##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
configurations: update attached configuration INI files with the ENV_ substitution infomation....
ergo -
r2986:5db0b21c default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,732 +1,733 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 # The %(here)s variable will be replaced with the parent directory of this file#
6 5 ################################################################################
7 6
8 7 [DEFAULT]
9 8 debug = true
10 9
11 10 ################################################################################
12 11 ## EMAIL CONFIGURATION ##
13 12 ## Uncomment and replace with the email address which should receive ##
14 13 ## any error reports after an application crash ##
15 14 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 15 ################################################################################
17 16
18 17 ## prefix all emails subjects with given prefix, helps filtering out emails
19 18 #email_prefix = [RhodeCode]
20 19
21 20 ## email FROM address all mails will be sent
22 21 #app_email_from = rhodecode-noreply@localhost
23 22
24 23 ## Uncomment and replace with the address which should receive any error report
25 24 ## note: using appenlight for error handling doesn't need this to be uncommented
26 25 #email_to = admin@localhost
27 26
28 27 ## in case of Application errors, sent an error email form
29 28 #error_email_from = rhodecode_error@localhost
30 29
31 30 ## additional error message to be send in case of server crash
32 31 #error_message =
33 32
34 33
35 34 #smtp_server = mail.server.com
36 35 #smtp_username =
37 36 #smtp_password =
38 37 #smtp_port =
39 38 #smtp_use_tls = false
40 39 #smtp_use_ssl = true
41 40 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
42 41 #smtp_auth =
43 42
44 43 [server:main]
45 44 ## COMMON ##
46 45 host = 127.0.0.1
47 46 port = 5000
48 47
49 48 ##################################
50 49 ## WAITRESS WSGI SERVER ##
51 50 ## Recommended for Development ##
52 51 ##################################
53 52
54 53 use = egg:waitress#main
55 54 ## number of worker threads
56 55 threads = 5
57 56 ## MAX BODY SIZE 100GB
58 57 max_request_body_size = 107374182400
59 58 ## Use poll instead of select, fixes file descriptors limits problems.
60 59 ## May not work on old windows systems.
61 60 asyncore_use_poll = true
62 61
63 62
64 63 ##########################
65 64 ## GUNICORN WSGI SERVER ##
66 65 ##########################
67 66 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
68 67
69 68 #use = egg:gunicorn#main
70 69 ## Sets the number of process workers. You must set `instance_id = *`
71 70 ## when this option is set to more than one worker, recommended
72 71 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
73 72 ## The `instance_id = *` must be set in the [app:main] section below
74 73 #workers = 2
75 74 ## number of threads for each of the worker, must be set to 1 for gevent
76 75 ## generally recommended to be at 1
77 76 #threads = 1
78 77 ## process name
79 78 #proc_name = rhodecode
80 79 ## type of worker class, one of sync, gevent
81 80 ## recommended for bigger setup is using of of other than sync one
82 81 #worker_class = gevent
83 82 ## The maximum number of simultaneous clients. Valid only for Gevent
84 83 #worker_connections = 10
85 84 ## max number of requests that worker will handle before being gracefully
86 85 ## restarted, could prevent memory leaks
87 86 #max_requests = 1000
88 87 #max_requests_jitter = 30
89 88 ## amount of time a worker can spend with handling a request before it
90 89 ## gets killed and restarted. Set to 6hrs
91 90 #timeout = 21600
92 91
93 92
94 93 ## prefix middleware for RhodeCode.
95 94 ## recommended when using proxy setup.
96 95 ## allows to set RhodeCode under a prefix in server.
97 96 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
98 97 ## And set your prefix like: `prefix = /custom_prefix`
99 98 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
100 99 ## to make your cookies only work on prefix url
101 100 [filter:proxy-prefix]
102 101 use = egg:PasteDeploy#prefix
103 102 prefix = /
104 103
105 104 [app:main]
105 ## The %(here)s variable will be replaced with the absolute path of parent directory
106 ## of this file
107 ## In addition ENVIRONMENT variables usage is possible, e.g
108 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
109
106 110 use = egg:rhodecode-enterprise-ce
107 111
108 112 ## enable proxy prefix middleware, defined above
109 113 #filter-with = proxy-prefix
110 114
111 115 # During development the we want to have the debug toolbar enabled
112 116 pyramid.includes =
113 117 pyramid_debugtoolbar
114 118 rhodecode.lib.middleware.request_wrapper
115 119
116 120 pyramid.reload_templates = true
117 121
118 122 debugtoolbar.hosts = 0.0.0.0/0
119 123 debugtoolbar.exclude_prefixes =
120 124 /css
121 125 /fonts
122 126 /images
123 127 /js
124 128
125 129 ## RHODECODE PLUGINS ##
126 130 rhodecode.includes =
127 131 rhodecode.api
128 132
129 133
130 134 # api prefix url
131 135 rhodecode.api.url = /_admin/api
132 136
133 137
134 138 ## END RHODECODE PLUGINS ##
135 139
136 140 ## encryption key used to encrypt social plugin tokens,
137 141 ## remote_urls with credentials etc, if not set it defaults to
138 142 ## `beaker.session.secret`
139 143 #rhodecode.encrypted_values.secret =
140 144
141 145 ## decryption strict mode (enabled by default). It controls if decryption raises
142 146 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
143 147 #rhodecode.encrypted_values.strict = false
144 148
145 149 ## return gzipped responses from Rhodecode (static files/application)
146 150 gzip_responses = false
147 151
148 152 ## autogenerate javascript routes file on startup
149 153 generate_js_files = false
150 154
151 155 ## Optional Languages
152 156 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
153 157 lang = en
154 158
155 159 ## perform a full repository scan on each server start, this should be
156 160 ## set to false after first startup, to allow faster server restarts.
157 161 startup.import_repos = false
158 162
159 163 ## Uncomment and set this path to use archive download cache.
160 164 ## Once enabled, generated archives will be cached at this location
161 165 ## and served from the cache during subsequent requests for the same archive of
162 166 ## the repository.
163 167 #archive_cache_dir = /tmp/tarballcache
164 168
165 169 ## URL at which the application is running. This is used for bootstraping
166 170 ## requests in context when no web request is available. Used in ishell, or
167 171 ## SSH calls. Set this for events to receive proper url for SSH calls.
168 172 app.base_url = http://rhodecode.local
169 173
170 174 ## change this to unique ID for security
171 175 app_instance_uuid = rc-production
172 176
173 177 ## cut off limit for large diffs (size in bytes). If overall diff size on
174 178 ## commit, or pull request exceeds this limit this diff will be displayed
175 179 ## partially. E.g 512000 == 512Kb
176 180 cut_off_limit_diff = 512000
177 181
178 182 ## cut off limit for large files inside diffs (size in bytes). Each individual
179 183 ## file inside diff which exceeds this limit will be displayed partially.
180 184 ## E.g 128000 == 128Kb
181 185 cut_off_limit_file = 128000
182 186
183 187 ## use cache version of scm repo everywhere
184 188 vcs_full_cache = true
185 189
186 190 ## force https in RhodeCode, fixes https redirects, assumes it's always https
187 191 ## Normally this is controlled by proper http flags sent from http server
188 192 force_https = false
189 193
190 194 ## use Strict-Transport-Security headers
191 195 use_htsts = false
192 196
193 197 ## git rev filter option, --all is the default filter, if you need to
194 198 ## hide all refs in changelog switch this to --branches --tags
195 199 git_rev_filter = --branches --tags
196 200
197 201 # Set to true if your repos are exposed using the dumb protocol
198 202 git_update_server_info = false
199 203
200 204 ## RSS/ATOM feed options
201 205 rss_cut_off_limit = 256000
202 206 rss_items_per_page = 10
203 207 rss_include_diff = false
204 208
205 209 ## gist URL alias, used to create nicer urls for gist. This should be an
206 210 ## url that does rewrites to _admin/gists/{gistid}.
207 211 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
208 212 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
209 213 gist_alias_url =
210 214
211 215 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
212 216 ## used for access.
213 217 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
214 218 ## came from the the logged in user who own this authentication token.
215 219 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
216 220 ## authentication token. Such view would be only accessible when used together
217 221 ## with this authentication token
218 222 ##
219 223 ## list of all views can be found under `/_admin/permissions/auth_token_access`
220 224 ## The list should be "," separated and on a single line.
221 225 ##
222 226 ## Most common views to enable:
223 227 # RepoCommitsView:repo_commit_download
224 228 # RepoCommitsView:repo_commit_patch
225 229 # RepoCommitsView:repo_commit_raw
226 230 # RepoCommitsView:repo_commit_raw@TOKEN
227 231 # RepoFilesView:repo_files_diff
228 232 # RepoFilesView:repo_archivefile
229 233 # RepoFilesView:repo_file_raw
230 234 # GistView:*
231 235 api_access_controllers_whitelist =
232 236
233 237 ## default encoding used to convert from and to unicode
234 238 ## can be also a comma separated list of encoding in case of mixed encodings
235 239 default_encoding = UTF-8
236 240
237 241 ## instance-id prefix
238 242 ## a prefix key for this instance used for cache invalidation when running
239 243 ## multiple instances of rhodecode, make sure it's globally unique for
240 244 ## all running rhodecode instances. Leave empty if you don't use it
241 245 instance_id =
242 246
243 247 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
244 248 ## of an authentication plugin also if it is disabled by it's settings.
245 249 ## This could be useful if you are unable to log in to the system due to broken
246 250 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
247 251 ## module to log in again and fix the settings.
248 252 ##
249 253 ## Available builtin plugin IDs (hash is part of the ID):
250 254 ## egg:rhodecode-enterprise-ce#rhodecode
251 255 ## egg:rhodecode-enterprise-ce#pam
252 256 ## egg:rhodecode-enterprise-ce#ldap
253 257 ## egg:rhodecode-enterprise-ce#jasig_cas
254 258 ## egg:rhodecode-enterprise-ce#headers
255 259 ## egg:rhodecode-enterprise-ce#crowd
256 260 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
257 261
258 262 ## alternative return HTTP header for failed authentication. Default HTTP
259 263 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
260 264 ## handling that causing a series of failed authentication calls.
261 265 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
262 266 ## This will be served instead of default 401 on bad authnetication
263 267 auth_ret_code =
264 268
265 269 ## use special detection method when serving auth_ret_code, instead of serving
266 270 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
267 271 ## and then serve auth_ret_code to clients
268 272 auth_ret_code_detection = false
269 273
270 274 ## locking return code. When repository is locked return this HTTP code. 2XX
271 275 ## codes don't break the transactions while 4XX codes do
272 276 lock_ret_code = 423
273 277
274 278 ## allows to change the repository location in settings page
275 279 allow_repo_location_change = true
276 280
277 281 ## allows to setup custom hooks in settings page
278 282 allow_custom_hooks_settings = true
279 283
280 284 ## generated license token, goto license page in RhodeCode settings to obtain
281 285 ## new token
282 286 license_token =
283 287
284 288 ## supervisor connection uri, for managing supervisor and logs.
285 289 supervisor.uri =
286 290 ## supervisord group name/id we only want this RC instance to handle
287 291 supervisor.group_id = dev
288 292
289 293 ## Display extended labs settings
290 294 labs_settings_active = true
291 295
292 296 ####################################
293 297 ### CELERY CONFIG ####
294 298 ####################################
295 299 ## run: /path/to/celery worker \
296 300 ## -E --beat --app rhodecode.lib.celerylib.loader \
297 301 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
298 302 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
299 303
300 304 use_celery = false
301 305
302 306 ## connection url to the message broker (default rabbitmq)
303 307 celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
304 308
305 309 ## maximum tasks to execute before worker restart
306 310 celery.max_tasks_per_child = 100
307 311
308 312 ## tasks will never be sent to the queue, but executed locally instead.
309 313 celery.task_always_eager = false
310 314
311 315 #####################################
312 316 ### DOGPILE CACHE ####
313 317 #####################################
314 318 ## Default cache dir for caches. Putting this into a ramdisk
315 319 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
316 ## large ammount of space
320 ## large amount of space
317 321 cache_dir = %(here)s/data
318 322
319 323 ## `cache_perms` cache settings for permission tree, auth TTL.
320 324 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
321 325 rc_cache.cache_perms.expiration_time = 300
322 326
323 327 ## alternative `cache_perms` redis backend with distributed lock
324 328 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
325 329 #rc_cache.cache_perms.expiration_time = 300
326 330 ## redis_expiration_time needs to be greater then expiration_time
327 331 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
328 332 #rc_cache.cache_perms.arguments.socket_timeout = 30
329 333 #rc_cache.cache_perms.arguments.host = localhost
330 334 #rc_cache.cache_perms.arguments.port = 6379
331 335 #rc_cache.cache_perms.arguments.db = 0
332 336 #rc_cache.cache_perms.arguments.distributed_lock = true
333 337
334 338 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
335 339 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
336 340 rc_cache.cache_repo.expiration_time = 2592000
337 341
338 342 ## alternative `cache_repo` redis backend with distributed lock
339 343 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
340 344 #rc_cache.cache_repo.expiration_time = 2592000
341 345 ## redis_expiration_time needs to be greater then expiration_time
342 346 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
343 347 #rc_cache.cache_repo.arguments.socket_timeout = 30
344 348 #rc_cache.cache_repo.arguments.host = localhost
345 349 #rc_cache.cache_repo.arguments.port = 6379
346 350 #rc_cache.cache_repo.arguments.db = 1
347 351 #rc_cache.cache_repo.arguments.distributed_lock = true
348 352
349 353 ## cache settings for SQL queries, this needs to use memory type backend
350 354 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
351 355 rc_cache.sql_cache_short.expiration_time = 30
352 356
353 357 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
354 358 ## type backend as the objects kept are not pickle serializable
355 359 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
356 # by default we use 96H, this is using invalidation on push anyway
360 ## by default we use 96H, this is using invalidation on push anyway
357 361 rc_cache.cache_repo_longterm.expiration_time = 345600
358 362 ## max items in LRU cache, reduce this number to save memory, and expire last used
359 363 ## cached objects
360 364 rc_cache.cache_repo_longterm.max_size = 10000
361 365
362 366
363 367 ####################################
364 368 ### BEAKER SESSION ####
365 369 ####################################
366 370
367 371 ## .session.type is type of storage options for the session, current allowed
368 372 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
369 373 beaker.session.type = file
370 374 beaker.session.data_dir = %(here)s/data/sessions
371 375
372 376 ## db based session, fast, and allows easy management over logged in users
373 377 #beaker.session.type = ext:database
374 378 #beaker.session.table_name = db_session
375 379 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
376 380 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
377 381 #beaker.session.sa.pool_recycle = 3600
378 382 #beaker.session.sa.echo = false
379 383
380 384 beaker.session.key = rhodecode
381 385 beaker.session.secret = develop-rc-uytcxaz
382 386 beaker.session.lock_dir = %(here)s/data/sessions/lock
383 387
384 388 ## Secure encrypted cookie. Requires AES and AES python libraries
385 389 ## you must disable beaker.session.secret to use this
386 390 #beaker.session.encrypt_key = key_for_encryption
387 391 #beaker.session.validate_key = validation_key
388 392
389 393 ## sets session as invalid(also logging out user) if it haven not been
390 394 ## accessed for given amount of time in seconds
391 395 beaker.session.timeout = 2592000
392 396 beaker.session.httponly = true
393 397 ## Path to use for the cookie. Set to prefix if you use prefix middleware
394 398 #beaker.session.cookie_path = /custom_prefix
395 399
396 400 ## uncomment for https secure cookie
397 401 beaker.session.secure = false
398 402
399 403 ## auto save the session to not to use .save()
400 404 beaker.session.auto = false
401 405
402 406 ## default cookie expiration time in seconds, set to `true` to set expire
403 407 ## at browser close
404 408 #beaker.session.cookie_expires = 3600
405 409
406 410 ###################################
407 411 ## SEARCH INDEXING CONFIGURATION ##
408 412 ###################################
409 413 ## Full text search indexer is available in rhodecode-tools under
410 414 ## `rhodecode-tools index` command
411 415
412 416 ## WHOOSH Backend, doesn't require additional services to run
413 417 ## it works good with few dozen repos
414 418 search.module = rhodecode.lib.index.whoosh
415 419 search.location = %(here)s/data/index
416 420
417 421 ########################################
418 422 ### CHANNELSTREAM CONFIG ####
419 423 ########################################
420 424 ## channelstream enables persistent connections and live notification
421 425 ## in the system. It's also used by the chat system
422 426 channelstream.enabled = false
423 427
424 428 ## server address for channelstream server on the backend
425 429 channelstream.server = 127.0.0.1:9800
426 430
427 431 ## location of the channelstream server from outside world
428 432 ## use ws:// for http or wss:// for https. This address needs to be handled
429 433 ## by external HTTP server such as Nginx or Apache
430 434 ## see nginx/apache configuration examples in our docs
431 435 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
432 436 channelstream.secret = secret
433 437 channelstream.history.location = %(here)s/channelstream_history
434 438
435 439 ## Internal application path that Javascript uses to connect into.
436 440 ## If you use proxy-prefix the prefix should be added before /_channelstream
437 441 channelstream.proxy_path = /_channelstream
438 442
439 443
440 444 ###################################
441 445 ## APPENLIGHT CONFIG ##
442 446 ###################################
443 447
444 448 ## Appenlight is tailored to work with RhodeCode, see
445 449 ## http://appenlight.com for details how to obtain an account
446 450
447 451 ## appenlight integration enabled
448 452 appenlight = false
449 453
450 454 appenlight.server_url = https://api.appenlight.com
451 455 appenlight.api_key = YOUR_API_KEY
452 456 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
453 457
454 458 # used for JS client
455 459 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
456 460
457 461 ## TWEAK AMOUNT OF INFO SENT HERE
458 462
459 463 ## enables 404 error logging (default False)
460 464 appenlight.report_404 = false
461 465
462 466 ## time in seconds after request is considered being slow (default 1)
463 467 appenlight.slow_request_time = 1
464 468
465 469 ## record slow requests in application
466 470 ## (needs to be enabled for slow datastore recording and time tracking)
467 471 appenlight.slow_requests = true
468 472
469 473 ## enable hooking to application loggers
470 474 appenlight.logging = true
471 475
472 476 ## minimum log level for log capture
473 477 appenlight.logging.level = WARNING
474 478
475 479 ## send logs only from erroneous/slow requests
476 480 ## (saves API quota for intensive logging)
477 481 appenlight.logging_on_error = false
478 482
479 483 ## list of additonal keywords that should be grabbed from environ object
480 484 ## can be string with comma separated list of words in lowercase
481 485 ## (by default client will always send following info:
482 486 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
483 487 ## start with HTTP* this list be extended with additional keywords here
484 488 appenlight.environ_keys_whitelist =
485 489
486 490 ## list of keywords that should be blanked from request object
487 491 ## can be string with comma separated list of words in lowercase
488 492 ## (by default client will always blank keys that contain following words
489 493 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
490 494 ## this list be extended with additional keywords set here
491 495 appenlight.request_keys_blacklist =
492 496
493 497 ## list of namespaces that should be ignores when gathering log entries
494 498 ## can be string with comma separated list of namespaces
495 499 ## (by default the client ignores own entries: appenlight_client.client)
496 500 appenlight.log_namespace_blacklist =
497 501
498 502
499 503 ################################################################################
500 504 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
501 505 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
502 506 ## execute malicious code after an exception is raised. ##
503 507 ################################################################################
504 508 #set debug = false
505 509
506
507 ##############
508 ## STYLING ##
509 ##############
510 # enable debug style page
510 511 debug_style = true
511 512
512 513 ###########################################
513 514 ### MAIN RHODECODE DATABASE CONFIG ###
514 515 ###########################################
515 516 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
516 517 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
517 518 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
518 519 # pymysql is an alternative driver for MySQL, use in case of problems with default one
519 520 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
520 521
521 522 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
522 523
523 524 # see sqlalchemy docs for other advanced settings
524 525
525 526 ## print the sql statements to output
526 527 sqlalchemy.db1.echo = false
527 528 ## recycle the connections after this amount of seconds
528 529 sqlalchemy.db1.pool_recycle = 3600
529 530 sqlalchemy.db1.convert_unicode = true
530 531
531 532 ## the number of connections to keep open inside the connection pool.
532 533 ## 0 indicates no limit
533 534 #sqlalchemy.db1.pool_size = 5
534 535
535 536 ## the number of connections to allow in connection pool "overflow", that is
536 537 ## connections that can be opened above and beyond the pool_size setting,
537 538 ## which defaults to five.
538 539 #sqlalchemy.db1.max_overflow = 10
539 540
540 541 ## Connection check ping, used to detect broken database connections
541 542 ## could be enabled to better handle cases if MySQL has gone away errors
542 543 #sqlalchemy.db1.ping_connection = true
543 544
544 545 ##################
545 546 ### VCS CONFIG ###
546 547 ##################
547 548 vcs.server.enable = true
548 549 vcs.server = localhost:9900
549 550
550 551 ## Web server connectivity protocol, responsible for web based VCS operatations
551 552 ## Available protocols are:
552 553 ## `http` - use http-rpc backend (default)
553 554 vcs.server.protocol = http
554 555
555 556 ## Push/Pull operations protocol, available options are:
556 557 ## `http` - use http-rpc backend (default)
557 558 vcs.scm_app_implementation = http
558 559
559 560 ## Push/Pull operations hooks protocol, available options are:
560 561 ## `http` - use http-rpc backend (default)
561 562 vcs.hooks.protocol = http
562 563
563 564 ## Host on which this instance is listening for hooks. If vcsserver is in other location
564 565 ## this should be adjusted.
565 566 vcs.hooks.host = 127.0.0.1
566 567
567 568 vcs.server.log_level = debug
568 ## Start VCSServer with this instance as a subprocess, usefull for development
569 ## Start VCSServer with this instance as a subprocess, useful for development
569 570 vcs.start_server = false
570 571
571 572 ## List of enabled VCS backends, available options are:
572 573 ## `hg` - mercurial
573 574 ## `git` - git
574 575 ## `svn` - subversion
575 576 vcs.backends = hg, git, svn
576 577
577 578 vcs.connection_timeout = 3600
578 579 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
579 580 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
580 581 #vcs.svn.compatible_version = pre-1.8-compatible
581 582
582 583
583 584 ############################################################
584 585 ### Subversion proxy support (mod_dav_svn) ###
585 586 ### Maps RhodeCode repo groups into SVN paths for Apache ###
586 587 ############################################################
587 588 ## Enable or disable the config file generation.
588 589 svn.proxy.generate_config = false
589 590 ## Generate config file with `SVNListParentPath` set to `On`.
590 591 svn.proxy.list_parent_path = true
591 592 ## Set location and file name of generated config file.
592 593 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
593 594 ## alternative mod_dav config template. This needs to be a mako template
594 595 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
595 596 ## Used as a prefix to the `Location` block in the generated config file.
596 597 ## In most cases it should be set to `/`.
597 598 svn.proxy.location_root = /
598 599 ## Command to reload the mod dav svn configuration on change.
599 600 ## Example: `/etc/init.d/apache2 reload`
600 601 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
601 602 ## If the timeout expires before the reload command finishes, the command will
602 603 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
603 604 #svn.proxy.reload_timeout = 10
604 605
605 606 ############################################################
606 607 ### SSH Support Settings ###
607 608 ############################################################
608 609
609 610 ## Defines if a custom authorized_keys file should be created and written on
610 611 ## any change user ssh keys. Setting this to false also disables posibility
611 612 ## of adding SSH keys by users from web interface. Super admins can still
612 613 ## manage SSH Keys.
613 614 ssh.generate_authorized_keyfile = false
614 615
615 616 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
616 617 # ssh.authorized_keys_ssh_opts =
617 618
618 619 ## Path to the authrozied_keys file where the generate entries are placed.
619 620 ## It is possible to have multiple key files specified in `sshd_config` e.g.
620 621 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
621 622 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
622 623
623 624 ## Command to execute the SSH wrapper. The binary is available in the
624 625 ## rhodecode installation directory.
625 626 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
626 627 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
627 628
628 629 ## Allow shell when executing the ssh-wrapper command
629 630 ssh.wrapper_cmd_allow_shell = false
630 631
631 632 ## Enables logging, and detailed output send back to the client during SSH
632 633 ## operations. Usefull for debugging, shouldn't be used in production.
633 634 ssh.enable_debug_logging = true
634 635
635 636 ## Paths to binary executable, by default they are the names, but we can
636 637 ## override them if we want to use a custom one
637 638 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
638 639 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
639 640 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
640 641
641 642
642 643 ## Dummy marker to add new entries after.
643 644 ## Add any custom entries below. Please don't remove.
644 645 custom.conf = 1
645 646
646 647
647 648 ################################
648 649 ### LOGGING CONFIGURATION ####
649 650 ################################
650 651 [loggers]
651 652 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
652 653
653 654 [handlers]
654 655 keys = console, console_sql
655 656
656 657 [formatters]
657 658 keys = generic, color_formatter, color_formatter_sql
658 659
659 660 #############
660 661 ## LOGGERS ##
661 662 #############
662 663 [logger_root]
663 664 level = NOTSET
664 665 handlers = console
665 666
666 667 [logger_sqlalchemy]
667 668 level = INFO
668 669 handlers = console_sql
669 670 qualname = sqlalchemy.engine
670 671 propagate = 0
671 672
672 673 [logger_beaker]
673 674 level = DEBUG
674 675 handlers =
675 676 qualname = beaker.container
676 677 propagate = 1
677 678
678 679 [logger_rhodecode]
679 680 level = DEBUG
680 681 handlers =
681 682 qualname = rhodecode
682 683 propagate = 1
683 684
684 685 [logger_ssh_wrapper]
685 686 level = DEBUG
686 687 handlers =
687 688 qualname = ssh_wrapper
688 689 propagate = 1
689 690
690 691 [logger_celery]
691 692 level = DEBUG
692 693 handlers =
693 694 qualname = celery
694 695
695 696
696 697 ##############
697 698 ## HANDLERS ##
698 699 ##############
699 700
700 701 [handler_console]
701 702 class = StreamHandler
702 703 args = (sys.stderr, )
703 704 level = DEBUG
704 705 formatter = color_formatter
705 706
706 707 [handler_console_sql]
707 708 # "level = DEBUG" logs SQL queries and results.
708 709 # "level = INFO" logs SQL queries.
709 710 # "level = WARN" logs neither. (Recommended for production systems.)
710 711 class = StreamHandler
711 712 args = (sys.stderr, )
712 713 level = WARN
713 714 formatter = color_formatter_sql
714 715
715 716 ################
716 717 ## FORMATTERS ##
717 718 ################
718 719
719 720 [formatter_generic]
720 721 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
721 722 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
722 723 datefmt = %Y-%m-%d %H:%M:%S
723 724
724 725 [formatter_color_formatter]
725 726 class = rhodecode.lib.logging_formatter.ColorFormatter
726 727 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
727 728 datefmt = %Y-%m-%d %H:%M:%S
728 729
729 730 [formatter_color_formatter_sql]
730 731 class = rhodecode.lib.logging_formatter.ColorFormatterSql
731 732 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
732 733 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,701 +1,705 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 # The %(here)s variable will be replaced with the parent directory of this file#
6 5 ################################################################################
7 6
8 7 [DEFAULT]
9 8 debug = true
10 9
11 10 ################################################################################
12 11 ## EMAIL CONFIGURATION ##
13 12 ## Uncomment and replace with the email address which should receive ##
14 13 ## any error reports after an application crash ##
15 14 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 15 ################################################################################
17 16
18 17 ## prefix all emails subjects with given prefix, helps filtering out emails
19 18 #email_prefix = [RhodeCode]
20 19
21 20 ## email FROM address all mails will be sent
22 21 #app_email_from = rhodecode-noreply@localhost
23 22
24 23 ## Uncomment and replace with the address which should receive any error report
25 24 ## note: using appenlight for error handling doesn't need this to be uncommented
26 25 #email_to = admin@localhost
27 26
28 27 ## in case of Application errors, sent an error email form
29 28 #error_email_from = rhodecode_error@localhost
30 29
31 30 ## additional error message to be send in case of server crash
32 31 #error_message =
33 32
34 33
35 34 #smtp_server = mail.server.com
36 35 #smtp_username =
37 36 #smtp_password =
38 37 #smtp_port =
39 38 #smtp_use_tls = false
40 39 #smtp_use_ssl = true
41 40 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
42 41 #smtp_auth =
43 42
44 43 [server:main]
45 44 ## COMMON ##
46 45 host = 127.0.0.1
47 46 port = 5000
48 47
49 48 ##################################
50 49 ## WAITRESS WSGI SERVER ##
51 50 ## Recommended for Development ##
52 51 ##################################
53 52
54 53 #use = egg:waitress#main
55 54 ## number of worker threads
56 55 #threads = 5
57 56 ## MAX BODY SIZE 100GB
58 57 #max_request_body_size = 107374182400
59 58 ## Use poll instead of select, fixes file descriptors limits problems.
60 59 ## May not work on old windows systems.
61 60 #asyncore_use_poll = true
62 61
63 62
64 63 ##########################
65 64 ## GUNICORN WSGI SERVER ##
66 65 ##########################
67 66 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
68 67
69 68 use = egg:gunicorn#main
70 69 ## Sets the number of process workers. You must set `instance_id = *`
71 70 ## when this option is set to more than one worker, recommended
72 71 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
73 72 ## The `instance_id = *` must be set in the [app:main] section below
74 73 workers = 2
75 74 ## number of threads for each of the worker, must be set to 1 for gevent
76 75 ## generally recommended to be at 1
77 76 #threads = 1
78 77 ## process name
79 78 proc_name = rhodecode
80 79 ## type of worker class, one of sync, gevent
81 80 ## recommended for bigger setup is using of of other than sync one
82 81 worker_class = gevent
83 82 ## The maximum number of simultaneous clients. Valid only for Gevent
84 83 worker_connections = 10
85 84 ## max number of requests that worker will handle before being gracefully
86 85 ## restarted, could prevent memory leaks
87 86 max_requests = 1000
88 87 max_requests_jitter = 30
89 88 ## amount of time a worker can spend with handling a request before it
90 89 ## gets killed and restarted. Set to 6hrs
91 90 timeout = 21600
92 91
93 92
94 93 ## prefix middleware for RhodeCode.
95 94 ## recommended when using proxy setup.
96 95 ## allows to set RhodeCode under a prefix in server.
97 96 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
98 97 ## And set your prefix like: `prefix = /custom_prefix`
99 98 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
100 99 ## to make your cookies only work on prefix url
101 100 [filter:proxy-prefix]
102 101 use = egg:PasteDeploy#prefix
103 102 prefix = /
104 103
105 104 [app:main]
105 ## The %(here)s variable will be replaced with the absolute path of parent directory
106 ## of this file
107 ## In addition ENVIRONMENT variables usage is possible, e.g
108 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
109
106 110 use = egg:rhodecode-enterprise-ce
107 111
108 112 ## enable proxy prefix middleware, defined above
109 113 #filter-with = proxy-prefix
110 114
111 115 ## encryption key used to encrypt social plugin tokens,
112 116 ## remote_urls with credentials etc, if not set it defaults to
113 117 ## `beaker.session.secret`
114 118 #rhodecode.encrypted_values.secret =
115 119
116 120 ## decryption strict mode (enabled by default). It controls if decryption raises
117 121 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
118 122 #rhodecode.encrypted_values.strict = false
119 123
120 124 ## return gzipped responses from Rhodecode (static files/application)
121 125 gzip_responses = false
122 126
123 127 ## autogenerate javascript routes file on startup
124 128 generate_js_files = false
125 129
126 130 ## Optional Languages
127 131 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
128 132 lang = en
129 133
130 134 ## perform a full repository scan on each server start, this should be
131 135 ## set to false after first startup, to allow faster server restarts.
132 136 startup.import_repos = false
133 137
134 138 ## Uncomment and set this path to use archive download cache.
135 139 ## Once enabled, generated archives will be cached at this location
136 140 ## and served from the cache during subsequent requests for the same archive of
137 141 ## the repository.
138 142 #archive_cache_dir = /tmp/tarballcache
139 143
140 144 ## URL at which the application is running. This is used for bootstraping
141 145 ## requests in context when no web request is available. Used in ishell, or
142 146 ## SSH calls. Set this for events to receive proper url for SSH calls.
143 147 app.base_url = http://rhodecode.local
144 148
145 149 ## change this to unique ID for security
146 150 app_instance_uuid = rc-production
147 151
148 152 ## cut off limit for large diffs (size in bytes). If overall diff size on
149 153 ## commit, or pull request exceeds this limit this diff will be displayed
150 154 ## partially. E.g 512000 == 512Kb
151 155 cut_off_limit_diff = 512000
152 156
153 157 ## cut off limit for large files inside diffs (size in bytes). Each individual
154 158 ## file inside diff which exceeds this limit will be displayed partially.
155 159 ## E.g 128000 == 128Kb
156 160 cut_off_limit_file = 128000
157 161
158 162 ## use cache version of scm repo everywhere
159 163 vcs_full_cache = true
160 164
161 165 ## force https in RhodeCode, fixes https redirects, assumes it's always https
162 166 ## Normally this is controlled by proper http flags sent from http server
163 167 force_https = false
164 168
165 169 ## use Strict-Transport-Security headers
166 170 use_htsts = false
167 171
168 172 ## git rev filter option, --all is the default filter, if you need to
169 173 ## hide all refs in changelog switch this to --branches --tags
170 174 git_rev_filter = --branches --tags
171 175
172 176 # Set to true if your repos are exposed using the dumb protocol
173 177 git_update_server_info = false
174 178
175 179 ## RSS/ATOM feed options
176 180 rss_cut_off_limit = 256000
177 181 rss_items_per_page = 10
178 182 rss_include_diff = false
179 183
180 184 ## gist URL alias, used to create nicer urls for gist. This should be an
181 185 ## url that does rewrites to _admin/gists/{gistid}.
182 186 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
183 187 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
184 188 gist_alias_url =
185 189
186 190 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
187 191 ## used for access.
188 192 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
189 193 ## came from the the logged in user who own this authentication token.
190 194 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
191 195 ## authentication token. Such view would be only accessible when used together
192 196 ## with this authentication token
193 197 ##
194 198 ## list of all views can be found under `/_admin/permissions/auth_token_access`
195 199 ## The list should be "," separated and on a single line.
196 200 ##
197 201 ## Most common views to enable:
198 202 # RepoCommitsView:repo_commit_download
199 203 # RepoCommitsView:repo_commit_patch
200 204 # RepoCommitsView:repo_commit_raw
201 205 # RepoCommitsView:repo_commit_raw@TOKEN
202 206 # RepoFilesView:repo_files_diff
203 207 # RepoFilesView:repo_archivefile
204 208 # RepoFilesView:repo_file_raw
205 209 # GistView:*
206 210 api_access_controllers_whitelist =
207 211
208 212 ## default encoding used to convert from and to unicode
209 213 ## can be also a comma separated list of encoding in case of mixed encodings
210 214 default_encoding = UTF-8
211 215
212 216 ## instance-id prefix
213 217 ## a prefix key for this instance used for cache invalidation when running
214 218 ## multiple instances of rhodecode, make sure it's globally unique for
215 219 ## all running rhodecode instances. Leave empty if you don't use it
216 220 instance_id =
217 221
218 222 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
219 223 ## of an authentication plugin also if it is disabled by it's settings.
220 224 ## This could be useful if you are unable to log in to the system due to broken
221 225 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
222 226 ## module to log in again and fix the settings.
223 227 ##
224 228 ## Available builtin plugin IDs (hash is part of the ID):
225 229 ## egg:rhodecode-enterprise-ce#rhodecode
226 230 ## egg:rhodecode-enterprise-ce#pam
227 231 ## egg:rhodecode-enterprise-ce#ldap
228 232 ## egg:rhodecode-enterprise-ce#jasig_cas
229 233 ## egg:rhodecode-enterprise-ce#headers
230 234 ## egg:rhodecode-enterprise-ce#crowd
231 235 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
232 236
233 237 ## alternative return HTTP header for failed authentication. Default HTTP
234 238 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
235 239 ## handling that causing a series of failed authentication calls.
236 240 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
237 241 ## This will be served instead of default 401 on bad authnetication
238 242 auth_ret_code =
239 243
240 244 ## use special detection method when serving auth_ret_code, instead of serving
241 245 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
242 246 ## and then serve auth_ret_code to clients
243 247 auth_ret_code_detection = false
244 248
245 249 ## locking return code. When repository is locked return this HTTP code. 2XX
246 250 ## codes don't break the transactions while 4XX codes do
247 251 lock_ret_code = 423
248 252
249 253 ## allows to change the repository location in settings page
250 254 allow_repo_location_change = true
251 255
252 256 ## allows to setup custom hooks in settings page
253 257 allow_custom_hooks_settings = true
254 258
255 259 ## generated license token, goto license page in RhodeCode settings to obtain
256 260 ## new token
257 261 license_token =
258 262
259 263 ## supervisor connection uri, for managing supervisor and logs.
260 264 supervisor.uri =
261 265 ## supervisord group name/id we only want this RC instance to handle
262 266 supervisor.group_id = prod
263 267
264 268 ## Display extended labs settings
265 269 labs_settings_active = true
266 270
267 271 ####################################
268 272 ### CELERY CONFIG ####
269 273 ####################################
270 274 ## run: /path/to/celery worker \
271 275 ## -E --beat --app rhodecode.lib.celerylib.loader \
272 276 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
273 277 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
274 278
275 279 use_celery = false
276 280
277 281 ## connection url to the message broker (default rabbitmq)
278 282 celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
279 283
280 284 ## maximum tasks to execute before worker restart
281 285 celery.max_tasks_per_child = 100
282 286
283 287 ## tasks will never be sent to the queue, but executed locally instead.
284 288 celery.task_always_eager = false
285 289
286 290 #####################################
287 291 ### DOGPILE CACHE ####
288 292 #####################################
289 293 ## Default cache dir for caches. Putting this into a ramdisk
290 294 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
291 295 ## large amount of space
292 296 cache_dir = %(here)s/data
293 297
294 298 ## `cache_perms` cache settings for permission tree, auth TTL.
295 299 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
296 300 rc_cache.cache_perms.expiration_time = 300
297 301
298 302 ## alternative `cache_perms` redis backend with distributed lock
299 303 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
300 304 #rc_cache.cache_perms.expiration_time = 300
301 305 ## redis_expiration_time needs to be greater then expiration_time
302 306 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
303 307 #rc_cache.cache_perms.arguments.socket_timeout = 30
304 308 #rc_cache.cache_perms.arguments.host = localhost
305 309 #rc_cache.cache_perms.arguments.port = 6379
306 310 #rc_cache.cache_perms.arguments.db = 0
307 311 #rc_cache.cache_perms.arguments.distributed_lock = true
308 312
309 313 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
310 314 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
311 315 rc_cache.cache_repo.expiration_time = 2592000
312 316
313 317 ## alternative `cache_repo` redis backend with distributed lock
314 318 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
315 319 #rc_cache.cache_repo.expiration_time = 2592000
316 320 ## redis_expiration_time needs to be greater then expiration_time
317 321 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
318 322 #rc_cache.cache_repo.arguments.socket_timeout = 30
319 323 #rc_cache.cache_repo.arguments.host = localhost
320 324 #rc_cache.cache_repo.arguments.port = 6379
321 325 #rc_cache.cache_repo.arguments.db = 1
322 326 #rc_cache.cache_repo.arguments.distributed_lock = true
323 327
324 328 ## cache settings for SQL queries, this needs to use memory type backend
325 329 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
326 330 rc_cache.sql_cache_short.expiration_time = 30
327 331
328 332 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
329 333 ## type backend as the objects kept are not pickle serializable
330 334 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
331 335 ## by default we use 96H, this is using invalidation on push anyway
332 336 rc_cache.cache_repo_longterm.expiration_time = 345600
333 337 ## max items in LRU cache, reduce this number to save memory, and expire last used
334 338 ## cached objects
335 339 rc_cache.cache_repo_longterm.max_size = 10000
336 340
337 341
338 342 ####################################
339 343 ### BEAKER SESSION ####
340 344 ####################################
341 345
342 346 ## .session.type is type of storage options for the session, current allowed
343 347 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
344 348 beaker.session.type = file
345 349 beaker.session.data_dir = %(here)s/data/sessions
346 350
347 351 ## db based session, fast, and allows easy management over logged in users
348 352 #beaker.session.type = ext:database
349 353 #beaker.session.table_name = db_session
350 354 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
351 355 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
352 356 #beaker.session.sa.pool_recycle = 3600
353 357 #beaker.session.sa.echo = false
354 358
355 359 beaker.session.key = rhodecode
356 360 beaker.session.secret = production-rc-uytcxaz
357 361 beaker.session.lock_dir = %(here)s/data/sessions/lock
358 362
359 363 ## Secure encrypted cookie. Requires AES and AES python libraries
360 364 ## you must disable beaker.session.secret to use this
361 365 #beaker.session.encrypt_key = key_for_encryption
362 366 #beaker.session.validate_key = validation_key
363 367
364 368 ## sets session as invalid(also logging out user) if it haven not been
365 369 ## accessed for given amount of time in seconds
366 370 beaker.session.timeout = 2592000
367 371 beaker.session.httponly = true
368 372 ## Path to use for the cookie. Set to prefix if you use prefix middleware
369 373 #beaker.session.cookie_path = /custom_prefix
370 374
371 375 ## uncomment for https secure cookie
372 376 beaker.session.secure = false
373 377
374 378 ## auto save the session to not to use .save()
375 379 beaker.session.auto = false
376 380
377 381 ## default cookie expiration time in seconds, set to `true` to set expire
378 382 ## at browser close
379 383 #beaker.session.cookie_expires = 3600
380 384
381 385 ###################################
382 386 ## SEARCH INDEXING CONFIGURATION ##
383 387 ###################################
384 388 ## Full text search indexer is available in rhodecode-tools under
385 389 ## `rhodecode-tools index` command
386 390
387 391 ## WHOOSH Backend, doesn't require additional services to run
388 392 ## it works good with few dozen repos
389 393 search.module = rhodecode.lib.index.whoosh
390 394 search.location = %(here)s/data/index
391 395
392 396 ########################################
393 397 ### CHANNELSTREAM CONFIG ####
394 398 ########################################
395 399 ## channelstream enables persistent connections and live notification
396 400 ## in the system. It's also used by the chat system
397 401 channelstream.enabled = false
398 402
399 403 ## server address for channelstream server on the backend
400 404 channelstream.server = 127.0.0.1:9800
401 405
402 406 ## location of the channelstream server from outside world
403 407 ## use ws:// for http or wss:// for https. This address needs to be handled
404 408 ## by external HTTP server such as Nginx or Apache
405 409 ## see nginx/apache configuration examples in our docs
406 410 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
407 411 channelstream.secret = secret
408 412 channelstream.history.location = %(here)s/channelstream_history
409 413
410 414 ## Internal application path that Javascript uses to connect into.
411 415 ## If you use proxy-prefix the prefix should be added before /_channelstream
412 416 channelstream.proxy_path = /_channelstream
413 417
414 418
415 419 ###################################
416 420 ## APPENLIGHT CONFIG ##
417 421 ###################################
418 422
419 423 ## Appenlight is tailored to work with RhodeCode, see
420 424 ## http://appenlight.com for details how to obtain an account
421 425
422 426 ## appenlight integration enabled
423 427 appenlight = false
424 428
425 429 appenlight.server_url = https://api.appenlight.com
426 430 appenlight.api_key = YOUR_API_KEY
427 431 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
428 432
429 433 # used for JS client
430 434 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
431 435
432 436 ## TWEAK AMOUNT OF INFO SENT HERE
433 437
434 438 ## enables 404 error logging (default False)
435 439 appenlight.report_404 = false
436 440
437 441 ## time in seconds after request is considered being slow (default 1)
438 442 appenlight.slow_request_time = 1
439 443
440 444 ## record slow requests in application
441 445 ## (needs to be enabled for slow datastore recording and time tracking)
442 446 appenlight.slow_requests = true
443 447
444 448 ## enable hooking to application loggers
445 449 appenlight.logging = true
446 450
447 451 ## minimum log level for log capture
448 452 appenlight.logging.level = WARNING
449 453
450 454 ## send logs only from erroneous/slow requests
451 455 ## (saves API quota for intensive logging)
452 456 appenlight.logging_on_error = false
453 457
454 458 ## list of additonal keywords that should be grabbed from environ object
455 459 ## can be string with comma separated list of words in lowercase
456 460 ## (by default client will always send following info:
457 461 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
458 462 ## start with HTTP* this list be extended with additional keywords here
459 463 appenlight.environ_keys_whitelist =
460 464
461 465 ## list of keywords that should be blanked from request object
462 466 ## can be string with comma separated list of words in lowercase
463 467 ## (by default client will always blank keys that contain following words
464 468 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
465 469 ## this list be extended with additional keywords set here
466 470 appenlight.request_keys_blacklist =
467 471
468 472 ## list of namespaces that should be ignores when gathering log entries
469 473 ## can be string with comma separated list of namespaces
470 474 ## (by default the client ignores own entries: appenlight_client.client)
471 475 appenlight.log_namespace_blacklist =
472 476
473 477
474 478 ################################################################################
475 479 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
476 480 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
477 481 ## execute malicious code after an exception is raised. ##
478 482 ################################################################################
479 483 set debug = false
480 484
481 485
482 486 ###########################################
483 487 ### MAIN RHODECODE DATABASE CONFIG ###
484 488 ###########################################
485 489 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
486 490 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
487 491 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
488 492 # pymysql is an alternative driver for MySQL, use in case of problems with default one
489 493 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
490 494
491 495 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
492 496
493 497 # see sqlalchemy docs for other advanced settings
494 498
495 499 ## print the sql statements to output
496 500 sqlalchemy.db1.echo = false
497 501 ## recycle the connections after this amount of seconds
498 502 sqlalchemy.db1.pool_recycle = 3600
499 503 sqlalchemy.db1.convert_unicode = true
500 504
501 505 ## the number of connections to keep open inside the connection pool.
502 506 ## 0 indicates no limit
503 507 #sqlalchemy.db1.pool_size = 5
504 508
505 509 ## the number of connections to allow in connection pool "overflow", that is
506 510 ## connections that can be opened above and beyond the pool_size setting,
507 511 ## which defaults to five.
508 512 #sqlalchemy.db1.max_overflow = 10
509 513
510 514 ## Connection check ping, used to detect broken database connections
511 515 ## could be enabled to better handle cases if MySQL has gone away errors
512 516 #sqlalchemy.db1.ping_connection = true
513 517
514 518 ##################
515 519 ### VCS CONFIG ###
516 520 ##################
517 521 vcs.server.enable = true
518 522 vcs.server = localhost:9900
519 523
520 524 ## Web server connectivity protocol, responsible for web based VCS operatations
521 525 ## Available protocols are:
522 526 ## `http` - use http-rpc backend (default)
523 527 vcs.server.protocol = http
524 528
525 529 ## Push/Pull operations protocol, available options are:
526 530 ## `http` - use http-rpc backend (default)
527 531 vcs.scm_app_implementation = http
528 532
529 533 ## Push/Pull operations hooks protocol, available options are:
530 534 ## `http` - use http-rpc backend (default)
531 535 vcs.hooks.protocol = http
532 536 ## Host on which this instance is listening for hooks. If vcsserver is in other location
533 537 ## this should be adjusted.
534 538 vcs.hooks.host = 127.0.0.1
535 539
536 540 vcs.server.log_level = info
537 541 ## Start VCSServer with this instance as a subprocess, useful for development
538 542 vcs.start_server = false
539 543
540 544 ## List of enabled VCS backends, available options are:
541 545 ## `hg` - mercurial
542 546 ## `git` - git
543 547 ## `svn` - subversion
544 548 vcs.backends = hg, git, svn
545 549
546 550 vcs.connection_timeout = 3600
547 551 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
548 552 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
549 553 #vcs.svn.compatible_version = pre-1.8-compatible
550 554
551 555
552 556 ############################################################
553 557 ### Subversion proxy support (mod_dav_svn) ###
554 558 ### Maps RhodeCode repo groups into SVN paths for Apache ###
555 559 ############################################################
556 560 ## Enable or disable the config file generation.
557 561 svn.proxy.generate_config = false
558 562 ## Generate config file with `SVNListParentPath` set to `On`.
559 563 svn.proxy.list_parent_path = true
560 564 ## Set location and file name of generated config file.
561 565 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
562 566 ## alternative mod_dav config template. This needs to be a mako template
563 567 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
564 568 ## Used as a prefix to the `Location` block in the generated config file.
565 569 ## In most cases it should be set to `/`.
566 570 svn.proxy.location_root = /
567 571 ## Command to reload the mod dav svn configuration on change.
568 572 ## Example: `/etc/init.d/apache2 reload`
569 573 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
570 574 ## If the timeout expires before the reload command finishes, the command will
571 575 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
572 576 #svn.proxy.reload_timeout = 10
573 577
574 578 ############################################################
575 579 ### SSH Support Settings ###
576 580 ############################################################
577 581
578 582 ## Defines if a custom authorized_keys file should be created and written on
579 583 ## any change user ssh keys. Setting this to false also disables posibility
580 584 ## of adding SSH keys by users from web interface. Super admins can still
581 585 ## manage SSH Keys.
582 586 ssh.generate_authorized_keyfile = false
583 587
584 588 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
585 589 # ssh.authorized_keys_ssh_opts =
586 590
587 591 ## Path to the authrozied_keys file where the generate entries are placed.
588 592 ## It is possible to have multiple key files specified in `sshd_config` e.g.
589 593 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
590 594 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
591 595
592 596 ## Command to execute the SSH wrapper. The binary is available in the
593 597 ## rhodecode installation directory.
594 598 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
595 599 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
596 600
597 601 ## Allow shell when executing the ssh-wrapper command
598 602 ssh.wrapper_cmd_allow_shell = false
599 603
600 604 ## Enables logging, and detailed output send back to the client during SSH
601 605 ## operations. Usefull for debugging, shouldn't be used in production.
602 606 ssh.enable_debug_logging = false
603 607
604 608 ## Paths to binary executable, by default they are the names, but we can
605 609 ## override them if we want to use a custom one
606 610 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
607 611 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
608 612 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
609 613
610 614
611 615 ## Dummy marker to add new entries after.
612 616 ## Add any custom entries below. Please don't remove.
613 617 custom.conf = 1
614 618
615 619
616 620 ################################
617 621 ### LOGGING CONFIGURATION ####
618 622 ################################
619 623 [loggers]
620 624 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
621 625
622 626 [handlers]
623 627 keys = console, console_sql
624 628
625 629 [formatters]
626 630 keys = generic, color_formatter, color_formatter_sql
627 631
628 632 #############
629 633 ## LOGGERS ##
630 634 #############
631 635 [logger_root]
632 636 level = NOTSET
633 637 handlers = console
634 638
635 639 [logger_sqlalchemy]
636 640 level = INFO
637 641 handlers = console_sql
638 642 qualname = sqlalchemy.engine
639 643 propagate = 0
640 644
641 645 [logger_beaker]
642 646 level = DEBUG
643 647 handlers =
644 648 qualname = beaker.container
645 649 propagate = 1
646 650
647 651 [logger_rhodecode]
648 652 level = DEBUG
649 653 handlers =
650 654 qualname = rhodecode
651 655 propagate = 1
652 656
653 657 [logger_ssh_wrapper]
654 658 level = DEBUG
655 659 handlers =
656 660 qualname = ssh_wrapper
657 661 propagate = 1
658 662
659 663 [logger_celery]
660 664 level = DEBUG
661 665 handlers =
662 666 qualname = celery
663 667
664 668
665 669 ##############
666 670 ## HANDLERS ##
667 671 ##############
668 672
669 673 [handler_console]
670 674 class = StreamHandler
671 675 args = (sys.stderr, )
672 676 level = INFO
673 677 formatter = generic
674 678
675 679 [handler_console_sql]
676 680 # "level = DEBUG" logs SQL queries and results.
677 681 # "level = INFO" logs SQL queries.
678 682 # "level = WARN" logs neither. (Recommended for production systems.)
679 683 class = StreamHandler
680 684 args = (sys.stderr, )
681 685 level = WARN
682 686 formatter = generic
683 687
684 688 ################
685 689 ## FORMATTERS ##
686 690 ################
687 691
688 692 [formatter_generic]
689 693 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
690 694 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
691 695 datefmt = %Y-%m-%d %H:%M:%S
692 696
693 697 [formatter_color_formatter]
694 698 class = rhodecode.lib.logging_formatter.ColorFormatter
695 699 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
696 700 datefmt = %Y-%m-%d %H:%M:%S
697 701
698 702 [formatter_color_formatter_sql]
699 703 class = rhodecode.lib.logging_formatter.ColorFormatterSql
700 704 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
701 705 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,549 +1,556 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import os
22 22 import sys
23 23 import logging
24 24 import collections
25 25 import tempfile
26 26
27 27 from paste.gzipper import make_gzip_middleware
28 28 import pyramid.events
29 29 from pyramid.wsgi import wsgiapp
30 30 from pyramid.authorization import ACLAuthorizationPolicy
31 31 from pyramid.config import Configurator
32 32 from pyramid.settings import asbool, aslist
33 33 from pyramid.httpexceptions import (
34 34 HTTPException, HTTPError, HTTPInternalServerError, HTTPFound, HTTPNotFound)
35 35 from pyramid.renderers import render_to_response
36 36
37 37 from rhodecode.model import meta
38 38 from rhodecode.config import patches
39 39 from rhodecode.config import utils as config_utils
40 40 from rhodecode.config.environment import load_pyramid_environment
41 41
42 42 import rhodecode.events
43 43 from rhodecode.lib.middleware.vcs import VCSMiddleware
44 44 from rhodecode.lib.request import Request
45 45 from rhodecode.lib.vcs import VCSCommunicationError
46 46 from rhodecode.lib.exceptions import VCSServerUnavailable
47 47 from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled
48 48 from rhodecode.lib.middleware.https_fixup import HttpsFixup
49 49 from rhodecode.lib.celerylib.loader import configure_celery
50 50 from rhodecode.lib.plugins.utils import register_rhodecode_plugin
51 51 from rhodecode.lib.utils2 import aslist as rhodecode_aslist, AttributeDict
52 52 from rhodecode.lib.exc_tracking import store_exception
53 53 from rhodecode.subscribers import (
54 54 scan_repositories_if_enabled, write_js_routes_if_enabled,
55 55 write_metadata_if_needed, inject_app_settings)
56 56
57 57
58 58 log = logging.getLogger(__name__)
59 59
60 60
61 61 def is_http_error(response):
62 62 # error which should have traceback
63 63 return response.status_code > 499
64 64
65 65
66 66 def make_pyramid_app(global_config, **settings):
67 67 """
68 68 Constructs the WSGI application based on Pyramid.
69 69
70 70 Specials:
71 71
72 72 * The application can also be integrated like a plugin via the call to
73 73 `includeme`. This is accompanied with the other utility functions which
74 74 are called. Changing this should be done with great care to not break
75 75 cases when these fragments are assembled from another place.
76 76
77 77 """
78 78
79 79 # Allows to use format style "{ENV_NAME}" placeholders in the configuration. It
80 80 # will be replaced by the value of the environment variable "NAME" in this case.
81 81 environ = {
82 82 'ENV_{}'.format(key): value for key, value in os.environ.items()}
83 83
84 84 global_config = _substitute_values(global_config, environ)
85 85 settings = _substitute_values(settings, environ)
86 86
87 87 sanitize_settings_and_apply_defaults(settings)
88 88
89 89 config = Configurator(settings=settings)
90 90
91 91 # Apply compatibility patches
92 92 patches.inspect_getargspec()
93 93
94 94 load_pyramid_environment(global_config, settings)
95 95
96 96 # Static file view comes first
97 97 includeme_first(config)
98 98
99 99 includeme(config)
100 100
101 101 pyramid_app = config.make_wsgi_app()
102 102 pyramid_app = wrap_app_in_wsgi_middlewares(pyramid_app, config)
103 103 pyramid_app.config = config
104 104
105 105 config.configure_celery(global_config['__file__'])
106 106 # creating the app uses a connection - return it after we are done
107 107 meta.Session.remove()
108 108
109 109 log.info('Pyramid app %s created and configured.', pyramid_app)
110 110 return pyramid_app
111 111
112 112
113 113 def not_found_view(request):
114 114 """
115 115 This creates the view which should be registered as not-found-view to
116 116 pyramid.
117 117 """
118 118
119 119 if not getattr(request, 'vcs_call', None):
120 120 # handle like regular case with our error_handler
121 121 return error_handler(HTTPNotFound(), request)
122 122
123 123 # handle not found view as a vcs call
124 124 settings = request.registry.settings
125 125 ae_client = getattr(request, 'ae_client', None)
126 126 vcs_app = VCSMiddleware(
127 127 HTTPNotFound(), request.registry, settings,
128 128 appenlight_client=ae_client)
129 129
130 130 return wsgiapp(vcs_app)(None, request)
131 131
132 132
133 133 def error_handler(exception, request):
134 134 import rhodecode
135 135 from rhodecode.lib import helpers
136 136
137 137 rhodecode_title = rhodecode.CONFIG.get('rhodecode_title') or 'RhodeCode'
138 138
139 139 base_response = HTTPInternalServerError()
140 140 # prefer original exception for the response since it may have headers set
141 141 if isinstance(exception, HTTPException):
142 142 base_response = exception
143 143 elif isinstance(exception, VCSCommunicationError):
144 144 base_response = VCSServerUnavailable()
145 145
146 146 if is_http_error(base_response):
147 147 log.exception(
148 148 'error occurred handling this request for path: %s', request.path)
149 149
150 150 error_explanation = base_response.explanation or str(base_response)
151 151 if base_response.status_code == 404:
152 152 error_explanation += " Or you don't have permission to access it."
153 153 c = AttributeDict()
154 154 c.error_message = base_response.status
155 155 c.error_explanation = error_explanation
156 156 c.visual = AttributeDict()
157 157
158 158 c.visual.rhodecode_support_url = (
159 159 request.registry.settings.get('rhodecode_support_url') or
160 160 request.route_url('rhodecode_support')
161 161 )
162 162 c.redirect_time = 0
163 163 c.rhodecode_name = rhodecode_title
164 164 if not c.rhodecode_name:
165 165 c.rhodecode_name = 'Rhodecode'
166 166
167 167 c.causes = []
168 168 if is_http_error(base_response):
169 169 c.causes.append('Server is overloaded.')
170 170 c.causes.append('Server database connection is lost.')
171 171 c.causes.append('Server expected unhandled error.')
172 172
173 173 if hasattr(base_response, 'causes'):
174 174 c.causes = base_response.causes
175 175
176 176 c.messages = helpers.flash.pop_messages(request=request)
177 177
178 178 exc_info = sys.exc_info()
179 179 c.exception_id = id(exc_info)
180 180 c.show_exception_id = isinstance(base_response, VCSServerUnavailable) \
181 181 or base_response.status_code > 499
182 182 c.exception_id_url = request.route_url(
183 183 'admin_settings_exception_tracker_show', exception_id=c.exception_id)
184 184
185 185 if c.show_exception_id:
186 186 store_exception(c.exception_id, exc_info)
187 187
188 188 response = render_to_response(
189 189 '/errors/error_document.mako', {'c': c, 'h': helpers}, request=request,
190 190 response=base_response)
191 191
192 192 return response
193 193
194 194
195 195 def includeme_first(config):
196 196 # redirect automatic browser favicon.ico requests to correct place
197 197 def favicon_redirect(context, request):
198 198 return HTTPFound(
199 199 request.static_path('rhodecode:public/images/favicon.ico'))
200 200
201 201 config.add_view(favicon_redirect, route_name='favicon')
202 202 config.add_route('favicon', '/favicon.ico')
203 203
204 204 def robots_redirect(context, request):
205 205 return HTTPFound(
206 206 request.static_path('rhodecode:public/robots.txt'))
207 207
208 208 config.add_view(robots_redirect, route_name='robots')
209 209 config.add_route('robots', '/robots.txt')
210 210
211 211 config.add_static_view(
212 212 '_static/deform', 'deform:static')
213 213 config.add_static_view(
214 214 '_static/rhodecode', path='rhodecode:public', cache_max_age=3600 * 24)
215 215
216 216
217 217 def includeme(config):
218 218 settings = config.registry.settings
219 219 config.set_request_factory(Request)
220 220
221 221 # plugin information
222 222 config.registry.rhodecode_plugins = collections.OrderedDict()
223 223
224 224 config.add_directive(
225 225 'register_rhodecode_plugin', register_rhodecode_plugin)
226 226
227 227 config.add_directive('configure_celery', configure_celery)
228 228
229 229 if asbool(settings.get('appenlight', 'false')):
230 230 config.include('appenlight_client.ext.pyramid_tween')
231 231
232 232 # Includes which are required. The application would fail without them.
233 233 config.include('pyramid_mako')
234 234 config.include('pyramid_beaker')
235 235 config.include('rhodecode.lib.rc_cache')
236 236
237 237 config.include('rhodecode.authentication')
238 238 config.include('rhodecode.integrations')
239 239
240 240 # apps
241 241 config.include('rhodecode.apps._base')
242 242 config.include('rhodecode.apps.ops')
243 243
244 244 config.include('rhodecode.apps.admin')
245 245 config.include('rhodecode.apps.channelstream')
246 246 config.include('rhodecode.apps.login')
247 247 config.include('rhodecode.apps.home')
248 248 config.include('rhodecode.apps.journal')
249 249 config.include('rhodecode.apps.repository')
250 250 config.include('rhodecode.apps.repo_group')
251 251 config.include('rhodecode.apps.user_group')
252 252 config.include('rhodecode.apps.search')
253 253 config.include('rhodecode.apps.user_profile')
254 254 config.include('rhodecode.apps.user_group_profile')
255 255 config.include('rhodecode.apps.my_account')
256 256 config.include('rhodecode.apps.svn_support')
257 257 config.include('rhodecode.apps.ssh_support')
258 258 config.include('rhodecode.apps.gist')
259 259
260 260 config.include('rhodecode.apps.debug_style')
261 261 config.include('rhodecode.tweens')
262 262 config.include('rhodecode.api')
263 263
264 264 config.add_route(
265 265 'rhodecode_support', 'https://rhodecode.com/help/', static=True)
266 266
267 267 config.add_translation_dirs('rhodecode:i18n/')
268 268 settings['default_locale_name'] = settings.get('lang', 'en')
269 269
270 270 # Add subscribers.
271 271 config.add_subscriber(inject_app_settings,
272 272 pyramid.events.ApplicationCreated)
273 273 config.add_subscriber(scan_repositories_if_enabled,
274 274 pyramid.events.ApplicationCreated)
275 275 config.add_subscriber(write_metadata_if_needed,
276 276 pyramid.events.ApplicationCreated)
277 277 config.add_subscriber(write_js_routes_if_enabled,
278 278 pyramid.events.ApplicationCreated)
279 279
280 280 # request custom methods
281 281 config.add_request_method(
282 282 'rhodecode.lib.partial_renderer.get_partial_renderer',
283 283 'get_partial_renderer')
284 284
285 285 # Set the authorization policy.
286 286 authz_policy = ACLAuthorizationPolicy()
287 287 config.set_authorization_policy(authz_policy)
288 288
289 289 # Set the default renderer for HTML templates to mako.
290 290 config.add_mako_renderer('.html')
291 291
292 292 config.add_renderer(
293 293 name='json_ext',
294 294 factory='rhodecode.lib.ext_json_renderer.pyramid_ext_json')
295 295
296 296 # include RhodeCode plugins
297 297 includes = aslist(settings.get('rhodecode.includes', []))
298 298 for inc in includes:
299 299 config.include(inc)
300 300
301 301 # custom not found view, if our pyramid app doesn't know how to handle
302 302 # the request pass it to potential VCS handling ap
303 303 config.add_notfound_view(not_found_view)
304 304 if not settings.get('debugtoolbar.enabled', False):
305 305 # disabled debugtoolbar handle all exceptions via the error_handlers
306 306 config.add_view(error_handler, context=Exception)
307 307
308 308 # all errors including 403/404/50X
309 309 config.add_view(error_handler, context=HTTPError)
310 310
311 311
312 312 def wrap_app_in_wsgi_middlewares(pyramid_app, config):
313 313 """
314 314 Apply outer WSGI middlewares around the application.
315 315 """
316 316 registry = config.registry
317 317 settings = registry.settings
318 318
319 319 # enable https redirects based on HTTP_X_URL_SCHEME set by proxy
320 320 pyramid_app = HttpsFixup(pyramid_app, settings)
321 321
322 322 pyramid_app, _ae_client = wrap_in_appenlight_if_enabled(
323 323 pyramid_app, settings)
324 324 registry.ae_client = _ae_client
325 325
326 326 if settings['gzip_responses']:
327 327 pyramid_app = make_gzip_middleware(
328 328 pyramid_app, settings, compress_level=1)
329 329
330 330 # this should be the outer most middleware in the wsgi stack since
331 331 # middleware like Routes make database calls
332 332 def pyramid_app_with_cleanup(environ, start_response):
333 333 try:
334 334 return pyramid_app(environ, start_response)
335 335 finally:
336 336 # Dispose current database session and rollback uncommitted
337 337 # transactions.
338 338 meta.Session.remove()
339 339
340 340 # In a single threaded mode server, on non sqlite db we should have
341 341 # '0 Current Checked out connections' at the end of a request,
342 342 # if not, then something, somewhere is leaving a connection open
343 343 pool = meta.Base.metadata.bind.engine.pool
344 344 log.debug('sa pool status: %s', pool.status())
345 345 log.debug('Request processing finalized')
346 346
347 347 return pyramid_app_with_cleanup
348 348
349 349
350 350 def sanitize_settings_and_apply_defaults(settings):
351 351 """
352 352 Applies settings defaults and does all type conversion.
353 353
354 354 We would move all settings parsing and preparation into this place, so that
355 355 we have only one place left which deals with this part. The remaining parts
356 356 of the application would start to rely fully on well prepared settings.
357 357
358 358 This piece would later be split up per topic to avoid a big fat monster
359 359 function.
360 360 """
361 361
362 362 settings.setdefault('rhodecode.edition', 'Community Edition')
363 363
364 364 if 'mako.default_filters' not in settings:
365 365 # set custom default filters if we don't have it defined
366 366 settings['mako.imports'] = 'from rhodecode.lib.base import h_filter'
367 367 settings['mako.default_filters'] = 'h_filter'
368 368
369 369 if 'mako.directories' not in settings:
370 370 mako_directories = settings.setdefault('mako.directories', [
371 371 # Base templates of the original application
372 372 'rhodecode:templates',
373 373 ])
374 374 log.debug(
375 375 "Using the following Mako template directories: %s",
376 376 mako_directories)
377 377
378 378 # Default includes, possible to change as a user
379 379 pyramid_includes = settings.setdefault('pyramid.includes', [
380 380 'rhodecode.lib.middleware.request_wrapper',
381 381 ])
382 382 log.debug(
383 383 "Using the following pyramid.includes: %s",
384 384 pyramid_includes)
385 385
386 386 # TODO: johbo: Re-think this, usually the call to config.include
387 387 # should allow to pass in a prefix.
388 388 settings.setdefault('rhodecode.api.url', '/_admin/api')
389 389
390 390 # Sanitize generic settings.
391 391 _list_setting(settings, 'default_encoding', 'UTF-8')
392 392 _bool_setting(settings, 'is_test', 'false')
393 393 _bool_setting(settings, 'gzip_responses', 'false')
394 394
395 395 # Call split out functions that sanitize settings for each topic.
396 396 _sanitize_appenlight_settings(settings)
397 397 _sanitize_vcs_settings(settings)
398 398 _sanitize_cache_settings(settings)
399 399
400 400 # configure instance id
401 401 config_utils.set_instance_id(settings)
402 402
403 403 return settings
404 404
405 405
406 406 def _sanitize_appenlight_settings(settings):
407 407 _bool_setting(settings, 'appenlight', 'false')
408 408
409 409
410 410 def _sanitize_vcs_settings(settings):
411 411 """
412 412 Applies settings defaults and does type conversion for all VCS related
413 413 settings.
414 414 """
415 415 _string_setting(settings, 'vcs.svn.compatible_version', '')
416 416 _string_setting(settings, 'git_rev_filter', '--all')
417 417 _string_setting(settings, 'vcs.hooks.protocol', 'http')
418 418 _string_setting(settings, 'vcs.hooks.host', '127.0.0.1')
419 419 _string_setting(settings, 'vcs.scm_app_implementation', 'http')
420 420 _string_setting(settings, 'vcs.server', '')
421 421 _string_setting(settings, 'vcs.server.log_level', 'debug')
422 422 _string_setting(settings, 'vcs.server.protocol', 'http')
423 423 _bool_setting(settings, 'startup.import_repos', 'false')
424 424 _bool_setting(settings, 'vcs.hooks.direct_calls', 'false')
425 425 _bool_setting(settings, 'vcs.server.enable', 'true')
426 426 _bool_setting(settings, 'vcs.start_server', 'false')
427 427 _list_setting(settings, 'vcs.backends', 'hg, git, svn')
428 428 _int_setting(settings, 'vcs.connection_timeout', 3600)
429 429
430 430 # Support legacy values of vcs.scm_app_implementation. Legacy
431 431 # configurations may use 'rhodecode.lib.middleware.utils.scm_app_http', or
432 432 # disabled since 4.13 'vcsserver.scm_app' which is now mapped to 'http'.
433 433 scm_app_impl = settings['vcs.scm_app_implementation']
434 434 if scm_app_impl in ['rhodecode.lib.middleware.utils.scm_app_http', 'vcsserver.scm_app']:
435 435 settings['vcs.scm_app_implementation'] = 'http'
436 436
437 437
438 438 def _sanitize_cache_settings(settings):
439 439 _string_setting(settings, 'cache_dir',
440 440 os.path.join(tempfile.gettempdir(), 'rc_cache'))
441 441 # cache_perms
442 442 _string_setting(
443 443 settings,
444 444 'rc_cache.cache_perms.backend',
445 445 'dogpile.cache.rc.file_namespace')
446 446 _int_setting(
447 447 settings,
448 448 'rc_cache.cache_perms.expiration_time',
449 449 60)
450 450 _string_setting(
451 451 settings,
452 452 'rc_cache.cache_perms.arguments.filename',
453 453 os.path.join(tempfile.gettempdir(), 'rc_cache_1'))
454 454
455 455 # cache_repo
456 456 _string_setting(
457 457 settings,
458 458 'rc_cache.cache_repo.backend',
459 459 'dogpile.cache.rc.file_namespace')
460 460 _int_setting(
461 461 settings,
462 462 'rc_cache.cache_repo.expiration_time',
463 463 60)
464 464 _string_setting(
465 465 settings,
466 466 'rc_cache.cache_repo.arguments.filename',
467 467 os.path.join(tempfile.gettempdir(), 'rc_cache_2'))
468 468
469 469 # cache_license
470 470 _string_setting(
471 471 settings,
472 472 'rc_cache.cache_license.backend',
473 473 'dogpile.cache.rc.file_namespace')
474 474 _int_setting(
475 475 settings,
476 476 'rc_cache.cache_license.expiration_time',
477 477 5*60)
478 478 _string_setting(
479 479 settings,
480 480 'rc_cache.cache_license.arguments.filename',
481 481 os.path.join(tempfile.gettempdir(), 'rc_cache_3'))
482 482
483 483 # cache_repo_longterm memory, 96H
484 484 _string_setting(
485 485 settings,
486 486 'rc_cache.cache_repo_longterm.backend',
487 487 'dogpile.cache.rc.memory_lru')
488 488 _int_setting(
489 489 settings,
490 490 'rc_cache.cache_repo_longterm.expiration_time',
491 491 345600)
492 492 _int_setting(
493 493 settings,
494 494 'rc_cache.cache_repo_longterm.max_size',
495 495 10000)
496 496
497 497 # sql_cache_short
498 498 _string_setting(
499 499 settings,
500 500 'rc_cache.sql_cache_short.backend',
501 501 'dogpile.cache.rc.memory_lru')
502 502 _int_setting(
503 503 settings,
504 504 'rc_cache.sql_cache_short.expiration_time',
505 505 30)
506 506 _int_setting(
507 507 settings,
508 508 'rc_cache.sql_cache_short.max_size',
509 509 10000)
510 510
511 511
512 512 def _int_setting(settings, name, default):
513 513 settings[name] = int(settings.get(name, default))
514 514
515 515
516 516 def _bool_setting(settings, name, default):
517 517 input_val = settings.get(name, default)
518 518 if isinstance(input_val, unicode):
519 519 input_val = input_val.encode('utf8')
520 520 settings[name] = asbool(input_val)
521 521
522 522
523 523 def _list_setting(settings, name, default):
524 524 raw_value = settings.get(name, default)
525 525
526 526 old_separator = ','
527 527 if old_separator in raw_value:
528 528 # If we get a comma separated list, pass it to our own function.
529 529 settings[name] = rhodecode_aslist(raw_value, sep=old_separator)
530 530 else:
531 531 # Otherwise we assume it uses pyramids space/newline separation.
532 532 settings[name] = aslist(raw_value)
533 533
534 534
535 535 def _string_setting(settings, name, default, lower=True):
536 536 value = settings.get(name, default)
537 537 if lower:
538 538 value = value.lower()
539 539 settings[name] = value
540 540
541 541
542 542 def _substitute_values(mapping, substitutions):
543 result = {
544 # Note: Cannot use regular replacements, since they would clash
545 # with the implementation of ConfigParser. Using "format" instead.
546 key: value.format(**substitutions)
547 for key, value in mapping.items()
548 }
543
544 try:
545 result = {
546 # Note: Cannot use regular replacements, since they would clash
547 # with the implementation of ConfigParser. Using "format" instead.
548 key: value.format(**substitutions)
549 for key, value in mapping.items()
550 }
551 except KeyError as e:
552 raise ValueError(
553 'Failed to substitute env variable: {}. '
554 'Make sure you have specified this env variable without ENV_ prefix'.format(e))
555
549 556 return result
General Comments 0
You need to be logged in to leave comments. Login now