##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
configs: changed allowed method of setting SVN compatible version
marcink -
r4279:32dc486c default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,844 +1,845 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 ; #########################################
4 4 ; RHODECODE COMMUNITY EDITION CONFIGURATION
5 5 ; #########################################
6 6
7 7 [DEFAULT]
8 8 ; Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = true
10 10
11 11 ; ########################################################################
12 12 ; EMAIL CONFIGURATION
13 13 ; These settings will be used by the RhodeCode mailing system
14 14 ; ########################################################################
15 15
16 16 ; prefix all emails subjects with given prefix, helps filtering out emails
17 17 #email_prefix = [RhodeCode]
18 18
19 19 ; email FROM address all mails will be sent
20 20 #app_email_from = rhodecode-noreply@localhost
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28
29 29 [server:main]
30 30 ; COMMON HOST/IP CONFIG
31 31 host = 127.0.0.1
32 32 port = 5000
33 33
34 34 ; ##################################################
35 35 ; WAITRESS WSGI SERVER - Recommended for Development
36 36 ; ##################################################
37 37
38 38 ; use server type
39 39 use = egg:waitress#main
40 40
41 41 ; number of worker threads
42 42 threads = 5
43 43
44 44 ; MAX BODY SIZE 100GB
45 45 max_request_body_size = 107374182400
46 46
47 47 ; Use poll instead of select, fixes file descriptors limits problems.
48 48 ; May not work on old windows systems.
49 49 asyncore_use_poll = true
50 50
51 51
52 52 ; ###########################
53 53 ; GUNICORN APPLICATION SERVER
54 54 ; ###########################
55 55
56 56 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
57 57
58 58 ; Module to use, this setting shouldn't be changed
59 59 #use = egg:gunicorn#main
60 60
61 61 ; Sets the number of process workers. More workers means more concurrent connections
62 62 ; RhodeCode can handle at the same time. Each additional worker also it increases
63 63 ; memory usage as each has it's own set of caches.
64 64 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
65 65 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
66 66 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
67 67 ; when using more than 1 worker.
68 68 #workers = 2
69 69
70 70 ; Gunicorn access log level
71 71 #loglevel = info
72 72
73 73 ; Process name visible in process list
74 74 #proc_name = rhodecode
75 75
76 76 ; Type of worker class, one of `sync`, `gevent`
77 77 ; Recommended type is `gevent`
78 78 #worker_class = gevent
79 79
80 80 ; The maximum number of simultaneous clients. Valid only for gevent
81 81 #worker_connections = 10
82 82
83 83 ; Max number of requests that worker will handle before being gracefully restarted.
84 84 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
85 85 #max_requests = 1000
86 86 #max_requests_jitter = 30
87 87
88 88 ; Amount of time a worker can spend with handling a request before it
89 89 ; gets killed and restarted. By default set to 21600 (6hrs)
90 90 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
91 91 #timeout = 21600
92 92
93 93 ; The maximum size of HTTP request line in bytes.
94 94 ; 0 for unlimited
95 95 #limit_request_line = 0
96 96
97 97 ; Limit the number of HTTP headers fields in a request.
98 98 ; By default this value is 100 and can't be larger than 32768.
99 99 #limit_request_fields = 32768
100 100
101 101 ; Limit the allowed size of an HTTP request header field.
102 102 ; Value is a positive number or 0.
103 103 ; Setting it to 0 will allow unlimited header field sizes.
104 104 #limit_request_field_size = 0
105 105
106 106 ; Timeout for graceful workers restart.
107 107 ; After receiving a restart signal, workers have this much time to finish
108 108 ; serving requests. Workers still alive after the timeout (starting from the
109 109 ; receipt of the restart signal) are force killed.
110 110 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
111 111 #graceful_timeout = 3600
112 112
113 113 # The number of seconds to wait for requests on a Keep-Alive connection.
114 114 # Generally set in the 1-5 seconds range.
115 115 #keepalive = 2
116 116
117 117 ; Maximum memory usage that each worker can use before it will receive a
118 118 ; graceful restart signal 0 = memory monitoring is disabled
119 119 ; Examples: 268435456 (256MB), 536870912 (512MB)
120 120 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
121 121 #memory_max_usage = 0
122 122
123 123 ; How often in seconds to check for memory usage for each gunicorn worker
124 124 #memory_usage_check_interval = 60
125 125
126 126 ; Threshold value for which we don't recycle worker if GarbageCollection
127 127 ; frees up enough resources. Before each restart we try to run GC on worker
128 128 ; in case we get enough free memory after that, restart will not happen.
129 129 #memory_usage_recovery_threshold = 0.8
130 130
131 131
132 132 ; Prefix middleware for RhodeCode.
133 133 ; recommended when using proxy setup.
134 134 ; allows to set RhodeCode under a prefix in server.
135 135 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
136 136 ; And set your prefix like: `prefix = /custom_prefix`
137 137 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
138 138 ; to make your cookies only work on prefix url
139 139 [filter:proxy-prefix]
140 140 use = egg:PasteDeploy#prefix
141 141 prefix = /
142 142
143 143 [app:main]
144 144 ; The %(here)s variable will be replaced with the absolute path of parent directory
145 145 ; of this file
146 146 ; In addition ENVIRONMENT variables usage is possible, e.g
147 147 ; sqlalchemy.db1.url = {ENV_RC_DB_URL}
148 148
149 149 use = egg:rhodecode-enterprise-ce
150 150
151 151 ; enable proxy prefix middleware, defined above
152 152 #filter-with = proxy-prefix
153 153
154 154 ; #############
155 155 ; DEBUG OPTIONS
156 156 ; #############
157 157
158 158 pyramid.reload_templates = true
159 159
160 160 # During development the we want to have the debug toolbar enabled
161 161 pyramid.includes =
162 162 pyramid_debugtoolbar
163 163
164 164 debugtoolbar.hosts = 0.0.0.0/0
165 165 debugtoolbar.exclude_prefixes =
166 166 /css
167 167 /fonts
168 168 /images
169 169 /js
170 170
171 171 ## RHODECODE PLUGINS ##
172 172 rhodecode.includes =
173 173 rhodecode.api
174 174
175 175
176 176 # api prefix url
177 177 rhodecode.api.url = /_admin/api
178 178
179 179 ; enable debug style page
180 180 debug_style = true
181 181
182 182 ; #################
183 183 ; END DEBUG OPTIONS
184 184 ; #################
185 185
186 186 ; encryption key used to encrypt social plugin tokens,
187 187 ; remote_urls with credentials etc, if not set it defaults to
188 188 ; `beaker.session.secret`
189 189 #rhodecode.encrypted_values.secret =
190 190
191 191 ; decryption strict mode (enabled by default). It controls if decryption raises
192 192 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
193 193 #rhodecode.encrypted_values.strict = false
194 194
195 195 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
196 196 ; fernet is safer, and we strongly recommend switching to it.
197 197 ; Due to backward compatibility aes is used as default.
198 198 #rhodecode.encrypted_values.algorithm = fernet
199 199
200 200 ; Return gzipped responses from RhodeCode (static files/application)
201 201 gzip_responses = false
202 202
203 203 ; Auto-generate javascript routes file on startup
204 204 generate_js_files = false
205 205
206 206 ; System global default language.
207 207 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
208 208 lang = en
209 209
210 210 ; Perform a full repository scan and import on each server start.
211 211 ; Settings this to true could lead to very long startup time.
212 212 startup.import_repos = false
213 213
214 214 ; Uncomment and set this path to use archive download cache.
215 215 ; Once enabled, generated archives will be cached at this location
216 216 ; and served from the cache during subsequent requests for the same archive of
217 217 ; the repository.
218 218 #archive_cache_dir = /tmp/tarballcache
219 219
220 220 ; URL at which the application is running. This is used for Bootstrapping
221 221 ; requests in context when no web request is available. Used in ishell, or
222 222 ; SSH calls. Set this for events to receive proper url for SSH calls.
223 223 app.base_url = http://rhodecode.local
224 224
225 225 ; Unique application ID. Should be a random unique string for security.
226 226 app_instance_uuid = rc-production
227 227
228 228 ; Cut off limit for large diffs (size in bytes). If overall diff size on
229 229 ; commit, or pull request exceeds this limit this diff will be displayed
230 230 ; partially. E.g 512000 == 512Kb
231 231 cut_off_limit_diff = 512000
232 232
233 233 ; Cut off limit for large files inside diffs (size in bytes). Each individual
234 234 ; file inside diff which exceeds this limit will be displayed partially.
235 235 ; E.g 128000 == 128Kb
236 236 cut_off_limit_file = 128000
237 237
238 238 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
239 239 vcs_full_cache = true
240 240
241 241 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
242 242 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
243 243 force_https = false
244 244
245 245 ; use Strict-Transport-Security headers
246 246 use_htsts = false
247 247
248 248 ; Set to true if your repos are exposed using the dumb protocol
249 249 git_update_server_info = false
250 250
251 251 ; RSS/ATOM feed options
252 252 rss_cut_off_limit = 256000
253 253 rss_items_per_page = 10
254 254 rss_include_diff = false
255 255
256 256 ; gist URL alias, used to create nicer urls for gist. This should be an
257 257 ; url that does rewrites to _admin/gists/{gistid}.
258 258 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
259 259 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
260 260 gist_alias_url =
261 261
262 262 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
263 263 ; used for access.
264 264 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
265 265 ; came from the the logged in user who own this authentication token.
266 266 ; Additionally @TOKEN syntax can be used to bound the view to specific
267 267 ; authentication token. Such view would be only accessible when used together
268 268 ; with this authentication token
269 269 ; list of all views can be found under `/_admin/permissions/auth_token_access`
270 270 ; The list should be "," separated and on a single line.
271 271 ; Most common views to enable:
272 272
273 273 # RepoCommitsView:repo_commit_download
274 274 # RepoCommitsView:repo_commit_patch
275 275 # RepoCommitsView:repo_commit_raw
276 276 # RepoCommitsView:repo_commit_raw@TOKEN
277 277 # RepoFilesView:repo_files_diff
278 278 # RepoFilesView:repo_archivefile
279 279 # RepoFilesView:repo_file_raw
280 280 # GistView:*
281 281 api_access_controllers_whitelist =
282 282
283 283 ; Default encoding used to convert from and to unicode
284 284 ; can be also a comma separated list of encoding in case of mixed encodings
285 285 default_encoding = UTF-8
286 286
287 287 ; instance-id prefix
288 288 ; a prefix key for this instance used for cache invalidation when running
289 289 ; multiple instances of RhodeCode, make sure it's globally unique for
290 290 ; all running RhodeCode instances. Leave empty if you don't use it
291 291 instance_id =
292 292
293 293 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
294 294 ; of an authentication plugin also if it is disabled by it's settings.
295 295 ; This could be useful if you are unable to log in to the system due to broken
296 296 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
297 297 ; module to log in again and fix the settings.
298 298 ; Available builtin plugin IDs (hash is part of the ID):
299 299 ; egg:rhodecode-enterprise-ce#rhodecode
300 300 ; egg:rhodecode-enterprise-ce#pam
301 301 ; egg:rhodecode-enterprise-ce#ldap
302 302 ; egg:rhodecode-enterprise-ce#jasig_cas
303 303 ; egg:rhodecode-enterprise-ce#headers
304 304 ; egg:rhodecode-enterprise-ce#crowd
305 305
306 306 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
307 307
308 308 ; Flag to control loading of legacy plugins in py:/path format
309 309 auth_plugin.import_legacy_plugins = true
310 310
311 311 ; alternative return HTTP header for failed authentication. Default HTTP
312 312 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
313 313 ; handling that causing a series of failed authentication calls.
314 314 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
315 315 ; This will be served instead of default 401 on bad authentication
316 316 auth_ret_code =
317 317
318 318 ; use special detection method when serving auth_ret_code, instead of serving
319 319 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
320 320 ; and then serve auth_ret_code to clients
321 321 auth_ret_code_detection = false
322 322
323 323 ; locking return code. When repository is locked return this HTTP code. 2XX
324 324 ; codes don't break the transactions while 4XX codes do
325 325 lock_ret_code = 423
326 326
327 327 ; allows to change the repository location in settings page
328 328 allow_repo_location_change = true
329 329
330 330 ; allows to setup custom hooks in settings page
331 331 allow_custom_hooks_settings = true
332 332
333 333 ; Generated license token required for EE edition license.
334 334 ; New generated token value can be found in Admin > settings > license page.
335 335 license_token =
336 336
337 337 ; This flag hides sensitive information on the license page such as token, and license data
338 338 license.hide_license_info = false
339 339
340 340 ; supervisor connection uri, for managing supervisor and logs.
341 341 supervisor.uri =
342 342
343 343 ; supervisord group name/id we only want this RC instance to handle
344 344 supervisor.group_id = dev
345 345
346 346 ; Display extended labs settings
347 347 labs_settings_active = true
348 348
349 349 ; Custom exception store path, defaults to TMPDIR
350 350 ; This is used to store exception from RhodeCode in shared directory
351 351 #exception_tracker.store_path =
352 352
353 353 ; Send email with exception details when it happens
354 354 #exception_tracker.send_email = false
355 355
356 356 ; Comma separated list of recipients for exception emails,
357 357 ; e.g admin@rhodecode.com,devops@rhodecode.com
358 358 ; Can be left empty, then emails will be sent to ALL super-admins
359 359 #exception_tracker.send_email_recipients =
360 360
361 361 ; optional prefix to Add to email Subject
362 362 #exception_tracker.email_prefix = [RHODECODE ERROR]
363 363
364 364 ; File store configuration. This is used to store and serve uploaded files
365 365 file_store.enabled = true
366 366
367 367 ; Storage backend, available options are: local
368 368 file_store.backend = local
369 369
370 370 ; path to store the uploaded binaries
371 371 file_store.storage_path = %(here)s/data/file_store
372 372
373 373
374 374 ; #############
375 375 ; CELERY CONFIG
376 376 ; #############
377 377
378 378 ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
379 379
380 380 use_celery = false
381 381
382 382 ; connection url to the message broker (default redis)
383 383 celery.broker_url = redis://localhost:6379/8
384 384
385 385 ; rabbitmq example
386 386 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
387 387
388 388 ; maximum tasks to execute before worker restart
389 389 celery.max_tasks_per_child = 100
390 390
391 391 ; tasks will never be sent to the queue, but executed locally instead.
392 392 celery.task_always_eager = false
393 393
394 394 ; #############
395 395 ; DOGPILE CACHE
396 396 ; #############
397 397
398 398 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
399 399 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
400 400 cache_dir = %(here)s/data
401 401
402 402 ; *********************************************
403 403 ; `sql_cache_short` cache for heavy SQL queries
404 404 ; Only supported backend is `memory_lru`
405 405 ; *********************************************
406 406 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
407 407 rc_cache.sql_cache_short.expiration_time = 30
408 408
409 409
410 410 ; *****************************************************
411 411 ; `cache_repo_longterm` cache for repo object instances
412 412 ; Only supported backend is `memory_lru`
413 413 ; *****************************************************
414 414 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
415 415 ; by default we use 30 Days, cache is still invalidated on push
416 416 rc_cache.cache_repo_longterm.expiration_time = 2592000
417 417 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
418 418 rc_cache.cache_repo_longterm.max_size = 10000
419 419
420 420
421 421 ; *************************************************
422 422 ; `cache_perms` cache for permission tree, auth TTL
423 423 ; *************************************************
424 424 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
425 425 rc_cache.cache_perms.expiration_time = 300
426 426 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
427 427 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
428 428
429 429 ; alternative `cache_perms` redis backend with distributed lock
430 430 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
431 431 #rc_cache.cache_perms.expiration_time = 300
432 432
433 433 ; redis_expiration_time needs to be greater then expiration_time
434 434 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
435 435
436 436 #rc_cache.cache_perms.arguments.host = localhost
437 437 #rc_cache.cache_perms.arguments.port = 6379
438 438 #rc_cache.cache_perms.arguments.db = 0
439 439 #rc_cache.cache_perms.arguments.socket_timeout = 30
440 440 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
441 441 #rc_cache.cache_perms.arguments.distributed_lock = true
442 442
443 443
444 444 ; ***************************************************
445 445 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
446 446 ; ***************************************************
447 447 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
448 448 rc_cache.cache_repo.expiration_time = 2592000
449 449 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
450 450 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
451 451
452 452 ; alternative `cache_repo` redis backend with distributed lock
453 453 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
454 454 #rc_cache.cache_repo.expiration_time = 2592000
455 455
456 456 ; redis_expiration_time needs to be greater then expiration_time
457 457 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
458 458
459 459 #rc_cache.cache_repo.arguments.host = localhost
460 460 #rc_cache.cache_repo.arguments.port = 6379
461 461 #rc_cache.cache_repo.arguments.db = 1
462 462 #rc_cache.cache_repo.arguments.socket_timeout = 30
463 463 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
464 464 #rc_cache.cache_repo.arguments.distributed_lock = true
465 465
466 466
467 467 ; ##############
468 468 ; BEAKER SESSION
469 469 ; ##############
470 470
471 471 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
472 472 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
473 473 ; Fastest ones are Redis and ext:database
474 474 beaker.session.type = file
475 475 beaker.session.data_dir = %(here)s/data/sessions
476 476
477 477 ; Redis based sessions
478 478 #beaker.session.type = ext:redis
479 479 #beaker.session.url = redis://127.0.0.1:6379/2
480 480
481 481 ; DB based session, fast, and allows easy management over logged in users
482 482 #beaker.session.type = ext:database
483 483 #beaker.session.table_name = db_session
484 484 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
485 485 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
486 486 #beaker.session.sa.pool_recycle = 3600
487 487 #beaker.session.sa.echo = false
488 488
489 489 beaker.session.key = rhodecode
490 490 beaker.session.secret = develop-rc-uytcxaz
491 491 beaker.session.lock_dir = %(here)s/data/sessions/lock
492 492
493 493 ; Secure encrypted cookie. Requires AES and AES python libraries
494 494 ; you must disable beaker.session.secret to use this
495 495 #beaker.session.encrypt_key = key_for_encryption
496 496 #beaker.session.validate_key = validation_key
497 497
498 498 ; Sets session as invalid (also logging out user) if it haven not been
499 499 ; accessed for given amount of time in seconds
500 500 beaker.session.timeout = 2592000
501 501 beaker.session.httponly = true
502 502
503 503 ; Path to use for the cookie. Set to prefix if you use prefix middleware
504 504 #beaker.session.cookie_path = /custom_prefix
505 505
506 506 ; Set https secure cookie
507 507 beaker.session.secure = false
508 508
509 509 ; default cookie expiration time in seconds, set to `true` to set expire
510 510 ; at browser close
511 511 #beaker.session.cookie_expires = 3600
512 512
513 513 ; #############################
514 514 ; SEARCH INDEXING CONFIGURATION
515 515 ; #############################
516 516
517 517 ; Full text search indexer is available in rhodecode-tools under
518 518 ; `rhodecode-tools index` command
519 519
520 520 ; WHOOSH Backend, doesn't require additional services to run
521 521 ; it works good with few dozen repos
522 522 search.module = rhodecode.lib.index.whoosh
523 523 search.location = %(here)s/data/index
524 524
525 525 ; ####################
526 526 ; CHANNELSTREAM CONFIG
527 527 ; ####################
528 528
529 529 ; channelstream enables persistent connections and live notification
530 530 ; in the system. It's also used by the chat system
531 531
532 532 channelstream.enabled = false
533 533
534 534 ; server address for channelstream server on the backend
535 535 channelstream.server = 127.0.0.1:9800
536 536
537 537 ; location of the channelstream server from outside world
538 538 ; use ws:// for http or wss:// for https. This address needs to be handled
539 539 ; by external HTTP server such as Nginx or Apache
540 540 ; see Nginx/Apache configuration examples in our docs
541 541 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
542 542 channelstream.secret = secret
543 543 channelstream.history.location = %(here)s/channelstream_history
544 544
545 545 ; Internal application path that Javascript uses to connect into.
546 546 ; If you use proxy-prefix the prefix should be added before /_channelstream
547 547 channelstream.proxy_path = /_channelstream
548 548
549 549
550 550 ; ##############################
551 551 ; MAIN RHODECODE DATABASE CONFIG
552 552 ; ##############################
553 553
554 554 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
555 555 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
556 556 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
557 557 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
558 558 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
559 559
560 560 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
561 561
562 562 ; see sqlalchemy docs for other advanced settings
563 563 ; print the sql statements to output
564 564 sqlalchemy.db1.echo = false
565 565
566 566 ; recycle the connections after this amount of seconds
567 567 sqlalchemy.db1.pool_recycle = 3600
568 568 sqlalchemy.db1.convert_unicode = true
569 569
570 570 ; the number of connections to keep open inside the connection pool.
571 571 ; 0 indicates no limit
572 572 #sqlalchemy.db1.pool_size = 5
573 573
574 574 ; The number of connections to allow in connection pool "overflow", that is
575 575 ; connections that can be opened above and beyond the pool_size setting,
576 576 ; which defaults to five.
577 577 #sqlalchemy.db1.max_overflow = 10
578 578
579 579 ; Connection check ping, used to detect broken database connections
580 580 ; could be enabled to better handle cases if MySQL has gone away errors
581 581 #sqlalchemy.db1.ping_connection = true
582 582
583 583 ; ##########
584 584 ; VCS CONFIG
585 585 ; ##########
586 586 vcs.server.enable = true
587 587 vcs.server = localhost:9900
588 588
589 589 ; Web server connectivity protocol, responsible for web based VCS operations
590 590 ; Available protocols are:
591 591 ; `http` - use http-rpc backend (default)
592 592 vcs.server.protocol = http
593 593
594 594 ; Push/Pull operations protocol, available options are:
595 595 ; `http` - use http-rpc backend (default)
596 596 vcs.scm_app_implementation = http
597 597
598 598 ; Push/Pull operations hooks protocol, available options are:
599 599 ; `http` - use http-rpc backend (default)
600 600 vcs.hooks.protocol = http
601 601
602 602 ; Host on which this instance is listening for hooks. If vcsserver is in other location
603 603 ; this should be adjusted.
604 604 vcs.hooks.host = 127.0.0.1
605 605
606 606 ; Start VCSServer with this instance as a subprocess, useful for development
607 607 vcs.start_server = false
608 608
609 609 ; List of enabled VCS backends, available options are:
610 610 ; `hg` - mercurial
611 611 ; `git` - git
612 612 ; `svn` - subversion
613 613 vcs.backends = hg, git, svn
614 614
615 615 ; Wait this number of seconds before killing connection to the vcsserver
616 616 vcs.connection_timeout = 3600
617 617
618 618 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
619 ; Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
620 #vcs.svn.compatible_version = pre-1.8-compatible
619 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
620 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
621 #vcs.svn.compatible_version = 1.8
621 622
622 623
623 624 ; ####################################################
624 625 ; Subversion proxy support (mod_dav_svn)
625 626 ; Maps RhodeCode repo groups into SVN paths for Apache
626 627 ; ####################################################
627 628
628 629 ; Enable or disable the config file generation.
629 630 svn.proxy.generate_config = false
630 631
631 632 ; Generate config file with `SVNListParentPath` set to `On`.
632 633 svn.proxy.list_parent_path = true
633 634
634 635 ; Set location and file name of generated config file.
635 636 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
636 637
637 638 ; alternative mod_dav config template. This needs to be a valid mako template
638 639 ; Example template can be found in the source code:
639 640 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
640 641 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
641 642
642 643 ; Used as a prefix to the `Location` block in the generated config file.
643 644 ; In most cases it should be set to `/`.
644 645 svn.proxy.location_root = /
645 646
646 647 ; Command to reload the mod dav svn configuration on change.
647 648 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
648 649 ; Make sure user who runs RhodeCode process is allowed to reload Apache
649 650 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
650 651
651 652 ; If the timeout expires before the reload command finishes, the command will
652 653 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
653 654 #svn.proxy.reload_timeout = 10
654 655
655 656 ; ####################
656 657 ; SSH Support Settings
657 658 ; ####################
658 659
659 660 ; Defines if a custom authorized_keys file should be created and written on
660 661 ; any change user ssh keys. Setting this to false also disables possibility
661 662 ; of adding SSH keys by users from web interface. Super admins can still
662 663 ; manage SSH Keys.
663 664 ssh.generate_authorized_keyfile = false
664 665
665 666 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
666 667 # ssh.authorized_keys_ssh_opts =
667 668
668 669 ; Path to the authorized_keys file where the generate entries are placed.
669 670 ; It is possible to have multiple key files specified in `sshd_config` e.g.
670 671 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
671 672 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
672 673
673 674 ; Command to execute the SSH wrapper. The binary is available in the
674 675 ; RhodeCode installation directory.
675 676 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
676 677 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
677 678
678 679 ; Allow shell when executing the ssh-wrapper command
679 680 ssh.wrapper_cmd_allow_shell = false
680 681
681 682 ; Enables logging, and detailed output send back to the client during SSH
682 683 ; operations. Useful for debugging, shouldn't be used in production.
683 684 ssh.enable_debug_logging = true
684 685
685 686 ; Paths to binary executable, by default they are the names, but we can
686 687 ; override them if we want to use a custom one
687 688 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
688 689 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
689 690 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
690 691
691 692 ; Enables SSH key generator web interface. Disabling this still allows users
692 693 ; to add their own keys.
693 694 ssh.enable_ui_key_generator = true
694 695
695 696
696 697 ; #################
697 698 ; APPENLIGHT CONFIG
698 699 ; #################
699 700
700 701 ; Appenlight is tailored to work with RhodeCode, see
701 702 ; http://appenlight.rhodecode.com for details how to obtain an account
702 703
703 704 ; Appenlight integration enabled
704 705 appenlight = false
705 706
706 707 appenlight.server_url = https://api.appenlight.com
707 708 appenlight.api_key = YOUR_API_KEY
708 709 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
709 710
710 711 ; used for JS client
711 712 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
712 713
713 714 ; TWEAK AMOUNT OF INFO SENT HERE
714 715
715 716 ; enables 404 error logging (default False)
716 717 appenlight.report_404 = false
717 718
718 719 ; time in seconds after request is considered being slow (default 1)
719 720 appenlight.slow_request_time = 1
720 721
721 722 ; record slow requests in application
722 723 ; (needs to be enabled for slow datastore recording and time tracking)
723 724 appenlight.slow_requests = true
724 725
725 726 ; enable hooking to application loggers
726 727 appenlight.logging = true
727 728
728 729 ; minimum log level for log capture
729 730 appenlight.logging.level = WARNING
730 731
731 732 ; send logs only from erroneous/slow requests
732 733 ; (saves API quota for intensive logging)
733 734 appenlight.logging_on_error = false
734 735
735 736 ; list of additional keywords that should be grabbed from environ object
736 737 ; can be string with comma separated list of words in lowercase
737 738 ; (by default client will always send following info:
738 739 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
739 740 ; start with HTTP* this list be extended with additional keywords here
740 741 appenlight.environ_keys_whitelist =
741 742
742 743 ; list of keywords that should be blanked from request object
743 744 ; can be string with comma separated list of words in lowercase
744 745 ; (by default client will always blank keys that contain following words
745 746 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
746 747 ; this list be extended with additional keywords set here
747 748 appenlight.request_keys_blacklist =
748 749
749 750 ; list of namespaces that should be ignores when gathering log entries
750 751 ; can be string with comma separated list of namespaces
751 752 ; (by default the client ignores own entries: appenlight_client.client)
752 753 appenlight.log_namespace_blacklist =
753 754
754 755 ; Dummy marker to add new entries after.
755 756 ; Add any custom entries below. Please don't remove this marker.
756 757 custom.conf = 1
757 758
758 759
759 760 ; #####################
760 761 ; LOGGING CONFIGURATION
761 762 ; #####################
762 763 [loggers]
763 764 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
764 765
765 766 [handlers]
766 767 keys = console, console_sql
767 768
768 769 [formatters]
769 770 keys = generic, color_formatter, color_formatter_sql
770 771
771 772 ; #######
772 773 ; LOGGERS
773 774 ; #######
774 775 [logger_root]
775 776 level = NOTSET
776 777 handlers = console
777 778
778 779 [logger_sqlalchemy]
779 780 level = INFO
780 781 handlers = console_sql
781 782 qualname = sqlalchemy.engine
782 783 propagate = 0
783 784
784 785 [logger_beaker]
785 786 level = DEBUG
786 787 handlers =
787 788 qualname = beaker.container
788 789 propagate = 1
789 790
790 791 [logger_rhodecode]
791 792 level = DEBUG
792 793 handlers =
793 794 qualname = rhodecode
794 795 propagate = 1
795 796
796 797 [logger_ssh_wrapper]
797 798 level = DEBUG
798 799 handlers =
799 800 qualname = ssh_wrapper
800 801 propagate = 1
801 802
802 803 [logger_celery]
803 804 level = DEBUG
804 805 handlers =
805 806 qualname = celery
806 807
807 808
808 809 ; ########
809 810 ; HANDLERS
810 811 ; ########
811 812
812 813 [handler_console]
813 814 class = StreamHandler
814 815 args = (sys.stderr, )
815 816 level = DEBUG
816 817 formatter = color_formatter
817 818
818 819 [handler_console_sql]
819 820 ; "level = DEBUG" logs SQL queries and results.
820 821 ; "level = INFO" logs SQL queries.
821 822 ; "level = WARN" logs neither. (Recommended for production systems.)
822 823 class = StreamHandler
823 824 args = (sys.stderr, )
824 825 level = WARN
825 826 formatter = color_formatter_sql
826 827
827 828 ; ##########
828 829 ; FORMATTERS
829 830 ; ##########
830 831
831 832 [formatter_generic]
832 833 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
833 834 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
834 835 datefmt = %Y-%m-%d %H:%M:%S
835 836
836 837 [formatter_color_formatter]
837 838 class = rhodecode.lib.logging_formatter.ColorFormatter
838 839 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
839 840 datefmt = %Y-%m-%d %H:%M:%S
840 841
841 842 [formatter_color_formatter_sql]
842 843 class = rhodecode.lib.logging_formatter.ColorFormatterSql
843 844 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
844 845 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,795 +1,796 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 ; #########################################
4 4 ; RHODECODE COMMUNITY EDITION CONFIGURATION
5 5 ; #########################################
6 6
7 7 [DEFAULT]
8 8 ; Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = false
10 10
11 11 ; ########################################################################
12 12 ; EMAIL CONFIGURATION
13 13 ; These settings will be used by the RhodeCode mailing system
14 14 ; ########################################################################
15 15
16 16 ; prefix all emails subjects with given prefix, helps filtering out emails
17 17 #email_prefix = [RhodeCode]
18 18
19 19 ; email FROM address all mails will be sent
20 20 #app_email_from = rhodecode-noreply@localhost
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28
29 29 [server:main]
30 30 ; COMMON HOST/IP CONFIG
31 31 host = 127.0.0.1
32 32 port = 5000
33 33
34 34
35 35 ; ###########################
36 36 ; GUNICORN APPLICATION SERVER
37 37 ; ###########################
38 38
39 39 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
40 40
41 41 ; Module to use, this setting shouldn't be changed
42 42 use = egg:gunicorn#main
43 43
44 44 ; Sets the number of process workers. More workers means more concurrent connections
45 45 ; RhodeCode can handle at the same time. Each additional worker also it increases
46 46 ; memory usage as each has it's own set of caches.
47 47 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
48 48 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
49 49 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
50 50 ; when using more than 1 worker.
51 51 workers = 2
52 52
53 53 ; Gunicorn access log level
54 54 loglevel = info
55 55
56 56 ; Process name visible in process list
57 57 proc_name = rhodecode
58 58
59 59 ; Type of worker class, one of `sync`, `gevent`
60 60 ; Recommended type is `gevent`
61 61 worker_class = gevent
62 62
63 63 ; The maximum number of simultaneous clients per worker. Valid only for gevent
64 64 worker_connections = 10
65 65
66 66 ; Max number of requests that worker will handle before being gracefully restarted.
67 67 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
68 68 max_requests = 1000
69 69 max_requests_jitter = 30
70 70
71 71 ; Amount of time a worker can spend with handling a request before it
72 72 ; gets killed and restarted. By default set to 21600 (6hrs)
73 73 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
74 74 timeout = 21600
75 75
76 76 ; The maximum size of HTTP request line in bytes.
77 77 ; 0 for unlimited
78 78 limit_request_line = 0
79 79
80 80 ; Limit the number of HTTP headers fields in a request.
81 81 ; By default this value is 100 and can't be larger than 32768.
82 82 limit_request_fields = 32768
83 83
84 84 ; Limit the allowed size of an HTTP request header field.
85 85 ; Value is a positive number or 0.
86 86 ; Setting it to 0 will allow unlimited header field sizes.
87 87 limit_request_field_size = 0
88 88
89 89 ; Timeout for graceful workers restart.
90 90 ; After receiving a restart signal, workers have this much time to finish
91 91 ; serving requests. Workers still alive after the timeout (starting from the
92 92 ; receipt of the restart signal) are force killed.
93 93 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
94 94 graceful_timeout = 3600
95 95
96 96 # The number of seconds to wait for requests on a Keep-Alive connection.
97 97 # Generally set in the 1-5 seconds range.
98 98 keepalive = 2
99 99
100 100 ; Maximum memory usage that each worker can use before it will receive a
101 101 ; graceful restart signal 0 = memory monitoring is disabled
102 102 ; Examples: 268435456 (256MB), 536870912 (512MB)
103 103 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
104 104 memory_max_usage = 0
105 105
106 106 ; How often in seconds to check for memory usage for each gunicorn worker
107 107 memory_usage_check_interval = 60
108 108
109 109 ; Threshold value for which we don't recycle worker if GarbageCollection
110 110 ; frees up enough resources. Before each restart we try to run GC on worker
111 111 ; in case we get enough free memory after that, restart will not happen.
112 112 memory_usage_recovery_threshold = 0.8
113 113
114 114
115 115 ; Prefix middleware for RhodeCode.
116 116 ; recommended when using proxy setup.
117 117 ; allows to set RhodeCode under a prefix in server.
118 118 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
119 119 ; And set your prefix like: `prefix = /custom_prefix`
120 120 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
121 121 ; to make your cookies only work on prefix url
122 122 [filter:proxy-prefix]
123 123 use = egg:PasteDeploy#prefix
124 124 prefix = /
125 125
126 126 [app:main]
127 127 ; The %(here)s variable will be replaced with the absolute path of parent directory
128 128 ; of this file
129 129 ; In addition ENVIRONMENT variables usage is possible, e.g
130 130 ; sqlalchemy.db1.url = {ENV_RC_DB_URL}
131 131
132 132 use = egg:rhodecode-enterprise-ce
133 133
134 134 ; enable proxy prefix middleware, defined above
135 135 #filter-with = proxy-prefix
136 136
137 137 ; encryption key used to encrypt social plugin tokens,
138 138 ; remote_urls with credentials etc, if not set it defaults to
139 139 ; `beaker.session.secret`
140 140 #rhodecode.encrypted_values.secret =
141 141
142 142 ; decryption strict mode (enabled by default). It controls if decryption raises
143 143 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
144 144 #rhodecode.encrypted_values.strict = false
145 145
146 146 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
147 147 ; fernet is safer, and we strongly recommend switching to it.
148 148 ; Due to backward compatibility aes is used as default.
149 149 #rhodecode.encrypted_values.algorithm = fernet
150 150
151 151 ; Return gzipped responses from RhodeCode (static files/application)
152 152 gzip_responses = false
153 153
154 154 ; Auto-generate javascript routes file on startup
155 155 generate_js_files = false
156 156
157 157 ; System global default language.
158 158 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
159 159 lang = en
160 160
161 161 ; Perform a full repository scan and import on each server start.
162 162 ; Settings this to true could lead to very long startup time.
163 163 startup.import_repos = false
164 164
165 165 ; Uncomment and set this path to use archive download cache.
166 166 ; Once enabled, generated archives will be cached at this location
167 167 ; and served from the cache during subsequent requests for the same archive of
168 168 ; the repository.
169 169 #archive_cache_dir = /tmp/tarballcache
170 170
171 171 ; URL at which the application is running. This is used for Bootstrapping
172 172 ; requests in context when no web request is available. Used in ishell, or
173 173 ; SSH calls. Set this for events to receive proper url for SSH calls.
174 174 app.base_url = http://rhodecode.local
175 175
176 176 ; Unique application ID. Should be a random unique string for security.
177 177 app_instance_uuid = rc-production
178 178
179 179 ; Cut off limit for large diffs (size in bytes). If overall diff size on
180 180 ; commit, or pull request exceeds this limit this diff will be displayed
181 181 ; partially. E.g 512000 == 512Kb
182 182 cut_off_limit_diff = 512000
183 183
184 184 ; Cut off limit for large files inside diffs (size in bytes). Each individual
185 185 ; file inside diff which exceeds this limit will be displayed partially.
186 186 ; E.g 128000 == 128Kb
187 187 cut_off_limit_file = 128000
188 188
189 189 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
190 190 vcs_full_cache = true
191 191
192 192 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
193 193 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
194 194 force_https = false
195 195
196 196 ; use Strict-Transport-Security headers
197 197 use_htsts = false
198 198
199 199 ; Set to true if your repos are exposed using the dumb protocol
200 200 git_update_server_info = false
201 201
202 202 ; RSS/ATOM feed options
203 203 rss_cut_off_limit = 256000
204 204 rss_items_per_page = 10
205 205 rss_include_diff = false
206 206
207 207 ; gist URL alias, used to create nicer urls for gist. This should be an
208 208 ; url that does rewrites to _admin/gists/{gistid}.
209 209 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
210 210 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
211 211 gist_alias_url =
212 212
213 213 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
214 214 ; used for access.
215 215 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
216 216 ; came from the the logged in user who own this authentication token.
217 217 ; Additionally @TOKEN syntax can be used to bound the view to specific
218 218 ; authentication token. Such view would be only accessible when used together
219 219 ; with this authentication token
220 220 ; list of all views can be found under `/_admin/permissions/auth_token_access`
221 221 ; The list should be "," separated and on a single line.
222 222 ; Most common views to enable:
223 223
224 224 # RepoCommitsView:repo_commit_download
225 225 # RepoCommitsView:repo_commit_patch
226 226 # RepoCommitsView:repo_commit_raw
227 227 # RepoCommitsView:repo_commit_raw@TOKEN
228 228 # RepoFilesView:repo_files_diff
229 229 # RepoFilesView:repo_archivefile
230 230 # RepoFilesView:repo_file_raw
231 231 # GistView:*
232 232 api_access_controllers_whitelist =
233 233
234 234 ; Default encoding used to convert from and to unicode
235 235 ; can be also a comma separated list of encoding in case of mixed encodings
236 236 default_encoding = UTF-8
237 237
238 238 ; instance-id prefix
239 239 ; a prefix key for this instance used for cache invalidation when running
240 240 ; multiple instances of RhodeCode, make sure it's globally unique for
241 241 ; all running RhodeCode instances. Leave empty if you don't use it
242 242 instance_id =
243 243
244 244 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
245 245 ; of an authentication plugin also if it is disabled by it's settings.
246 246 ; This could be useful if you are unable to log in to the system due to broken
247 247 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
248 248 ; module to log in again and fix the settings.
249 249 ; Available builtin plugin IDs (hash is part of the ID):
250 250 ; egg:rhodecode-enterprise-ce#rhodecode
251 251 ; egg:rhodecode-enterprise-ce#pam
252 252 ; egg:rhodecode-enterprise-ce#ldap
253 253 ; egg:rhodecode-enterprise-ce#jasig_cas
254 254 ; egg:rhodecode-enterprise-ce#headers
255 255 ; egg:rhodecode-enterprise-ce#crowd
256 256
257 257 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
258 258
259 259 ; Flag to control loading of legacy plugins in py:/path format
260 260 auth_plugin.import_legacy_plugins = true
261 261
262 262 ; alternative return HTTP header for failed authentication. Default HTTP
263 263 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
264 264 ; handling that causing a series of failed authentication calls.
265 265 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
266 266 ; This will be served instead of default 401 on bad authentication
267 267 auth_ret_code =
268 268
269 269 ; use special detection method when serving auth_ret_code, instead of serving
270 270 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
271 271 ; and then serve auth_ret_code to clients
272 272 auth_ret_code_detection = false
273 273
274 274 ; locking return code. When repository is locked return this HTTP code. 2XX
275 275 ; codes don't break the transactions while 4XX codes do
276 276 lock_ret_code = 423
277 277
278 278 ; allows to change the repository location in settings page
279 279 allow_repo_location_change = true
280 280
281 281 ; allows to setup custom hooks in settings page
282 282 allow_custom_hooks_settings = true
283 283
284 284 ; Generated license token required for EE edition license.
285 285 ; New generated token value can be found in Admin > settings > license page.
286 286 license_token =
287 287
288 288 ; This flag hides sensitive information on the license page such as token, and license data
289 289 license.hide_license_info = false
290 290
291 291 ; supervisor connection uri, for managing supervisor and logs.
292 292 supervisor.uri =
293 293
294 294 ; supervisord group name/id we only want this RC instance to handle
295 295 supervisor.group_id = prod
296 296
297 297 ; Display extended labs settings
298 298 labs_settings_active = true
299 299
300 300 ; Custom exception store path, defaults to TMPDIR
301 301 ; This is used to store exception from RhodeCode in shared directory
302 302 #exception_tracker.store_path =
303 303
304 304 ; Send email with exception details when it happens
305 305 #exception_tracker.send_email = false
306 306
307 307 ; Comma separated list of recipients for exception emails,
308 308 ; e.g admin@rhodecode.com,devops@rhodecode.com
309 309 ; Can be left empty, then emails will be sent to ALL super-admins
310 310 #exception_tracker.send_email_recipients =
311 311
312 312 ; optional prefix to Add to email Subject
313 313 #exception_tracker.email_prefix = [RHODECODE ERROR]
314 314
315 315 ; File store configuration. This is used to store and serve uploaded files
316 316 file_store.enabled = true
317 317
318 318 ; Storage backend, available options are: local
319 319 file_store.backend = local
320 320
321 321 ; path to store the uploaded binaries
322 322 file_store.storage_path = %(here)s/data/file_store
323 323
324 324
325 325 ; #############
326 326 ; CELERY CONFIG
327 327 ; #############
328 328
329 329 ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
330 330
331 331 use_celery = false
332 332
333 333 ; connection url to the message broker (default redis)
334 334 celery.broker_url = redis://localhost:6379/8
335 335
336 336 ; rabbitmq example
337 337 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
338 338
339 339 ; maximum tasks to execute before worker restart
340 340 celery.max_tasks_per_child = 100
341 341
342 342 ; tasks will never be sent to the queue, but executed locally instead.
343 343 celery.task_always_eager = false
344 344
345 345 ; #############
346 346 ; DOGPILE CACHE
347 347 ; #############
348 348
349 349 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
350 350 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
351 351 cache_dir = %(here)s/data
352 352
353 353 ; *********************************************
354 354 ; `sql_cache_short` cache for heavy SQL queries
355 355 ; Only supported backend is `memory_lru`
356 356 ; *********************************************
357 357 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
358 358 rc_cache.sql_cache_short.expiration_time = 30
359 359
360 360
361 361 ; *****************************************************
362 362 ; `cache_repo_longterm` cache for repo object instances
363 363 ; Only supported backend is `memory_lru`
364 364 ; *****************************************************
365 365 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
366 366 ; by default we use 30 Days, cache is still invalidated on push
367 367 rc_cache.cache_repo_longterm.expiration_time = 2592000
368 368 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
369 369 rc_cache.cache_repo_longterm.max_size = 10000
370 370
371 371
372 372 ; *************************************************
373 373 ; `cache_perms` cache for permission tree, auth TTL
374 374 ; *************************************************
375 375 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
376 376 rc_cache.cache_perms.expiration_time = 300
377 377 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
378 378 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
379 379
380 380 ; alternative `cache_perms` redis backend with distributed lock
381 381 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
382 382 #rc_cache.cache_perms.expiration_time = 300
383 383
384 384 ; redis_expiration_time needs to be greater then expiration_time
385 385 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
386 386
387 387 #rc_cache.cache_perms.arguments.host = localhost
388 388 #rc_cache.cache_perms.arguments.port = 6379
389 389 #rc_cache.cache_perms.arguments.db = 0
390 390 #rc_cache.cache_perms.arguments.socket_timeout = 30
391 391 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
392 392 #rc_cache.cache_perms.arguments.distributed_lock = true
393 393
394 394
395 395 ; ***************************************************
396 396 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
397 397 ; ***************************************************
398 398 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
399 399 rc_cache.cache_repo.expiration_time = 2592000
400 400 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
401 401 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
402 402
403 403 ; alternative `cache_repo` redis backend with distributed lock
404 404 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
405 405 #rc_cache.cache_repo.expiration_time = 2592000
406 406
407 407 ; redis_expiration_time needs to be greater then expiration_time
408 408 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
409 409
410 410 #rc_cache.cache_repo.arguments.host = localhost
411 411 #rc_cache.cache_repo.arguments.port = 6379
412 412 #rc_cache.cache_repo.arguments.db = 1
413 413 #rc_cache.cache_repo.arguments.socket_timeout = 30
414 414 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
415 415 #rc_cache.cache_repo.arguments.distributed_lock = true
416 416
417 417
418 418 ; ##############
419 419 ; BEAKER SESSION
420 420 ; ##############
421 421
422 422 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
423 423 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
424 424 ; Fastest ones are Redis and ext:database
425 425 beaker.session.type = file
426 426 beaker.session.data_dir = %(here)s/data/sessions
427 427
428 428 ; Redis based sessions
429 429 #beaker.session.type = ext:redis
430 430 #beaker.session.url = redis://127.0.0.1:6379/2
431 431
432 432 ; DB based session, fast, and allows easy management over logged in users
433 433 #beaker.session.type = ext:database
434 434 #beaker.session.table_name = db_session
435 435 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
436 436 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
437 437 #beaker.session.sa.pool_recycle = 3600
438 438 #beaker.session.sa.echo = false
439 439
440 440 beaker.session.key = rhodecode
441 441 beaker.session.secret = production-rc-uytcxaz
442 442 beaker.session.lock_dir = %(here)s/data/sessions/lock
443 443
444 444 ; Secure encrypted cookie. Requires AES and AES python libraries
445 445 ; you must disable beaker.session.secret to use this
446 446 #beaker.session.encrypt_key = key_for_encryption
447 447 #beaker.session.validate_key = validation_key
448 448
449 449 ; Sets session as invalid (also logging out user) if it haven not been
450 450 ; accessed for given amount of time in seconds
451 451 beaker.session.timeout = 2592000
452 452 beaker.session.httponly = true
453 453
454 454 ; Path to use for the cookie. Set to prefix if you use prefix middleware
455 455 #beaker.session.cookie_path = /custom_prefix
456 456
457 457 ; Set https secure cookie
458 458 beaker.session.secure = false
459 459
460 460 ; default cookie expiration time in seconds, set to `true` to set expire
461 461 ; at browser close
462 462 #beaker.session.cookie_expires = 3600
463 463
464 464 ; #############################
465 465 ; SEARCH INDEXING CONFIGURATION
466 466 ; #############################
467 467
468 468 ; Full text search indexer is available in rhodecode-tools under
469 469 ; `rhodecode-tools index` command
470 470
471 471 ; WHOOSH Backend, doesn't require additional services to run
472 472 ; it works good with few dozen repos
473 473 search.module = rhodecode.lib.index.whoosh
474 474 search.location = %(here)s/data/index
475 475
476 476 ; ####################
477 477 ; CHANNELSTREAM CONFIG
478 478 ; ####################
479 479
480 480 ; channelstream enables persistent connections and live notification
481 481 ; in the system. It's also used by the chat system
482 482
483 483 channelstream.enabled = false
484 484
485 485 ; server address for channelstream server on the backend
486 486 channelstream.server = 127.0.0.1:9800
487 487
488 488 ; location of the channelstream server from outside world
489 489 ; use ws:// for http or wss:// for https. This address needs to be handled
490 490 ; by external HTTP server such as Nginx or Apache
491 491 ; see Nginx/Apache configuration examples in our docs
492 492 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
493 493 channelstream.secret = secret
494 494 channelstream.history.location = %(here)s/channelstream_history
495 495
496 496 ; Internal application path that Javascript uses to connect into.
497 497 ; If you use proxy-prefix the prefix should be added before /_channelstream
498 498 channelstream.proxy_path = /_channelstream
499 499
500 500
501 501 ; ##############################
502 502 ; MAIN RHODECODE DATABASE CONFIG
503 503 ; ##############################
504 504
505 505 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
506 506 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
507 507 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
508 508 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
509 509 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
510 510
511 511 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
512 512
513 513 ; see sqlalchemy docs for other advanced settings
514 514 ; print the sql statements to output
515 515 sqlalchemy.db1.echo = false
516 516
517 517 ; recycle the connections after this amount of seconds
518 518 sqlalchemy.db1.pool_recycle = 3600
519 519 sqlalchemy.db1.convert_unicode = true
520 520
521 521 ; the number of connections to keep open inside the connection pool.
522 522 ; 0 indicates no limit
523 523 #sqlalchemy.db1.pool_size = 5
524 524
525 525 ; The number of connections to allow in connection pool "overflow", that is
526 526 ; connections that can be opened above and beyond the pool_size setting,
527 527 ; which defaults to five.
528 528 #sqlalchemy.db1.max_overflow = 10
529 529
530 530 ; Connection check ping, used to detect broken database connections
531 531 ; could be enabled to better handle cases if MySQL has gone away errors
532 532 #sqlalchemy.db1.ping_connection = true
533 533
534 534 ; ##########
535 535 ; VCS CONFIG
536 536 ; ##########
537 537 vcs.server.enable = true
538 538 vcs.server = localhost:9900
539 539
540 540 ; Web server connectivity protocol, responsible for web based VCS operations
541 541 ; Available protocols are:
542 542 ; `http` - use http-rpc backend (default)
543 543 vcs.server.protocol = http
544 544
545 545 ; Push/Pull operations protocol, available options are:
546 546 ; `http` - use http-rpc backend (default)
547 547 vcs.scm_app_implementation = http
548 548
549 549 ; Push/Pull operations hooks protocol, available options are:
550 550 ; `http` - use http-rpc backend (default)
551 551 vcs.hooks.protocol = http
552 552
553 553 ; Host on which this instance is listening for hooks. If vcsserver is in other location
554 554 ; this should be adjusted.
555 555 vcs.hooks.host = 127.0.0.1
556 556
557 557 ; Start VCSServer with this instance as a subprocess, useful for development
558 558 vcs.start_server = false
559 559
560 560 ; List of enabled VCS backends, available options are:
561 561 ; `hg` - mercurial
562 562 ; `git` - git
563 563 ; `svn` - subversion
564 564 vcs.backends = hg, git, svn
565 565
566 566 ; Wait this number of seconds before killing connection to the vcsserver
567 567 vcs.connection_timeout = 3600
568 568
569 569 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
570 ; Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
571 #vcs.svn.compatible_version = pre-1.8-compatible
570 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
571 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
572 #vcs.svn.compatible_version = 1.8
572 573
573 574
574 575 ; ####################################################
575 576 ; Subversion proxy support (mod_dav_svn)
576 577 ; Maps RhodeCode repo groups into SVN paths for Apache
577 578 ; ####################################################
578 579
579 580 ; Enable or disable the config file generation.
580 581 svn.proxy.generate_config = false
581 582
582 583 ; Generate config file with `SVNListParentPath` set to `On`.
583 584 svn.proxy.list_parent_path = true
584 585
585 586 ; Set location and file name of generated config file.
586 587 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
587 588
588 589 ; alternative mod_dav config template. This needs to be a valid mako template
589 590 ; Example template can be found in the source code:
590 591 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
591 592 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
592 593
593 594 ; Used as a prefix to the `Location` block in the generated config file.
594 595 ; In most cases it should be set to `/`.
595 596 svn.proxy.location_root = /
596 597
597 598 ; Command to reload the mod dav svn configuration on change.
598 599 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
599 600 ; Make sure user who runs RhodeCode process is allowed to reload Apache
600 601 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
601 602
602 603 ; If the timeout expires before the reload command finishes, the command will
603 604 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
604 605 #svn.proxy.reload_timeout = 10
605 606
606 607 ; ####################
607 608 ; SSH Support Settings
608 609 ; ####################
609 610
610 611 ; Defines if a custom authorized_keys file should be created and written on
611 612 ; any change user ssh keys. Setting this to false also disables possibility
612 613 ; of adding SSH keys by users from web interface. Super admins can still
613 614 ; manage SSH Keys.
614 615 ssh.generate_authorized_keyfile = false
615 616
616 617 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
617 618 # ssh.authorized_keys_ssh_opts =
618 619
619 620 ; Path to the authorized_keys file where the generate entries are placed.
620 621 ; It is possible to have multiple key files specified in `sshd_config` e.g.
621 622 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
622 623 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
623 624
624 625 ; Command to execute the SSH wrapper. The binary is available in the
625 626 ; RhodeCode installation directory.
626 627 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
627 628 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
628 629
629 630 ; Allow shell when executing the ssh-wrapper command
630 631 ssh.wrapper_cmd_allow_shell = false
631 632
632 633 ; Enables logging, and detailed output send back to the client during SSH
633 634 ; operations. Useful for debugging, shouldn't be used in production.
634 635 ssh.enable_debug_logging = false
635 636
636 637 ; Paths to binary executable, by default they are the names, but we can
637 638 ; override them if we want to use a custom one
638 639 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
639 640 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
640 641 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
641 642
642 643 ; Enables SSH key generator web interface. Disabling this still allows users
643 644 ; to add their own keys.
644 645 ssh.enable_ui_key_generator = true
645 646
646 647
647 648 ; #################
648 649 ; APPENLIGHT CONFIG
649 650 ; #################
650 651
651 652 ; Appenlight is tailored to work with RhodeCode, see
652 653 ; http://appenlight.rhodecode.com for details how to obtain an account
653 654
654 655 ; Appenlight integration enabled
655 656 appenlight = false
656 657
657 658 appenlight.server_url = https://api.appenlight.com
658 659 appenlight.api_key = YOUR_API_KEY
659 660 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
660 661
661 662 ; used for JS client
662 663 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
663 664
664 665 ; TWEAK AMOUNT OF INFO SENT HERE
665 666
666 667 ; enables 404 error logging (default False)
667 668 appenlight.report_404 = false
668 669
669 670 ; time in seconds after request is considered being slow (default 1)
670 671 appenlight.slow_request_time = 1
671 672
672 673 ; record slow requests in application
673 674 ; (needs to be enabled for slow datastore recording and time tracking)
674 675 appenlight.slow_requests = true
675 676
676 677 ; enable hooking to application loggers
677 678 appenlight.logging = true
678 679
679 680 ; minimum log level for log capture
680 681 appenlight.logging.level = WARNING
681 682
682 683 ; send logs only from erroneous/slow requests
683 684 ; (saves API quota for intensive logging)
684 685 appenlight.logging_on_error = false
685 686
686 687 ; list of additional keywords that should be grabbed from environ object
687 688 ; can be string with comma separated list of words in lowercase
688 689 ; (by default client will always send following info:
689 690 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
690 691 ; start with HTTP* this list be extended with additional keywords here
691 692 appenlight.environ_keys_whitelist =
692 693
693 694 ; list of keywords that should be blanked from request object
694 695 ; can be string with comma separated list of words in lowercase
695 696 ; (by default client will always blank keys that contain following words
696 697 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
697 698 ; this list be extended with additional keywords set here
698 699 appenlight.request_keys_blacklist =
699 700
700 701 ; list of namespaces that should be ignores when gathering log entries
701 702 ; can be string with comma separated list of namespaces
702 703 ; (by default the client ignores own entries: appenlight_client.client)
703 704 appenlight.log_namespace_blacklist =
704 705
705 706 ; Dummy marker to add new entries after.
706 707 ; Add any custom entries below. Please don't remove this marker.
707 708 custom.conf = 1
708 709
709 710
710 711 ; #####################
711 712 ; LOGGING CONFIGURATION
712 713 ; #####################
713 714 [loggers]
714 715 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
715 716
716 717 [handlers]
717 718 keys = console, console_sql
718 719
719 720 [formatters]
720 721 keys = generic, color_formatter, color_formatter_sql
721 722
722 723 ; #######
723 724 ; LOGGERS
724 725 ; #######
725 726 [logger_root]
726 727 level = NOTSET
727 728 handlers = console
728 729
729 730 [logger_sqlalchemy]
730 731 level = INFO
731 732 handlers = console_sql
732 733 qualname = sqlalchemy.engine
733 734 propagate = 0
734 735
735 736 [logger_beaker]
736 737 level = DEBUG
737 738 handlers =
738 739 qualname = beaker.container
739 740 propagate = 1
740 741
741 742 [logger_rhodecode]
742 743 level = DEBUG
743 744 handlers =
744 745 qualname = rhodecode
745 746 propagate = 1
746 747
747 748 [logger_ssh_wrapper]
748 749 level = DEBUG
749 750 handlers =
750 751 qualname = ssh_wrapper
751 752 propagate = 1
752 753
753 754 [logger_celery]
754 755 level = DEBUG
755 756 handlers =
756 757 qualname = celery
757 758
758 759
759 760 ; ########
760 761 ; HANDLERS
761 762 ; ########
762 763
763 764 [handler_console]
764 765 class = StreamHandler
765 766 args = (sys.stderr, )
766 767 level = INFO
767 768 formatter = generic
768 769
769 770 [handler_console_sql]
770 771 ; "level = DEBUG" logs SQL queries and results.
771 772 ; "level = INFO" logs SQL queries.
772 773 ; "level = WARN" logs neither. (Recommended for production systems.)
773 774 class = StreamHandler
774 775 args = (sys.stderr, )
775 776 level = WARN
776 777 formatter = generic
777 778
778 779 ; ##########
779 780 ; FORMATTERS
780 781 ; ##########
781 782
782 783 [formatter_generic]
783 784 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
784 785 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
785 786 datefmt = %Y-%m-%d %H:%M:%S
786 787
787 788 [formatter_color_formatter]
788 789 class = rhodecode.lib.logging_formatter.ColorFormatter
789 790 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
790 791 datefmt = %Y-%m-%d %H:%M:%S
791 792
792 793 [formatter_color_formatter_sql]
793 794 class = rhodecode.lib.logging_formatter.ColorFormatterSql
794 795 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
795 796 datefmt = %Y-%m-%d %H:%M:%S
General Comments 0
You need to be logged in to leave comments. Login now