ce#crowd
192 ; egg:rhodecode-enterprise-ce#crowd
193
193
194 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
194 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
195
195
196 ; Flag to control loading of legacy plugins in py:/path format
196 ; Flag to control loading of legacy plugins in py:/path format
197 auth_plugin.import_legacy_plugins = true
197 auth_plugin.import_legacy_plugins = true
198
198
199 ; alternative return HTTP header for failed authentication. Default HTTP
199 ; alternative return HTTP header for failed authentication. Default HTTP
200 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
200 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
201 ; handling that causing a series of failed authentication calls.
201 ; handling that causing a series of failed authentication calls.
202 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
202 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
203 ; This will be served instead of default 401 on bad authentication
203 ; This will be served instead of default 401 on bad authentication
204 auth_ret_code =
204 auth_ret_code =
205
205
206 ; use special detection method when serving auth_ret_code, instead of serving
206 ; use special detection method when serving auth_ret_code, instead of serving
207 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
207 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
208 ; and then serve auth_ret_code to clients
208 ; and then serve auth_ret_code to clients
209 auth_ret_code_detection = false
209 auth_ret_code_detection = false
210
210
211 ; locking return code. When repository is locked return this HTTP code. 2XX
211 ; locking return code. When repository is locked return this HTTP code. 2XX
212 ; codes don't break the transactions while 4XX codes do
212 ; codes don't break the transactions while 4XX codes do
213 lock_ret_code = 423
213 lock_ret_code = 423
214
214
215 ; Filesystem location were repositories should be stored
215 ; Filesystem location were repositories should be stored
216 repo_store.path = /var/opt/rhodecode_repo_store
216 repo_store.path = /var/opt/rhodecode_repo_store
217
217
218 ; allows to setup custom hooks in settings page
218 ; allows to setup custom hooks in settings page
219 allow_custom_hooks_settings = true
219 allow_custom_hooks_settings = true
220
220
221 ; Generated license token required for EE edition license.
221 ; Generated license token required for EE edition license.
222 ; New generated token value can be found in Admin > settings > license page.
222 ; New generated token value can be found in Admin > settings > license page.
223 license_token =
223 license_token =
224
224
225 ; This flag hides sensitive information on the license page such as token, and license data
225 ; This flag hides sensitive information on the license page such as token, and license data
226 license.hide_license_info = false
226 license.hide_license_info = false
227
227
228 ; supervisor connection uri, for managing supervisor and logs.
228 ; supervisor connection uri, for managing supervisor and logs.
229 supervisor.uri =
229 supervisor.uri =
230
230
231 ; supervisord group name/id we only want this RC instance to handle
231 ; supervisord group name/id we only want this RC instance to handle
232 supervisor.group_id = prod
232 supervisor.group_id = prod
233
233
234 ; Display extended labs settings
234 ; Display extended labs settings
235 labs_settings_active = true
235 labs_settings_active = true
236
236
237 ; Custom exception store path, defaults to TMPDIR
237 ; Custom exception store path, defaults to TMPDIR
238 ; This is used to store exception from RhodeCode in shared directory
238 ; This is used to store exception from RhodeCode in shared directory
239 #exception_tracker.store_path =
239 #exception_tracker.store_path =
240
240
241 ; Send email with exception details when it happens
241 ; Send email with exception details when it happens
242 #exception_tracker.send_email = false
242 #exception_tracker.send_email = false
243
243
244 ; Comma separated list of recipients for exception emails,
244 ; Comma separated list of recipients for exception emails,
245 ; e.g admin@rhodecode.com,devops@rhodecode.com
245 ; e.g admin@rhodecode.com,devops@rhodecode.com
246 ; Can be left empty, then emails will be sent to ALL super-admins
246 ; Can be left empty, then emails will be sent to ALL super-admins
247 #exception_tracker.send_email_recipients =
247 #exception_tracker.send_email_recipients =
248
248
249 ; optional prefix to Add to email Subject
249 ; optional prefix to Add to email Subject
250 #exception_tracker.email_prefix = [RHODECODE ERROR]
250 #exception_tracker.email_prefix = [RHODECODE ERROR]
251
251
252 ; File store configuration. This is used to store and serve uploaded files
252 ; File store configuration. This is used to store and serve uploaded files
253 file_store.enabled = true
253 file_store.enabled = true
254
254
255 ; Storage backend, available options are: local
255 ; Storage backend, available options are: local
256 file_store.backend = local
256 file_store.backend = local
257
257
258 ; path to store the uploaded binaries and artifacts
258 ; path to store the uploaded binaries and artifacts
259 file_store.storage_path = /var/opt/rhodecode_data/file_store
259 file_store.storage_path = /var/opt/rhodecode_data/file_store
260
260
261
261
262 ; Redis url to acquire/check generation of archives locks
262 ; Redis url to acquire/check generation of archives locks
263 archive_cache.locking.url = redis://redis:6379/1
263 archive_cache.locking.url = redis://redis:6379/1
264
264
265 ; Storage backend, only 'filesystem' and 'objectstore' are available now
265 ; Storage backend, only 'filesystem' and 'objectstore' are available now
266 archive_cache.backend.type = filesystem
266 archive_cache.backend.type = filesystem
267
267
268 ; url for s3 compatible storage that allows to upload artifacts
268 ; url for s3 compatible storage that allows to upload artifacts
269 ; e.g http://minio:9000
269 ; e.g http://minio:9000
270 archive_cache.objectstore.url = http://s3-minio:9000
270 archive_cache.objectstore.url = http://s3-minio:9000
271
271
272 ; key for s3 auth
272 ; key for s3 auth
273 archive_cache.objectstore.key = key
273 archive_cache.objectstore.key = key
274
274
275 ; secret for s3 auth
275 ; secret for s3 auth
276 archive_cache.objectstore.secret = secret
276 archive_cache.objectstore.secret = secret
277
277
278 ;region for s3 storage
278 ;region for s3 storage
279 archive_cache.objectstore.region = eu-central-1
279 archive_cache.objectstore.region = eu-central-1
280
280
281 ; number of sharded buckets to create to distribute archives across
281 ; number of sharded buckets to create to distribute archives across
282 ; default is 8 shards
282 ; default is 8 shards
283 archive_cache.objectstore.bucket_shards = 8
283 archive_cache.objectstore.bucket_shards = 8
284
284
285 ; a top-level bucket to put all other shards in
285 ; a top-level bucket to put all other shards in
286 ; objects will be stored in rhodecode-archive-cache/shard-N based on the bucket_shards number
286 ; objects will be stored in rhodecode-archive-cache/shard-N based on the bucket_shards number
287 archive_cache.objectstore.bucket = rhodecode-archive-cache
287 archive_cache.objectstore.bucket = rhodecode-archive-cache
288
288
289 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
289 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
290 archive_cache.objectstore.retry = false
290 archive_cache.objectstore.retry = false
291
291
292 ; number of seconds to wait for next try using retry
292 ; number of seconds to wait for next try using retry
293 archive_cache.objectstore.retry_backoff = 1
293 archive_cache.objectstore.retry_backoff = 1
294
294
295 ; how many tries do do a retry fetch from this backend
295 ; how many tries do do a retry fetch from this backend
296 archive_cache.objectstore.retry_attempts = 10
296 archive_cache.objectstore.retry_attempts = 10
297
297
298 ; Default is $cache_dir/archive_cache if not set
298 ; Default is $cache_dir/archive_cache if not set
299 ; Generated repo archives will be cached at this location
299 ; Generated repo archives will be cached at this location
300 ; and served from the cache during subsequent requests for the same archive of
300 ; and served from the cache during subsequent requests for the same archive of
301 ; the repository. This path is important to be shared across filesystems and with
301 ; the repository. This path is important to be shared across filesystems and with
302 ; RhodeCode and vcsserver
302 ; RhodeCode and vcsserver
303 archive_cache.filesystem.store_dir = /var/opt/rhodecode_data/archive_cache
303 archive_cache.filesystem.store_dir = /var/opt/rhodecode_data/archive_cache
304
304
305 ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb
305 ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb
306 archive_cache.filesystem.cache_size_gb = 40
306 archive_cache.filesystem.cache_size_gb = 40
307
307
308 ; Eviction policy used to clear out after cache_size_gb limit is reached
308 ; Eviction policy used to clear out after cache_size_gb limit is reached
309 archive_cache.filesystem.eviction_policy = least-recently-stored
309 archive_cache.filesystem.eviction_policy = least-recently-stored
310
310
311 ; By default cache uses sharding technique, this specifies how many shards are there
311 ; By default cache uses sharding technique, this specifies how many shards are there
312 ; default is 8 shards
312 ; default is 8 shards
313 archive_cache.filesystem.cache_shards = 8
313 archive_cache.filesystem.cache_shards = 8
314
314
315 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
315 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
316 archive_cache.filesystem.retry = false
316 archive_cache.filesystem.retry = false
317
317
318 ; number of seconds to wait for next try using retry
318 ; number of seconds to wait for next try using retry
319 archive_cache.filesystem.retry_backoff = 1
319 archive_cache.filesystem.retry_backoff = 1
320
320
321 ; how many tries do do a retry fetch from this backend
321 ; how many tries do do a retry fetch from this backend
322 archive_cache.filesystem.retry_attempts = 10
322 archive_cache.filesystem.retry_attempts = 10
323
323
324
324
325 ; #############
325 ; #############
326 ; CELERY CONFIG
326 ; CELERY CONFIG
327 ; #############
327 ; #############
328
328
329 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
329 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
330
330
331 use_celery = true
331 use_celery = true
332
332
333 ; path to store schedule database
333 ; path to store schedule database
334 #celerybeat-schedule.path =
334 #celerybeat-schedule.path =
335
335
336 ; connection url to the message broker (default redis)
336 ; connection url to the message broker (default redis)
337 celery.broker_url = redis://redis:6379/8
337 celery.broker_url = redis://redis:6379/8
338
338
339 ; results backend to get results for (default redis)
339 ; results backend to get results for (default redis)
340 celery.result_backend = redis://redis:6379/8
340 celery.result_backend = redis://redis:6379/8
341
341
342 ; rabbitmq example
342 ; rabbitmq example
343 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
343 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
344
344
345 ; maximum tasks to execute before worker restart
345 ; maximum tasks to execute before worker restart
346 celery.max_tasks_per_child = 20
346 celery.max_tasks_per_child = 20
347
347
348 ; tasks will never be sent to the queue, but executed locally instead.
348 ; tasks will never be sent to the queue, but executed locally instead.
349 celery.task_always_eager = false
349 celery.task_always_eager = false
350
350
351 ; #############
351 ; #############
352 ; DOGPILE CACHE
352 ; DOGPILE CACHE
353 ; #############
353 ; #############
354
354
355 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
355 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
356 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
356 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
357 cache_dir = /var/opt/rhodecode_data
357 cache_dir = /var/opt/rhodecode_data
358
358
359 ; *********************************************
359 ; *********************************************
360 ; `sql_cache_short` cache for heavy SQL queries
360 ; `sql_cache_short` cache for heavy SQL queries
361 ; Only supported backend is `memory_lru`
361 ; Only supported backend is `memory_lru`
362 ; *********************************************
362 ; *********************************************
363 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
363 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
364 rc_cache.sql_cache_short.expiration_time = 30
364 rc_cache.sql_cache_short.expiration_time = 30
365
365
366
366
367 ; *****************************************************
367 ; *****************************************************
368 ; `cache_repo_longterm` cache for repo object instances
368 ; `cache_repo_longterm` cache for repo object instances
369 ; Only supported backend is `memory_lru`
369 ; Only supported backend is `memory_lru`
370 ; *****************************************************
370 ; *****************************************************
371 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
371 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
372 ; by default we use 30 Days, cache is still invalidated on push
372 ; by default we use 30 Days, cache is still invalidated on push
373 rc_cache.cache_repo_longterm.expiration_time = 2592000
373 rc_cache.cache_repo_longterm.expiration_time = 2592000
374 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
374 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
375 rc_cache.cache_repo_longterm.max_size = 10000
375 rc_cache.cache_repo_longterm.max_size = 10000
376
376
377
377
378 ; *********************************************
378 ; *********************************************
379 ; `cache_general` cache for general purpose use
379 ; `cache_general` cache for general purpose use
380 ; for simplicity use rc.file_namespace backend,
380 ; for simplicity use rc.file_namespace backend,
381 ; for performance and scale use rc.redis
381 ; for performance and scale use rc.redis
382 ; *********************************************
382 ; *********************************************
383 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
383 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
384 rc_cache.cache_general.expiration_time = 43200
384 rc_cache.cache_general.expiration_time = 43200
385 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
385 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
386 #rc_cache.cache_general.arguments.filename = /tmp/cache_general_db
386 #rc_cache.cache_general.arguments.filename = /tmp/cache_general_db
387
387
388 ; alternative `cache_general` redis backend with distributed lock
388 ; alternative `cache_general` redis backend with distributed lock
389 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
389 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
390 #rc_cache.cache_general.expiration_time = 300
390 #rc_cache.cache_general.expiration_time = 300
391
391
392 ; redis_expiration_time needs to be greater then expiration_time
392 ; redis_expiration_time needs to be greater then expiration_time
393 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
393 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
394
394
395 #rc_cache.cache_general.arguments.host = localhost
395 #rc_cache.cache_general.arguments.host = localhost
396 #rc_cache.cache_general.arguments.port = 6379
396 #rc_cache.cache_general.arguments.port = 6379
397 #rc_cache.cache_general.arguments.db = 0
397 #rc_cache.cache_general.arguments.db = 0
398 #rc_cache.cache_general.arguments.socket_timeout = 30
398 #rc_cache.cache_general.arguments.socket_timeout = 30
399 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
399 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
400 #rc_cache.cache_general.arguments.distributed_lock = true
400 #rc_cache.cache_general.arguments.distributed_lock = true
401
401
402 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
402 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
403 #rc_cache.cache_general.arguments.lock_auto_renewal = true
403 #rc_cache.cache_general.arguments.lock_auto_renewal = true
404
404
405 ; *************************************************
405 ; *************************************************
406 ; `cache_perms` cache for permission tree, auth TTL
406 ; `cache_perms` cache for permission tree, auth TTL
407 ; for simplicity use rc.file_namespace backend,
407 ; for simplicity use rc.file_namespace backend,
408 ; for performance and scale use rc.redis
408 ; for performance and scale use rc.redis
409 ; *************************************************
409 ; *************************************************
410 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
410 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
411 rc_cache.cache_perms.expiration_time = 3600
411 rc_cache.cache_perms.expiration_time = 3600
412 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
412 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
413 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms_db
413 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms_db
414
414
415 ; alternative `cache_perms` redis backend with distributed lock
415 ; alternative `cache_perms` redis backend with distributed lock
416 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
416 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
417 #rc_cache.cache_perms.expiration_time = 300
417 #rc_cache.cache_perms.expiration_time = 300
418
418
419 ; redis_expiration_time needs to be greater then expiration_time
419 ; redis_expiration_time needs to be greater then expiration_time
420 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
420 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
421
421
422 #rc_cache.cache_perms.arguments.host = localhost
422 #rc_cache.cache_perms.arguments.host = localhost
423 #rc_cache.cache_perms.arguments.port = 6379
423 #rc_cache.cache_perms.arguments.port = 6379
424 #rc_cache.cache_perms.arguments.db = 0
424 #rc_cache.cache_perms.arguments.db = 0
425 #rc_cache.cache_perms.arguments.socket_timeout = 30
425 #rc_cache.cache_perms.arguments.socket_timeout = 30
426 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
426 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
427 #rc_cache.cache_perms.arguments.distributed_lock = true
427 #rc_cache.cache_perms.arguments.distributed_lock = true
428
428
429 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
429 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
430 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
430 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
431
431
432 ; ***************************************************
432 ; ***************************************************
433 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
433 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
434 ; for simplicity use rc.file_namespace backend,
434 ; for simplicity use rc.file_namespace backend,
435 ; for performance and scale use rc.redis
435 ; for performance and scale use rc.redis
436 ; ***************************************************
436 ; ***************************************************
437 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
437 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
438 rc_cache.cache_repo.expiration_time = 2592000
438 rc_cache.cache_repo.expiration_time = 2592000
439 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
439 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
440 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo_db
440 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo_db
441
441
442 ; alternative `cache_repo` redis backend with distributed lock
442 ; alternative `cache_repo` redis backend with distributed lock
443 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
443 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
444 #rc_cache.cache_repo.expiration_time = 2592000
444 #rc_cache.cache_repo.expiration_time = 2592000
445
445
446 ; redis_expiration_time needs to be greater then expiration_time
446 ; redis_expiration_time needs to be greater then expiration_time
447 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
447 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
448
448
449 #rc_cache.cache_repo.arguments.host = localhost
449 #rc_cache.cache_repo.arguments.host = localhost
450 #rc_cache.cache_repo.arguments.port = 6379
450 #rc_cache.cache_repo.arguments.port = 6379
451 #rc_cache.cache_repo.arguments.db = 1
451 #rc_cache.cache_repo.arguments.db = 1
452 #rc_cache.cache_repo.arguments.socket_timeout = 30
452 #rc_cache.cache_repo.arguments.socket_timeout = 30
453 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
453 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
454 #rc_cache.cache_repo.arguments.distributed_lock = true
454 #rc_cache.cache_repo.arguments.distributed_lock = true
455
455
456 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
456 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
457 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
457 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
458
458
459 ; ##############
459 ; ##############
460 ; BEAKER SESSION
460 ; BEAKER SESSION
461 ; ##############
461 ; ##############
462
462
463 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
463 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
464 ; types are file, ext:redis, ext:database, ext:memcached
464 ; types are file, ext:redis, ext:database, ext:memcached
465 ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session
465 ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session
466 #beaker.session.type = file
466 #beaker.session.type = file
467 #beaker.session.data_dir = %(here)s/data/sessions
467 #beaker.session.data_dir = %(here)s/data/sessions
468
468
469 ; Redis based sessions
469 ; Redis based sessions
470 beaker.session.type = ext:redis
470 beaker.session.type = ext:redis
471 beaker.session.url = redis://redis:6379/2
471 beaker.session.url = redis://redis:6379/2
472
472
473 ; DB based session, fast, and allows easy management over logged in users
473 ; DB based session, fast, and allows easy management over logged in users
474 #beaker.session.type = ext:database
474 #beaker.session.type = ext:database
475 #beaker.session.table_name = db_session
475 #beaker.session.table_name = db_session
476 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
476 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
477 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
477 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
478 #beaker.session.sa.pool_recycle = 3600
478 #beaker.session.sa.pool_recycle = 3600
479 #beaker.session.sa.echo = false
479 #beaker.session.sa.echo = false
480
480
481 beaker.session.key = rhodecode
481 beaker.session.key = rhodecode
482 beaker.session.secret = production-rc-uytcxaz
482 beaker.session.secret = production-rc-uytcxaz
483 beaker.session.lock_dir = /data_ramdisk/lock
483 beaker.session.lock_dir = /data_ramdisk/lock
484
484
485 ; Secure encrypted cookie. Requires AES and AES python libraries
485 ; Secure encrypted cookie. Requires AES and AES python libraries
486 ; you must disable beaker.session.secret to use this
486 ; you must disable beaker.session.secret to use this
487 #beaker.session.encrypt_key = key_for_encryption
487 #beaker.session.encrypt_key = key_for_encryption
488 #beaker.session.validate_key = validation_key
488 #beaker.session.validate_key = validation_key
489
489
490 ; Sets session as invalid (also logging out user) if it haven not been
490 ; Sets session as invalid (also logging out user) if it haven not been
491 ; accessed for given amount of time in seconds
491 ; accessed for given amount of time in seconds
492 beaker.session.timeout = 2592000
492 beaker.session.timeout = 2592000
493 beaker.session.httponly = true
493 beaker.session.httponly = true
494
494
495 ; Path to use for the cookie. Set to prefix if you use prefix middleware
495 ; Path to use for the cookie. Set to prefix if you use prefix middleware
496 #beaker.session.cookie_path = /custom_prefix
496 #beaker.session.cookie_path = /custom_prefix
497
497
498 ; Set https secure cookie
498 ; Set https secure cookie
499 beaker.session.secure = false
499 beaker.session.secure = false
500
500
501 ; default cookie expiration time in seconds, set to `true` to set expire
501 ; default cookie expiration time in seconds, set to `true` to set expire
502 ; at browser close
502 ; at browser close
503 #beaker.session.cookie_expires = 3600
503 #beaker.session.cookie_expires = 3600
504
504
505 ; #############################
505 ; #############################
506 ; SEARCH INDEXING CONFIGURATION
506 ; SEARCH INDEXING CONFIGURATION
507 ; #############################
507 ; #############################
508
508
509 ; Full text search indexer is available in rhodecode-tools under
509 ; Full text search indexer is available in rhodecode-tools under
510 ; `rhodecode-tools index` command
510 ; `rhodecode-tools index` command
511
511
512 ; WHOOSH Backend, doesn't require additional services to run
512 ; WHOOSH Backend, doesn't require additional services to run
513 ; it works good with few dozen repos
513 ; it works good with few dozen repos
514 search.module = rhodecode.lib.index.whoosh
514 search.module = rhodecode.lib.index.whoosh
515 search.location = %(here)s/data/index
515 search.location = %(here)s/data/index
516
516
517 ; ####################
517 ; ####################
518 ; CHANNELSTREAM CONFIG
518 ; CHANNELSTREAM CONFIG
519 ; ####################
519 ; ####################
520
520
521 ; channelstream enables persistent connections and live notification
521 ; channelstream enables persistent connections and live notification
522 ; in the system. It's also used by the chat system
522 ; in the system. It's also used by the chat system
523
523
524 channelstream.enabled = true
524 channelstream.enabled = true
525
525
526 ; server address for channelstream server on the backend
526 ; server address for channelstream server on the backend
527 channelstream.server = channelstream:9800
527 channelstream.server = channelstream:9800
528
528
529 ; location of the channelstream server from outside world
529 ; location of the channelstream server from outside world
530 ; use ws:// for http or wss:// for https. This address needs to be handled
530 ; use ws:// for http or wss:// for https. This address needs to be handled
531 ; by external HTTP server such as Nginx or Apache
531 ; by external HTTP server such as Nginx or Apache
532 ; see Nginx/Apache configuration examples in our docs
532 ; see Nginx/Apache configuration examples in our docs
533 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
533 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
534 channelstream.secret = ENV_GENERATED
534 channelstream.secret = ENV_GENERATED
535 channelstream.history.location = /var/opt/rhodecode_data/channelstream_history
535 channelstream.history.location = /var/opt/rhodecode_data/channelstream_history
536
536
537 ; Internal application path that Javascript uses to connect into.
537 ; Internal application path that Javascript uses to connect into.
538 ; If you use proxy-prefix the prefix should be added before /_channelstream
538 ; If you use proxy-prefix the prefix should be added before /_channelstream
539 channelstream.proxy_path = /_channelstream
539 channelstream.proxy_path = /_channelstream
540
540
541
541
542 ; ##############################
542 ; ##############################
543 ; MAIN RHODECODE DATABASE CONFIG
543 ; MAIN RHODECODE DATABASE CONFIG
544 ; ##############################
544 ; ##############################
545
545
546 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
546 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
547 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
547 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
548 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
548 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
549 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
549 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
550 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
550 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
551
551
552 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
552 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
553
553
554 ; see sqlalchemy docs for other advanced settings
554 ; see sqlalchemy docs for other advanced settings
555 ; print the sql statements to output
555 ; print the sql statements to output
556 sqlalchemy.db1.echo = false
556 sqlalchemy.db1.echo = false
557
557
558 ; recycle the connections after this amount of seconds
558 ; recycle the connections after this amount of seconds
559 sqlalchemy.db1.pool_recycle = 3600
559 sqlalchemy.db1.pool_recycle = 3600
560
560
561 ; the number of connections to keep open inside the connection pool.
561 ; the number of connections to keep open inside the connection pool.
562 ; 0 indicates no limit
562 ; 0 indicates no limit
563 ; the general calculus with gevent is:
563 ; the general calculus with gevent is:
564 ; if your system allows 500 concurrent greenlets (max_connections) that all do database access,
564 ; if your system allows 500 concurrent greenlets (max_connections) that all do database access,
565 ; then increase pool size + max overflow so that they add up to 500.
565 ; then increase pool size + max overflow so that they add up to 500.
566 #sqlalchemy.db1.pool_size = 5
566 #sqlalchemy.db1.pool_size = 5
567
567
568 ; The number of connections to allow in connection pool "overflow", that is
568 ; The number of connections to allow in connection pool "overflow", that is
569 ; connections that can be opened above and beyond the pool_size setting,
569 ; connections that can be opened above and beyond the pool_size setting,
570 ; which defaults to five.
570 ; which defaults to five.
571 #sqlalchemy.db1.max_overflow = 10
571 #sqlalchemy.db1.max_overflow = 10
572
572
573 ; Connection check ping, used to detect broken database connections
573 ; Connection check ping, used to detect broken database connections
574 ; could be enabled to better handle cases if MySQL has gone away errors
574 ; could be enabled to better handle cases if MySQL has gone away errors
575 #sqlalchemy.db1.ping_connection = true
575 #sqlalchemy.db1.ping_connection = true
576
576
577 ; ##########
577 ; ##########
578 ; VCS CONFIG
578 ; VCS CONFIG
579 ; ##########
579 ; ##########
580 vcs.server.enable = true
580 vcs.server.enable = true
581 vcs.server = vcsserver:10010
581 vcs.server = vcsserver:10010
582
582
583 ; Web server connectivity protocol, responsible for web based VCS operations
583 ; Web server connectivity protocol, responsible for web based VCS operations
584 ; Available protocols are:
584 ; Available protocols are:
585 ; `http` - use http-rpc backend (default)
585 ; `http` - use http-rpc backend (default)
586 vcs.server.protocol = http
586 vcs.server.protocol = http
587
587
588 ; Push/Pull operations protocol, available options are:
588 ; Push/Pull operations protocol, available options are:
589 ; `http` - use http-rpc backend (default)
589 ; `http` - use http-rpc backend (default)
590 vcs.scm_app_implementation = http
590 vcs.scm_app_implementation = http
591
591
592 ; Push/Pull operations hooks protocol, available options are:
592 ; Push/Pull operations hooks protocol, available options are:
593 ; `http` - use http-rpc backend (default)
593 ; `http` - use http-rpc backend (default)
594 ; `celery` - use celery based hooks
594 ; `celery` - use celery based hooks
595 vcs.hooks.protocol = http
595 vcs.hooks.protocol = http
596
596
597 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
597 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
598 ; accessible via network.
598 ; accessible via network.
599 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
599 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
600 vcs.hooks.host = *
600 vcs.hooks.host = *
601
601
602 ; Start VCSServer with this instance as a subprocess, useful for development
602 ; Start VCSServer with this instance as a subprocess, useful for development
603 vcs.start_server = false
603 vcs.start_server = false
604
604
605 ; List of enabled VCS backends, available options are:
605 ; List of enabled VCS backends, available options are:
606 ; `hg` - mercurial
606 ; `hg` - mercurial
607 ; `git` - git
607 ; `git` - git
608 ; `svn` - subversion
608 ; `svn` - subversion
609 vcs.backends = hg, git, svn
609 vcs.backends = hg, git, svn
610
610
611 ; Wait this number of seconds before killing connection to the vcsserver
611 ; Wait this number of seconds before killing connection to the vcsserver
612 vcs.connection_timeout = 3600
612 vcs.connection_timeout = 3600
613
613
614 ; Cache flag to cache vcsserver remote calls locally
614 ; Cache flag to cache vcsserver remote calls locally
615 ; It uses cache_region `cache_repo`
615 ; It uses cache_region `cache_repo`
616 vcs.methods.cache = true
616 vcs.methods.cache = true
617
617
618 ; ####################################################
618 ; ####################################################
619 ; Subversion proxy support (mod_dav_svn)
619 ; Subversion proxy support (mod_dav_svn)
620 ; Maps RhodeCode repo groups into SVN paths for Apache
620 ; Maps RhodeCode repo groups into SVN paths for Apache
621 ; ####################################################
621 ; ####################################################
622
622
623 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
623 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
624 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
624 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
625 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
625 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
626 #vcs.svn.compatible_version = 1.8
626 #vcs.svn.compatible_version = 1.8
627
627
628 ; Redis connection settings for svn integrations logic
628 ; Redis connection settings for svn integrations logic
629 ; This connection string needs to be the same on ce and vcsserver
629 ; This connection string needs to be the same on ce and vcsserver
630 vcs.svn.redis_conn = redis://redis:6379/0
630 vcs.svn.redis_conn = redis://redis:6379/0
631
631
632 ; Enable SVN proxy of requests over HTTP
632 ; Enable SVN proxy of requests over HTTP
633 vcs.svn.proxy.enabled = true
633 vcs.svn.proxy.enabled = true
634
634
635 ; host to connect to running SVN subsystem
635 ; host to connect to running SVN subsystem
636 vcs.svn.proxy.host = http://svn:8090
636 vcs.svn.proxy.host = http://svn:8090
637
637
638 ; Enable or disable the config file generation.
638 ; Enable or disable the config file generation.
639 svn.proxy.generate_config = true
639 svn.proxy.generate_config = true
640
640
641 ; Generate config file with `SVNListParentPath` set to `On`.
641 ; Generate config file with `SVNListParentPath` set to `On`.
642 svn.proxy.list_parent_path = true
642 svn.proxy.list_parent_path = true
643
643
644 ; Set location and file name of generated config file.
644 ; Set location and file name of generated config file.
645 svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf
645 svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf
646
646
647 ; alternative mod_dav config template. This needs to be a valid mako template
647 ; alternative mod_dav config template. This needs to be a valid mako template
648 ; Example template can be found in the source code:
648 ; Example template can be found in the source code:
649 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
649 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
650 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
650 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
651
651
652 ; Used as a prefix to the `Location` block in the generated config file.
652 ; Used as a prefix to the `Location` block in the generated config file.
653 ; In most cases it should be set to `/`.
653 ; In most cases it should be set to `/`.
654 svn.proxy.location_root = /
654 svn.proxy.location_root = /
655
655
656 ; Command to reload the mod dav svn configuration on change.
656 ; Command to reload the mod dav svn configuration on change.
657 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
657 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
658 ; Make sure user who runs RhodeCode process is allowed to reload Apache
658 ; Make sure user who runs RhodeCode process is allowed to reload Apache
659 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
659 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
660
660
661 ; If the timeout expires before the reload command finishes, the command will
661 ; If the timeout expires before the reload command finishes, the command will
662 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
662 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
663 #svn.proxy.reload_timeout = 10
663 #svn.proxy.reload_timeout = 10
664
664
665 ; ####################
665 ; ####################
666 ; SSH Support Settings
666 ; SSH Support Settings
667 ; ####################
667 ; ####################
668
668
669 ; Defines if a custom authorized_keys file should be created and written on
669 ; Defines if a custom authorized_keys file should be created and written on
670 ; any change user ssh keys. Setting this to false also disables possibility
670 ; any change user ssh keys. Setting this to false also disables possibility
671 ; of adding SSH keys by users from web interface. Super admins can still
671 ; of adding SSH keys by users from web interface. Super admins can still
672 ; manage SSH Keys.
672 ; manage SSH Keys.
673 ssh.generate_authorized_keyfile = true
673 ssh.generate_authorized_keyfile = true
674
674
675 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
675 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
676 # ssh.authorized_keys_ssh_opts =
676 # ssh.authorized_keys_ssh_opts =
677
677
678 ; Path to the authorized_keys file where the generate entries are placed.
678 ; Path to the authorized_keys file where the generate entries are placed.
679 ; It is possible to have multiple key files specified in `sshd_config` e.g.
679 ; It is possible to have multiple key files specified in `sshd_config` e.g.
680 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
680 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
681 ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode
681 ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode
682
682
683 ; Command to execute the SSH wrapper. The binary is available in the
683 ; Command to execute the SSH wrapper. The binary is available in the
684 ; RhodeCode installation directory.
684 ; RhodeCode installation directory.
685 ; legacy: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
685 ; legacy: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
686 ; new rewrite: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2
686 ; new rewrite: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2
687 ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
687 #DEPRECATED: ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
688 ssh.wrapper_cmd.v2 = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2
688
689
689 ; Allow shell when executing the ssh-wrapper command
690 ; Allow shell when executing the ssh-wrapper command
690 ssh.wrapper_cmd_allow_shell = false
691 ssh.wrapper_cmd_allow_shell = false
691
692
692 ; Enables logging, and detailed output send back to the client during SSH
693 ; Enables logging, and detailed output send back to the client during SSH
693 ; operations. Useful for debugging, shouldn't be used in production.
694 ; operations. Useful for debugging, shouldn't be used in production.
694 ssh.enable_debug_logging = false
695 ssh.enable_debug_logging = false
695
696
696 ; Paths to binary executable, by default they are the names, but we can
697 ; Paths to binary executable, by default they are the names, but we can
697 ; override them if we want to use a custom one
698 ; override them if we want to use a custom one
698 ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg
699 ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg
699 ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git
700 ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git
700 ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve
701 ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve
701
702
702 ; Enables SSH key generator web interface. Disabling this still allows users
703 ; Enables SSH key generator web interface. Disabling this still allows users
703 ; to add their own keys.
704 ; to add their own keys.
704 ssh.enable_ui_key_generator = true
705 ssh.enable_ui_key_generator = true
705
706
706 ; Statsd client config, this is used to send metrics to statsd
707 ; Statsd client config, this is used to send metrics to statsd
707 ; We recommend setting statsd_exported and scrape them using Prometheus
708 ; We recommend setting statsd_exported and scrape them using Prometheus
708 #statsd.enabled = false
709 #statsd.enabled = false
709 #statsd.statsd_host = 0.0.0.0
710 #statsd.statsd_host = 0.0.0.0
710 #statsd.statsd_port = 8125
711 #statsd.statsd_port = 8125
711 #statsd.statsd_prefix =
712 #statsd.statsd_prefix =
712 #statsd.statsd_ipv6 = false
713 #statsd.statsd_ipv6 = false
713
714
714 ; configure logging automatically at server startup set to false
715 ; configure logging automatically at server startup set to false
715 ; to use the below custom logging config.
716 ; to use the below custom logging config.
716 ; RC_LOGGING_FORMATTER
717 ; RC_LOGGING_FORMATTER
717 ; RC_LOGGING_LEVEL
718 ; RC_LOGGING_LEVEL
718 ; env variables can control the settings for logging in case of autoconfigure
719 ; env variables can control the settings for logging in case of autoconfigure
719
720
720 #logging.autoconfigure = true
721 #logging.autoconfigure = true
721
722
722 ; specify your own custom logging config file to configure logging
723 ; specify your own custom logging config file to configure logging
723 #logging.logging_conf_file = /path/to/custom_logging.ini
724 #logging.logging_conf_file = /path/to/custom_logging.ini
724
725
725 ; Dummy marker to add new entries after.
726 ; Dummy marker to add new entries after.
726 ; Add any custom entries below. Please don't remove this marker.
727 ; Add any custom entries below. Please don't remove this marker.
727 custom.conf = 1
728 custom.conf = 1
728
729
729
730
730 ; #####################
731 ; #####################
731 ; LOGGING CONFIGURATION
732 ; LOGGING CONFIGURATION
732 ; #####################
733 ; #####################
733
734
734 [loggers]
735 [loggers]
735 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
736 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
736
737
737 [handlers]
738 [handlers]
738 keys = console, console_sql
739 keys = console, console_sql
739
740
740 [formatters]
741 [formatters]
741 keys = generic, json, color_formatter, color_formatter_sql
742 keys = generic, json, color_formatter, color_formatter_sql
742
743
743 ; #######
744 ; #######
744 ; LOGGERS
745 ; LOGGERS
745 ; #######
746 ; #######
746 [logger_root]
747 [logger_root]
747 level = NOTSET
748 level = NOTSET
748 handlers = console
749 handlers = console
749
750
750 [logger_sqlalchemy]
751 [logger_sqlalchemy]
751 level = INFO
752 level = INFO
752 handlers = console_sql
753 handlers = console_sql
753 qualname = sqlalchemy.engine
754 qualname = sqlalchemy.engine
754 propagate = 0
755 propagate = 0
755
756
756 [logger_beaker]
757 [logger_beaker]
757 level = DEBUG
758 level = DEBUG
758 handlers =
759 handlers =
759 qualname = beaker.container
760 qualname = beaker.container
760 propagate = 1
761 propagate = 1
761
762
762 [logger_rhodecode]
763 [logger_rhodecode]
763 level = DEBUG
764 level = DEBUG
764 handlers =
765 handlers =
765 qualname = rhodecode
766 qualname = rhodecode
766 propagate = 1
767 propagate = 1
767
768
768 [logger_ssh_wrapper]
769 [logger_ssh_wrapper]
769 level = DEBUG
770 level = DEBUG
770 handlers =
771 handlers =
771 qualname = ssh_wrapper
772 qualname = ssh_wrapper
772 propagate = 1
773 propagate = 1
773
774
774 [logger_celery]
775 [logger_celery]
775 level = DEBUG
776 level = DEBUG
776 handlers =
777 handlers =
777 qualname = celery
778 qualname = celery
778
779
779
780
780 ; ########
781 ; ########
781 ; HANDLERS
782 ; HANDLERS
782 ; ########
783 ; ########
783
784
784 [handler_console]
785 [handler_console]
785 class = StreamHandler
786 class = StreamHandler
786 args = (sys.stderr, )
787 args = (sys.stderr, )
787 level = INFO
788 level = INFO
788 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
789 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
789 ; This allows sending properly formatted logs to grafana loki or elasticsearch
790 ; This allows sending properly formatted logs to grafana loki or elasticsearch
790 formatter = generic
791 formatter = generic
791
792
792 [handler_console_sql]
793 [handler_console_sql]
793 ; "level = DEBUG" logs SQL queries and results.
794 ; "level = DEBUG" logs SQL queries and results.
794 ; "level = INFO" logs SQL queries.
795 ; "level = INFO" logs SQL queries.
795 ; "level = WARN" logs neither. (Recommended for production systems.)
796 ; "level = WARN" logs neither. (Recommended for production systems.)
796 class = StreamHandler
797 class = StreamHandler
797 args = (sys.stderr, )
798 args = (sys.stderr, )
798 level = WARN
799 level = WARN
799 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
800 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
800 ; This allows sending properly formatted logs to grafana loki or elasticsearch
801 ; This allows sending properly formatted logs to grafana loki or elasticsearch
801 formatter = generic
802 formatter = generic
802
803
803 ; ##########
804 ; ##########
804 ; FORMATTERS
805 ; FORMATTERS
805 ; ##########
806 ; ##########
806
807
807 [formatter_generic]
808 [formatter_generic]
808 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
809 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
809 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
810 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
810 datefmt = %Y-%m-%d %H:%M:%S
811 datefmt = %Y-%m-%d %H:%M:%S
811
812
812 [formatter_color_formatter]
813 [formatter_color_formatter]
813 class = rhodecode.lib.logging_formatter.ColorFormatter
814 class = rhodecode.lib.logging_formatter.ColorFormatter
814 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
815 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
815 datefmt = %Y-%m-%d %H:%M:%S
816 datefmt = %Y-%m-%d %H:%M:%S
816
817
817 [formatter_color_formatter_sql]
818 [formatter_color_formatter_sql]
818 class = rhodecode.lib.logging_formatter.ColorFormatterSql
819 class = rhodecode.lib.logging_formatter.ColorFormatterSql
819 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
820 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
820 datefmt = %Y-%m-%d %H:%M:%S
821 datefmt = %Y-%m-%d %H:%M:%S
821
822
822 [formatter_json]
823 [formatter_json]
823 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
824 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
824 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
825 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
@@ -1,60 +1,60 b''
1 # Copyright (C) 2016-2023 RhodeCode GmbH
1 # Copyright (C) 2016-2023 RhodeCode GmbH
2 #
2 #
3 # This program is free software: you can redistribute it and/or modify
3 # This program is free software: you can redistribute it and/or modify
4 # it under the terms of the GNU Affero General Public License, version 3
4 # it under the terms of the GNU Affero General Public License, version 3
5 # (only), as published by the Free Software Foundation.
5 # (only), as published by the Free Software Foundation.
6 #
6 #
7 # This program is distributed in the hope that it will be useful,
7 # This program is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 # GNU General Public License for more details.
10 # GNU General Public License for more details.
11 #
11 #
12 # You should have received a copy of the GNU Affero General Public License
12 # You should have received a copy of the GNU Affero General Public License
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 #
14 #
15 # This program is dual-licensed. If you wish to learn more about the
15 # This program is dual-licensed. If you wish to learn more about the
16 # RhodeCode Enterprise Edition, including its added features, Support services,
16 # RhodeCode Enterprise Edition, including its added features, Support services,
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18
18
19 import logging
19 import logging
20
20
21 from . import config_keys
21 from . import config_keys
22
22
23 from rhodecode.config.settings_maker import SettingsMaker
23 from rhodecode.config.settings_maker import SettingsMaker
24
24
25 log = logging.getLogger(__name__)
25 log = logging.getLogger(__name__)
26
26
27
27
28 def _sanitize_settings_and_apply_defaults(settings):
28 def _sanitize_settings_and_apply_defaults(settings):
29 """
29 """
30 Set defaults, convert to python types and validate settings.
30 Set defaults, convert to python types and validate settings.
31 """
31 """
32 settings_maker = SettingsMaker(settings)
32 settings_maker = SettingsMaker(settings)
33
33
34 settings_maker.make_setting(config_keys.generate_authorized_keyfile, False, parser='bool')
34 settings_maker.make_setting(config_keys.generate_authorized_keyfile, False, parser='bool')
35 settings_maker.make_setting(config_keys.wrapper_allow_shell, False, parser='bool')
35 settings_maker.make_setting(config_keys.wrapper_allow_shell, False, parser='bool')
36 settings_maker.make_setting(config_keys.enable_debug_logging, False, parser='bool')
36 settings_maker.make_setting(config_keys.enable_debug_logging, False, parser='bool')
37 settings_maker.make_setting(config_keys.ssh_key_generator_enabled, True, parser='bool')
37 settings_maker.make_setting(config_keys.ssh_key_generator_enabled, True, parser='bool')
38
38
39 settings_maker.make_setting(config_keys.authorized_keys_file_path, '~/.ssh/authorized_keys_rhodecode')
39 settings_maker.make_setting(config_keys.authorized_keys_file_path, '~/.ssh/authorized_keys_rhodecode')
40 settings_maker.make_setting(config_keys.wrapper_cmd, '')
40 settings_maker.make_setting(config_keys.wrapper_cmd, '/usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2')
41 settings_maker.make_setting(config_keys.authorized_keys_line_ssh_opts, '')
41 settings_maker.make_setting(config_keys.authorized_keys_line_ssh_opts, '')
42
42
43 settings_maker.make_setting(config_keys.ssh_hg_bin, '/usr/local/bin/rhodecode_bin/vcs_bin/hg')
43 settings_maker.make_setting(config_keys.ssh_hg_bin, '/usr/local/bin/rhodecode_bin/vcs_bin/hg')
44 settings_maker.make_setting(config_keys.ssh_git_bin, '/usr/local/bin/rhodecode_bin/vcs_bin/git')
44 settings_maker.make_setting(config_keys.ssh_git_bin, '/usr/local/bin/rhodecode_bin/vcs_bin/git')
45 settings_maker.make_setting(config_keys.ssh_svn_bin, '/usr/local/bin/rhodecode_bin/vcs_bin/svnserve')
45 settings_maker.make_setting(config_keys.ssh_svn_bin, '/usr/local/bin/rhodecode_bin/vcs_bin/svnserve')
46
46
47 settings_maker.env_expand()
47 settings_maker.env_expand()
48
48
49
49
50 def includeme(config):
50 def includeme(config):
51 settings = config.registry.settings
51 settings = config.registry.settings
52 _sanitize_settings_and_apply_defaults(settings)
52 _sanitize_settings_and_apply_defaults(settings)
53
53
54 # if we have enable generation of file, subscribe to event
54 # if we have enable generation of file, subscribe to event
55 if settings[config_keys.generate_authorized_keyfile]:
55 if settings[config_keys.generate_authorized_keyfile]:
56 # lazy import here for faster code reading... via sshwrapper-v2 mode
56 # lazy import here for faster code reading... via sshwrapper-v2 mode
57 from .subscribers import generate_ssh_authorized_keys_file_subscriber
57 from .subscribers import generate_ssh_authorized_keys_file_subscriber
58 from .events import SshKeyFileChangeEvent
58 from .events import SshKeyFileChangeEvent
59 config.add_subscriber(
59 config.add_subscriber(
60 generate_ssh_authorized_keys_file_subscriber, SshKeyFileChangeEvent)
60 generate_ssh_authorized_keys_file_subscriber, SshKeyFileChangeEvent)
@@ -1,32 +1,32 b''
1 # Copyright (C) 2016-2023 RhodeCode GmbH
1 # Copyright (C) 2016-2023 RhodeCode GmbH
2 #
2 #
3 # This program is free software: you can redistribute it and/or modify
3 # This program is free software: you can redistribute it and/or modify
4 # it under the terms of the GNU Affero General Public License, version 3
4 # it under the terms of the GNU Affero General Public License, version 3
5 # (only), as published by the Free Software Foundation.
5 # (only), as published by the Free Software Foundation.
6 #
6 #
7 # This program is distributed in the hope that it will be useful,
7 # This program is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 # GNU General Public License for more details.
10 # GNU General Public License for more details.
11 #
11 #
12 # You should have received a copy of the GNU Affero General Public License
12 # You should have received a copy of the GNU Affero General Public License
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 #
14 #
15 # This program is dual-licensed. If you wish to learn more about the
15 # This program is dual-licensed. If you wish to learn more about the
16 # RhodeCode Enterprise Edition, including its added features, Support services,
16 # RhodeCode Enterprise Edition, including its added features, Support services,
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18
18
19
19
20 # Definition of setting keys used to configure this module. Defined here to
20 # Definition of setting keys used to configure this module. Defined here to
21 # avoid repetition of keys throughout the module.
21 # avoid repetition of keys throughout the module.
22 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
22 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
23 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
23 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
24 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
24 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
25 ssh_key_generator_enabled = 'ssh.enable_ui_key_generator'
25 ssh_key_generator_enabled = 'ssh.enable_ui_key_generator'
26 wrapper_cmd = 'ssh.wrapper_cmd'
26 wrapper_cmd = 'ssh.wrapper_cmd.v2'
27 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
27 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
28 enable_debug_logging = 'ssh.enable_debug_logging'
28 enable_debug_logging = 'ssh.enable_debug_logging'
29
29
30 ssh_hg_bin = 'ssh.executable.hg'
30 ssh_hg_bin = 'ssh.executable.hg'
31 ssh_git_bin = 'ssh.executable.git'
31 ssh_git_bin = 'ssh.executable.git'
32 ssh_svn_bin = 'ssh.executable.svn'
32 ssh_svn_bin = 'ssh.executable.svn'
General Comments 0
You need to be logged in to leave comments. Login now