##// END OF EJS Templates
config: small updated to .ini files
marcink -
r4171:0e77716f default
parent child Browse files
Show More
@@ -1,834 +1,829 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 ; #########################################
4 4 ; RHODECODE COMMUNITY EDITION CONFIGURATION
5 5 ; #########################################
6 6
7 7 [DEFAULT]
8 8 ; Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = true
10 10
11 11 ; ########################################################################
12 12 ; EMAIL CONFIGURATION
13 ; Uncomment and replace with the email address which should receive
14 ; any error reports after an application crash
15 ; Additionally these settings will be used by the RhodeCode mailing system
13 ; These settings will be used by the RhodeCode mailing system
16 14 ; ########################################################################
17 15
18 16 ; prefix all emails subjects with given prefix, helps filtering out emails
19 17 #email_prefix = [RhodeCode]
20 18
21 19 ; email FROM address all mails will be sent
22 20 #app_email_from = rhodecode-noreply@localhost
23 21
24 22 #smtp_server = mail.server.com
25 23 #smtp_username =
26 24 #smtp_password =
27 25 #smtp_port =
28 26 #smtp_use_tls = false
29 27 #smtp_use_ssl = true
30 28
31 29 [server:main]
32 30 ; COMMON HOST/IP CONFIG
33 31 host = 127.0.0.1
34 32 port = 5000
35 33
36 34 ; ##################################################
37 35 ; WAITRESS WSGI SERVER - Recommended for Development
38 36 ; ##################################################
39 37
40 38 ; use server type
41 39 use = egg:waitress#main
42 40
43 41 ; number of worker threads
44 42 threads = 5
45 43
46 44 ; MAX BODY SIZE 100GB
47 45 max_request_body_size = 107374182400
48 46
49 47 ; Use poll instead of select, fixes file descriptors limits problems.
50 48 ; May not work on old windows systems.
51 49 asyncore_use_poll = true
52 50
53 51
54 52 ; ###########################
55 53 ; GUNICORN APPLICATION SERVER
56 54 ; ###########################
57 55
58 56 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
59 57
60 58 ; Module to use, this setting shouldn't be changed
61 59 #use = egg:gunicorn#main
62 60
63 61 ; Sets the number of process workers. More workers means more concurrent connections
64 62 ; RhodeCode can handle at the same time. Each additional worker also it increases
65 63 ; memory usage as each has it's own set of caches.
66 64 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
67 65 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
68 66 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
69 67 ; when using more than 1 worker.
70 68 #workers = 2
71 69
72 70 ; Gunicorn access log level
73 71 #loglevel = info
74 72
75 73 ; Process name visible in process list
76 74 #proc_name = rhodecode
77 75
78 76 ; Type of worker class, one of `sync`, `gevent`
79 77 ; Recommended type is `gevent`
80 78 #worker_class = gevent
81 79
82 80 ; The maximum number of simultaneous clients. Valid only for gevent
83 81 #worker_connections = 10
84 82
85 83 ; Max number of requests that worker will handle before being gracefully restarted.
86 84 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
87 85 #max_requests = 1000
88 86 #max_requests_jitter = 30
89 87
90 88 ; Amount of time a worker can spend with handling a request before it
91 89 ; gets killed and restarted. By default set to 21600 (6hrs)
92 90 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
93 91 #timeout = 21600
94 92
95 93 ; The maximum size of HTTP request line in bytes.
96 94 ; 0 for unlimited
97 95 #limit_request_line = 0
98 96
99 97 ; Limit the number of HTTP headers fields in a request.
100 98 ; By default this value is 100 and can't be larger than 32768.
101 99 #limit_request_fields = 32768
102 100
103 101 ; Limit the allowed size of an HTTP request header field.
104 102 ; Value is a positive number or 0.
105 103 ; Setting it to 0 will allow unlimited header field sizes.
106 104 #limit_request_field_size = 0
107 105
108 106 ; Timeout for graceful workers restart.
109 107 ; After receiving a restart signal, workers have this much time to finish
110 108 ; serving requests. Workers still alive after the timeout (starting from the
111 109 ; receipt of the restart signal) are force killed.
112 110 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
113 111 #graceful_timeout = 3600
114 112
115 113 # The number of seconds to wait for requests on a Keep-Alive connection.
116 114 # Generally set in the 1-5 seconds range.
117 115 #keepalive = 2
118 116
119 117 ; Maximum memory usage that each worker can use before it will receive a
120 118 ; graceful restart signal 0 = memory monitoring is disabled
121 119 ; Examples: 268435456 (256MB), 536870912 (512MB)
122 120 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
123 121 #memory_max_usage = 0
124 122
125 123 ; How often in seconds to check for memory usage for each gunicorn worker
126 124 #memory_usage_check_interval = 60
127 125
128 126 ; Threshold value for which we don't recycle worker if GarbageCollection
129 127 ; frees up enough resources. Before each restart we try to run GC on worker
130 128 ; in case we get enough free memory after that, restart will not happen.
131 129 #memory_usage_recovery_threshold = 0.8
132 130
133 131
134 132 ; Prefix middleware for RhodeCode.
135 133 ; recommended when using proxy setup.
136 134 ; allows to set RhodeCode under a prefix in server.
137 135 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
138 136 ; And set your prefix like: `prefix = /custom_prefix`
139 137 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
140 138 ; to make your cookies only work on prefix url
141 139 [filter:proxy-prefix]
142 140 use = egg:PasteDeploy#prefix
143 141 prefix = /
144 142
145 143 [app:main]
146 144 ; The %(here)s variable will be replaced with the absolute path of parent directory
147 145 ; of this file
148 146 ; In addition ENVIRONMENT variables usage is possible, e.g
149 147 ; sqlalchemy.db1.url = {ENV_RC_DB_URL}
150 148
151 149 use = egg:rhodecode-enterprise-ce
152 150
153 151 ; enable proxy prefix middleware, defined above
154 152 #filter-with = proxy-prefix
155 153
156 154 ; #############
157 155 ; DEBUG OPTIONS
158 156 ; #############
159 157
160 158 pyramid.reload_templates = true
161 159
162 160 # During development the we want to have the debug toolbar enabled
163 161 pyramid.includes =
164 162 pyramid_debugtoolbar
165 163
166 164 debugtoolbar.hosts = 0.0.0.0/0
167 165 debugtoolbar.exclude_prefixes =
168 166 /css
169 167 /fonts
170 168 /images
171 169 /js
172 170
173 171 ## RHODECODE PLUGINS ##
174 172 rhodecode.includes =
175 173 rhodecode.api
176 174
177 175
178 176 # api prefix url
179 177 rhodecode.api.url = /_admin/api
180 178
181 179 ; enable debug style page
182 180 debug_style = true
183 181
184 182 ; #################
185 183 ; END DEBUG OPTIONS
186 184 ; #################
187 185
188 186 ; encryption key used to encrypt social plugin tokens,
189 187 ; remote_urls with credentials etc, if not set it defaults to
190 188 ; `beaker.session.secret`
191 189 #rhodecode.encrypted_values.secret =
192 190
193 191 ; decryption strict mode (enabled by default). It controls if decryption raises
194 192 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
195 193 #rhodecode.encrypted_values.strict = false
196 194
197 195 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
198 196 ; fernet is safer, and we strongly recommend switching to it.
199 197 ; Due to backward compatibility aes is used as default.
200 198 #rhodecode.encrypted_values.algorithm = fernet
201 199
202 200 ; Return gzipped responses from RhodeCode (static files/application)
203 201 gzip_responses = false
204 202
205 203 ; Auto-generate javascript routes file on startup
206 204 generate_js_files = false
207 205
208 206 ; System global default language.
209 207 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
210 208 lang = en
211 209
212 210 ; Perform a full repository scan and import on each server start.
213 211 ; Settings this to true could lead to very long startup time.
214 212 startup.import_repos = false
215 213
216 214 ; Uncomment and set this path to use archive download cache.
217 215 ; Once enabled, generated archives will be cached at this location
218 216 ; and served from the cache during subsequent requests for the same archive of
219 217 ; the repository.
220 218 #archive_cache_dir = /tmp/tarballcache
221 219
222 220 ; URL at which the application is running. This is used for Bootstrapping
223 221 ; requests in context when no web request is available. Used in ishell, or
224 222 ; SSH calls. Set this for events to receive proper url for SSH calls.
225 223 app.base_url = http://rhodecode.local
226 224
227 225 ; Unique application ID. Should be a random unique string for security.
228 226 app_instance_uuid = rc-production
229 227
230 228 ; Cut off limit for large diffs (size in bytes). If overall diff size on
231 229 ; commit, or pull request exceeds this limit this diff will be displayed
232 230 ; partially. E.g 512000 == 512Kb
233 231 cut_off_limit_diff = 512000
234 232
235 233 ; Cut off limit for large files inside diffs (size in bytes). Each individual
236 234 ; file inside diff which exceeds this limit will be displayed partially.
237 235 ; E.g 128000 == 128Kb
238 236 cut_off_limit_file = 128000
239 237
240 238 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
241 239 vcs_full_cache = true
242 240
243 241 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
244 242 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
245 243 force_https = false
246 244
247 245 ; use Strict-Transport-Security headers
248 246 use_htsts = false
249 247
250 248 ; Set to true if your repos are exposed using the dumb protocol
251 249 git_update_server_info = false
252 250
253 251 ; RSS/ATOM feed options
254 252 rss_cut_off_limit = 256000
255 253 rss_items_per_page = 10
256 254 rss_include_diff = false
257 255
258 256 ; gist URL alias, used to create nicer urls for gist. This should be an
259 257 ; url that does rewrites to _admin/gists/{gistid}.
260 258 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
261 259 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
262 260 gist_alias_url =
263 261
264 262 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
265 263 ; used for access.
266 264 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
267 265 ; came from the the logged in user who own this authentication token.
268 266 ; Additionally @TOKEN syntax can be used to bound the view to specific
269 267 ; authentication token. Such view would be only accessible when used together
270 268 ; with this authentication token
271 269 ; list of all views can be found under `/_admin/permissions/auth_token_access`
272 270 ; The list should be "," separated and on a single line.
273 271 ; Most common views to enable:
274 272
275 273 # RepoCommitsView:repo_commit_download
276 274 # RepoCommitsView:repo_commit_patch
277 275 # RepoCommitsView:repo_commit_raw
278 276 # RepoCommitsView:repo_commit_raw@TOKEN
279 277 # RepoFilesView:repo_files_diff
280 278 # RepoFilesView:repo_archivefile
281 279 # RepoFilesView:repo_file_raw
282 280 # GistView:*
283 281 api_access_controllers_whitelist =
284 282
285 283 ; Default encoding used to convert from and to unicode
286 284 ; can be also a comma separated list of encoding in case of mixed encodings
287 285 default_encoding = UTF-8
288 286
289 287 ; instance-id prefix
290 288 ; a prefix key for this instance used for cache invalidation when running
291 289 ; multiple instances of RhodeCode, make sure it's globally unique for
292 290 ; all running RhodeCode instances. Leave empty if you don't use it
293 291 instance_id =
294 292
295 293 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
296 294 ; of an authentication plugin also if it is disabled by it's settings.
297 295 ; This could be useful if you are unable to log in to the system due to broken
298 296 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
299 297 ; module to log in again and fix the settings.
300 298 ; Available builtin plugin IDs (hash is part of the ID):
301 299 ; egg:rhodecode-enterprise-ce#rhodecode
302 300 ; egg:rhodecode-enterprise-ce#pam
303 301 ; egg:rhodecode-enterprise-ce#ldap
304 302 ; egg:rhodecode-enterprise-ce#jasig_cas
305 303 ; egg:rhodecode-enterprise-ce#headers
306 304 ; egg:rhodecode-enterprise-ce#crowd
307 305
308 306 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
309 307
310 308 ; Flag to control loading of legacy plugins in py:/path format
311 309 auth_plugin.import_legacy_plugins = true
312 310
313 311 ; alternative return HTTP header for failed authentication. Default HTTP
314 312 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
315 313 ; handling that causing a series of failed authentication calls.
316 314 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
317 315 ; This will be served instead of default 401 on bad authentication
318 316 auth_ret_code =
319 317
320 318 ; use special detection method when serving auth_ret_code, instead of serving
321 319 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
322 320 ; and then serve auth_ret_code to clients
323 321 auth_ret_code_detection = false
324 322
325 323 ; locking return code. When repository is locked return this HTTP code. 2XX
326 324 ; codes don't break the transactions while 4XX codes do
327 325 lock_ret_code = 423
328 326
329 327 ; allows to change the repository location in settings page
330 328 allow_repo_location_change = true
331 329
332 330 ; allows to setup custom hooks in settings page
333 331 allow_custom_hooks_settings = true
334 332
335 333 ; Generated license token required for EE edition license.
336 334 ; New generated token value can be found in Admin > settings > license page.
337 335 license_token =
338 336
339 337 ; This flag hides sensitive information on the license page such as token, and license data
340 338 license.hide_license_info = false
341 339
342 340 ; supervisor connection uri, for managing supervisor and logs.
343 341 supervisor.uri =
344 342
345 343 ; supervisord group name/id we only want this RC instance to handle
346 344 supervisor.group_id = dev
347 345
348 346 ; Display extended labs settings
349 347 labs_settings_active = true
350 348
351 349 ; Custom exception store path, defaults to TMPDIR
352 350 ; This is used to store exception from RhodeCode in shared directory
353 351 #exception_tracker.store_path =
354 352
355 353 ; File store configuration. This is used to store and serve uploaded files
356 354 file_store.enabled = true
357 355
358 356 ; Storage backend, available options are: local
359 357 file_store.backend = local
360 358
361 359 ; path to store the uploaded binaries
362 360 file_store.storage_path = %(here)s/data/file_store
363 361
364 362
365 363 ; #############
366 364 ; CELERY CONFIG
367 365 ; #############
368 366
369 ; run: /path/to/celery worker \
370 ; -E --beat --app rhodecode.lib.celerylib.loader \
371 ; --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
372 ; --loglevel DEBUG --ini /path/to/rhodecode.ini
367 ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
373 368
374 369 use_celery = false
375 370
376 371 ; connection url to the message broker (default redis)
377 372 celery.broker_url = redis://localhost:6379/8
378 373
379 374 ; rabbitmq example
380 375 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
381 376
382 377 ; maximum tasks to execute before worker restart
383 378 celery.max_tasks_per_child = 100
384 379
385 380 ; tasks will never be sent to the queue, but executed locally instead.
386 381 celery.task_always_eager = false
387 382
388 383 ; #############
389 384 ; DOGPILE CACHE
390 385 ; #############
391 386
392 387 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
393 388 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
394 389 cache_dir = %(here)s/data
395 390
396 391 ; *********************************************
397 392 ; `sql_cache_short` cache for heavy SQL queries
398 393 ; Only supported backend is `memory_lru`
399 394 ; *********************************************
400 395 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
401 396 rc_cache.sql_cache_short.expiration_time = 30
402 397
403 398
404 399 ; *****************************************************
405 400 ; `cache_repo_longterm` cache for repo object instances
406 401 ; Only supported backend is `memory_lru`
407 402 ; *****************************************************
408 403 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
409 404 ; by default we use 30 Days, cache is still invalidated on push
410 405 rc_cache.cache_repo_longterm.expiration_time = 2592000
411 406 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
412 407 rc_cache.cache_repo_longterm.max_size = 10000
413 408
414 409
415 410 ; *************************************************
416 411 ; `cache_perms` cache for permission tree, auth TTL
417 412 ; *************************************************
418 413 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
419 414 rc_cache.cache_perms.expiration_time = 300
420 415
421 416 ; alternative `cache_perms` redis backend with distributed lock
422 417 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
423 418 #rc_cache.cache_perms.expiration_time = 300
424 419
425 420 ; redis_expiration_time needs to be greater then expiration_time
426 421 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
427 422
428 423 #rc_cache.cache_perms.arguments.host = localhost
429 424 #rc_cache.cache_perms.arguments.port = 6379
430 425 #rc_cache.cache_perms.arguments.db = 0
431 426 #rc_cache.cache_perms.arguments.socket_timeout = 30
432 427 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
433 428 #rc_cache.cache_perms.arguments.distributed_lock = true
434 429
435 430
436 431 ; ***************************************************
437 432 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
438 433 ; ***************************************************
439 434 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
440 435 rc_cache.cache_repo.expiration_time = 2592000
441 436
442 437 ; alternative `cache_repo` redis backend with distributed lock
443 438 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
444 439 #rc_cache.cache_repo.expiration_time = 2592000
445 440
446 441 ; redis_expiration_time needs to be greater then expiration_time
447 442 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
448 443
449 444 #rc_cache.cache_repo.arguments.host = localhost
450 445 #rc_cache.cache_repo.arguments.port = 6379
451 446 #rc_cache.cache_repo.arguments.db = 1
452 447 #rc_cache.cache_repo.arguments.socket_timeout = 30
453 448 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
454 449 #rc_cache.cache_repo.arguments.distributed_lock = true
455 450
456 451
457 452 ; ##############
458 453 ; BEAKER SESSION
459 454 ; ##############
460 455
461 456 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
462 457 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
463 458 ; Fastest ones are Redis and ext:database
464 459 beaker.session.type = file
465 460 beaker.session.data_dir = %(here)s/data/sessions
466 461
467 462 ; Redis based sessions
468 463 #beaker.session.type = ext:redis
469 464 #beaker.session.url = redis://127.0.0.1:6379/2
470 465
471 466 ; DB based session, fast, and allows easy management over logged in users
472 467 #beaker.session.type = ext:database
473 468 #beaker.session.table_name = db_session
474 469 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
475 470 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
476 471 #beaker.session.sa.pool_recycle = 3600
477 472 #beaker.session.sa.echo = false
478 473
479 474 beaker.session.key = rhodecode
480 475 beaker.session.secret = develop-rc-uytcxaz
481 476 beaker.session.lock_dir = %(here)s/data/sessions/lock
482 477
483 478 ; Secure encrypted cookie. Requires AES and AES python libraries
484 479 ; you must disable beaker.session.secret to use this
485 480 #beaker.session.encrypt_key = key_for_encryption
486 481 #beaker.session.validate_key = validation_key
487 482
488 483 ; Sets session as invalid (also logging out user) if it haven not been
489 484 ; accessed for given amount of time in seconds
490 485 beaker.session.timeout = 2592000
491 486 beaker.session.httponly = true
492 487
493 488 ; Path to use for the cookie. Set to prefix if you use prefix middleware
494 489 #beaker.session.cookie_path = /custom_prefix
495 490
496 491 ; Set https secure cookie
497 492 beaker.session.secure = false
498 493
499 494 ; default cookie expiration time in seconds, set to `true` to set expire
500 495 ; at browser close
501 496 #beaker.session.cookie_expires = 3600
502 497
503 498 ; #############################
504 499 ; SEARCH INDEXING CONFIGURATION
505 500 ; #############################
506 501
507 502 ; Full text search indexer is available in rhodecode-tools under
508 503 ; `rhodecode-tools index` command
509 504
510 505 ; WHOOSH Backend, doesn't require additional services to run
511 506 ; it works good with few dozen repos
512 507 search.module = rhodecode.lib.index.whoosh
513 508 search.location = %(here)s/data/index
514 509
515 510 ; ####################
516 511 ; CHANNELSTREAM CONFIG
517 512 ; ####################
518 513
519 514 ; channelstream enables persistent connections and live notification
520 515 ; in the system. It's also used by the chat system
521 516
522 517 channelstream.enabled = false
523 518
524 519 ; server address for channelstream server on the backend
525 520 channelstream.server = 127.0.0.1:9800
526 521
527 522 ; location of the channelstream server from outside world
528 523 ; use ws:// for http or wss:// for https. This address needs to be handled
529 524 ; by external HTTP server such as Nginx or Apache
530 525 ; see Nginx/Apache configuration examples in our docs
531 526 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
532 527 channelstream.secret = secret
533 528 channelstream.history.location = %(here)s/channelstream_history
534 529
535 530 ; Internal application path that Javascript uses to connect into.
536 531 ; If you use proxy-prefix the prefix should be added before /_channelstream
537 532 channelstream.proxy_path = /_channelstream
538 533
539 534
540 535 ; ##############################
541 536 ; MAIN RHODECODE DATABASE CONFIG
542 537 ; ##############################
543 538
544 539 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
545 540 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
546 541 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
547 542 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
548 543 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
549 544
550 545 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
551 546
552 547 ; see sqlalchemy docs for other advanced settings
553 548 ; print the sql statements to output
554 549 sqlalchemy.db1.echo = false
555 550
556 551 ; recycle the connections after this amount of seconds
557 552 sqlalchemy.db1.pool_recycle = 3600
558 553 sqlalchemy.db1.convert_unicode = true
559 554
560 555 ; the number of connections to keep open inside the connection pool.
561 556 ; 0 indicates no limit
562 557 #sqlalchemy.db1.pool_size = 5
563 558
564 559 ; The number of connections to allow in connection pool "overflow", that is
565 560 ; connections that can be opened above and beyond the pool_size setting,
566 561 ; which defaults to five.
567 562 #sqlalchemy.db1.max_overflow = 10
568 563
569 564 ; Connection check ping, used to detect broken database connections
570 565 ; could be enabled to better handle cases if MySQL has gone away errors
571 566 #sqlalchemy.db1.ping_connection = true
572 567
573 568 ; ##########
574 569 ; VCS CONFIG
575 570 ; ##########
576 571 vcs.server.enable = true
577 572 vcs.server = localhost:9900
578 573
579 574 ; Web server connectivity protocol, responsible for web based VCS operations
580 575 ; Available protocols are:
581 576 ; `http` - use http-rpc backend (default)
582 577 vcs.server.protocol = http
583 578
584 579 ; Push/Pull operations protocol, available options are:
585 580 ; `http` - use http-rpc backend (default)
586 581 vcs.scm_app_implementation = http
587 582
588 583 ; Push/Pull operations hooks protocol, available options are:
589 584 ; `http` - use http-rpc backend (default)
590 585 vcs.hooks.protocol = http
591 586
592 587 ; Host on which this instance is listening for hooks. If vcsserver is in other location
593 588 ; this should be adjusted.
594 589 vcs.hooks.host = 127.0.0.1
595 590
596 591 ; Start VCSServer with this instance as a subprocess, useful for development
597 592 vcs.start_server = false
598 593
599 594 ; List of enabled VCS backends, available options are:
600 595 ; `hg` - mercurial
601 596 ; `git` - git
602 597 ; `svn` - subversion
603 598 vcs.backends = hg, git, svn
604 599
605 600 ; Wait this number of seconds before killing connection to the vcsserver
606 601 vcs.connection_timeout = 3600
607 602
608 603 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
609 604 ; Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
610 605 #vcs.svn.compatible_version = pre-1.8-compatible
611 606
612 607
613 608 ; ####################################################
614 609 ; Subversion proxy support (mod_dav_svn)
615 610 ; Maps RhodeCode repo groups into SVN paths for Apache
616 611 ; ####################################################
617 612
618 613 ; Enable or disable the config file generation.
619 614 svn.proxy.generate_config = false
620 615
621 616 ; Generate config file with `SVNListParentPath` set to `On`.
622 617 svn.proxy.list_parent_path = true
623 618
624 619 ; Set location and file name of generated config file.
625 620 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
626 621
627 622 ; alternative mod_dav config template. This needs to be a valid mako template
628 623 ; Example template can be found in the source code:
629 624 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
630 625 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
631 626
632 627 ; Used as a prefix to the `Location` block in the generated config file.
633 628 ; In most cases it should be set to `/`.
634 629 svn.proxy.location_root = /
635 630
636 631 ; Command to reload the mod dav svn configuration on change.
637 632 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
638 633 ; Make sure user who runs RhodeCode process is allowed to reload Apache
639 634 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
640 635
641 636 ; If the timeout expires before the reload command finishes, the command will
642 637 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
643 638 #svn.proxy.reload_timeout = 10
644 639
645 640 ; ####################
646 641 ; SSH Support Settings
647 642 ; ####################
648 643
649 644 ; Defines if a custom authorized_keys file should be created and written on
650 645 ; any change user ssh keys. Setting this to false also disables possibility
651 646 ; of adding SSH keys by users from web interface. Super admins can still
652 647 ; manage SSH Keys.
653 648 ssh.generate_authorized_keyfile = false
654 649
655 650 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
656 651 # ssh.authorized_keys_ssh_opts =
657 652
658 653 ; Path to the authorized_keys file where the generate entries are placed.
659 654 ; It is possible to have multiple key files specified in `sshd_config` e.g.
660 655 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
661 656 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
662 657
663 658 ; Command to execute the SSH wrapper. The binary is available in the
664 659 ; RhodeCode installation directory.
665 660 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
666 661 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
667 662
668 663 ; Allow shell when executing the ssh-wrapper command
669 664 ssh.wrapper_cmd_allow_shell = false
670 665
671 666 ; Enables logging, and detailed output send back to the client during SSH
672 667 ; operations. Useful for debugging, shouldn't be used in production.
673 668 ssh.enable_debug_logging = true
674 669
675 670 ; Paths to binary executable, by default they are the names, but we can
676 671 ; override them if we want to use a custom one
677 672 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
678 673 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
679 674 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
680 675
681 676 ; Enables SSH key generator web interface. Disabling this still allows users
682 677 ; to add their own keys.
683 678 ssh.enable_ui_key_generator = true
684 679
685 680
686 681 ; #################
687 682 ; APPENLIGHT CONFIG
688 683 ; #################
689 684
690 685 ; Appenlight is tailored to work with RhodeCode, see
691 686 ; http://appenlight.rhodecode.com for details how to obtain an account
692 687
693 688 ; Appenlight integration enabled
694 689 appenlight = false
695 690
696 691 appenlight.server_url = https://api.appenlight.com
697 692 appenlight.api_key = YOUR_API_KEY
698 693 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
699 694
700 695 ; used for JS client
701 696 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
702 697
703 698 ; TWEAK AMOUNT OF INFO SENT HERE
704 699
705 700 ; enables 404 error logging (default False)
706 701 appenlight.report_404 = false
707 702
708 703 ; time in seconds after request is considered being slow (default 1)
709 704 appenlight.slow_request_time = 1
710 705
711 706 ; record slow requests in application
712 707 ; (needs to be enabled for slow datastore recording and time tracking)
713 708 appenlight.slow_requests = true
714 709
715 710 ; enable hooking to application loggers
716 711 appenlight.logging = true
717 712
718 713 ; minimum log level for log capture
719 714 appenlight.logging.level = WARNING
720 715
721 716 ; send logs only from erroneous/slow requests
722 717 ; (saves API quota for intensive logging)
723 718 appenlight.logging_on_error = false
724 719
725 720 ; list of additional keywords that should be grabbed from environ object
726 721 ; can be string with comma separated list of words in lowercase
727 722 ; (by default client will always send following info:
728 723 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
729 724 ; start with HTTP* this list be extended with additional keywords here
730 725 appenlight.environ_keys_whitelist =
731 726
732 727 ; list of keywords that should be blanked from request object
733 728 ; can be string with comma separated list of words in lowercase
734 729 ; (by default client will always blank keys that contain following words
735 730 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
736 731 ; this list be extended with additional keywords set here
737 732 appenlight.request_keys_blacklist =
738 733
739 734 ; list of namespaces that should be ignores when gathering log entries
740 735 ; can be string with comma separated list of namespaces
741 736 ; (by default the client ignores own entries: appenlight_client.client)
742 737 appenlight.log_namespace_blacklist =
743 738
744 739 ; Dummy marker to add new entries after.
745 740 ; Add any custom entries below. Please don't remove this marker.
746 741 custom.conf = 1
747 742
748 743
749 744 ; #####################
750 745 ; LOGGING CONFIGURATION
751 746 ; #####################
752 747 [loggers]
753 748 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
754 749
755 750 [handlers]
756 751 keys = console, console_sql
757 752
758 753 [formatters]
759 754 keys = generic, color_formatter, color_formatter_sql
760 755
761 756 ; #######
762 757 ; LOGGERS
763 758 ; #######
764 759 [logger_root]
765 760 level = NOTSET
766 761 handlers = console
767 762
768 763 [logger_sqlalchemy]
769 764 level = INFO
770 765 handlers = console_sql
771 766 qualname = sqlalchemy.engine
772 767 propagate = 0
773 768
774 769 [logger_beaker]
775 770 level = DEBUG
776 771 handlers =
777 772 qualname = beaker.container
778 773 propagate = 1
779 774
780 775 [logger_rhodecode]
781 776 level = DEBUG
782 777 handlers =
783 778 qualname = rhodecode
784 779 propagate = 1
785 780
786 781 [logger_ssh_wrapper]
787 782 level = DEBUG
788 783 handlers =
789 784 qualname = ssh_wrapper
790 785 propagate = 1
791 786
792 787 [logger_celery]
793 788 level = DEBUG
794 789 handlers =
795 790 qualname = celery
796 791
797 792
798 793 ; ########
799 794 ; HANDLERS
800 795 ; ########
801 796
802 797 [handler_console]
803 798 class = StreamHandler
804 799 args = (sys.stderr, )
805 800 level = DEBUG
806 801 formatter = color_formatter
807 802
808 803 [handler_console_sql]
809 804 ; "level = DEBUG" logs SQL queries and results.
810 805 ; "level = INFO" logs SQL queries.
811 806 ; "level = WARN" logs neither. (Recommended for production systems.)
812 807 class = StreamHandler
813 808 args = (sys.stderr, )
814 809 level = WARN
815 810 formatter = color_formatter_sql
816 811
817 812 ; ##########
818 813 ; FORMATTERS
819 814 ; ##########
820 815
821 816 [formatter_generic]
822 817 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
823 818 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
824 819 datefmt = %Y-%m-%d %H:%M:%S
825 820
826 821 [formatter_color_formatter]
827 822 class = rhodecode.lib.logging_formatter.ColorFormatter
828 823 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
829 824 datefmt = %Y-%m-%d %H:%M:%S
830 825
831 826 [formatter_color_formatter_sql]
832 827 class = rhodecode.lib.logging_formatter.ColorFormatterSql
833 828 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
834 829 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,780 +1,780 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 ; #########################################
4 4 ; RHODECODE COMMUNITY EDITION CONFIGURATION
5 5 ; #########################################
6 6
7 7 [DEFAULT]
8 8 ; Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = false
10 10
11 11 ; ########################################################################
12 12 ; EMAIL CONFIGURATION
13 13 ; These settings will be used by the RhodeCode mailing system
14 14 ; ########################################################################
15 15
16 16 ; prefix all emails subjects with given prefix, helps filtering out emails
17 17 #email_prefix = [RhodeCode]
18 18
19 19 ; email FROM address all mails will be sent
20 20 #app_email_from = rhodecode-noreply@localhost
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28
29 29 [server:main]
30 30 ; COMMON HOST/IP CONFIG
31 31 host = 127.0.0.1
32 32 port = 5000
33 33
34 34
35 35 ; ###########################
36 36 ; GUNICORN APPLICATION SERVER
37 37 ; ###########################
38 38
39 39 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
40 40
41 41 ; Module to use, this setting shouldn't be changed
42 42 use = egg:gunicorn#main
43 43
44 44 ; Sets the number of process workers. More workers means more concurrent connections
45 45 ; RhodeCode can handle at the same time. Each additional worker also it increases
46 46 ; memory usage as each has it's own set of caches.
47 47 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
48 48 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
49 49 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
50 50 ; when using more than 1 worker.
51 51 workers = 2
52 52
53 53 ; Gunicorn access log level
54 54 loglevel = info
55 55
56 56 ; Process name visible in process list
57 57 proc_name = rhodecode
58 58
59 59 ; Type of worker class, one of `sync`, `gevent`
60 60 ; Recommended type is `gevent`
61 61 worker_class = gevent
62 62
63 63 ; The maximum number of simultaneous clients per worker. Valid only for gevent
64 64 worker_connections = 10
65 65
66 66 ; Max number of requests that worker will handle before being gracefully restarted.
67 67 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
68 68 max_requests = 1000
69 69 max_requests_jitter = 30
70 70
71 71 ; Amount of time a worker can spend with handling a request before it
72 72 ; gets killed and restarted. By default set to 21600 (6hrs)
73 73 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
74 74 timeout = 21600
75 75
76 76 ; The maximum size of HTTP request line in bytes.
77 77 ; 0 for unlimited
78 78 limit_request_line = 0
79 79
80 80 ; Limit the number of HTTP headers fields in a request.
81 81 ; By default this value is 100 and can't be larger than 32768.
82 82 limit_request_fields = 32768
83 83
84 84 ; Limit the allowed size of an HTTP request header field.
85 85 ; Value is a positive number or 0.
86 86 ; Setting it to 0 will allow unlimited header field sizes.
87 87 limit_request_field_size = 0
88 88
89 89 ; Timeout for graceful workers restart.
90 90 ; After receiving a restart signal, workers have this much time to finish
91 91 ; serving requests. Workers still alive after the timeout (starting from the
92 92 ; receipt of the restart signal) are force killed.
93 93 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
94 94 graceful_timeout = 3600
95 95
96 96 # The number of seconds to wait for requests on a Keep-Alive connection.
97 97 # Generally set in the 1-5 seconds range.
98 98 keepalive = 2
99 99
100 100 ; Maximum memory usage that each worker can use before it will receive a
101 101 ; graceful restart signal 0 = memory monitoring is disabled
102 102 ; Examples: 268435456 (256MB), 536870912 (512MB)
103 103 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
104 104 memory_max_usage = 0
105 105
106 106 ; How often in seconds to check for memory usage for each gunicorn worker
107 107 memory_usage_check_interval = 60
108 108
109 109 ; Threshold value for which we don't recycle worker if GarbageCollection
110 110 ; frees up enough resources. Before each restart we try to run GC on worker
111 111 ; in case we get enough free memory after that, restart will not happen.
112 112 memory_usage_recovery_threshold = 0.8
113 113
114 114
115 115 ; Prefix middleware for RhodeCode.
116 116 ; recommended when using proxy setup.
117 117 ; allows to set RhodeCode under a prefix in server.
118 118 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
119 119 ; And set your prefix like: `prefix = /custom_prefix`
120 120 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
121 121 ; to make your cookies only work on prefix url
122 122 [filter:proxy-prefix]
123 123 use = egg:PasteDeploy#prefix
124 124 prefix = /
125 125
126 126 [app:main]
127 127 ; The %(here)s variable will be replaced with the absolute path of parent directory
128 128 ; of this file
129 129 ; In addition ENVIRONMENT variables usage is possible, e.g
130 130 ; sqlalchemy.db1.url = {ENV_RC_DB_URL}
131 131
132 132 use = egg:rhodecode-enterprise-ce
133 133
134 134 ; enable proxy prefix middleware, defined above
135 135 #filter-with = proxy-prefix
136 136
137 137 ; encryption key used to encrypt social plugin tokens,
138 138 ; remote_urls with credentials etc, if not set it defaults to
139 139 ; `beaker.session.secret`
140 140 #rhodecode.encrypted_values.secret =
141 141
142 142 ; decryption strict mode (enabled by default). It controls if decryption raises
143 143 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
144 144 #rhodecode.encrypted_values.strict = false
145 145
146 146 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
147 147 ; fernet is safer, and we strongly recommend switching to it.
148 148 ; Due to backward compatibility aes is used as default.
149 149 #rhodecode.encrypted_values.algorithm = fernet
150 150
151 151 ; Return gzipped responses from RhodeCode (static files/application)
152 152 gzip_responses = false
153 153
154 154 ; Auto-generate javascript routes file on startup
155 155 generate_js_files = false
156 156
157 157 ; System global default language.
158 158 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
159 159 lang = en
160 160
161 161 ; Perform a full repository scan and import on each server start.
162 162 ; Settings this to true could lead to very long startup time.
163 163 startup.import_repos = false
164 164
165 165 ; Uncomment and set this path to use archive download cache.
166 166 ; Once enabled, generated archives will be cached at this location
167 167 ; and served from the cache during subsequent requests for the same archive of
168 168 ; the repository.
169 169 #archive_cache_dir = /tmp/tarballcache
170 170
171 171 ; URL at which the application is running. This is used for Bootstrapping
172 172 ; requests in context when no web request is available. Used in ishell, or
173 173 ; SSH calls. Set this for events to receive proper url for SSH calls.
174 174 app.base_url = http://rhodecode.local
175 175
176 176 ; Unique application ID. Should be a random unique string for security.
177 177 app_instance_uuid = rc-production
178 178
179 179 ; Cut off limit for large diffs (size in bytes). If overall diff size on
180 180 ; commit, or pull request exceeds this limit this diff will be displayed
181 181 ; partially. E.g 512000 == 512Kb
182 182 cut_off_limit_diff = 512000
183 183
184 184 ; Cut off limit for large files inside diffs (size in bytes). Each individual
185 185 ; file inside diff which exceeds this limit will be displayed partially.
186 186 ; E.g 128000 == 128Kb
187 187 cut_off_limit_file = 128000
188 188
189 189 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
190 190 vcs_full_cache = true
191 191
192 192 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
193 193 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
194 194 force_https = false
195 195
196 196 ; use Strict-Transport-Security headers
197 197 use_htsts = false
198 198
199 199 ; Set to true if your repos are exposed using the dumb protocol
200 200 git_update_server_info = false
201 201
202 202 ; RSS/ATOM feed options
203 203 rss_cut_off_limit = 256000
204 204 rss_items_per_page = 10
205 205 rss_include_diff = false
206 206
207 207 ; gist URL alias, used to create nicer urls for gist. This should be an
208 208 ; url that does rewrites to _admin/gists/{gistid}.
209 209 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
210 210 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
211 211 gist_alias_url =
212 212
213 213 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
214 214 ; used for access.
215 215 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
216 216 ; came from the the logged in user who own this authentication token.
217 217 ; Additionally @TOKEN syntax can be used to bound the view to specific
218 218 ; authentication token. Such view would be only accessible when used together
219 219 ; with this authentication token
220 220 ; list of all views can be found under `/_admin/permissions/auth_token_access`
221 221 ; The list should be "," separated and on a single line.
222 222 ; Most common views to enable:
223 223
224 224 # RepoCommitsView:repo_commit_download
225 225 # RepoCommitsView:repo_commit_patch
226 226 # RepoCommitsView:repo_commit_raw
227 227 # RepoCommitsView:repo_commit_raw@TOKEN
228 228 # RepoFilesView:repo_files_diff
229 229 # RepoFilesView:repo_archivefile
230 230 # RepoFilesView:repo_file_raw
231 231 # GistView:*
232 232 api_access_controllers_whitelist =
233 233
234 234 ; Default encoding used to convert from and to unicode
235 235 ; can be also a comma separated list of encoding in case of mixed encodings
236 236 default_encoding = UTF-8
237 237
238 238 ; instance-id prefix
239 239 ; a prefix key for this instance used for cache invalidation when running
240 240 ; multiple instances of RhodeCode, make sure it's globally unique for
241 241 ; all running RhodeCode instances. Leave empty if you don't use it
242 242 instance_id =
243 243
244 244 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
245 245 ; of an authentication plugin also if it is disabled by it's settings.
246 246 ; This could be useful if you are unable to log in to the system due to broken
247 247 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
248 248 ; module to log in again and fix the settings.
249 249 ; Available builtin plugin IDs (hash is part of the ID):
250 250 ; egg:rhodecode-enterprise-ce#rhodecode
251 251 ; egg:rhodecode-enterprise-ce#pam
252 252 ; egg:rhodecode-enterprise-ce#ldap
253 253 ; egg:rhodecode-enterprise-ce#jasig_cas
254 254 ; egg:rhodecode-enterprise-ce#headers
255 255 ; egg:rhodecode-enterprise-ce#crowd
256 256
257 257 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
258 258
259 259 ; Flag to control loading of legacy plugins in py:/path format
260 260 auth_plugin.import_legacy_plugins = true
261 261
262 262 ; alternative return HTTP header for failed authentication. Default HTTP
263 263 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
264 264 ; handling that causing a series of failed authentication calls.
265 265 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
266 266 ; This will be served instead of default 401 on bad authentication
267 267 auth_ret_code =
268 268
269 269 ; use special detection method when serving auth_ret_code, instead of serving
270 270 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
271 271 ; and then serve auth_ret_code to clients
272 272 auth_ret_code_detection = false
273 273
274 274 ; locking return code. When repository is locked return this HTTP code. 2XX
275 275 ; codes don't break the transactions while 4XX codes do
276 276 lock_ret_code = 423
277 277
278 278 ; allows to change the repository location in settings page
279 279 allow_repo_location_change = true
280 280
281 281 ; allows to setup custom hooks in settings page
282 282 allow_custom_hooks_settings = true
283 283
284 284 ; Generated license token required for EE edition license.
285 285 ; New generated token value can be found in Admin > settings > license page.
286 286 license_token =
287 287
288 288 ; This flag hides sensitive information on the license page such as token, and license data
289 289 license.hide_license_info = false
290 290
291 291 ; supervisor connection uri, for managing supervisor and logs.
292 292 supervisor.uri =
293 293
294 294 ; supervisord group name/id we only want this RC instance to handle
295 295 supervisor.group_id = prod
296 296
297 297 ; Display extended labs settings
298 298 labs_settings_active = true
299 299
300 300 ; Custom exception store path, defaults to TMPDIR
301 301 ; This is used to store exception from RhodeCode in shared directory
302 302 #exception_tracker.store_path =
303 303
304 304 ; File store configuration. This is used to store and serve uploaded files
305 305 file_store.enabled = true
306 306
307 307 ; Storage backend, available options are: local
308 308 file_store.backend = local
309 309
310 310 ; path to store the uploaded binaries
311 311 file_store.storage_path = %(here)s/data/file_store
312 312
313 313
314 314 ; #############
315 315 ; CELERY CONFIG
316 316 ; #############
317 317
318 318 ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
319 319
320 320 use_celery = false
321 321
322 322 ; connection url to the message broker (default redis)
323 323 celery.broker_url = redis://localhost:6379/8
324 324
325 325 ; rabbitmq example
326 326 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
327 327
328 328 ; maximum tasks to execute before worker restart
329 329 celery.max_tasks_per_child = 100
330 330
331 331 ; tasks will never be sent to the queue, but executed locally instead.
332 332 celery.task_always_eager = false
333 333
334 334 ; #############
335 335 ; DOGPILE CACHE
336 336 ; #############
337 337
338 338 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
339 339 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
340 340 cache_dir = %(here)s/data
341 341
342 342 ; *********************************************
343 343 ; `sql_cache_short` cache for heavy SQL queries
344 344 ; Only supported backend is `memory_lru`
345 345 ; *********************************************
346 346 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
347 347 rc_cache.sql_cache_short.expiration_time = 30
348 348
349 349
350 350 ; *****************************************************
351 351 ; `cache_repo_longterm` cache for repo object instances
352 352 ; Only supported backend is `memory_lru`
353 353 ; *****************************************************
354 354 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
355 355 ; by default we use 30 Days, cache is still invalidated on push
356 356 rc_cache.cache_repo_longterm.expiration_time = 2592000
357 357 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
358 358 rc_cache.cache_repo_longterm.max_size = 10000
359 359
360 360
361 361 ; *************************************************
362 362 ; `cache_perms` cache for permission tree, auth TTL
363 363 ; *************************************************
364 364 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
365 365 rc_cache.cache_perms.expiration_time = 300
366 366
367 367 ; alternative `cache_perms` redis backend with distributed lock
368 368 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
369 369 #rc_cache.cache_perms.expiration_time = 300
370 370
371 371 ; redis_expiration_time needs to be greater then expiration_time
372 372 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
373 373
374 374 #rc_cache.cache_perms.arguments.host = localhost
375 375 #rc_cache.cache_perms.arguments.port = 6379
376 376 #rc_cache.cache_perms.arguments.db = 0
377 377 #rc_cache.cache_perms.arguments.socket_timeout = 30
378 378 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
379 379 #rc_cache.cache_perms.arguments.distributed_lock = true
380 380
381 381
382 382 ; ***************************************************
383 383 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
384 384 ; ***************************************************
385 385 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
386 386 rc_cache.cache_repo.expiration_time = 2592000
387 387
388 388 ; alternative `cache_repo` redis backend with distributed lock
389 389 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
390 390 #rc_cache.cache_repo.expiration_time = 2592000
391 391
392 392 ; redis_expiration_time needs to be greater then expiration_time
393 393 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
394 394
395 395 #rc_cache.cache_repo.arguments.host = localhost
396 396 #rc_cache.cache_repo.arguments.port = 6379
397 397 #rc_cache.cache_repo.arguments.db = 1
398 398 #rc_cache.cache_repo.arguments.socket_timeout = 30
399 399 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
400 400 #rc_cache.cache_repo.arguments.distributed_lock = true
401 401
402 402
403 403 ; ##############
404 404 ; BEAKER SESSION
405 405 ; ##############
406 406
407 407 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
408 408 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
409 409 ; Fastest ones are Redis and ext:database
410 410 beaker.session.type = file
411 411 beaker.session.data_dir = %(here)s/data/sessions
412 412
413 413 ; Redis based sessions
414 414 #beaker.session.type = ext:redis
415 415 #beaker.session.url = redis://127.0.0.1:6379/2
416 416
417 417 ; DB based session, fast, and allows easy management over logged in users
418 418 #beaker.session.type = ext:database
419 419 #beaker.session.table_name = db_session
420 420 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
421 421 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
422 422 #beaker.session.sa.pool_recycle = 3600
423 423 #beaker.session.sa.echo = false
424 424
425 425 beaker.session.key = rhodecode
426 426 beaker.session.secret = production-rc-uytcxaz
427 427 beaker.session.lock_dir = %(here)s/data/sessions/lock
428 428
429 429 ; Secure encrypted cookie. Requires AES and AES python libraries
430 430 ; you must disable beaker.session.secret to use this
431 431 #beaker.session.encrypt_key = key_for_encryption
432 432 #beaker.session.validate_key = validation_key
433 433
434 434 ; Sets session as invalid (also logging out user) if it haven not been
435 435 ; accessed for given amount of time in seconds
436 436 beaker.session.timeout = 2592000
437 437 beaker.session.httponly = true
438 438
439 439 ; Path to use for the cookie. Set to prefix if you use prefix middleware
440 440 #beaker.session.cookie_path = /custom_prefix
441 441
442 442 ; Set https secure cookie
443 443 beaker.session.secure = false
444 444
445 445 ; default cookie expiration time in seconds, set to `true` to set expire
446 446 ; at browser close
447 447 #beaker.session.cookie_expires = 3600
448 448
449 449 ; #############################
450 450 ; SEARCH INDEXING CONFIGURATION
451 451 ; #############################
452 452
453 453 ; Full text search indexer is available in rhodecode-tools under
454 454 ; `rhodecode-tools index` command
455 455
456 456 ; WHOOSH Backend, doesn't require additional services to run
457 457 ; it works good with few dozen repos
458 458 search.module = rhodecode.lib.index.whoosh
459 459 search.location = %(here)s/data/index
460 460
461 461 ; ####################
462 462 ; CHANNELSTREAM CONFIG
463 463 ; ####################
464 464
465 465 ; channelstream enables persistent connections and live notification
466 466 ; in the system. It's also used by the chat system
467 467
468 468 channelstream.enabled = false
469 469
470 470 ; server address for channelstream server on the backend
471 471 channelstream.server = 127.0.0.1:9800
472 472
473 473 ; location of the channelstream server from outside world
474 474 ; use ws:// for http or wss:// for https. This address needs to be handled
475 475 ; by external HTTP server such as Nginx or Apache
476 476 ; see Nginx/Apache configuration examples in our docs
477 477 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
478 478 channelstream.secret = secret
479 479 channelstream.history.location = %(here)s/channelstream_history
480 480
481 481 ; Internal application path that Javascript uses to connect into.
482 482 ; If you use proxy-prefix the prefix should be added before /_channelstream
483 483 channelstream.proxy_path = /_channelstream
484 484
485 485
486 486 ; ##############################
487 487 ; MAIN RHODECODE DATABASE CONFIG
488 488 ; ##############################
489 489
490 490 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
491 491 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
492 492 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
493 493 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
494 494 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
495 495
496 496 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
497 497
498 498 ; see sqlalchemy docs for other advanced settings
499 499 ; print the sql statements to output
500 500 sqlalchemy.db1.echo = false
501 501
502 502 ; recycle the connections after this amount of seconds
503 503 sqlalchemy.db1.pool_recycle = 3600
504 504 sqlalchemy.db1.convert_unicode = true
505 505
506 506 ; the number of connections to keep open inside the connection pool.
507 507 ; 0 indicates no limit
508 508 #sqlalchemy.db1.pool_size = 5
509 509
510 510 ; The number of connections to allow in connection pool "overflow", that is
511 511 ; connections that can be opened above and beyond the pool_size setting,
512 512 ; which defaults to five.
513 513 #sqlalchemy.db1.max_overflow = 10
514 514
515 515 ; Connection check ping, used to detect broken database connections
516 516 ; could be enabled to better handle cases if MySQL has gone away errors
517 517 #sqlalchemy.db1.ping_connection = true
518 518
519 519 ; ##########
520 520 ; VCS CONFIG
521 521 ; ##########
522 522 vcs.server.enable = true
523 523 vcs.server = localhost:9900
524 524
525 525 ; Web server connectivity protocol, responsible for web based VCS operations
526 526 ; Available protocols are:
527 527 ; `http` - use http-rpc backend (default)
528 528 vcs.server.protocol = http
529 529
530 530 ; Push/Pull operations protocol, available options are:
531 531 ; `http` - use http-rpc backend (default)
532 532 vcs.scm_app_implementation = http
533 533
534 534 ; Push/Pull operations hooks protocol, available options are:
535 535 ; `http` - use http-rpc backend (default)
536 536 vcs.hooks.protocol = http
537 537
538 538 ; Host on which this instance is listening for hooks. If vcsserver is in other location
539 539 ; this should be adjusted.
540 540 vcs.hooks.host = 127.0.0.1
541 541
542 542 ; Start VCSServer with this instance as a subprocess, useful for development
543 543 vcs.start_server = false
544 544
545 545 ; List of enabled VCS backends, available options are:
546 546 ; `hg` - mercurial
547 547 ; `git` - git
548 548 ; `svn` - subversion
549 549 vcs.backends = hg, git, svn
550 550
551 551 ; Wait this number of seconds before killing connection to the vcsserver
552 552 vcs.connection_timeout = 3600
553 553
554 554 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
555 555 ; Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
556 556 #vcs.svn.compatible_version = pre-1.8-compatible
557 557
558 558
559 559 ; ####################################################
560 560 ; Subversion proxy support (mod_dav_svn)
561 561 ; Maps RhodeCode repo groups into SVN paths for Apache
562 562 ; ####################################################
563 563
564 564 ; Enable or disable the config file generation.
565 565 svn.proxy.generate_config = false
566 566
567 567 ; Generate config file with `SVNListParentPath` set to `On`.
568 568 svn.proxy.list_parent_path = true
569 569
570 570 ; Set location and file name of generated config file.
571 571 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
572 572
573 573 ; alternative mod_dav config template. This needs to be a valid mako template
574 574 ; Example template can be found in the source code:
575 575 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
576 576 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
577 577
578 578 ; Used as a prefix to the `Location` block in the generated config file.
579 579 ; In most cases it should be set to `/`.
580 580 svn.proxy.location_root = /
581 581
582 582 ; Command to reload the mod dav svn configuration on change.
583 583 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
584 584 ; Make sure user who runs RhodeCode process is allowed to reload Apache
585 585 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
586 586
587 587 ; If the timeout expires before the reload command finishes, the command will
588 588 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
589 589 #svn.proxy.reload_timeout = 10
590 590
591 591 ; ####################
592 592 ; SSH Support Settings
593 593 ; ####################
594 594
595 595 ; Defines if a custom authorized_keys file should be created and written on
596 596 ; any change user ssh keys. Setting this to false also disables possibility
597 597 ; of adding SSH keys by users from web interface. Super admins can still
598 598 ; manage SSH Keys.
599 599 ssh.generate_authorized_keyfile = false
600 600
601 601 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
602 602 # ssh.authorized_keys_ssh_opts =
603 603
604 604 ; Path to the authorized_keys file where the generate entries are placed.
605 605 ; It is possible to have multiple key files specified in `sshd_config` e.g.
606 606 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
607 607 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
608 608
609 609 ; Command to execute the SSH wrapper. The binary is available in the
610 610 ; RhodeCode installation directory.
611 611 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
612 612 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
613 613
614 614 ; Allow shell when executing the ssh-wrapper command
615 615 ssh.wrapper_cmd_allow_shell = false
616 616
617 617 ; Enables logging, and detailed output send back to the client during SSH
618 618 ; operations. Useful for debugging, shouldn't be used in production.
619 619 ssh.enable_debug_logging = false
620 620
621 621 ; Paths to binary executable, by default they are the names, but we can
622 622 ; override them if we want to use a custom one
623 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
623 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
624 624 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
625 625 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
626 626
627 627 ; Enables SSH key generator web interface. Disabling this still allows users
628 628 ; to add their own keys.
629 629 ssh.enable_ui_key_generator = true
630 630
631 631
632 632 ; #################
633 633 ; APPENLIGHT CONFIG
634 634 ; #################
635 635
636 636 ; Appenlight is tailored to work with RhodeCode, see
637 637 ; http://appenlight.rhodecode.com for details how to obtain an account
638 638
639 639 ; Appenlight integration enabled
640 640 appenlight = false
641 641
642 642 appenlight.server_url = https://api.appenlight.com
643 643 appenlight.api_key = YOUR_API_KEY
644 644 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
645 645
646 646 ; used for JS client
647 647 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
648 648
649 649 ; TWEAK AMOUNT OF INFO SENT HERE
650 650
651 651 ; enables 404 error logging (default False)
652 652 appenlight.report_404 = false
653 653
654 654 ; time in seconds after request is considered being slow (default 1)
655 655 appenlight.slow_request_time = 1
656 656
657 657 ; record slow requests in application
658 658 ; (needs to be enabled for slow datastore recording and time tracking)
659 659 appenlight.slow_requests = true
660 660
661 661 ; enable hooking to application loggers
662 662 appenlight.logging = true
663 663
664 664 ; minimum log level for log capture
665 665 appenlight.logging.level = WARNING
666 666
667 667 ; send logs only from erroneous/slow requests
668 668 ; (saves API quota for intensive logging)
669 669 appenlight.logging_on_error = false
670 670
671 671 ; list of additional keywords that should be grabbed from environ object
672 672 ; can be string with comma separated list of words in lowercase
673 673 ; (by default client will always send following info:
674 674 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
675 675 ; start with HTTP* this list be extended with additional keywords here
676 676 appenlight.environ_keys_whitelist =
677 677
678 678 ; list of keywords that should be blanked from request object
679 679 ; can be string with comma separated list of words in lowercase
680 680 ; (by default client will always blank keys that contain following words
681 681 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
682 682 ; this list be extended with additional keywords set here
683 683 appenlight.request_keys_blacklist =
684 684
685 685 ; list of namespaces that should be ignores when gathering log entries
686 686 ; can be string with comma separated list of namespaces
687 687 ; (by default the client ignores own entries: appenlight_client.client)
688 688 appenlight.log_namespace_blacklist =
689 689
690 690 ; Dummy marker to add new entries after.
691 691 ; Add any custom entries below. Please don't remove this marker.
692 692 custom.conf = 1
693 693
694 694
695 695 ; #####################
696 696 ; LOGGING CONFIGURATION
697 697 ; #####################
698 698 [loggers]
699 699 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
700 700
701 701 [handlers]
702 702 keys = console, console_sql
703 703
704 704 [formatters]
705 705 keys = generic, color_formatter, color_formatter_sql
706 706
707 707 ; #######
708 708 ; LOGGERS
709 709 ; #######
710 710 [logger_root]
711 711 level = NOTSET
712 712 handlers = console
713 713
714 714 [logger_sqlalchemy]
715 715 level = INFO
716 716 handlers = console_sql
717 717 qualname = sqlalchemy.engine
718 718 propagate = 0
719 719
720 720 [logger_beaker]
721 721 level = DEBUG
722 722 handlers =
723 723 qualname = beaker.container
724 724 propagate = 1
725 725
726 726 [logger_rhodecode]
727 727 level = DEBUG
728 728 handlers =
729 729 qualname = rhodecode
730 730 propagate = 1
731 731
732 732 [logger_ssh_wrapper]
733 733 level = DEBUG
734 734 handlers =
735 735 qualname = ssh_wrapper
736 736 propagate = 1
737 737
738 738 [logger_celery]
739 739 level = DEBUG
740 740 handlers =
741 741 qualname = celery
742 742
743 743
744 744 ; ########
745 745 ; HANDLERS
746 746 ; ########
747 747
748 748 [handler_console]
749 749 class = StreamHandler
750 750 args = (sys.stderr, )
751 751 level = INFO
752 752 formatter = generic
753 753
754 754 [handler_console_sql]
755 755 ; "level = DEBUG" logs SQL queries and results.
756 756 ; "level = INFO" logs SQL queries.
757 757 ; "level = WARN" logs neither. (Recommended for production systems.)
758 758 class = StreamHandler
759 759 args = (sys.stderr, )
760 760 level = WARN
761 761 formatter = generic
762 762
763 763 ; ##########
764 764 ; FORMATTERS
765 765 ; ##########
766 766
767 767 [formatter_generic]
768 768 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
769 769 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
770 770 datefmt = %Y-%m-%d %H:%M:%S
771 771
772 772 [formatter_color_formatter]
773 773 class = rhodecode.lib.logging_formatter.ColorFormatter
774 774 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
775 775 datefmt = %Y-%m-%d %H:%M:%S
776 776
777 777 [formatter_color_formatter_sql]
778 778 class = rhodecode.lib.logging_formatter.ColorFormatterSql
779 779 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
780 780 datefmt = %Y-%m-%d %H:%M:%S
General Comments 0
You need to be logged in to leave comments. Login now