rhodecode-enterprise-ce Commit - r4859:169b0860

hooks: allow to bind to existing hostname automatically if nothing explicitly is set.

super-admin -

r4859:169b0860 default

parent child

configs/development.ini

0 +4 -3

              ## -*- coding: utf-8 -*-
              ; #########################################
              ; RHODECODE COMMUNITY EDITION CONFIGURATION
              ; #########################################
              [DEFAULT]
              ; Debug flag sets all loggers to debug, and enables request tracking
              debug = true
              ; ########################################################################
              ; EMAIL CONFIGURATION
              ; These settings will be used by the RhodeCode mailing system
              ; ########################################################################
              ; prefix all emails subjects with given prefix, helps filtering out emails
              #email_prefix = [RhodeCode]
              ; email FROM address all mails will be sent
              #app_email_from = rhodecode-noreply@localhost
              #smtp_server = mail.server.com
              #smtp_username =
              #smtp_password =
              #smtp_port =
              #smtp_use_tls = false
              #smtp_use_ssl = true
              [server:main]
              ; COMMON HOST/IP CONFIG
              host = 127.0.0.1
              port = 5000
              ; ##################################################
              ; WAITRESS WSGI SERVER - Recommended for Development
              ; ##################################################
              ; use server type
              use = egg:waitress#main
              ; number of worker threads
              threads = 5
              ; MAX BODY SIZE 100GB
              max_request_body_size = 107374182400
              ; Use poll instead of select, fixes file descriptors limits problems.
              ; May not work on old windows systems.
              asyncore_use_poll = true
              ; ###########################
              ; GUNICORN APPLICATION SERVER
              ; ###########################
              ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
              ; Module to use, this setting shouldn't be changed
              #use = egg:gunicorn#main
              ; Sets the number of process workers. More workers means more concurrent connections
              ; RhodeCode can handle at the same time. Each additional worker also it increases
              ; memory usage as each has it's own set of caches.
              ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
              ; than 8-10 unless for really big deployments .e.g 700-1000 users.
              ; `instance_id = *` must be set in the [app:main] section below (which is the default)
              ; when using more than 1 worker.
              #workers = 2
              ; Gunicorn access log level
              #loglevel = info
              ; Process name visible in process list
              #proc_name = rhodecode
              ; Type of worker class, one of `sync`, `gevent`
              ; Recommended type is `gevent`
              #worker_class = gevent
              ; The maximum number of simultaneous clients. Valid only for gevent
              #worker_connections = 10
              ; Max number of requests that worker will handle before being gracefully restarted.
              ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
              #max_requests = 1000
              #max_requests_jitter = 30
              ; Amount of time a worker can spend with handling a request before it
              ; gets killed and restarted. By default set to 21600 (6hrs)
              ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
              #timeout = 21600
              ; The maximum size of HTTP request line in bytes.
              ; 0 for unlimited
              #limit_request_line = 0
              ; Limit the number of HTTP headers fields in a request.
              ; By default this value is 100 and can't be larger than 32768.
              #limit_request_fields = 32768
              ; Limit the allowed size of an HTTP request header field.
              ; Value is a positive number or 0.
              ; Setting it to 0 will allow unlimited header field sizes.
              #limit_request_field_size = 0
              ; Timeout for graceful workers restart.
              ; After receiving a restart signal, workers have this much time to finish
              ; serving requests. Workers still alive after the timeout (starting from the
              ; receipt of the restart signal) are force killed.
              ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
              #graceful_timeout = 3600
              # The number of seconds to wait for requests on a Keep-Alive connection.
              # Generally set in the 1-5 seconds range.
              #keepalive = 2
              ; Maximum memory usage that each worker can use before it will receive a
              ; graceful restart signal 0 = memory monitoring is disabled
              ; Examples: 268435456 (256MB), 536870912 (512MB)
              ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
              #memory_max_usage = 0
              ; How often in seconds to check for memory usage for each gunicorn worker
              #memory_usage_check_interval = 60
              ; Threshold value for which we don't recycle worker if GarbageCollection
              ; frees up enough resources. Before each restart we try to run GC on worker
              ; in case we get enough free memory after that, restart will not happen.
              #memory_usage_recovery_threshold = 0.8
              ; Prefix middleware for RhodeCode.
              ; recommended when using proxy setup.
              ; allows to set RhodeCode under a prefix in server.
              ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
              ; And set your prefix like: `prefix = /custom_prefix`
              ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
              ; to make your cookies only work on prefix url
              [filter:proxy-prefix]
              use = egg:PasteDeploy#prefix
              prefix = /
              [app:main]
              ; The %(here)s variable will be replaced with the absolute path of parent directory
              ; of this file
              ; Each option in the app:main can be override by an environmental variable
              ;
              ;To override an option:
              ;
              ;RC_<KeyName>
              ;Everything should be uppercase, . and - should be replaced by _.
              ;For example, if you have these configuration settings:
              ;rc_cache.repo_object.backend = foo
              ;can be overridden by
              ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
              use = egg:rhodecode-enterprise-ce
              ; enable proxy prefix middleware, defined above
              #filter-with = proxy-prefix
              ; #############
              ; DEBUG OPTIONS
              ; #############
              pyramid.reload_templates = true
              # During development the we want to have the debug toolbar enabled
              pyramid.includes =
                  pyramid_debugtoolbar
              debugtoolbar.hosts = 0.0.0.0/0
              debugtoolbar.exclude_prefixes =
                  /css
                  /fonts
                  /images
                  /js
              ## RHODECODE PLUGINS ##
              rhodecode.includes =
                  rhodecode.api
              # api prefix url
              rhodecode.api.url = /_admin/api
              ; enable debug style page
              debug_style = true
              ; #################
              ; END DEBUG OPTIONS
              ; #################
              ; encryption key used to encrypt social plugin tokens,
              ; remote_urls with credentials etc, if not set it defaults to
              ; `beaker.session.secret`
              #rhodecode.encrypted_values.secret =
              ; decryption strict mode (enabled by default). It controls if decryption raises
              ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
              #rhodecode.encrypted_values.strict = false
              ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
              ; fernet is safer, and we strongly recommend switching to it.
              ; Due to backward compatibility aes is used as default.
              #rhodecode.encrypted_values.algorithm = fernet
              ; Return gzipped responses from RhodeCode (static files/application)
              gzip_responses = false
              ; Auto-generate javascript routes file on startup
              generate_js_files = false
              ; System global default language.
              ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
              lang = en
              ; Perform a full repository scan and import on each server start.
              ; Settings this to true could lead to very long startup time.
              startup.import_repos = false
              ; Uncomment and set this path to use archive download cache.
              ; Once enabled, generated archives will be cached at this location
              ; and served from the cache during subsequent requests for the same archive of
              ; the repository.
              #archive_cache_dir = /tmp/tarballcache
              ; URL at which the application is running. This is used for Bootstrapping
              ; requests in context when no web request is available. Used in ishell, or
              ; SSH calls. Set this for events to receive proper url for SSH calls.
              app.base_url = http://rhodecode.local
              ; Unique application ID. Should be a random unique string for security.
              app_instance_uuid = rc-production
              ; Cut off limit for large diffs (size in bytes). If overall diff size on
              ; commit, or pull request exceeds this limit this diff will be displayed
              ; partially. E.g 512000 == 512Kb
              cut_off_limit_diff = 512000
              ; Cut off limit for large files inside diffs (size in bytes). Each individual
              ; file inside diff which exceeds this limit will be displayed partially.
              ;  E.g 128000 == 128Kb
              cut_off_limit_file = 128000
              ; Use cached version of vcs repositories everywhere. Recommended to be `true`
              vcs_full_cache = true
              ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
              ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
              force_https = false
              ; use Strict-Transport-Security headers
              use_htsts = false
              ; Set to true if your repos are exposed using the dumb protocol
              git_update_server_info = false
              ; RSS/ATOM feed options
              rss_cut_off_limit = 256000
              rss_items_per_page = 10
              rss_include_diff = false
              ; gist URL alias, used to create nicer urls for gist. This should be an
              ; url that does rewrites to _admin/gists/{gistid}.
              ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
              ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
              gist_alias_url =
              ; List of views (using glob pattern syntax) that AUTH TOKENS could be
              ; used for access.
              ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
              ; came from the the logged in user who own this authentication token.
              ; Additionally @TOKEN syntax can be used to bound the view to specific
              ; authentication token. Such view would be only accessible when used together
              ; with this authentication token
              ; list of all views can be found under `/_admin/permissions/auth_token_access`
              ; The list should be "," separated and on a single line.
              ; Most common views to enable:
              #    RepoCommitsView:repo_commit_download
              #    RepoCommitsView:repo_commit_patch
              #    RepoCommitsView:repo_commit_raw
              #    RepoCommitsView:repo_commit_raw@TOKEN
              #    RepoFilesView:repo_files_diff
              #    RepoFilesView:repo_archivefile
              #    RepoFilesView:repo_file_raw
              #    GistView:*
              api_access_controllers_whitelist =
              ; Default encoding used to convert from and to unicode
              ; can be also a comma separated list of encoding in case of mixed encodings
              default_encoding = UTF-8
              ; instance-id prefix
              ; a prefix key for this instance used for cache invalidation when running
              ; multiple instances of RhodeCode, make sure it's globally unique for
              ; all running RhodeCode instances. Leave empty if you don't use it
              instance_id =
              ; Fallback authentication plugin. Set this to a plugin ID to force the usage
              ; of an authentication plugin also if it is disabled by it's settings.
              ; This could be useful if you are unable to log in to the system due to broken
              ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
              ; module to log in again and fix the settings.
              ; Available builtin plugin IDs (hash is part of the ID):
              ; egg:rhodecode-enterprise-ce#rhodecode
              ; egg:rhodecode-enterprise-ce#pam
              ; egg:rhodecode-enterprise-ce#ldap
              ; egg:rhodecode-enterprise-ce#jasig_cas
              ; egg:rhodecode-enterprise-ce#headers
              ; egg:rhodecode-enterprise-ce#crowd
              #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
              ; Flag to control loading of legacy plugins in py:/path format
              auth_plugin.import_legacy_plugins = true
              ; alternative return HTTP header for failed authentication. Default HTTP
              ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
              ; handling that causing a series of failed authentication calls.
              ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
              ; This will be served instead of default 401 on bad authentication
              auth_ret_code =
              ; use special detection method when serving auth_ret_code, instead of serving
              ; ret_code directly, use 401 initially (Which triggers credentials prompt)
              ; and then serve auth_ret_code to clients
              auth_ret_code_detection = false
              ; locking return code. When repository is locked return this HTTP code. 2XX
              ; codes don't break the transactions while 4XX codes do
              lock_ret_code = 423
              ; allows to change the repository location in settings page
              allow_repo_location_change = true
              ; allows to setup custom hooks in settings page
              allow_custom_hooks_settings = true
              ; Generated license token required for EE edition license.
              ; New generated token value can be found in Admin > settings > license page.
              license_token =
              ; This flag hides sensitive information on the license page such as token, and license data
              license.hide_license_info = false
              ; supervisor connection uri, for managing supervisor and logs.
              supervisor.uri =
              ; supervisord group name/id we only want this RC instance to handle
              supervisor.group_id = dev
              ; Display extended labs settings
              labs_settings_active = true
              ; Custom exception store path, defaults to TMPDIR
              ; This is used to store exception from RhodeCode in shared directory
              #exception_tracker.store_path =
              ; Send email with exception details when it happens
              #exception_tracker.send_email = false
              ; Comma separated list of recipients for exception emails,
              ; e.g admin@rhodecode.com,devops@rhodecode.com
              ; Can be left empty, then emails will be sent to ALL super-admins
              #exception_tracker.send_email_recipients =
              ; optional prefix to Add to email Subject
              #exception_tracker.email_prefix = [RHODECODE ERROR]
              ; File store configuration. This is used to store and serve uploaded files
              file_store.enabled = true
              ; Storage backend, available options are: local
              file_store.backend = local
              ; path to store the uploaded binaries
              file_store.storage_path = %(here)s/data/file_store
              ; #############
              ; CELERY CONFIG
              ; #############
              ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
              use_celery = false
              ; path to store schedule database
              #celerybeat-schedule.path =
              ; connection url to the message broker (default redis)
              celery.broker_url = redis://localhost:6379/8
              ; rabbitmq example
              #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
              ; maximum tasks to execute before worker restart
              celery.max_tasks_per_child = 100
              ; tasks will never be sent to the queue, but executed locally instead.
              celery.task_always_eager = false
              ; #############
              ; DOGPILE CACHE
              ; #############
              ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
              ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
              cache_dir = %(here)s/data
              ; *********************************************
              ; `sql_cache_short` cache for heavy SQL queries
              ; Only supported backend is `memory_lru`
              ; *********************************************
              rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
              rc_cache.sql_cache_short.expiration_time = 30
              ; *****************************************************
              ; `cache_repo_longterm` cache for repo object instances
              ; Only supported backend is `memory_lru`
              ; *****************************************************
              rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
              ; by default we use 30 Days, cache is still invalidated on push
              rc_cache.cache_repo_longterm.expiration_time = 2592000
              ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
              rc_cache.cache_repo_longterm.max_size = 10000
              ; *********************************************
              ; `cache_general` cache for general purpose use
              ; for simplicity use rc.file_namespace backend,
              ; for performance and scale use rc.redis
              ; *********************************************
              rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
              rc_cache.cache_general.expiration_time = 43200
              ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
              #rc_cache.cache_general.arguments.filename = /tmp/cache_general.db
              ; alternative `cache_general` redis backend with distributed lock
              #rc_cache.cache_general.backend = dogpile.cache.rc.redis
              #rc_cache.cache_general.expiration_time = 300
              ; redis_expiration_time needs to be greater then expiration_time
              #rc_cache.cache_general.arguments.redis_expiration_time = 7200
              #rc_cache.cache_general.arguments.host = localhost
              #rc_cache.cache_general.arguments.port = 6379
              #rc_cache.cache_general.arguments.db = 0
              #rc_cache.cache_general.arguments.socket_timeout = 30
              ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
              #rc_cache.cache_general.arguments.distributed_lock = true
              ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
              #rc_cache.cache_general.arguments.lock_auto_renewal = true
              ; *************************************************
              ; `cache_perms` cache for permission tree, auth TTL
              ; for simplicity use rc.file_namespace backend,
              ; for performance and scale use rc.redis
              ; *************************************************
              rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
              rc_cache.cache_perms.expiration_time = 3600
              ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
              #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
              ; alternative `cache_perms` redis backend with distributed lock
              #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
              #rc_cache.cache_perms.expiration_time = 300
              ; redis_expiration_time needs to be greater then expiration_time
              #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
              #rc_cache.cache_perms.arguments.host = localhost
              #rc_cache.cache_perms.arguments.port = 6379
              #rc_cache.cache_perms.arguments.db = 0
              #rc_cache.cache_perms.arguments.socket_timeout = 30
              ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
              #rc_cache.cache_perms.arguments.distributed_lock = true
              ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
              #rc_cache.cache_perms.arguments.lock_auto_renewal = true
              ; ***************************************************
              ; `cache_repo` cache for file tree, Readme, RSS FEEDS
              ; for simplicity use rc.file_namespace backend,
              ; for performance and scale use rc.redis
              ; ***************************************************
              rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
              rc_cache.cache_repo.expiration_time = 2592000
              ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
              #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
              ; alternative `cache_repo` redis backend with distributed lock
              #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
              #rc_cache.cache_repo.expiration_time = 2592000
              ; redis_expiration_time needs to be greater then expiration_time
              #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
              #rc_cache.cache_repo.arguments.host = localhost
              #rc_cache.cache_repo.arguments.port = 6379
              #rc_cache.cache_repo.arguments.db = 1
              #rc_cache.cache_repo.arguments.socket_timeout = 30
              ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
              #rc_cache.cache_repo.arguments.distributed_lock = true
              ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
              #rc_cache.cache_repo.arguments.lock_auto_renewal = true
              ; ##############
              ; BEAKER SESSION
              ; ##############
              ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
              ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
              ; Fastest ones are Redis and ext:database
              beaker.session.type = file
              beaker.session.data_dir = %(here)s/data/sessions
              ; Redis based sessions
              #beaker.session.type = ext:redis
              #beaker.session.url = redis://127.0.0.1:6379/2
              ; DB based session, fast, and allows easy management over logged in users
              #beaker.session.type = ext:database
              #beaker.session.table_name = db_session
              #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
              #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
              #beaker.session.sa.pool_recycle = 3600
              #beaker.session.sa.echo = false
              beaker.session.key = rhodecode
              beaker.session.secret = develop-rc-uytcxaz
              beaker.session.lock_dir = %(here)s/data/sessions/lock
              ; Secure encrypted cookie. Requires AES and AES python libraries
              ; you must disable beaker.session.secret to use this
              #beaker.session.encrypt_key = key_for_encryption
              #beaker.session.validate_key = validation_key
              ; Sets session as invalid (also logging out user) if it haven not been
              ; accessed for given amount of time in seconds
              beaker.session.timeout = 2592000
              beaker.session.httponly = true
              ; Path to use for the cookie. Set to prefix if you use prefix middleware
              #beaker.session.cookie_path = /custom_prefix
              ; Set https secure cookie
              beaker.session.secure = false
              ; default cookie expiration time in seconds, set to `true` to set expire
              ; at browser close
              #beaker.session.cookie_expires = 3600
              ; #############################
              ; SEARCH INDEXING CONFIGURATION
              ; #############################
              ; Full text search indexer is available in rhodecode-tools under
              ; `rhodecode-tools index` command
              ; WHOOSH Backend, doesn't require additional services to run
              ; it works good with few dozen repos
              search.module = rhodecode.lib.index.whoosh
              search.location = %(here)s/data/index
              ; ####################
              ; CHANNELSTREAM CONFIG
              ; ####################
              ; channelstream enables persistent connections and live notification
              ; in the system. It's also used by the chat system
              channelstream.enabled = false
              ; server address for channelstream server on the backend
              channelstream.server = 127.0.0.1:9800
              ; location of the channelstream server from outside world
              ; use ws:// for http or wss:// for https. This address needs to be handled
              ; by external HTTP server such as Nginx or Apache
              ; see Nginx/Apache configuration examples in our docs
              channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
              channelstream.secret = secret
              channelstream.history.location = %(here)s/channelstream_history
              ; Internal application path that Javascript uses to connect into.
              ; If you use proxy-prefix the prefix should be added before /_channelstream
              channelstream.proxy_path = /_channelstream
              ; ##############################
              ; MAIN RHODECODE DATABASE CONFIG
              ; ##############################
              #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
              #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
              #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
              ; pymysql is an alternative driver for MySQL, use in case of problems with default one
              #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
              sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
              ; see sqlalchemy docs for other advanced settings
              ; print the sql statements to output
              sqlalchemy.db1.echo = false
              ; recycle the connections after this amount of seconds
              sqlalchemy.db1.pool_recycle = 3600
              sqlalchemy.db1.convert_unicode = true
              ; the number of connections to keep open inside the connection pool.
              ; 0 indicates no limit
              #sqlalchemy.db1.pool_size = 5
              ; The number of connections to allow in connection pool "overflow", that is
              ; connections that can be opened above and beyond the pool_size setting,
              ; which defaults to five.
              #sqlalchemy.db1.max_overflow = 10
              ; Connection check ping, used to detect broken database connections
              ; could be enabled to better handle cases if MySQL has gone away errors
              #sqlalchemy.db1.ping_connection = true
              ; ##########
              ; VCS CONFIG
              ; ##########
              vcs.server.enable = true
              vcs.server = localhost:9900
              ; Web server connectivity protocol, responsible for web based VCS operations
              ; Available protocols are:
              ; `http` - use http-rpc backend (default)
              vcs.server.protocol = http
              ; Push/Pull operations protocol, available options are:
              ; `http` - use http-rpc backend (default)
              vcs.scm_app_implementation = http
              ; Push/Pull operations hooks protocol, available options are:
              ; `http` - use http-rpc backend (default)
              vcs.hooks.protocol = http
-             ; Host on which this instance is listening for hooks. If vcsserver is in other location
-             ; this should be adjusted.
-             vcs.hooks.host = 127.0.0.1
+             ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
+             ; accessible via network.
+             ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
+             vcs.hooks.host = *
              ; Start VCSServer with this instance as a subprocess, useful for development
              vcs.start_server = false
              ; List of enabled VCS backends, available options are:
              ; `hg`  - mercurial
              ; `git` - git
              ; `svn` - subversion
              vcs.backends = hg, git, svn
              ; Wait this number of seconds before killing connection to the vcsserver
              vcs.connection_timeout = 3600
              ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
              ; Set a numeric version for your current SVN e.g 1.8, or 1.12
              ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
              #vcs.svn.compatible_version = 1.8
              ; Cache flag to cache vcsserver remote calls locally
              ; It uses cache_region `cache_repo`
              vcs.methods.cache = true
              ; ####################################################
              ; Subversion proxy support (mod_dav_svn)
              ; Maps RhodeCode repo groups into SVN paths for Apache
              ; ####################################################
              ; Enable or disable the config file generation.
              svn.proxy.generate_config = false
              ; Generate config file with `SVNListParentPath` set to `On`.
              svn.proxy.list_parent_path = true
              ; Set location and file name of generated config file.
              svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
              ; alternative mod_dav config template. This needs to be a valid mako template
              ; Example template can be found in the source code:
              ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
              #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
              ; Used as a prefix to the `Location` block in the generated config file.
              ; In most cases it should be set to `/`.
              svn.proxy.location_root = /
              ; Command to reload the mod dav svn configuration on change.
              ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
              ; Make sure user who runs RhodeCode process is allowed to reload Apache
              #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
              ; If the timeout expires before the reload command finishes, the command will
              ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
              #svn.proxy.reload_timeout = 10
              ; ####################
              ; SSH Support Settings
              ; ####################
              ; Defines if a custom authorized_keys file should be created and written on
              ; any change user ssh keys. Setting this to false also disables possibility
              ; of adding SSH keys by users from web interface. Super admins can still
              ; manage SSH Keys.
              ssh.generate_authorized_keyfile = false
              ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
              # ssh.authorized_keys_ssh_opts =
              ; Path to the authorized_keys file where the generate entries are placed.
              ; It is possible to have multiple key files specified in `sshd_config` e.g.
              ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
              ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
              ; Command to execute the SSH wrapper. The binary is available in the
              ; RhodeCode installation directory.
              ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
              ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
              ; Allow shell when executing the ssh-wrapper command
              ssh.wrapper_cmd_allow_shell = false
              ; Enables logging, and detailed output send back to the client during SSH
              ; operations. Useful for debugging, shouldn't be used in production.
              ssh.enable_debug_logging = true
              ; Paths to binary executable, by default they are the names, but we can
              ; override them if we want to use a custom one
              ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
              ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
              ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
              ; Enables SSH key generator web interface. Disabling this still allows users
              ; to add their own keys.
              ssh.enable_ui_key_generator = true
              ; #################
              ; APPENLIGHT CONFIG
              ; #################
              ; Appenlight is tailored to work with RhodeCode, see
              ; http://appenlight.rhodecode.com for details how to obtain an account
              ; Appenlight integration enabled
              #appenlight = false
              #appenlight.server_url = https://api.appenlight.com
              #appenlight.api_key = YOUR_API_KEY
              #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
              ; used for JS client
              #appenlight.api_public_key = YOUR_API_PUBLIC_KEY
              ; TWEAK AMOUNT OF INFO SENT HERE
              ; enables 404 error logging (default False)
              #appenlight.report_404 = false
              ; time in seconds after request is considered being slow (default 1)
              #appenlight.slow_request_time = 1
              ; record slow requests in application
              ; (needs to be enabled for slow datastore recording and time tracking)
              #appenlight.slow_requests = true
              ; enable hooking to application loggers
              #appenlight.logging = true
              ; minimum log level for log capture
              #ppenlight.logging.level = WARNING
              ; send logs only from erroneous/slow requests
              ; (saves API quota for intensive logging)
              #appenlight.logging_on_error = false
              ; list of additional keywords that should be grabbed from environ object
              ; can be string with comma separated list of words in lowercase
              ; (by default client will always send following info:
              ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
              ; start with HTTP* this list be extended with additional keywords here
              #appenlight.environ_keys_whitelist =
              ; list of keywords that should be blanked from request object
              ; can be string with comma separated list of words in lowercase
              ; (by default client will always blank keys that contain following words
              ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
              ; this list be extended with additional keywords set here
              #appenlight.request_keys_blacklist =
              ; list of namespaces that should be ignores when gathering log entries
              ; can be string with comma separated list of namespaces
              ; (by default the client ignores own entries: appenlight_client.client)
              #appenlight.log_namespace_blacklist =
              ; Statsd client config, this is used to send metrics to statsd
              ; We recommend setting statsd_exported and scrape them using Promethues
              #statsd.enabled = false
              #statsd.statsd_host = 0.0.0.0
              #statsd.statsd_port = 8125
              #statsd.statsd_prefix =
              #statsd.statsd_ipv6 = false
              ; configure logging automatically at server startup set to false
              ; to use the below custom logging config.
              ; RC_LOGGING_FORMATTER
              ; RC_LOGGING_LEVEL
              ; env variables can control the settings for logging in case of autoconfigure
              #logging.autoconfigure = true
              ; specify your own custom logging config file to configure logging
              #logging.logging_conf_file = /path/to/custom_logging.ini
              ; Dummy marker to add new entries after.
              ; Add any custom entries below. Please don't remove this marker.
              custom.conf = 1
              ; #####################
              ; LOGGING CONFIGURATION
              ; #####################
              [loggers]
              keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
              [handlers]
              keys = console, console_sql
              [formatters]
              keys = generic, json, color_formatter, color_formatter_sql
              ; #######
              ; LOGGERS
              ; #######
              [logger_root]
              level = NOTSET
              handlers = console
              [logger_sqlalchemy]
              level = INFO
              handlers = console_sql
              qualname = sqlalchemy.engine
              propagate = 0
              [logger_beaker]
              level = DEBUG
              handlers =
              qualname = beaker.container
              propagate = 1
              [logger_rhodecode]
              level = DEBUG
              handlers =
              qualname = rhodecode
              propagate = 1
              [logger_ssh_wrapper]
              level = DEBUG
              handlers =
              qualname = ssh_wrapper
              propagate = 1
              [logger_celery]
              level = DEBUG
              handlers =
              qualname = celery
              ; ########
              ; HANDLERS
              ; ########
              [handler_console]
              class = StreamHandler
              args = (sys.stderr, )
              level = DEBUG
              ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
              ; This allows sending properly formatted logs to grafana loki or elasticsearch
              formatter = color_formatter
              [handler_console_sql]
              ; "level = DEBUG" logs SQL queries and results.
              ; "level = INFO" logs SQL queries.
              ; "level = WARN" logs neither.  (Recommended for production systems.)
              class = StreamHandler
              args = (sys.stderr, )
              level = WARN
              ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
              ; This allows sending properly formatted logs to grafana loki or elasticsearch
              formatter = color_formatter_sql
              ; ##########
              ; FORMATTERS
              ; ##########
              [formatter_generic]
              class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
              format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
              datefmt = %Y-%m-%d %H:%M:%S
              [formatter_color_formatter]
              class = rhodecode.lib.logging_formatter.ColorFormatter
              format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
              datefmt = %Y-%m-%d %H:%M:%S
              [formatter_color_formatter_sql]
              class = rhodecode.lib.logging_formatter.ColorFormatterSql
              format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
              datefmt = %Y-%m-%d %H:%M:%S
              [formatter_json]
              format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
              class = rhodecode.lib._vendor.jsonlogger.JsonFormatter

configs/production.ini

0 +4 -3

              ## -*- coding: utf-8 -*-
              ; #########################################
              ; RHODECODE COMMUNITY EDITION CONFIGURATION
              ; #########################################
              [DEFAULT]
              ; Debug flag sets all loggers to debug, and enables request tracking
              debug = false
              ; ########################################################################
              ; EMAIL CONFIGURATION
              ; These settings will be used by the RhodeCode mailing system
              ; ########################################################################
              ; prefix all emails subjects with given prefix, helps filtering out emails
              #email_prefix = [RhodeCode]
              ; email FROM address all mails will be sent
              #app_email_from = rhodecode-noreply@localhost
              #smtp_server = mail.server.com
              #smtp_username =
              #smtp_password =
              #smtp_port =
              #smtp_use_tls = false
              #smtp_use_ssl = true
              [server:main]
              ; COMMON HOST/IP CONFIG
              host = 127.0.0.1
              port = 5000
              ; ###########################
              ; GUNICORN APPLICATION SERVER
              ; ###########################
              ; run with gunicorn --paste rhodecode.ini
              ; Module to use, this setting shouldn't be changed
              use = egg:gunicorn#main
              ; Sets the number of process workers. More workers means more concurrent connections
              ; RhodeCode can handle at the same time. Each additional worker also it increases
              ; memory usage as each has it's own set of caches.
              ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
              ; than 8-10 unless for really big deployments .e.g 700-1000 users.
              ; `instance_id = *` must be set in the [app:main] section below (which is the default)
              ; when using more than 1 worker.
              workers = 2
              ; Gunicorn access log level
              loglevel = info
              ; Process name visible in process list
              proc_name = rhodecode
              ; Type of worker class, one of `sync`, `gevent`
              ; Recommended type is `gevent`
              worker_class = gevent
              ; The maximum number of simultaneous clients per worker. Valid only for gevent
              worker_connections = 10
              ; Max number of requests that worker will handle before being gracefully restarted.
              ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
              max_requests = 1000
              max_requests_jitter = 30
              ; Amount of time a worker can spend with handling a request before it
              ; gets killed and restarted. By default set to 21600 (6hrs)
              ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
              timeout = 21600
              ; The maximum size of HTTP request line in bytes.
              ; 0 for unlimited
              limit_request_line = 0
              ; Limit the number of HTTP headers fields in a request.
              ; By default this value is 100 and can't be larger than 32768.
              limit_request_fields = 32768
              ; Limit the allowed size of an HTTP request header field.
              ; Value is a positive number or 0.
              ; Setting it to 0 will allow unlimited header field sizes.
              limit_request_field_size = 0
              ; Timeout for graceful workers restart.
              ; After receiving a restart signal, workers have this much time to finish
              ; serving requests. Workers still alive after the timeout (starting from the
              ; receipt of the restart signal) are force killed.
              ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
              graceful_timeout = 3600
              # The number of seconds to wait for requests on a Keep-Alive connection.
              # Generally set in the 1-5 seconds range.
              keepalive = 2
              ; Maximum memory usage that each worker can use before it will receive a
              ; graceful restart signal 0 = memory monitoring is disabled
              ; Examples: 268435456 (256MB), 536870912 (512MB)
              ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
              memory_max_usage = 0
              ; How often in seconds to check for memory usage for each gunicorn worker
              memory_usage_check_interval = 60
              ; Threshold value for which we don't recycle worker if GarbageCollection
              ; frees up enough resources. Before each restart we try to run GC on worker
              ; in case we get enough free memory after that, restart will not happen.
              memory_usage_recovery_threshold = 0.8
              ; Prefix middleware for RhodeCode.
              ; recommended when using proxy setup.
              ; allows to set RhodeCode under a prefix in server.
              ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
              ; And set your prefix like: `prefix = /custom_prefix`
              ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
              ; to make your cookies only work on prefix url
              [filter:proxy-prefix]
              use = egg:PasteDeploy#prefix
              prefix = /
              [app:main]
              ; The %(here)s variable will be replaced with the absolute path of parent directory
              ; of this file
              ; Each option in the app:main can be override by an environmental variable
              ;
              ;To override an option:
              ;
              ;RC_<KeyName>
              ;Everything should be uppercase, . and - should be replaced by _.
              ;For example, if you have these configuration settings:
              ;rc_cache.repo_object.backend = foo
              ;can be overridden by
              ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
              use = egg:rhodecode-enterprise-ce
              ; enable proxy prefix middleware, defined above
              #filter-with = proxy-prefix
              ; encryption key used to encrypt social plugin tokens,
              ; remote_urls with credentials etc, if not set it defaults to
              ; `beaker.session.secret`
              #rhodecode.encrypted_values.secret =
              ; decryption strict mode (enabled by default). It controls if decryption raises
              ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
              #rhodecode.encrypted_values.strict = false
              ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
              ; fernet is safer, and we strongly recommend switching to it.
              ; Due to backward compatibility aes is used as default.
              #rhodecode.encrypted_values.algorithm = fernet
              ; Return gzipped responses from RhodeCode (static files/application)
              gzip_responses = false
              ; Auto-generate javascript routes file on startup
              generate_js_files = false
              ; System global default language.
              ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
              lang = en
              ; Perform a full repository scan and import on each server start.
              ; Settings this to true could lead to very long startup time.
              startup.import_repos = false
              ; Uncomment and set this path to use archive download cache.
              ; Once enabled, generated archives will be cached at this location
              ; and served from the cache during subsequent requests for the same archive of
              ; the repository.
              #archive_cache_dir = /tmp/tarballcache
              ; URL at which the application is running. This is used for Bootstrapping
              ; requests in context when no web request is available. Used in ishell, or
              ; SSH calls. Set this for events to receive proper url for SSH calls.
              app.base_url = http://rhodecode.local
              ; Unique application ID. Should be a random unique string for security.
              app_instance_uuid = rc-production
              ; Cut off limit for large diffs (size in bytes). If overall diff size on
              ; commit, or pull request exceeds this limit this diff will be displayed
              ; partially. E.g 512000 == 512Kb
              cut_off_limit_diff = 512000
              ; Cut off limit for large files inside diffs (size in bytes). Each individual
              ; file inside diff which exceeds this limit will be displayed partially.
              ;  E.g 128000 == 128Kb
              cut_off_limit_file = 128000
              ; Use cached version of vcs repositories everywhere. Recommended to be `true`
              vcs_full_cache = true
              ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
              ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
              force_https = false
              ; use Strict-Transport-Security headers
              use_htsts = false
              ; Set to true if your repos are exposed using the dumb protocol
              git_update_server_info = false
              ; RSS/ATOM feed options
              rss_cut_off_limit = 256000
              rss_items_per_page = 10
              rss_include_diff = false
              ; gist URL alias, used to create nicer urls for gist. This should be an
              ; url that does rewrites to _admin/gists/{gistid}.
              ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
              ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
              gist_alias_url =
              ; List of views (using glob pattern syntax) that AUTH TOKENS could be
              ; used for access.
              ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
              ; came from the the logged in user who own this authentication token.
              ; Additionally @TOKEN syntax can be used to bound the view to specific
              ; authentication token. Such view would be only accessible when used together
              ; with this authentication token
              ; list of all views can be found under `/_admin/permissions/auth_token_access`
              ; The list should be "," separated and on a single line.
              ; Most common views to enable:
              #    RepoCommitsView:repo_commit_download
              #    RepoCommitsView:repo_commit_patch
              #    RepoCommitsView:repo_commit_raw
              #    RepoCommitsView:repo_commit_raw@TOKEN
              #    RepoFilesView:repo_files_diff
              #    RepoFilesView:repo_archivefile
              #    RepoFilesView:repo_file_raw
              #    GistView:*
              api_access_controllers_whitelist =
              ; Default encoding used to convert from and to unicode
              ; can be also a comma separated list of encoding in case of mixed encodings
              default_encoding = UTF-8
              ; instance-id prefix
              ; a prefix key for this instance used for cache invalidation when running
              ; multiple instances of RhodeCode, make sure it's globally unique for
              ; all running RhodeCode instances. Leave empty if you don't use it
              instance_id =
              ; Fallback authentication plugin. Set this to a plugin ID to force the usage
              ; of an authentication plugin also if it is disabled by it's settings.
              ; This could be useful if you are unable to log in to the system due to broken
              ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
              ; module to log in again and fix the settings.
              ; Available builtin plugin IDs (hash is part of the ID):
              ; egg:rhodecode-enterprise-ce#rhodecode
              ; egg:rhodecode-enterprise-ce#pam
              ; egg:rhodecode-enterprise-ce#ldap
              ; egg:rhodecode-enterprise-ce#jasig_cas
              ; egg:rhodecode-enterprise-ce#headers
              ; egg:rhodecode-enterprise-ce#crowd
              #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
              ; Flag to control loading of legacy plugins in py:/path format
              auth_plugin.import_legacy_plugins = true
              ; alternative return HTTP header for failed authentication. Default HTTP
              ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
              ; handling that causing a series of failed authentication calls.
              ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
              ; This will be served instead of default 401 on bad authentication
              auth_ret_code =
              ; use special detection method when serving auth_ret_code, instead of serving
              ; ret_code directly, use 401 initially (Which triggers credentials prompt)
              ; and then serve auth_ret_code to clients
              auth_ret_code_detection = false
              ; locking return code. When repository is locked return this HTTP code. 2XX
              ; codes don't break the transactions while 4XX codes do
              lock_ret_code = 423
              ; allows to change the repository location in settings page
              allow_repo_location_change = true
              ; allows to setup custom hooks in settings page
              allow_custom_hooks_settings = true
              ; Generated license token required for EE edition license.
              ; New generated token value can be found in Admin > settings > license page.
              license_token =
              ; This flag hides sensitive information on the license page such as token, and license data
              license.hide_license_info = false
              ; supervisor connection uri, for managing supervisor and logs.
              supervisor.uri =
              ; supervisord group name/id we only want this RC instance to handle
              supervisor.group_id = prod
              ; Display extended labs settings
              labs_settings_active = true
              ; Custom exception store path, defaults to TMPDIR
              ; This is used to store exception from RhodeCode in shared directory
              #exception_tracker.store_path =
              ; Send email with exception details when it happens
              #exception_tracker.send_email = false
              ; Comma separated list of recipients for exception emails,
              ; e.g admin@rhodecode.com,devops@rhodecode.com
              ; Can be left empty, then emails will be sent to ALL super-admins
              #exception_tracker.send_email_recipients =
              ; optional prefix to Add to email Subject
              #exception_tracker.email_prefix = [RHODECODE ERROR]
              ; File store configuration. This is used to store and serve uploaded files
              file_store.enabled = true
              ; Storage backend, available options are: local
              file_store.backend = local
              ; path to store the uploaded binaries
              file_store.storage_path = %(here)s/data/file_store
              ; #############
              ; CELERY CONFIG
              ; #############
              ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
              use_celery = false
              ; path to store schedule database
              #celerybeat-schedule.path =
              ; connection url to the message broker (default redis)
              celery.broker_url = redis://localhost:6379/8
              ; rabbitmq example
              #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
              ; maximum tasks to execute before worker restart
              celery.max_tasks_per_child = 100
              ; tasks will never be sent to the queue, but executed locally instead.
              celery.task_always_eager = false
              ; #############
              ; DOGPILE CACHE
              ; #############
              ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
              ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
              cache_dir = %(here)s/data
              ; *********************************************
              ; `sql_cache_short` cache for heavy SQL queries
              ; Only supported backend is `memory_lru`
              ; *********************************************
              rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
              rc_cache.sql_cache_short.expiration_time = 30
              ; *****************************************************
              ; `cache_repo_longterm` cache for repo object instances
              ; Only supported backend is `memory_lru`
              ; *****************************************************
              rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
              ; by default we use 30 Days, cache is still invalidated on push
              rc_cache.cache_repo_longterm.expiration_time = 2592000
              ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
              rc_cache.cache_repo_longterm.max_size = 10000
              ; *********************************************
              ; `cache_general` cache for general purpose use
              ; for simplicity use rc.file_namespace backend,
              ; for performance and scale use rc.redis
              ; *********************************************
              rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
              rc_cache.cache_general.expiration_time = 43200
              ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
              #rc_cache.cache_general.arguments.filename = /tmp/cache_general.db
              ; alternative `cache_general` redis backend with distributed lock
              #rc_cache.cache_general.backend = dogpile.cache.rc.redis
              #rc_cache.cache_general.expiration_time = 300
              ; redis_expiration_time needs to be greater then expiration_time
              #rc_cache.cache_general.arguments.redis_expiration_time = 7200
              #rc_cache.cache_general.arguments.host = localhost
              #rc_cache.cache_general.arguments.port = 6379
              #rc_cache.cache_general.arguments.db = 0
              #rc_cache.cache_general.arguments.socket_timeout = 30
              ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
              #rc_cache.cache_general.arguments.distributed_lock = true
              ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
              #rc_cache.cache_general.arguments.lock_auto_renewal = true
              ; *************************************************
              ; `cache_perms` cache for permission tree, auth TTL
              ; for simplicity use rc.file_namespace backend,
              ; for performance and scale use rc.redis
              ; *************************************************
              rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
              rc_cache.cache_perms.expiration_time = 3600
              ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
              #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
              ; alternative `cache_perms` redis backend with distributed lock
              #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
              #rc_cache.cache_perms.expiration_time = 300
              ; redis_expiration_time needs to be greater then expiration_time
              #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
              #rc_cache.cache_perms.arguments.host = localhost
              #rc_cache.cache_perms.arguments.port = 6379
              #rc_cache.cache_perms.arguments.db = 0
              #rc_cache.cache_perms.arguments.socket_timeout = 30
              ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
              #rc_cache.cache_perms.arguments.distributed_lock = true
              ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
              #rc_cache.cache_perms.arguments.lock_auto_renewal = true
              ; ***************************************************
              ; `cache_repo` cache for file tree, Readme, RSS FEEDS
              ; for simplicity use rc.file_namespace backend,
              ; for performance and scale use rc.redis
              ; ***************************************************
              rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
              rc_cache.cache_repo.expiration_time = 2592000
              ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
              #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
              ; alternative `cache_repo` redis backend with distributed lock
              #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
              #rc_cache.cache_repo.expiration_time = 2592000
              ; redis_expiration_time needs to be greater then expiration_time
              #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
              #rc_cache.cache_repo.arguments.host = localhost
              #rc_cache.cache_repo.arguments.port = 6379
              #rc_cache.cache_repo.arguments.db = 1
              #rc_cache.cache_repo.arguments.socket_timeout = 30
              ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
              #rc_cache.cache_repo.arguments.distributed_lock = true
              ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
              #rc_cache.cache_repo.arguments.lock_auto_renewal = true
              ; ##############
              ; BEAKER SESSION
              ; ##############
              ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
              ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
              ; Fastest ones are Redis and ext:database
              beaker.session.type = file
              beaker.session.data_dir = %(here)s/data/sessions
              ; Redis based sessions
              #beaker.session.type = ext:redis
              #beaker.session.url = redis://127.0.0.1:6379/2
              ; DB based session, fast, and allows easy management over logged in users
              #beaker.session.type = ext:database
              #beaker.session.table_name = db_session
              #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
              #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
              #beaker.session.sa.pool_recycle = 3600
              #beaker.session.sa.echo = false
              beaker.session.key = rhodecode
              beaker.session.secret = production-rc-uytcxaz
              beaker.session.lock_dir = %(here)s/data/sessions/lock
              ; Secure encrypted cookie. Requires AES and AES python libraries
              ; you must disable beaker.session.secret to use this
              #beaker.session.encrypt_key = key_for_encryption
              #beaker.session.validate_key = validation_key
              ; Sets session as invalid (also logging out user) if it haven not been
              ; accessed for given amount of time in seconds
              beaker.session.timeout = 2592000
              beaker.session.httponly = true
              ; Path to use for the cookie. Set to prefix if you use prefix middleware
              #beaker.session.cookie_path = /custom_prefix
              ; Set https secure cookie
              beaker.session.secure = false
              ; default cookie expiration time in seconds, set to `true` to set expire
              ; at browser close
              #beaker.session.cookie_expires = 3600
              ; #############################
              ; SEARCH INDEXING CONFIGURATION
              ; #############################
              ; Full text search indexer is available in rhodecode-tools under
              ; `rhodecode-tools index` command
              ; WHOOSH Backend, doesn't require additional services to run
              ; it works good with few dozen repos
              search.module = rhodecode.lib.index.whoosh
              search.location = %(here)s/data/index
              ; ####################
              ; CHANNELSTREAM CONFIG
              ; ####################
              ; channelstream enables persistent connections and live notification
              ; in the system. It's also used by the chat system
              channelstream.enabled = false
              ; server address for channelstream server on the backend
              channelstream.server = 127.0.0.1:9800
              ; location of the channelstream server from outside world
              ; use ws:// for http or wss:// for https. This address needs to be handled
              ; by external HTTP server such as Nginx or Apache
              ; see Nginx/Apache configuration examples in our docs
              channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
              channelstream.secret = secret
              channelstream.history.location = %(here)s/channelstream_history
              ; Internal application path that Javascript uses to connect into.
              ; If you use proxy-prefix the prefix should be added before /_channelstream
              channelstream.proxy_path = /_channelstream
              ; ##############################
              ; MAIN RHODECODE DATABASE CONFIG
              ; ##############################
              #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
              #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
              #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
              ; pymysql is an alternative driver for MySQL, use in case of problems with default one
              #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
              sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
              ; see sqlalchemy docs for other advanced settings
              ; print the sql statements to output
              sqlalchemy.db1.echo = false
              ; recycle the connections after this amount of seconds
              sqlalchemy.db1.pool_recycle = 3600
              sqlalchemy.db1.convert_unicode = true
              ; the number of connections to keep open inside the connection pool.
              ; 0 indicates no limit
              #sqlalchemy.db1.pool_size = 5
              ; The number of connections to allow in connection pool "overflow", that is
              ; connections that can be opened above and beyond the pool_size setting,
              ; which defaults to five.
              #sqlalchemy.db1.max_overflow = 10
              ; Connection check ping, used to detect broken database connections
              ; could be enabled to better handle cases if MySQL has gone away errors
              #sqlalchemy.db1.ping_connection = true
              ; ##########
              ; VCS CONFIG
              ; ##########
              vcs.server.enable = true
              vcs.server = localhost:9900
              ; Web server connectivity protocol, responsible for web based VCS operations
              ; Available protocols are:
              ; `http` - use http-rpc backend (default)
              vcs.server.protocol = http
              ; Push/Pull operations protocol, available options are:
              ; `http` - use http-rpc backend (default)
              vcs.scm_app_implementation = http
              ; Push/Pull operations hooks protocol, available options are:
              ; `http` - use http-rpc backend (default)
              vcs.hooks.protocol = http
-             ; Host on which this instance is listening for hooks. If vcsserver is in other location
-             ; this should be adjusted.
-             vcs.hooks.host = 127.0.0.1
+             ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
+             ; accessible via network.
+             ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
+             vcs.hooks.host = *
              ; Start VCSServer with this instance as a subprocess, useful for development
              vcs.start_server = false
              ; List of enabled VCS backends, available options are:
              ; `hg`  - mercurial
              ; `git` - git
              ; `svn` - subversion
              vcs.backends = hg, git, svn
              ; Wait this number of seconds before killing connection to the vcsserver
              vcs.connection_timeout = 3600
              ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
              ; Set a numeric version for your current SVN e.g 1.8, or 1.12
              ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
              #vcs.svn.compatible_version = 1.8
              ; Cache flag to cache vcsserver remote calls locally
              ; It uses cache_region `cache_repo`
              vcs.methods.cache = true
              ; ####################################################
              ; Subversion proxy support (mod_dav_svn)
              ; Maps RhodeCode repo groups into SVN paths for Apache
              ; ####################################################
              ; Enable or disable the config file generation.
              svn.proxy.generate_config = false
              ; Generate config file with `SVNListParentPath` set to `On`.
              svn.proxy.list_parent_path = true
              ; Set location and file name of generated config file.
              svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
              ; alternative mod_dav config template. This needs to be a valid mako template
              ; Example template can be found in the source code:
              ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
              #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
              ; Used as a prefix to the `Location` block in the generated config file.
              ; In most cases it should be set to `/`.
              svn.proxy.location_root = /
              ; Command to reload the mod dav svn configuration on change.
              ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
              ; Make sure user who runs RhodeCode process is allowed to reload Apache
              #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
              ; If the timeout expires before the reload command finishes, the command will
              ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
              #svn.proxy.reload_timeout = 10
              ; ####################
              ; SSH Support Settings
              ; ####################
              ; Defines if a custom authorized_keys file should be created and written on
              ; any change user ssh keys. Setting this to false also disables possibility
              ; of adding SSH keys by users from web interface. Super admins can still
              ; manage SSH Keys.
              ssh.generate_authorized_keyfile = false
              ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
              # ssh.authorized_keys_ssh_opts =
              ; Path to the authorized_keys file where the generate entries are placed.
              ; It is possible to have multiple key files specified in `sshd_config` e.g.
              ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
              ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
              ; Command to execute the SSH wrapper. The binary is available in the
              ; RhodeCode installation directory.
              ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
              ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
              ; Allow shell when executing the ssh-wrapper command
              ssh.wrapper_cmd_allow_shell = false
              ; Enables logging, and detailed output send back to the client during SSH
              ; operations. Useful for debugging, shouldn't be used in production.
              ssh.enable_debug_logging = false
              ; Paths to binary executable, by default they are the names, but we can
              ; override them if we want to use a custom one
              ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
              ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
              ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
              ; Enables SSH key generator web interface. Disabling this still allows users
              ; to add their own keys.
              ssh.enable_ui_key_generator = true
              ; #################
              ; APPENLIGHT CONFIG
              ; #################
              ; Appenlight is tailored to work with RhodeCode, see
              ; http://appenlight.rhodecode.com for details how to obtain an account
              ; Appenlight integration enabled
              #appenlight = false
              #appenlight.server_url = https://api.appenlight.com
              #appenlight.api_key = YOUR_API_KEY
              #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
              ; used for JS client
              #appenlight.api_public_key = YOUR_API_PUBLIC_KEY
              ; TWEAK AMOUNT OF INFO SENT HERE
              ; enables 404 error logging (default False)
              #appenlight.report_404 = false
              ; time in seconds after request is considered being slow (default 1)
              #appenlight.slow_request_time = 1
              ; record slow requests in application
              ; (needs to be enabled for slow datastore recording and time tracking)
              #appenlight.slow_requests = true
              ; enable hooking to application loggers
              #appenlight.logging = true
              ; minimum log level for log capture
              #ppenlight.logging.level = WARNING
              ; send logs only from erroneous/slow requests
              ; (saves API quota for intensive logging)
              #appenlight.logging_on_error = false
              ; list of additional keywords that should be grabbed from environ object
              ; can be string with comma separated list of words in lowercase
              ; (by default client will always send following info:
              ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
              ; start with HTTP* this list be extended with additional keywords here
              #appenlight.environ_keys_whitelist =
              ; list of keywords that should be blanked from request object
              ; can be string with comma separated list of words in lowercase
              ; (by default client will always blank keys that contain following words
              ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
              ; this list be extended with additional keywords set here
              #appenlight.request_keys_blacklist =
              ; list of namespaces that should be ignores when gathering log entries
              ; can be string with comma separated list of namespaces
              ; (by default the client ignores own entries: appenlight_client.client)
              #appenlight.log_namespace_blacklist =
              ; Statsd client config, this is used to send metrics to statsd
              ; We recommend setting statsd_exported and scrape them using Promethues
              #statsd.enabled = false
              #statsd.statsd_host = 0.0.0.0
              #statsd.statsd_port = 8125
              #statsd.statsd_prefix =
              #statsd.statsd_ipv6 = false
              ; configure logging automatically at server startup set to false
              ; to use the below custom logging config.
              ; RC_LOGGING_FORMATTER
              ; RC_LOGGING_LEVEL
              ; env variables can control the settings for logging in case of autoconfigure
              #logging.autoconfigure = true
              ; specify your own custom logging config file to configure logging
              #logging.logging_conf_file = /path/to/custom_logging.ini
              ; Dummy marker to add new entries after.
              ; Add any custom entries below. Please don't remove this marker.
              custom.conf = 1
              ; #####################
              ; LOGGING CONFIGURATION
              ; #####################
              [loggers]
              keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
              [handlers]
              keys = console, console_sql
              [formatters]
              keys = generic, json, color_formatter, color_formatter_sql
              ; #######
              ; LOGGERS
              ; #######
              [logger_root]
              level = NOTSET
              handlers = console
              [logger_sqlalchemy]
              level = INFO
              handlers = console_sql
              qualname = sqlalchemy.engine
              propagate = 0
              [logger_beaker]
              level = DEBUG
              handlers =
              qualname = beaker.container
              propagate = 1
              [logger_rhodecode]
              level = DEBUG
              handlers =
              qualname = rhodecode
              propagate = 1
              [logger_ssh_wrapper]
              level = DEBUG
              handlers =
              qualname = ssh_wrapper
              propagate = 1
              [logger_celery]
              level = DEBUG
              handlers =
              qualname = celery
              ; ########
              ; HANDLERS
              ; ########
              [handler_console]
              class = StreamHandler
              args = (sys.stderr, )
              level = INFO
              ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
              ; This allows sending properly formatted logs to grafana loki or elasticsearch
              formatter = generic
              [handler_console_sql]
              ; "level = DEBUG" logs SQL queries and results.
              ; "level = INFO" logs SQL queries.
              ; "level = WARN" logs neither.  (Recommended for production systems.)
              class = StreamHandler
              args = (sys.stderr, )
              level = WARN
              ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
              ; This allows sending properly formatted logs to grafana loki or elasticsearch
              formatter = generic
              ; ##########
              ; FORMATTERS
              ; ##########
              [formatter_generic]
              class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
              format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
              datefmt = %Y-%m-%d %H:%M:%S
              [formatter_color_formatter]
              class = rhodecode.lib.logging_formatter.ColorFormatter
              format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
              datefmt = %Y-%m-%d %H:%M:%S
              [formatter_color_formatter_sql]
              class = rhodecode.lib.logging_formatter.ColorFormatterSql
              format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
              datefmt = %Y-%m-%d %H:%M:%S
              [formatter_json]
              format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
              class = rhodecode.lib._vendor.jsonlogger.JsonFormatter

rhodecode/lib/hooks_daemon.py

0 +8 -3

              # -*- coding: utf-8 -*-
              # Copyright (C) 2010-2020 RhodeCode GmbH
              #
              # This program is free software: you can redistribute it and/or modify
              # it under the terms of the GNU Affero General Public License, version 3
              # (only), as published by the Free Software Foundation.
              #
              # This program is distributed in the hope that it will be useful,
              # but WITHOUT ANY WARRANTY; without even the implied warranty of
              # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
              # GNU General Public License for more details.
              #
              # You should have received a copy of the GNU Affero General Public License
              # along with this program.  If not, see <http://www.gnu.org/licenses/>.
              #
              # This program is dual-licensed. If you wish to learn more about the
              # RhodeCode Enterprise Edition, including its added features, Support services,
              # and proprietary license terms, please see https://rhodecode.com/licenses/
              import os
              import time
              import logging
              import tempfile
              import traceback
              import threading
              import socket
              from BaseHTTPServer import BaseHTTPRequestHandler
              from SocketServer import TCPServer
              import rhodecode
              from rhodecode.lib.exceptions import HTTPLockedRC, HTTPBranchProtected
              from rhodecode.model import meta
              from rhodecode.lib.base import bootstrap_request, bootstrap_config
              from rhodecode.lib import hooks_base
              from rhodecode.lib.utils2 import AttributeDict
              from rhodecode.lib.ext_json import json
              from rhodecode.lib import rc_cache
              log = logging.getLogger(__name__)
              class HooksHttpHandler(BaseHTTPRequestHandler):
                  def do_POST(self):
                      method, extras = self._read_request()
                      txn_id = getattr(self.server, 'txn_id', None)
                      if txn_id:
                          log.debug('Computing TXN_ID based on `%s`:`%s`',
                                    extras['repository'], extras['txn_id'])
                          computed_txn_id = rc_cache.utils.compute_key_from_params(
                              extras['repository'], extras['txn_id'])
                          if txn_id != computed_txn_id:
                              raise Exception(
                                  'TXN ID fail: expected {} got {} instead'.format(
                                      txn_id, computed_txn_id))
                      try:
                          result = self._call_hook(method, extras)
                      except Exception as e:
                          exc_tb = traceback.format_exc()
                          result = {
                              'exception': e.__class__.__name__,
                              'exception_traceback': exc_tb,
                              'exception_args': e.args
                          }
                      self._write_response(result)
                  def _read_request(self):
                      length = int(self.headers['Content-Length'])
                      body = self.rfile.read(length).decode('utf-8')
                      data = json.loads(body)
                      return data['method'], data['extras']
                  def _write_response(self, result):
                      self.send_response(200)
                      self.send_header("Content-type", "text/json")
                      self.end_headers()
                      self.wfile.write(json.dumps(result))
                  def _call_hook(self, method, extras):
                      hooks = Hooks()
                      try:
                          result = getattr(hooks, method)(extras)
                      finally:
                          meta.Session.remove()
                      return result
                  def log_message(self, format, *args):
                      """
                      This is an overridden method of BaseHTTPRequestHandler which logs using
                      logging library instead of writing directly to stderr.
                      """
                      message = format % args
                      log.debug(
                          "%s - - [%s] %s", self.client_address[0],
                          self.log_date_time_string(), message)
              class DummyHooksCallbackDaemon(object):
                  hooks_uri = ''
                  def __init__(self):
                      self.hooks_module = Hooks.__module__
                  def __enter__(self):
                      log.debug('Running `%s` callback daemon', self.__class__.__name__)
                      return self
                  def __exit__(self, exc_type, exc_val, exc_tb):
                      log.debug('Exiting `%s` callback daemon', self.__class__.__name__)
              class ThreadedHookCallbackDaemon(object):
                  _callback_thread = None
                  _daemon = None
                  _done = False
                  def __init__(self, txn_id=None, host=None, port=None):
                      self._prepare(txn_id=txn_id, host=host, port=port)
                  def __enter__(self):
                      log.debug('Running `%s` callback daemon', self.__class__.__name__)
                      self._run()
                      return self
                  def __exit__(self, exc_type, exc_val, exc_tb):
                      log.debug('Exiting `%s` callback daemon', self.__class__.__name__)
                      self._stop()
                  def _prepare(self, txn_id=None, host=None, port=None):
                      raise NotImplementedError()
                  def _run(self):
                      raise NotImplementedError()
                  def _stop(self):
                      raise NotImplementedError()
              class HttpHooksCallbackDaemon(ThreadedHookCallbackDaemon):
                  """
                  Context manager which will run a callback daemon in a background thread.
                  """
                  hooks_uri = None
                  # From Python docs: Polling reduces our responsiveness to a shutdown
                  # request and wastes cpu at all other times.
                  POLL_INTERVAL = 0.01
+                 def get_hostname(self):
+                     return socket.gethostname() or '127.0.0.1'
                  def get_available_port(self):
                      mysocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-                     mysocket.bind(('127.0.0.1', 0))
+                     mysocket.bind((self.get_hostname(), 0))
                      port = mysocket.getsockname()[1]
                      mysocket.close()
                      del mysocket
                      return port
                  def _prepare(self, txn_id=None, host=None, port=None):
+                     if not host or host == "*":
+                         host = self.get_hostname()
+                     if not port:
+                         port = self.get_available_port()
-                     host = host or '127.0.0.1'
-                     port = port or self.get_available_port()
                      server_address = (host, port)
                      self.hooks_uri = '{}:{}'.format(host, port)
                      self.txn_id = txn_id
                      self._done = False
                      log.debug(
                          "Preparing HTTP callback daemon at `%s` and registering hook object: %s",
                          self.hooks_uri, HooksHttpHandler)
                      self._daemon = TCPServer(server_address, HooksHttpHandler)
                      # inject transaction_id for later verification
                      self._daemon.txn_id = self.txn_id
                  def _run(self):
                      log.debug("Running event loop of callback daemon in background thread")
                      callback_thread = threading.Thread(
                          target=self._daemon.serve_forever,
                          kwargs={'poll_interval': self.POLL_INTERVAL})
                      callback_thread.daemon = True
                      callback_thread.start()
                      self._callback_thread = callback_thread
                  def _stop(self):
                      log.debug("Waiting for background thread to finish.")
                      self._daemon.shutdown()
                      self._callback_thread.join()
                      self._daemon = None
                      self._callback_thread = None
                      if self.txn_id:
                          txn_id_file = get_txn_id_data_path(self.txn_id)
                          log.debug('Cleaning up TXN ID %s', txn_id_file)
                          if os.path.isfile(txn_id_file):
                              os.remove(txn_id_file)
                      log.debug("Background thread done.")
              def get_txn_id_data_path(txn_id):
                  import rhodecode
                  root = rhodecode.CONFIG.get('cache_dir') or tempfile.gettempdir()
                  final_dir = os.path.join(root, 'svn_txn_id')
                  if not os.path.isdir(final_dir):
                      os.makedirs(final_dir)
                  return os.path.join(final_dir, 'rc_txn_id_{}'.format(txn_id))
              def store_txn_id_data(txn_id, data_dict):
                  if not txn_id:
                      log.warning('Cannot store txn_id because it is empty')
                      return
                  path = get_txn_id_data_path(txn_id)
                  try:
                      with open(path, 'wb') as f:
                          f.write(json.dumps(data_dict))
                  except Exception:
                      log.exception('Failed to write txn_id metadata')
              def get_txn_id_from_store(txn_id):
                  """
                  Reads txn_id from store and if present returns the data for callback manager
                  """
                  path = get_txn_id_data_path(txn_id)
                  try:
                      with open(path, 'rb') as f:
                          return json.loads(f.read())
                  except Exception:
                      return {}
              def prepare_callback_daemon(extras, protocol, host, use_direct_calls, txn_id=None):
                  txn_details = get_txn_id_from_store(txn_id)
                  port = txn_details.get('port', 0)
                  if use_direct_calls:
                      callback_daemon = DummyHooksCallbackDaemon()
                      extras['hooks_module'] = callback_daemon.hooks_module
                  else:
                      if protocol == 'http':
                          callback_daemon = HttpHooksCallbackDaemon(
                              txn_id=txn_id, host=host, port=port)
                      else:
                          log.error('Unsupported callback daemon protocol "%s"', protocol)
                          raise Exception('Unsupported callback daemon protocol.')
                  extras['hooks_uri'] = callback_daemon.hooks_uri
                  extras['hooks_protocol'] = protocol
                  extras['time'] = time.time()
                  # register txn_id
                  extras['txn_id'] = txn_id
                  log.debug('Prepared a callback daemon: %s at url `%s`',
                            callback_daemon.__class__.__name__, callback_daemon.hooks_uri)
                  return callback_daemon, extras
              class Hooks(object):
                  """
                  Exposes the hooks for remote call backs
                  """
                  def repo_size(self, extras):
                      log.debug("Called repo_size of %s object", self)
                      return self._call_hook(hooks_base.repo_size, extras)
                  def pre_pull(self, extras):
                      log.debug("Called pre_pull of %s object", self)
                      return self._call_hook(hooks_base.pre_pull, extras)
                  def post_pull(self, extras):
                      log.debug("Called post_pull of %s object", self)
                      return self._call_hook(hooks_base.post_pull, extras)
                  def pre_push(self, extras):
                      log.debug("Called pre_push of %s object", self)
                      return self._call_hook(hooks_base.pre_push, extras)
                  def post_push(self, extras):
                      log.debug("Called post_push of %s object", self)
                      return self._call_hook(hooks_base.post_push, extras)
                  def _call_hook(self, hook, extras):
                      extras = AttributeDict(extras)
                      server_url = extras['server_url']
                      request = bootstrap_request(application_url=server_url)
                      bootstrap_config(request)  # inject routes and other interfaces
                      # inject the user for usage in hooks
                      request.user = AttributeDict({'username': extras.username,
                                                    'ip_addr': extras.ip,
                                                    'user_id': extras.user_id})
                      extras.request = request
                      try:
                          result = hook(extras)
                          if result is None:
                              raise Exception(
                                  'Failed to obtain hook result from func: {}'.format(hook))
                      except HTTPBranchProtected as handled_error:
                          # Those special cases doesn't need error reporting. It's a case of
                          # locked repo or protected branch
                          result = AttributeDict({
                              'status': handled_error.code,
                              'output': handled_error.explanation
                          })
                      except (HTTPLockedRC, Exception) as error:
                          # locked needs different handling since we need to also
                          # handle PULL operations
                          exc_tb = ''
                          if not isinstance(error, HTTPLockedRC):
                              exc_tb = traceback.format_exc()
                              log.exception('Exception when handling hook %s', hook)
                          error_args = error.args
                          return {
                              'status': 128,
                              'output': '',
                              'exception': type(error).__name__,
                              'exception_traceback': exc_tb,
                              'exception_args': error_args,
                          }
                      finally:
                          meta.Session.remove()
                      log.debug('Got hook call response %s', result)
                      return {
                          'status': result.status,
                          'output': result.output,
                      }
                  def __enter__(self):
                      return self
                  def __exit__(self, exc_type, exc_val, exc_tb):
                      pass

rhodecode/tests/lib/test_hooks_daemon.py

0 +14 -4

              # -*- coding: utf-8 -*-
              # Copyright (C) 2010-2020 RhodeCode GmbH
              #
              # This program is free software: you can redistribute it and/or modify
              # it under the terms of the GNU Affero General Public License, version 3
              # (only), as published by the Free Software Foundation.
              #
              # This program is distributed in the hope that it will be useful,
              # but WITHOUT ANY WARRANTY; without even the implied warranty of
              # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
              # GNU General Public License for more details.
              #
              # You should have received a copy of the GNU Affero General Public License
              # along with this program.  If not, see <http://www.gnu.org/licenses/>.
              #
              # This program is dual-licensed. If you wish to learn more about the
              # RhodeCode Enterprise Edition, including its added features, Support services,
              # and proprietary license terms, please see https://rhodecode.com/licenses/
              import json
              import logging
              from StringIO import StringIO
              import mock
              import pytest
              from rhodecode.lib import hooks_daemon
              from rhodecode.tests.utils import assert_message_in_log
              class TestDummyHooksCallbackDaemon(object):
                  def test_hooks_module_path_set_properly(self):
                      daemon = hooks_daemon.DummyHooksCallbackDaemon()
                      assert daemon.hooks_module == 'rhodecode.lib.hooks_daemon'
                  def test_logs_entering_the_hook(self):
                      daemon = hooks_daemon.DummyHooksCallbackDaemon()
                      with mock.patch.object(hooks_daemon.log, 'debug') as log_mock:
                          with daemon as return_value:
                              log_mock.assert_called_once_with(
                                  'Running `%s` callback daemon', 'DummyHooksCallbackDaemon')
                      assert return_value == daemon
                  def test_logs_exiting_the_hook(self):
                      daemon = hooks_daemon.DummyHooksCallbackDaemon()
                      with mock.patch.object(hooks_daemon.log, 'debug') as log_mock:
                          with daemon:
                              pass
                      log_mock.assert_called_with(
                          'Exiting `%s` callback daemon', 'DummyHooksCallbackDaemon')
              class TestHooks(object):
                  def test_hooks_can_be_used_as_a_context_processor(self):
                      hooks = hooks_daemon.Hooks()
                      with hooks as return_value:
                          pass
                      assert hooks == return_value
              class TestHooksHttpHandler(object):
                  def test_read_request_parses_method_name_and_arguments(self):
                      data = {
                          'method': 'test',
                          'extras': {
                              'param1': 1,
                              'param2': 'a'
                          }
                      }
                      request = self._generate_post_request(data)
                      hooks_patcher = mock.patch.object(
                          hooks_daemon.Hooks, data['method'], create=True, return_value=1)
                      with hooks_patcher as hooks_mock:
                          MockServer(hooks_daemon.HooksHttpHandler, request)
                      hooks_mock.assert_called_once_with(data['extras'])
                  def test_hooks_serialized_result_is_returned(self):
                      request = self._generate_post_request({})
                      rpc_method = 'test'
                      hook_result = {
                          'first': 'one',
                          'second': 2
                      }
                      read_patcher = mock.patch.object(
                          hooks_daemon.HooksHttpHandler, '_read_request',
                          return_value=(rpc_method, {}))
                      hooks_patcher = mock.patch.object(
                          hooks_daemon.Hooks, rpc_method, create=True,
                          return_value=hook_result)
                      with read_patcher, hooks_patcher:
                          server = MockServer(hooks_daemon.HooksHttpHandler, request)
                      expected_result = json.dumps(hook_result)
                      assert server.request.output_stream.buflist[-1] == expected_result
                  def test_exception_is_returned_in_response(self):
                      request = self._generate_post_request({})
                      rpc_method = 'test'
                      read_patcher = mock.patch.object(
                          hooks_daemon.HooksHttpHandler, '_read_request',
                          return_value=(rpc_method, {}))
                      hooks_patcher = mock.patch.object(
                          hooks_daemon.Hooks, rpc_method, create=True,
                          side_effect=Exception('Test exception'))
                      with read_patcher, hooks_patcher:
                          server = MockServer(hooks_daemon.HooksHttpHandler, request)
                      org_exc = json.loads(server.request.output_stream.buflist[-1])
                      expected_result = {
                          'exception': 'Exception',
                          'exception_traceback': org_exc['exception_traceback'],
                          'exception_args': ['Test exception']
                      }
                      assert org_exc == expected_result
                  def test_log_message_writes_to_debug_log(self, caplog):
                      ip_port = ('0.0.0.0', 8888)
                      handler = hooks_daemon.HooksHttpHandler(
                          MockRequest('POST /'), ip_port, mock.Mock())
                      fake_date = '1/Nov/2015 00:00:00'
                      date_patcher = mock.patch.object(
                          handler, 'log_date_time_string', return_value=fake_date)
                      with date_patcher, caplog.at_level(logging.DEBUG):
                          handler.log_message('Some message %d, %s', 123, 'string')
                      expected_message = '{} - - [{}] Some message 123, string'.format(
                          ip_port[0], fake_date)
                      assert_message_in_log(
                          caplog.records, expected_message,
                          levelno=logging.DEBUG, module='hooks_daemon')
                  def _generate_post_request(self, data):
                      payload = json.dumps(data)
                      return 'POST / HTTP/1.0\nContent-Length: {}\n\n{}'.format(
                          len(payload), payload)
              class ThreadedHookCallbackDaemon(object):
                  def test_constructor_calls_prepare(self):
                      prepare_daemon_patcher = mock.patch.object(
                          hooks_daemon.ThreadedHookCallbackDaemon, '_prepare')
                      with prepare_daemon_patcher as prepare_daemon_mock:
                          hooks_daemon.ThreadedHookCallbackDaemon()
                      prepare_daemon_mock.assert_called_once_with()
                  def test_run_is_called_on_context_start(self):
                      patchers = mock.patch.multiple(
                          hooks_daemon.ThreadedHookCallbackDaemon,
                          _run=mock.DEFAULT, _prepare=mock.DEFAULT, __exit__=mock.DEFAULT)
                      with patchers as mocks:
                          daemon = hooks_daemon.ThreadedHookCallbackDaemon()
                          with daemon as daemon_context:
                              pass
                          mocks['_run'].assert_called_once_with()
                      assert daemon_context == daemon
                  def test_stop_is_called_on_context_exit(self):
                      patchers = mock.patch.multiple(
                          hooks_daemon.ThreadedHookCallbackDaemon,
                          _run=mock.DEFAULT, _prepare=mock.DEFAULT, _stop=mock.DEFAULT)
                      with patchers as mocks:
                          daemon = hooks_daemon.ThreadedHookCallbackDaemon()
                          with daemon as daemon_context:
                              assert mocks['_stop'].call_count == 0
                          mocks['_stop'].assert_called_once_with()
                      assert daemon_context == daemon
              class TestHttpHooksCallbackDaemon(object):
+                 def test_hooks_callback_generates_new_port(self, caplog):
+                     with caplog.at_level(logging.DEBUG):
+                         daemon = hooks_daemon.HttpHooksCallbackDaemon(host='127.0.0.1', port=8881)
+                     assert daemon._daemon.server_address == ('127.0.0.1', 8881)
+                     with caplog.at_level(logging.DEBUG):
+                         daemon = hooks_daemon.HttpHooksCallbackDaemon(host=None, port=None)
+                     assert daemon._daemon.server_address[1] in range(0, 66000)
+                     assert daemon._daemon.server_address[0] != '127.0.0.1'
                  def test_prepare_inits_daemon_variable(self, tcp_server, caplog):
                      with self._tcp_patcher(tcp_server), caplog.at_level(logging.DEBUG):
-                         daemon = hooks_daemon.HttpHooksCallbackDaemon()
+                         daemon = hooks_daemon.HttpHooksCallbackDaemon(host='127.0.0.1', port=8881)
                      assert daemon._daemon == tcp_server
                      _, port = tcp_server.server_address
                      expected_uri = '{}:{}'.format('127.0.0.1', port)
                      msg = 'Preparing HTTP callback daemon at `{}` and ' \
-                           'registering hook object'.format(expected_uri)
+                           'registering hook object: rhodecode.lib.hooks_daemon.HooksHttpHandler'.format(expected_uri)
                      assert_message_in_log(
                          caplog.records, msg, levelno=logging.DEBUG, module='hooks_daemon')
                  def test_prepare_inits_hooks_uri_and_logs_it(
                          self, tcp_server, caplog):
                      with self._tcp_patcher(tcp_server), caplog.at_level(logging.DEBUG):
-                         daemon = hooks_daemon.HttpHooksCallbackDaemon()
+                         daemon = hooks_daemon.HttpHooksCallbackDaemon(host='127.0.0.1', port=8881)
                      _, port = tcp_server.server_address
                      expected_uri = '{}:{}'.format('127.0.0.1', port)
                      assert daemon.hooks_uri == expected_uri
                      msg = 'Preparing HTTP callback daemon at `{}` and ' \
-                           'registering hook object'.format(expected_uri)
+                           'registering hook object: rhodecode.lib.hooks_daemon.HooksHttpHandler'.format(expected_uri)
                      assert_message_in_log(
                          caplog.records, msg,
                          levelno=logging.DEBUG, module='hooks_daemon')
                  def test_run_creates_a_thread(self, tcp_server):
                      thread = mock.Mock()
                      with self._tcp_patcher(tcp_server):
                          daemon = hooks_daemon.HttpHooksCallbackDaemon()
                      with self._thread_patcher(thread) as thread_mock:
                          daemon._run()
                      thread_mock.assert_called_once_with(
                          target=tcp_server.serve_forever,
                          kwargs={'poll_interval': daemon.POLL_INTERVAL})
                      assert thread.daemon is True
                      thread.start.assert_called_once_with()
                  def test_run_logs(self, tcp_server, caplog):
                      with self._tcp_patcher(tcp_server):
                          daemon = hooks_daemon.HttpHooksCallbackDaemon()
                      with self._thread_patcher(mock.Mock()), caplog.at_level(logging.DEBUG):
                          daemon._run()
                      assert_message_in_log(
                          caplog.records,
                          'Running event loop of callback daemon in background thread',
                          levelno=logging.DEBUG, module='hooks_daemon')
                  def test_stop_cleans_up_the_connection(self, tcp_server, caplog):
                      thread = mock.Mock()
                      with self._tcp_patcher(tcp_server):
                          daemon = hooks_daemon.HttpHooksCallbackDaemon()
                      with self._thread_patcher(thread), caplog.at_level(logging.DEBUG):
                          with daemon:
                              assert daemon._daemon == tcp_server
                              assert daemon._callback_thread == thread
                      assert daemon._daemon is None
                      assert daemon._callback_thread is None
                      tcp_server.shutdown.assert_called_with()
                      thread.join.assert_called_once_with()
                      assert_message_in_log(
                          caplog.records, 'Waiting for background thread to finish.',
                          levelno=logging.DEBUG, module='hooks_daemon')
                  def _tcp_patcher(self, tcp_server):
                      return mock.patch.object(
                          hooks_daemon, 'TCPServer', return_value=tcp_server)
                  def _thread_patcher(self, thread):
                      return mock.patch.object(
                          hooks_daemon.threading, 'Thread', return_value=thread)
              class TestPrepareHooksDaemon(object):
                  @pytest.mark.parametrize('protocol', ('http',))
                  def test_returns_dummy_hooks_callback_daemon_when_using_direct_calls(
                          self, protocol):
                      expected_extras = {'extra1': 'value1'}
                      callback, extras = hooks_daemon.prepare_callback_daemon(
                          expected_extras.copy(), protocol=protocol,
                          host='127.0.0.1', use_direct_calls=True)
                      assert isinstance(callback, hooks_daemon.DummyHooksCallbackDaemon)
                      expected_extras['hooks_module'] = 'rhodecode.lib.hooks_daemon'
                      expected_extras['time'] = extras['time']
                      assert 'extra1' in extras
                  @pytest.mark.parametrize('protocol, expected_class', (
                      ('http', hooks_daemon.HttpHooksCallbackDaemon),
                  ))
                  def test_returns_real_hooks_callback_daemon_when_protocol_is_specified(
                          self, protocol, expected_class):
                      expected_extras = {
                          'extra1': 'value1',
                          'txn_id': 'txnid2',
                          'hooks_protocol': protocol.lower()
                      }
                      callback, extras = hooks_daemon.prepare_callback_daemon(
                          expected_extras.copy(), protocol=protocol, host='127.0.0.1',
                          use_direct_calls=False,
                          txn_id='txnid2')
                      assert isinstance(callback, expected_class)
                      extras.pop('hooks_uri')
                      expected_extras['time'] = extras['time']
                      assert extras == expected_extras
                  @pytest.mark.parametrize('protocol', (
                      'invalid',
                      'Http',
                      'HTTP',
                  ))
                  def test_raises_on_invalid_protocol(self, protocol):
                      expected_extras = {
                          'extra1': 'value1',
                          'hooks_protocol': protocol.lower()
                      }
                      with pytest.raises(Exception):
                          callback, extras = hooks_daemon.prepare_callback_daemon(
                              expected_extras.copy(),
                              protocol=protocol, host='127.0.0.1',
                              use_direct_calls=False)
              class MockRequest(object):
                  def __init__(self, request):
                      self.request = request
                      self.input_stream = StringIO(b'{}'.format(self.request))
                      self.output_stream = StringIO()
                  def makefile(self, mode, *args, **kwargs):
                      return self.output_stream if mode == 'wb' else self.input_stream
              class MockServer(object):
                  def __init__(self, Handler, request):
                      ip_port = ('0.0.0.0', 8888)
                      self.request = MockRequest(request)
                      self.handler = Handler(self.request, ip_port, self)
              @pytest.fixture()
              def tcp_server():
                  server = mock.Mock()
                  server.server_address = ('127.0.0.1', 8881)
                  return server

rhodecode/tests/rhodecode.ini

0 +1 -1

              ; #########################################
              ; RHODECODE COMMUNITY EDITION CONFIGURATION
              ; #########################################
              [DEFAULT]
              ; Debug flag sets all loggers to debug, and enables request tracking
              debug = true
              ; ########################################################################
              ; EMAIL CONFIGURATION
              ; These settings will be used by the RhodeCode mailing system
              ; ########################################################################
              ; prefix all emails subjects with given prefix, helps filtering out emails
              #email_prefix = [RhodeCode]
              ; email FROM address all mails will be sent
              #app_email_from = rhodecode-noreply@localhost
              #smtp_server = mail.server.com
              #smtp_username =
              #smtp_password =
              #smtp_port =
              #smtp_use_tls = false
              #smtp_use_ssl = true
              [server:main]
              ; COMMON HOST/IP CONFIG
              host = 0.0.0.0
              port = 5000
              ; ###########################
              ; GUNICORN APPLICATION SERVER
              ; ###########################
              ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
              ; Module to use, this setting shouldn't be changed
              use = egg:gunicorn#main
              ; Sets the number of process workers. More workers means more concurrent connections
              ; RhodeCode can handle at the same time. Each additional worker also it increases
              ; memory usage as each has it's own set of caches.
              ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
              ; than 8-10 unless for really big deployments .e.g 700-1000 users.
              ; `instance_id = *` must be set in the [app:main] section below (which is the default)
              ; when using more than 1 worker.
              #workers = 2
              ; Gunicorn access log level
              #loglevel = info
              ; Process name visible in process list
              #proc_name = rhodecode
              ; Type of worker class, one of `sync`, `gevent`
              ; Recommended type is `gevent`
              #worker_class = gevent
              ; The maximum number of simultaneous clients per worker. Valid only for gevent
              #worker_connections = 10
              ; Max number of requests that worker will handle before being gracefully restarted.
              ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
              #max_requests = 1000
              #max_requests_jitter = 30
              ; Amount of time a worker can spend with handling a request before it
              ; gets killed and restarted. By default set to 21600 (6hrs)
              ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
              #timeout = 21600
              ; The maximum size of HTTP request line in bytes.
              ; 0 for unlimited
              #limit_request_line = 0
              ; Prefix middleware for RhodeCode.
              ; recommended when using proxy setup.
              ; allows to set RhodeCode under a prefix in server.
              ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
              ; And set your prefix like: `prefix = /custom_prefix`
              ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
              ; to make your cookies only work on prefix url
              [filter:proxy-prefix]
              use = egg:PasteDeploy#prefix
              prefix = /
              [app:main]
              ; The %(here)s variable will be replaced with the absolute path of parent directory
              ; of this file
              ; Each option in the app:main can be override by an environmental variable
              ;
              ;To override an option:
              ;
              ;RC_<KeyName>
              ;Everything should be uppercase, . and - should be replaced by _.
              ;For example, if you have these configuration settings:
              ;rc_cache.repo_object.backend = foo
              ;can be overridden by
              ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
              is_test = True
              use = egg:rhodecode-enterprise-ce
              ; enable proxy prefix middleware, defined above
              #filter-with = proxy-prefix
              ## RHODECODE PLUGINS ##
              rhodecode.includes = rhodecode.api
              # api prefix url
              rhodecode.api.url = /_admin/api
              ## END RHODECODE PLUGINS ##
              ## encryption key used to encrypt social plugin tokens,
              ## remote_urls with credentials etc, if not set it defaults to
              ## `beaker.session.secret`
              #rhodecode.encrypted_values.secret =
              ; decryption strict mode (enabled by default). It controls if decryption raises
              ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
              #rhodecode.encrypted_values.strict = false
              ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
              ; fernet is safer, and we strongly recommend switching to it.
              ; Due to backward compatibility aes is used as default.
              #rhodecode.encrypted_values.algorithm = fernet
              ; Return gzipped responses from RhodeCode (static files/application)
              gzip_responses = false
              ; Auto-generate javascript routes file on startup
              generate_js_files = false
              ; System global default language.
              ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
              lang = en
              ; Perform a full repository scan and import on each server start.
              ; Settings this to true could lead to very long startup time.
              startup.import_repos = true
              ; Uncomment and set this path to use archive download cache.
              ; Once enabled, generated archives will be cached at this location
              ; and served from the cache during subsequent requests for the same archive of
              ; the repository.
              #archive_cache_dir = /tmp/tarballcache
              ; URL at which the application is running. This is used for Bootstrapping
              ; requests in context when no web request is available. Used in ishell, or
              ; SSH calls. Set this for events to receive proper url for SSH calls.
              app.base_url = http://rhodecode.local
              ; Unique application ID. Should be a random unique string for security.
              app_instance_uuid = rc-production
              ## cut off limit for large diffs (size in bytes)
              cut_off_limit_diff = 1024000
              cut_off_limit_file = 256000
              ; Use cached version of vcs repositories everywhere. Recommended to be `true`
              vcs_full_cache = false
              ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
              ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
              force_https = false
              ; use Strict-Transport-Security headers
              use_htsts = false
              ; Set to true if your repos are exposed using the dumb protocol
              git_update_server_info = false
              ; RSS/ATOM feed options
              rss_cut_off_limit = 256000
              rss_items_per_page = 10
              rss_include_diff = false
              ; gist URL alias, used to create nicer urls for gist. This should be an
              ; url that does rewrites to _admin/gists/{gistid}.
              ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
              ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
              gist_alias_url =
              ; List of views (using glob pattern syntax) that AUTH TOKENS could be
              ; used for access.
              ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
              ; came from the the logged in user who own this authentication token.
              ; Additionally @TOKEN syntax can be used to bound the view to specific
              ; authentication token. Such view would be only accessible when used together
              ; with this authentication token
              ; list of all views can be found under `/_admin/permissions/auth_token_access`
              ; The list should be "," separated and on a single line.
              ; Most common views to enable:
              #    RepoCommitsView:repo_commit_download
              #    RepoCommitsView:repo_commit_patch
              #    RepoCommitsView:repo_commit_raw
              #    RepoCommitsView:repo_commit_raw@TOKEN
              #    RepoFilesView:repo_files_diff
              #    RepoFilesView:repo_archivefile
              #    RepoFilesView:repo_file_raw
              #    GistView:*
              api_access_controllers_whitelist =
              ; Default encoding used to convert from and to unicode
              ; can be also a comma separated list of encoding in case of mixed encodings
              default_encoding = UTF-8
              ; instance-id prefix
              ; a prefix key for this instance used for cache invalidation when running
              ; multiple instances of RhodeCode, make sure it's globally unique for
              ; all running RhodeCode instances. Leave empty if you don't use it
              instance_id =
              ; Fallback authentication plugin. Set this to a plugin ID to force the usage
              ; of an authentication plugin also if it is disabled by it's settings.
              ; This could be useful if you are unable to log in to the system due to broken
              ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
              ; module to log in again and fix the settings.
              ; Available builtin plugin IDs (hash is part of the ID):
              ; egg:rhodecode-enterprise-ce#rhodecode
              ; egg:rhodecode-enterprise-ce#pam
              ; egg:rhodecode-enterprise-ce#ldap
              ; egg:rhodecode-enterprise-ce#jasig_cas
              ; egg:rhodecode-enterprise-ce#headers
              ; egg:rhodecode-enterprise-ce#crowd
              #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
              ; Flag to control loading of legacy plugins in py:/path format
              auth_plugin.import_legacy_plugins = true
              ; alternative return HTTP header for failed authentication. Default HTTP
              ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
              ; handling that causing a series of failed authentication calls.
              ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
              ; This will be served instead of default 401 on bad authentication
              auth_ret_code =
              ; use special detection method when serving auth_ret_code, instead of serving
              ; ret_code directly, use 401 initially (Which triggers credentials prompt)
              ; and then serve auth_ret_code to clients
              auth_ret_code_detection = false
              ; locking return code. When repository is locked return this HTTP code. 2XX
              ; codes don't break the transactions while 4XX codes do
              lock_ret_code = 423
              ; allows to change the repository location in settings page
              allow_repo_location_change = true
              ; allows to setup custom hooks in settings page
              allow_custom_hooks_settings = true
              ## generated license token, goto license page in RhodeCode settings to obtain
              ## new token
              license_token = abra-cada-bra1-rce3
              ## supervisor connection uri, for managing supervisor and logs.
              supervisor.uri =
              ## supervisord group name/id we only want this RC instance to handle
              supervisor.group_id = dev
              ## Display extended labs settings
              labs_settings_active = true
              ; Custom exception store path, defaults to TMPDIR
              ; This is used to store exception from RhodeCode in shared directory
              #exception_tracker.store_path =
              ; Send email with exception details when it happens
              #exception_tracker.send_email = false
              ; Comma separated list of recipients for exception emails,
              ; e.g admin@rhodecode.com,devops@rhodecode.com
              ; Can be left empty, then emails will be sent to ALL super-admins
              #exception_tracker.send_email_recipients =
              ; optional prefix to Add to email Subject
              #exception_tracker.email_prefix = [RHODECODE ERROR]
              ; File store configuration. This is used to store and serve uploaded files
              file_store.enabled = true
              ; Storage backend, available options are: local
              file_store.backend = local
              ; path to store the uploaded binaries
              file_store.storage_path = %(here)s/data/file_store
              ; #############
              ; CELERY CONFIG
              ; #############
              ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
              use_celery = false
              ; path to store schedule database
              #celerybeat-schedule.path =
              ; connection url to the message broker (default redis)
              celery.broker_url = redis://localhost:6379/8
              ; rabbitmq example
              #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
              ; maximum tasks to execute before worker restart
              celery.max_tasks_per_child = 100
              ; tasks will never be sent to the queue, but executed locally instead.
              celery.task_always_eager = false
              ; #############
              ; DOGPILE CACHE
              ; #############
              ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
              ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
              cache_dir = %(here)s/data
              ## locking and default file storage for Beaker. Putting this into a ramdisk
              ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
              beaker.cache.data_dir = %(here)s/rc/data/cache/beaker_data
              beaker.cache.lock_dir = %(here)s/rc/data/cache/beaker_lock
              beaker.cache.regions = long_term
              beaker.cache.long_term.type = memory
              beaker.cache.long_term.expire = 36000
              beaker.cache.long_term.key_length = 256
              #####################################
              ###         DOGPILE CACHE        ####
              #####################################
              ## permission tree cache settings
              rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
              rc_cache.cache_perms.expiration_time = 0
              rc_cache.cache_perms.arguments.filename = /tmp/rc_cache_1
              ## cache settings for SQL queries
              rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
              rc_cache.sql_cache_short.expiration_time = 0
              ; ##############
              ; BEAKER SESSION
              ; ##############
              ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
              ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
              ; Fastest ones are Redis and ext:database
              beaker.session.type = file
              beaker.session.data_dir = %(here)s/rc/data/sessions/data
              ; Redis based sessions
              #beaker.session.type = ext:redis
              #beaker.session.url = redis://127.0.0.1:6379/2
              ; DB based session, fast, and allows easy management over logged in users
              #beaker.session.type = ext:database
              #beaker.session.table_name = db_session
              #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
              #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
              #beaker.session.sa.pool_recycle = 3600
              #beaker.session.sa.echo = false
              beaker.session.key = rhodecode
              beaker.session.secret = test-rc-uytcxaz
              beaker.session.lock_dir = %(here)s/rc/data/sessions/lock
              ; Secure encrypted cookie. Requires AES and AES python libraries
              ; you must disable beaker.session.secret to use this
              #beaker.session.encrypt_key = key_for_encryption
              #beaker.session.validate_key = validation_key
              ; Sets session as invalid (also logging out user) if it haven not been
              ; accessed for given amount of time in seconds
              beaker.session.timeout = 2592000
              beaker.session.httponly = true
              ; Path to use for the cookie. Set to prefix if you use prefix middleware
              #beaker.session.cookie_path = /custom_prefix
              ; Set https secure cookie
              beaker.session.secure = false
              ## auto save the session to not to use .save()
              beaker.session.auto = false
              ; default cookie expiration time in seconds, set to `true` to set expire
              ; at browser close
              #beaker.session.cookie_expires = 3600
              ; #############################
              ; SEARCH INDEXING CONFIGURATION
              ; #############################
              ; Full text search indexer is available in rhodecode-tools under
              ; `rhodecode-tools index` command
              ; WHOOSH Backend, doesn't require additional services to run
              ; it works good with few dozen repos
              search.module = rhodecode.lib.index.whoosh
              search.location = %(here)s/data/index
              ; ####################
              ; CHANNELSTREAM CONFIG
              ; ####################
              ; channelstream enables persistent connections and live notification
              ; in the system. It's also used by the chat system
              channelstream.enabled = false
              ; server address for channelstream server on the backend
              channelstream.server = 127.0.0.1:9800
              ; location of the channelstream server from outside world
              ; use ws:// for http or wss:// for https. This address needs to be handled
              ; by external HTTP server such as Nginx or Apache
              ; see Nginx/Apache configuration examples in our docs
              channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
              channelstream.secret = secret
              channelstream.history.location = %(here)s/channelstream_history
              ; Internal application path that Javascript uses to connect into.
              ; If you use proxy-prefix the prefix should be added before /_channelstream
              channelstream.proxy_path = /_channelstream
              ; ##############################
              ; MAIN RHODECODE DATABASE CONFIG
              ; ##############################
              #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
              #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
              #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
              ; pymysql is an alternative driver for MySQL, use in case of problems with default one
              #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
              sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode_test.db?timeout=30
              ; see sqlalchemy docs for other advanced settings
              ; print the sql statements to output
              sqlalchemy.db1.echo = false
              ; recycle the connections after this amount of seconds
              sqlalchemy.db1.pool_recycle = 3600
              sqlalchemy.db1.convert_unicode = true
              ; the number of connections to keep open inside the connection pool.
              ; 0 indicates no limit
              #sqlalchemy.db1.pool_size = 5
              ; The number of connections to allow in connection pool "overflow", that is
              ; connections that can be opened above and beyond the pool_size setting,
              ; which defaults to five.
              #sqlalchemy.db1.max_overflow = 10
              ; Connection check ping, used to detect broken database connections
              ; could be enabled to better handle cases if MySQL has gone away errors
              #sqlalchemy.db1.ping_connection = true
              ; ##########
              ; VCS CONFIG
              ; ##########
              vcs.server.enable = true
              vcs.server = localhost:9901
              ; Web server connectivity protocol, responsible for web based VCS operations
              ; Available protocols are:
              ; `http` - use http-rpc backend (default)
              vcs.server.protocol = http
              ; Push/Pull operations protocol, available options are:
              ; `http` - use http-rpc backend (default)
              vcs.scm_app_implementation = http
              ; Push/Pull operations hooks protocol, available options are:
              ; `http` - use http-rpc backend (default)
              vcs.hooks.protocol = http
              ; Host on which this instance is listening for hooks. If vcsserver is in other location
              ; this should be adjusted.
-             vcs.hooks.host = 127.0.0.1
+             vcs.hooks.host = *
              ; Start VCSServer with this instance as a subprocess, useful for development
              vcs.start_server = false
              ; List of enabled VCS backends, available options are:
              ; `hg`  - mercurial
              ; `git` - git
              ; `svn` - subversion
              vcs.backends = hg, git, svn
              ; Wait this number of seconds before killing connection to the vcsserver
              vcs.connection_timeout = 3600
              ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
              ; Set a numeric version for your current SVN e.g 1.8, or 1.12
              ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
              #vcs.svn.compatible_version = 1.8
              ; Cache flag to cache vcsserver remote calls locally
              ; It uses cache_region `cache_repo`
              vcs.methods.cache = false
              ; ####################################################
              ; Subversion proxy support (mod_dav_svn)
              ; Maps RhodeCode repo groups into SVN paths for Apache
              ; ####################################################
              ; Enable or disable the config file generation.
              svn.proxy.generate_config = false
              ; Generate config file with `SVNListParentPath` set to `On`.
              svn.proxy.list_parent_path = true
              ; Set location and file name of generated config file.
              svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
              ; alternative mod_dav config template. This needs to be a valid mako template
              ; Example template can be found in the source code:
              ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
              #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
              ; Used as a prefix to the `Location` block in the generated config file.
              ; In most cases it should be set to `/`.
              svn.proxy.location_root = /
              ; Command to reload the mod dav svn configuration on change.
              ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
              ; Make sure user who runs RhodeCode process is allowed to reload Apache
              #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
              ; If the timeout expires before the reload command finishes, the command will
              ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
              #svn.proxy.reload_timeout = 10
              ; ####################
              ; SSH Support Settings
              ; ####################
              ; Defines if a custom authorized_keys file should be created and written on
              ; any change user ssh keys. Setting this to false also disables possibility
              ; of adding SSH keys by users from web interface. Super admins can still
              ; manage SSH Keys.
              ssh.generate_authorized_keyfile = true
              ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
              # ssh.authorized_keys_ssh_opts =
              ; Path to the authorized_keys file where the generate entries are placed.
              ; It is possible to have multiple key files specified in `sshd_config` e.g.
              ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
              ssh.authorized_keys_file_path = %(here)s/rc/authorized_keys_rhodecode
              ; Command to execute the SSH wrapper. The binary is available in the
              ; RhodeCode installation directory.
              ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
              ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
              ; Allow shell when executing the ssh-wrapper command
              ssh.wrapper_cmd_allow_shell = false
              ; Enables logging, and detailed output send back to the client during SSH
              ; operations. Useful for debugging, shouldn't be used in production.
              ssh.enable_debug_logging = false
              ; Paths to binary executable, by default they are the names, but we can
              ; override them if we want to use a custom one
              ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
              ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
              ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
              ; Enables SSH key generator web interface. Disabling this still allows users
              ; to add their own keys.
              ssh.enable_ui_key_generator = true
              ; Statsd client config, this is used to send metrics to statsd
              ; We recommend setting statsd_exported and scrape them using Promethues
              #statsd.enabled = false
              #statsd.statsd_host = 0.0.0.0
              #statsd.statsd_port = 8125
              #statsd.statsd_prefix =
              #statsd.statsd_ipv6 = false
              ; configure logging automatically at server startup set to false
              ; to use the below custom logging config.
              ; RC_LOGGING_FORMATTER
              ; RC_LOGGING_LEVEL
              ; env variables can control the settings for logging in case of autoconfigure
              logging.autoconfigure = false
              ; specify your own custom logging config file to configure logging
              #logging.logging_conf_file = /path/to/custom_logging.ini
              ; Dummy marker to add new entries after.
              ; Add any custom entries below. Please don't remove this marker.
              custom.conf = 1
              ; #####################
              ; LOGGING CONFIGURATION
              ; #####################
              [loggers]
              keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
              [handlers]
              keys = console, console_sql
              [formatters]
              keys = generic, json, color_formatter, color_formatter_sql
              ; #######
              ; LOGGERS
              ; #######
              [logger_root]
              level = NOTSET
              handlers = console
              [logger_routes]
              level = DEBUG
              handlers =
              qualname = routes.middleware
              ## "level = DEBUG" logs the route matched and routing variables.
              propagate = 1
              [logger_sqlalchemy]
              level = INFO
              handlers = console_sql
              qualname = sqlalchemy.engine
              propagate = 0
              [logger_beaker]
              level = DEBUG
              handlers =
              qualname = beaker.container
              propagate = 1
              [logger_rhodecode]
              level = DEBUG
              handlers =
              qualname = rhodecode
              propagate = 1
              [logger_ssh_wrapper]
              level = DEBUG
              handlers =
              qualname = ssh_wrapper
              propagate = 1
              [logger_celery]
              level = DEBUG
              handlers =
              qualname = celery
              ; ########
              ; HANDLERS
              ; ########
              [handler_console]
              class = StreamHandler
              args = (sys.stderr, )
              level = DEBUG
              ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
              ; This allows sending properly formatted logs to grafana loki or elasticsearch
              formatter = generic
              [handler_console_sql]
              ; "level = DEBUG" logs SQL queries and results.
              ; "level = INFO" logs SQL queries.
              ; "level = WARN" logs neither.  (Recommended for production systems.)
              class = StreamHandler
              args = (sys.stderr, )
              level = WARN
              ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
              ; This allows sending properly formatted logs to grafana loki or elasticsearch
              formatter = generic
              ; ##########
              ; FORMATTERS
              ; ##########
              [formatter_generic]
              class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
              format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
              datefmt = %Y-%m-%d %H:%M:%S
              [formatter_color_formatter]
              class = rhodecode.lib.logging_formatter.ColorFormatter
              format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
              datefmt = %Y-%m-%d %H:%M:%S
              [formatter_color_formatter_sql]
              class = rhodecode.lib.logging_formatter.ColorFormatterSql
              format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
              datefmt = %Y-%m-%d %H:%M:%S
              [formatter_json]
              format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
              class = rhodecode.lib._vendor.jsonlogger.JsonFormatter

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages