##// END OF EJS Templates
Issue #5536 - ability to disable server-side SSH key generation...
csalgau -
r3478:6cd9b768 default
parent child Browse files
Show More
@@ -1,725 +1,729 b''
1
1
2
2
3 ################################################################################
3 ################################################################################
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 ################################################################################
5 ################################################################################
6
6
7 [DEFAULT]
7 [DEFAULT]
8 ## Debug flag sets all loggers to debug, and enables request tracking
8 ## Debug flag sets all loggers to debug, and enables request tracking
9 debug = true
9 debug = true
10
10
11 ################################################################################
11 ################################################################################
12 ## EMAIL CONFIGURATION ##
12 ## EMAIL CONFIGURATION ##
13 ## Uncomment and replace with the email address which should receive ##
13 ## Uncomment and replace with the email address which should receive ##
14 ## any error reports after an application crash ##
14 ## any error reports after an application crash ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 ################################################################################
16 ################################################################################
17
17
18 ## prefix all emails subjects with given prefix, helps filtering out emails
18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 #email_prefix = [RhodeCode]
19 #email_prefix = [RhodeCode]
20
20
21 ## email FROM address all mails will be sent
21 ## email FROM address all mails will be sent
22 #app_email_from = rhodecode-noreply@localhost
22 #app_email_from = rhodecode-noreply@localhost
23
23
24 #smtp_server = mail.server.com
24 #smtp_server = mail.server.com
25 #smtp_username =
25 #smtp_username =
26 #smtp_password =
26 #smtp_password =
27 #smtp_port =
27 #smtp_port =
28 #smtp_use_tls = false
28 #smtp_use_tls = false
29 #smtp_use_ssl = true
29 #smtp_use_ssl = true
30
30
31 [server:main]
31 [server:main]
32 ## COMMON ##
32 ## COMMON ##
33 host = 127.0.0.1
33 host = 127.0.0.1
34 port = 5000
34 port = 5000
35
35
36 ###########################################################
36 ###########################################################
37 ## WAITRESS WSGI SERVER - Recommended for Development ####
37 ## WAITRESS WSGI SERVER - Recommended for Development ####
38 ###########################################################
38 ###########################################################
39
39
40 use = egg:waitress#main
40 use = egg:waitress#main
41 ## number of worker threads
41 ## number of worker threads
42 threads = 5
42 threads = 5
43 ## MAX BODY SIZE 100GB
43 ## MAX BODY SIZE 100GB
44 max_request_body_size = 107374182400
44 max_request_body_size = 107374182400
45 ## Use poll instead of select, fixes file descriptors limits problems.
45 ## Use poll instead of select, fixes file descriptors limits problems.
46 ## May not work on old windows systems.
46 ## May not work on old windows systems.
47 asyncore_use_poll = true
47 asyncore_use_poll = true
48
48
49
49
50 ##########################
50 ##########################
51 ## GUNICORN WSGI SERVER ##
51 ## GUNICORN WSGI SERVER ##
52 ##########################
52 ##########################
53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
54
54
55 #use = egg:gunicorn#main
55 #use = egg:gunicorn#main
56 ## Sets the number of process workers. More workers means more concurent connections
56 ## Sets the number of process workers. More workers means more concurent connections
57 ## RhodeCode can handle at the same time. Each additional worker also it increases
57 ## RhodeCode can handle at the same time. Each additional worker also it increases
58 ## memory usage as each has it's own set of caches.
58 ## memory usage as each has it's own set of caches.
59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
62 ## when using more than 1 worker.
62 ## when using more than 1 worker.
63 #workers = 2
63 #workers = 2
64 ## process name visible in process list
64 ## process name visible in process list
65 #proc_name = rhodecode
65 #proc_name = rhodecode
66 ## type of worker class, one of sync, gevent
66 ## type of worker class, one of sync, gevent
67 ## recommended for bigger setup is using of of other than sync one
67 ## recommended for bigger setup is using of of other than sync one
68 #worker_class = gevent
68 #worker_class = gevent
69 ## The maximum number of simultaneous clients. Valid only for Gevent
69 ## The maximum number of simultaneous clients. Valid only for Gevent
70 #worker_connections = 10
70 #worker_connections = 10
71 ## max number of requests that worker will handle before being gracefully
71 ## max number of requests that worker will handle before being gracefully
72 ## restarted, could prevent memory leaks
72 ## restarted, could prevent memory leaks
73 #max_requests = 1000
73 #max_requests = 1000
74 #max_requests_jitter = 30
74 #max_requests_jitter = 30
75 ## amount of time a worker can spend with handling a request before it
75 ## amount of time a worker can spend with handling a request before it
76 ## gets killed and restarted. Set to 6hrs
76 ## gets killed and restarted. Set to 6hrs
77 #timeout = 21600
77 #timeout = 21600
78
78
79
79
80 ## prefix middleware for RhodeCode.
80 ## prefix middleware for RhodeCode.
81 ## recommended when using proxy setup.
81 ## recommended when using proxy setup.
82 ## allows to set RhodeCode under a prefix in server.
82 ## allows to set RhodeCode under a prefix in server.
83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
84 ## And set your prefix like: `prefix = /custom_prefix`
84 ## And set your prefix like: `prefix = /custom_prefix`
85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
86 ## to make your cookies only work on prefix url
86 ## to make your cookies only work on prefix url
87 [filter:proxy-prefix]
87 [filter:proxy-prefix]
88 use = egg:PasteDeploy#prefix
88 use = egg:PasteDeploy#prefix
89 prefix = /
89 prefix = /
90
90
91 [app:main]
91 [app:main]
92 ## The %(here)s variable will be replaced with the absolute path of parent directory
92 ## The %(here)s variable will be replaced with the absolute path of parent directory
93 ## of this file
93 ## of this file
94 ## In addition ENVIRONMENT variables usage is possible, e.g
94 ## In addition ENVIRONMENT variables usage is possible, e.g
95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
96
96
97 use = egg:rhodecode-enterprise-ce
97 use = egg:rhodecode-enterprise-ce
98
98
99 ## enable proxy prefix middleware, defined above
99 ## enable proxy prefix middleware, defined above
100 #filter-with = proxy-prefix
100 #filter-with = proxy-prefix
101
101
102 # During development the we want to have the debug toolbar enabled
102 # During development the we want to have the debug toolbar enabled
103 pyramid.includes =
103 pyramid.includes =
104 pyramid_debugtoolbar
104 pyramid_debugtoolbar
105 rhodecode.lib.middleware.request_wrapper
105 rhodecode.lib.middleware.request_wrapper
106
106
107 pyramid.reload_templates = true
107 pyramid.reload_templates = true
108
108
109 debugtoolbar.hosts = 0.0.0.0/0
109 debugtoolbar.hosts = 0.0.0.0/0
110 debugtoolbar.exclude_prefixes =
110 debugtoolbar.exclude_prefixes =
111 /css
111 /css
112 /fonts
112 /fonts
113 /images
113 /images
114 /js
114 /js
115
115
116 ## RHODECODE PLUGINS ##
116 ## RHODECODE PLUGINS ##
117 rhodecode.includes =
117 rhodecode.includes =
118 rhodecode.api
118 rhodecode.api
119
119
120
120
121 # api prefix url
121 # api prefix url
122 rhodecode.api.url = /_admin/api
122 rhodecode.api.url = /_admin/api
123
123
124
124
125 ## END RHODECODE PLUGINS ##
125 ## END RHODECODE PLUGINS ##
126
126
127 ## encryption key used to encrypt social plugin tokens,
127 ## encryption key used to encrypt social plugin tokens,
128 ## remote_urls with credentials etc, if not set it defaults to
128 ## remote_urls with credentials etc, if not set it defaults to
129 ## `beaker.session.secret`
129 ## `beaker.session.secret`
130 #rhodecode.encrypted_values.secret =
130 #rhodecode.encrypted_values.secret =
131
131
132 ## decryption strict mode (enabled by default). It controls if decryption raises
132 ## decryption strict mode (enabled by default). It controls if decryption raises
133 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
133 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
134 #rhodecode.encrypted_values.strict = false
134 #rhodecode.encrypted_values.strict = false
135
135
136 ## return gzipped responses from Rhodecode (static files/application)
136 ## return gzipped responses from Rhodecode (static files/application)
137 gzip_responses = false
137 gzip_responses = false
138
138
139 ## autogenerate javascript routes file on startup
139 ## autogenerate javascript routes file on startup
140 generate_js_files = false
140 generate_js_files = false
141
141
142 ## System global default language.
142 ## System global default language.
143 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
143 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
144 lang = en
144 lang = en
145
145
146 ## Perform a full repository scan and import on each server start.
146 ## Perform a full repository scan and import on each server start.
147 ## Settings this to true could lead to very long startup time.
147 ## Settings this to true could lead to very long startup time.
148 startup.import_repos = false
148 startup.import_repos = false
149
149
150 ## Uncomment and set this path to use archive download cache.
150 ## Uncomment and set this path to use archive download cache.
151 ## Once enabled, generated archives will be cached at this location
151 ## Once enabled, generated archives will be cached at this location
152 ## and served from the cache during subsequent requests for the same archive of
152 ## and served from the cache during subsequent requests for the same archive of
153 ## the repository.
153 ## the repository.
154 #archive_cache_dir = /tmp/tarballcache
154 #archive_cache_dir = /tmp/tarballcache
155
155
156 ## URL at which the application is running. This is used for bootstraping
156 ## URL at which the application is running. This is used for bootstraping
157 ## requests in context when no web request is available. Used in ishell, or
157 ## requests in context when no web request is available. Used in ishell, or
158 ## SSH calls. Set this for events to receive proper url for SSH calls.
158 ## SSH calls. Set this for events to receive proper url for SSH calls.
159 app.base_url = http://rhodecode.local
159 app.base_url = http://rhodecode.local
160
160
161 ## Unique application ID. Should be a random unique string for security.
161 ## Unique application ID. Should be a random unique string for security.
162 app_instance_uuid = rc-production
162 app_instance_uuid = rc-production
163
163
164 ## Cut off limit for large diffs (size in bytes). If overall diff size on
164 ## Cut off limit for large diffs (size in bytes). If overall diff size on
165 ## commit, or pull request exceeds this limit this diff will be displayed
165 ## commit, or pull request exceeds this limit this diff will be displayed
166 ## partially. E.g 512000 == 512Kb
166 ## partially. E.g 512000 == 512Kb
167 cut_off_limit_diff = 512000
167 cut_off_limit_diff = 512000
168
168
169 ## Cut off limit for large files inside diffs (size in bytes). Each individual
169 ## Cut off limit for large files inside diffs (size in bytes). Each individual
170 ## file inside diff which exceeds this limit will be displayed partially.
170 ## file inside diff which exceeds this limit will be displayed partially.
171 ## E.g 128000 == 128Kb
171 ## E.g 128000 == 128Kb
172 cut_off_limit_file = 128000
172 cut_off_limit_file = 128000
173
173
174 ## use cached version of vcs repositories everywhere. Recommended to be `true`
174 ## use cached version of vcs repositories everywhere. Recommended to be `true`
175 vcs_full_cache = true
175 vcs_full_cache = true
176
176
177 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
177 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
178 ## Normally this is controlled by proper http flags sent from http server
178 ## Normally this is controlled by proper http flags sent from http server
179 force_https = false
179 force_https = false
180
180
181 ## use Strict-Transport-Security headers
181 ## use Strict-Transport-Security headers
182 use_htsts = false
182 use_htsts = false
183
183
184 ## git rev filter option, --all is the default filter, if you need to
184 ## git rev filter option, --all is the default filter, if you need to
185 ## hide all refs in changelog switch this to --branches --tags
185 ## hide all refs in changelog switch this to --branches --tags
186 git_rev_filter = --branches --tags
186 git_rev_filter = --branches --tags
187
187
188 # Set to true if your repos are exposed using the dumb protocol
188 # Set to true if your repos are exposed using the dumb protocol
189 git_update_server_info = false
189 git_update_server_info = false
190
190
191 ## RSS/ATOM feed options
191 ## RSS/ATOM feed options
192 rss_cut_off_limit = 256000
192 rss_cut_off_limit = 256000
193 rss_items_per_page = 10
193 rss_items_per_page = 10
194 rss_include_diff = false
194 rss_include_diff = false
195
195
196 ## gist URL alias, used to create nicer urls for gist. This should be an
196 ## gist URL alias, used to create nicer urls for gist. This should be an
197 ## url that does rewrites to _admin/gists/{gistid}.
197 ## url that does rewrites to _admin/gists/{gistid}.
198 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
198 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
199 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
199 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
200 gist_alias_url =
200 gist_alias_url =
201
201
202 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
202 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
203 ## used for access.
203 ## used for access.
204 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
204 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
205 ## came from the the logged in user who own this authentication token.
205 ## came from the the logged in user who own this authentication token.
206 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
206 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
207 ## authentication token. Such view would be only accessible when used together
207 ## authentication token. Such view would be only accessible when used together
208 ## with this authentication token
208 ## with this authentication token
209 ##
209 ##
210 ## list of all views can be found under `/_admin/permissions/auth_token_access`
210 ## list of all views can be found under `/_admin/permissions/auth_token_access`
211 ## The list should be "," separated and on a single line.
211 ## The list should be "," separated and on a single line.
212 ##
212 ##
213 ## Most common views to enable:
213 ## Most common views to enable:
214 # RepoCommitsView:repo_commit_download
214 # RepoCommitsView:repo_commit_download
215 # RepoCommitsView:repo_commit_patch
215 # RepoCommitsView:repo_commit_patch
216 # RepoCommitsView:repo_commit_raw
216 # RepoCommitsView:repo_commit_raw
217 # RepoCommitsView:repo_commit_raw@TOKEN
217 # RepoCommitsView:repo_commit_raw@TOKEN
218 # RepoFilesView:repo_files_diff
218 # RepoFilesView:repo_files_diff
219 # RepoFilesView:repo_archivefile
219 # RepoFilesView:repo_archivefile
220 # RepoFilesView:repo_file_raw
220 # RepoFilesView:repo_file_raw
221 # GistView:*
221 # GistView:*
222 api_access_controllers_whitelist =
222 api_access_controllers_whitelist =
223
223
224 ## Default encoding used to convert from and to unicode
224 ## Default encoding used to convert from and to unicode
225 ## can be also a comma separated list of encoding in case of mixed encodings
225 ## can be also a comma separated list of encoding in case of mixed encodings
226 default_encoding = UTF-8
226 default_encoding = UTF-8
227
227
228 ## instance-id prefix
228 ## instance-id prefix
229 ## a prefix key for this instance used for cache invalidation when running
229 ## a prefix key for this instance used for cache invalidation when running
230 ## multiple instances of rhodecode, make sure it's globally unique for
230 ## multiple instances of rhodecode, make sure it's globally unique for
231 ## all running rhodecode instances. Leave empty if you don't use it
231 ## all running rhodecode instances. Leave empty if you don't use it
232 instance_id =
232 instance_id =
233
233
234 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
234 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
235 ## of an authentication plugin also if it is disabled by it's settings.
235 ## of an authentication plugin also if it is disabled by it's settings.
236 ## This could be useful if you are unable to log in to the system due to broken
236 ## This could be useful if you are unable to log in to the system due to broken
237 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
237 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
238 ## module to log in again and fix the settings.
238 ## module to log in again and fix the settings.
239 ##
239 ##
240 ## Available builtin plugin IDs (hash is part of the ID):
240 ## Available builtin plugin IDs (hash is part of the ID):
241 ## egg:rhodecode-enterprise-ce#rhodecode
241 ## egg:rhodecode-enterprise-ce#rhodecode
242 ## egg:rhodecode-enterprise-ce#pam
242 ## egg:rhodecode-enterprise-ce#pam
243 ## egg:rhodecode-enterprise-ce#ldap
243 ## egg:rhodecode-enterprise-ce#ldap
244 ## egg:rhodecode-enterprise-ce#jasig_cas
244 ## egg:rhodecode-enterprise-ce#jasig_cas
245 ## egg:rhodecode-enterprise-ce#headers
245 ## egg:rhodecode-enterprise-ce#headers
246 ## egg:rhodecode-enterprise-ce#crowd
246 ## egg:rhodecode-enterprise-ce#crowd
247 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
247 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
248
248
249 ## alternative return HTTP header for failed authentication. Default HTTP
249 ## alternative return HTTP header for failed authentication. Default HTTP
250 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
250 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
251 ## handling that causing a series of failed authentication calls.
251 ## handling that causing a series of failed authentication calls.
252 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
252 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
253 ## This will be served instead of default 401 on bad authnetication
253 ## This will be served instead of default 401 on bad authnetication
254 auth_ret_code =
254 auth_ret_code =
255
255
256 ## use special detection method when serving auth_ret_code, instead of serving
256 ## use special detection method when serving auth_ret_code, instead of serving
257 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
257 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
258 ## and then serve auth_ret_code to clients
258 ## and then serve auth_ret_code to clients
259 auth_ret_code_detection = false
259 auth_ret_code_detection = false
260
260
261 ## locking return code. When repository is locked return this HTTP code. 2XX
261 ## locking return code. When repository is locked return this HTTP code. 2XX
262 ## codes don't break the transactions while 4XX codes do
262 ## codes don't break the transactions while 4XX codes do
263 lock_ret_code = 423
263 lock_ret_code = 423
264
264
265 ## allows to change the repository location in settings page
265 ## allows to change the repository location in settings page
266 allow_repo_location_change = true
266 allow_repo_location_change = true
267
267
268 ## allows to setup custom hooks in settings page
268 ## allows to setup custom hooks in settings page
269 allow_custom_hooks_settings = true
269 allow_custom_hooks_settings = true
270
270
271 ## Generated license token required for EE edition license.
271 ## Generated license token required for EE edition license.
272 ## New generated token value can be found in Admin > settings > license page.
272 ## New generated token value can be found in Admin > settings > license page.
273 license_token =
273 license_token =
274
274
275 ## supervisor connection uri, for managing supervisor and logs.
275 ## supervisor connection uri, for managing supervisor and logs.
276 supervisor.uri =
276 supervisor.uri =
277 ## supervisord group name/id we only want this RC instance to handle
277 ## supervisord group name/id we only want this RC instance to handle
278 supervisor.group_id = dev
278 supervisor.group_id = dev
279
279
280 ## Display extended labs settings
280 ## Display extended labs settings
281 labs_settings_active = true
281 labs_settings_active = true
282
282
283 ## Custom exception store path, defaults to TMPDIR
283 ## Custom exception store path, defaults to TMPDIR
284 ## This is used to store exception from RhodeCode in shared directory
284 ## This is used to store exception from RhodeCode in shared directory
285 #exception_tracker.store_path =
285 #exception_tracker.store_path =
286
286
287 ## File store configuration. This is used to store and serve uploaded files
287 ## File store configuration. This is used to store and serve uploaded files
288 file_store.enabled = true
288 file_store.enabled = true
289 ## backend, only available one is local
289 ## backend, only available one is local
290 file_store.backend = local
290 file_store.backend = local
291 ## path to store the uploaded binaries
291 ## path to store the uploaded binaries
292 file_store.storage_path = %(here)s/data/file_store
292 file_store.storage_path = %(here)s/data/file_store
293
293
294
294
295 ####################################
295 ####################################
296 ### CELERY CONFIG ####
296 ### CELERY CONFIG ####
297 ####################################
297 ####################################
298 ## run: /path/to/celery worker \
298 ## run: /path/to/celery worker \
299 ## -E --beat --app rhodecode.lib.celerylib.loader \
299 ## -E --beat --app rhodecode.lib.celerylib.loader \
300 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
300 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
301 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
301 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
302
302
303 use_celery = false
303 use_celery = false
304
304
305 ## connection url to the message broker (default rabbitmq)
305 ## connection url to the message broker (default rabbitmq)
306 celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
306 celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
307
307
308 ## maximum tasks to execute before worker restart
308 ## maximum tasks to execute before worker restart
309 celery.max_tasks_per_child = 100
309 celery.max_tasks_per_child = 100
310
310
311 ## tasks will never be sent to the queue, but executed locally instead.
311 ## tasks will never be sent to the queue, but executed locally instead.
312 celery.task_always_eager = false
312 celery.task_always_eager = false
313
313
314 #####################################
314 #####################################
315 ### DOGPILE CACHE ####
315 ### DOGPILE CACHE ####
316 #####################################
316 #####################################
317 ## Default cache dir for caches. Putting this into a ramdisk
317 ## Default cache dir for caches. Putting this into a ramdisk
318 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
318 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
319 ## large amount of space
319 ## large amount of space
320 cache_dir = %(here)s/data
320 cache_dir = %(here)s/data
321
321
322 ## `cache_perms` cache settings for permission tree, auth TTL.
322 ## `cache_perms` cache settings for permission tree, auth TTL.
323 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
323 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
324 rc_cache.cache_perms.expiration_time = 300
324 rc_cache.cache_perms.expiration_time = 300
325
325
326 ## alternative `cache_perms` redis backend with distributed lock
326 ## alternative `cache_perms` redis backend with distributed lock
327 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
327 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
328 #rc_cache.cache_perms.expiration_time = 300
328 #rc_cache.cache_perms.expiration_time = 300
329 ## redis_expiration_time needs to be greater then expiration_time
329 ## redis_expiration_time needs to be greater then expiration_time
330 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
330 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
331 #rc_cache.cache_perms.arguments.socket_timeout = 30
331 #rc_cache.cache_perms.arguments.socket_timeout = 30
332 #rc_cache.cache_perms.arguments.host = localhost
332 #rc_cache.cache_perms.arguments.host = localhost
333 #rc_cache.cache_perms.arguments.port = 6379
333 #rc_cache.cache_perms.arguments.port = 6379
334 #rc_cache.cache_perms.arguments.db = 0
334 #rc_cache.cache_perms.arguments.db = 0
335 #rc_cache.cache_perms.arguments.distributed_lock = true
335 #rc_cache.cache_perms.arguments.distributed_lock = true
336
336
337 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
337 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
338 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
338 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
339 rc_cache.cache_repo.expiration_time = 2592000
339 rc_cache.cache_repo.expiration_time = 2592000
340
340
341 ## alternative `cache_repo` redis backend with distributed lock
341 ## alternative `cache_repo` redis backend with distributed lock
342 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
342 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
343 #rc_cache.cache_repo.expiration_time = 2592000
343 #rc_cache.cache_repo.expiration_time = 2592000
344 ## redis_expiration_time needs to be greater then expiration_time
344 ## redis_expiration_time needs to be greater then expiration_time
345 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
345 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
346 #rc_cache.cache_repo.arguments.socket_timeout = 30
346 #rc_cache.cache_repo.arguments.socket_timeout = 30
347 #rc_cache.cache_repo.arguments.host = localhost
347 #rc_cache.cache_repo.arguments.host = localhost
348 #rc_cache.cache_repo.arguments.port = 6379
348 #rc_cache.cache_repo.arguments.port = 6379
349 #rc_cache.cache_repo.arguments.db = 1
349 #rc_cache.cache_repo.arguments.db = 1
350 #rc_cache.cache_repo.arguments.distributed_lock = true
350 #rc_cache.cache_repo.arguments.distributed_lock = true
351
351
352 ## cache settings for SQL queries, this needs to use memory type backend
352 ## cache settings for SQL queries, this needs to use memory type backend
353 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
353 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
354 rc_cache.sql_cache_short.expiration_time = 30
354 rc_cache.sql_cache_short.expiration_time = 30
355
355
356 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
356 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
357 ## type backend as the objects kept are not pickle serializable
357 ## type backend as the objects kept are not pickle serializable
358 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
358 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
359 ## by default we use 96H, this is using invalidation on push anyway
359 ## by default we use 96H, this is using invalidation on push anyway
360 rc_cache.cache_repo_longterm.expiration_time = 345600
360 rc_cache.cache_repo_longterm.expiration_time = 345600
361 ## max items in LRU cache, reduce this number to save memory, and expire last used
361 ## max items in LRU cache, reduce this number to save memory, and expire last used
362 ## cached objects
362 ## cached objects
363 rc_cache.cache_repo_longterm.max_size = 10000
363 rc_cache.cache_repo_longterm.max_size = 10000
364
364
365
365
366 ####################################
366 ####################################
367 ### BEAKER SESSION ####
367 ### BEAKER SESSION ####
368 ####################################
368 ####################################
369
369
370 ## .session.type is type of storage options for the session, current allowed
370 ## .session.type is type of storage options for the session, current allowed
371 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
371 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
372 beaker.session.type = file
372 beaker.session.type = file
373 beaker.session.data_dir = %(here)s/data/sessions
373 beaker.session.data_dir = %(here)s/data/sessions
374
374
375 ## db based session, fast, and allows easy management over logged in users
375 ## db based session, fast, and allows easy management over logged in users
376 #beaker.session.type = ext:database
376 #beaker.session.type = ext:database
377 #beaker.session.table_name = db_session
377 #beaker.session.table_name = db_session
378 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
378 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
379 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
379 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
380 #beaker.session.sa.pool_recycle = 3600
380 #beaker.session.sa.pool_recycle = 3600
381 #beaker.session.sa.echo = false
381 #beaker.session.sa.echo = false
382
382
383 beaker.session.key = rhodecode
383 beaker.session.key = rhodecode
384 beaker.session.secret = develop-rc-uytcxaz
384 beaker.session.secret = develop-rc-uytcxaz
385 beaker.session.lock_dir = %(here)s/data/sessions/lock
385 beaker.session.lock_dir = %(here)s/data/sessions/lock
386
386
387 ## Secure encrypted cookie. Requires AES and AES python libraries
387 ## Secure encrypted cookie. Requires AES and AES python libraries
388 ## you must disable beaker.session.secret to use this
388 ## you must disable beaker.session.secret to use this
389 #beaker.session.encrypt_key = key_for_encryption
389 #beaker.session.encrypt_key = key_for_encryption
390 #beaker.session.validate_key = validation_key
390 #beaker.session.validate_key = validation_key
391
391
392 ## sets session as invalid(also logging out user) if it haven not been
392 ## sets session as invalid(also logging out user) if it haven not been
393 ## accessed for given amount of time in seconds
393 ## accessed for given amount of time in seconds
394 beaker.session.timeout = 2592000
394 beaker.session.timeout = 2592000
395 beaker.session.httponly = true
395 beaker.session.httponly = true
396 ## Path to use for the cookie. Set to prefix if you use prefix middleware
396 ## Path to use for the cookie. Set to prefix if you use prefix middleware
397 #beaker.session.cookie_path = /custom_prefix
397 #beaker.session.cookie_path = /custom_prefix
398
398
399 ## uncomment for https secure cookie
399 ## uncomment for https secure cookie
400 beaker.session.secure = false
400 beaker.session.secure = false
401
401
402 ## auto save the session to not to use .save()
402 ## auto save the session to not to use .save()
403 beaker.session.auto = false
403 beaker.session.auto = false
404
404
405 ## default cookie expiration time in seconds, set to `true` to set expire
405 ## default cookie expiration time in seconds, set to `true` to set expire
406 ## at browser close
406 ## at browser close
407 #beaker.session.cookie_expires = 3600
407 #beaker.session.cookie_expires = 3600
408
408
409 ###################################
409 ###################################
410 ## SEARCH INDEXING CONFIGURATION ##
410 ## SEARCH INDEXING CONFIGURATION ##
411 ###################################
411 ###################################
412 ## Full text search indexer is available in rhodecode-tools under
412 ## Full text search indexer is available in rhodecode-tools under
413 ## `rhodecode-tools index` command
413 ## `rhodecode-tools index` command
414
414
415 ## WHOOSH Backend, doesn't require additional services to run
415 ## WHOOSH Backend, doesn't require additional services to run
416 ## it works good with few dozen repos
416 ## it works good with few dozen repos
417 search.module = rhodecode.lib.index.whoosh
417 search.module = rhodecode.lib.index.whoosh
418 search.location = %(here)s/data/index
418 search.location = %(here)s/data/index
419
419
420 ########################################
420 ########################################
421 ### CHANNELSTREAM CONFIG ####
421 ### CHANNELSTREAM CONFIG ####
422 ########################################
422 ########################################
423 ## channelstream enables persistent connections and live notification
423 ## channelstream enables persistent connections and live notification
424 ## in the system. It's also used by the chat system
424 ## in the system. It's also used by the chat system
425
425
426 channelstream.enabled = false
426 channelstream.enabled = false
427
427
428 ## server address for channelstream server on the backend
428 ## server address for channelstream server on the backend
429 channelstream.server = 127.0.0.1:9800
429 channelstream.server = 127.0.0.1:9800
430
430
431 ## location of the channelstream server from outside world
431 ## location of the channelstream server from outside world
432 ## use ws:// for http or wss:// for https. This address needs to be handled
432 ## use ws:// for http or wss:// for https. This address needs to be handled
433 ## by external HTTP server such as Nginx or Apache
433 ## by external HTTP server such as Nginx or Apache
434 ## see nginx/apache configuration examples in our docs
434 ## see nginx/apache configuration examples in our docs
435 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
435 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
436 channelstream.secret = secret
436 channelstream.secret = secret
437 channelstream.history.location = %(here)s/channelstream_history
437 channelstream.history.location = %(here)s/channelstream_history
438
438
439 ## Internal application path that Javascript uses to connect into.
439 ## Internal application path that Javascript uses to connect into.
440 ## If you use proxy-prefix the prefix should be added before /_channelstream
440 ## If you use proxy-prefix the prefix should be added before /_channelstream
441 channelstream.proxy_path = /_channelstream
441 channelstream.proxy_path = /_channelstream
442
442
443
443
444 ###################################
444 ###################################
445 ## APPENLIGHT CONFIG ##
445 ## APPENLIGHT CONFIG ##
446 ###################################
446 ###################################
447
447
448 ## Appenlight is tailored to work with RhodeCode, see
448 ## Appenlight is tailored to work with RhodeCode, see
449 ## http://appenlight.com for details how to obtain an account
449 ## http://appenlight.com for details how to obtain an account
450
450
451 ## appenlight integration enabled
451 ## appenlight integration enabled
452 appenlight = false
452 appenlight = false
453
453
454 appenlight.server_url = https://api.appenlight.com
454 appenlight.server_url = https://api.appenlight.com
455 appenlight.api_key = YOUR_API_KEY
455 appenlight.api_key = YOUR_API_KEY
456 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
456 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
457
457
458 # used for JS client
458 # used for JS client
459 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
459 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
460
460
461 ## TWEAK AMOUNT OF INFO SENT HERE
461 ## TWEAK AMOUNT OF INFO SENT HERE
462
462
463 ## enables 404 error logging (default False)
463 ## enables 404 error logging (default False)
464 appenlight.report_404 = false
464 appenlight.report_404 = false
465
465
466 ## time in seconds after request is considered being slow (default 1)
466 ## time in seconds after request is considered being slow (default 1)
467 appenlight.slow_request_time = 1
467 appenlight.slow_request_time = 1
468
468
469 ## record slow requests in application
469 ## record slow requests in application
470 ## (needs to be enabled for slow datastore recording and time tracking)
470 ## (needs to be enabled for slow datastore recording and time tracking)
471 appenlight.slow_requests = true
471 appenlight.slow_requests = true
472
472
473 ## enable hooking to application loggers
473 ## enable hooking to application loggers
474 appenlight.logging = true
474 appenlight.logging = true
475
475
476 ## minimum log level for log capture
476 ## minimum log level for log capture
477 appenlight.logging.level = WARNING
477 appenlight.logging.level = WARNING
478
478
479 ## send logs only from erroneous/slow requests
479 ## send logs only from erroneous/slow requests
480 ## (saves API quota for intensive logging)
480 ## (saves API quota for intensive logging)
481 appenlight.logging_on_error = false
481 appenlight.logging_on_error = false
482
482
483 ## list of additonal keywords that should be grabbed from environ object
483 ## list of additonal keywords that should be grabbed from environ object
484 ## can be string with comma separated list of words in lowercase
484 ## can be string with comma separated list of words in lowercase
485 ## (by default client will always send following info:
485 ## (by default client will always send following info:
486 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
486 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
487 ## start with HTTP* this list be extended with additional keywords here
487 ## start with HTTP* this list be extended with additional keywords here
488 appenlight.environ_keys_whitelist =
488 appenlight.environ_keys_whitelist =
489
489
490 ## list of keywords that should be blanked from request object
490 ## list of keywords that should be blanked from request object
491 ## can be string with comma separated list of words in lowercase
491 ## can be string with comma separated list of words in lowercase
492 ## (by default client will always blank keys that contain following words
492 ## (by default client will always blank keys that contain following words
493 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
493 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
494 ## this list be extended with additional keywords set here
494 ## this list be extended with additional keywords set here
495 appenlight.request_keys_blacklist =
495 appenlight.request_keys_blacklist =
496
496
497 ## list of namespaces that should be ignores when gathering log entries
497 ## list of namespaces that should be ignores when gathering log entries
498 ## can be string with comma separated list of namespaces
498 ## can be string with comma separated list of namespaces
499 ## (by default the client ignores own entries: appenlight_client.client)
499 ## (by default the client ignores own entries: appenlight_client.client)
500 appenlight.log_namespace_blacklist =
500 appenlight.log_namespace_blacklist =
501
501
502 # enable debug style page
502 # enable debug style page
503 debug_style = true
503 debug_style = true
504
504
505 ###########################################
505 ###########################################
506 ### MAIN RHODECODE DATABASE CONFIG ###
506 ### MAIN RHODECODE DATABASE CONFIG ###
507 ###########################################
507 ###########################################
508 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
508 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
509 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
509 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
510 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
510 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
511 # pymysql is an alternative driver for MySQL, use in case of problems with default one
511 # pymysql is an alternative driver for MySQL, use in case of problems with default one
512 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
512 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
513
513
514 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
514 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
515
515
516 # see sqlalchemy docs for other advanced settings
516 # see sqlalchemy docs for other advanced settings
517
517
518 ## print the sql statements to output
518 ## print the sql statements to output
519 sqlalchemy.db1.echo = false
519 sqlalchemy.db1.echo = false
520 ## recycle the connections after this amount of seconds
520 ## recycle the connections after this amount of seconds
521 sqlalchemy.db1.pool_recycle = 3600
521 sqlalchemy.db1.pool_recycle = 3600
522 sqlalchemy.db1.convert_unicode = true
522 sqlalchemy.db1.convert_unicode = true
523
523
524 ## the number of connections to keep open inside the connection pool.
524 ## the number of connections to keep open inside the connection pool.
525 ## 0 indicates no limit
525 ## 0 indicates no limit
526 #sqlalchemy.db1.pool_size = 5
526 #sqlalchemy.db1.pool_size = 5
527
527
528 ## the number of connections to allow in connection pool "overflow", that is
528 ## the number of connections to allow in connection pool "overflow", that is
529 ## connections that can be opened above and beyond the pool_size setting,
529 ## connections that can be opened above and beyond the pool_size setting,
530 ## which defaults to five.
530 ## which defaults to five.
531 #sqlalchemy.db1.max_overflow = 10
531 #sqlalchemy.db1.max_overflow = 10
532
532
533 ## Connection check ping, used to detect broken database connections
533 ## Connection check ping, used to detect broken database connections
534 ## could be enabled to better handle cases if MySQL has gone away errors
534 ## could be enabled to better handle cases if MySQL has gone away errors
535 #sqlalchemy.db1.ping_connection = true
535 #sqlalchemy.db1.ping_connection = true
536
536
537 ##################
537 ##################
538 ### VCS CONFIG ###
538 ### VCS CONFIG ###
539 ##################
539 ##################
540 vcs.server.enable = true
540 vcs.server.enable = true
541 vcs.server = localhost:9900
541 vcs.server = localhost:9900
542
542
543 ## Web server connectivity protocol, responsible for web based VCS operatations
543 ## Web server connectivity protocol, responsible for web based VCS operatations
544 ## Available protocols are:
544 ## Available protocols are:
545 ## `http` - use http-rpc backend (default)
545 ## `http` - use http-rpc backend (default)
546 vcs.server.protocol = http
546 vcs.server.protocol = http
547
547
548 ## Push/Pull operations protocol, available options are:
548 ## Push/Pull operations protocol, available options are:
549 ## `http` - use http-rpc backend (default)
549 ## `http` - use http-rpc backend (default)
550 vcs.scm_app_implementation = http
550 vcs.scm_app_implementation = http
551
551
552 ## Push/Pull operations hooks protocol, available options are:
552 ## Push/Pull operations hooks protocol, available options are:
553 ## `http` - use http-rpc backend (default)
553 ## `http` - use http-rpc backend (default)
554 vcs.hooks.protocol = http
554 vcs.hooks.protocol = http
555
555
556 ## Host on which this instance is listening for hooks. If vcsserver is in other location
556 ## Host on which this instance is listening for hooks. If vcsserver is in other location
557 ## this should be adjusted.
557 ## this should be adjusted.
558 vcs.hooks.host = 127.0.0.1
558 vcs.hooks.host = 127.0.0.1
559
559
560 vcs.server.log_level = debug
560 vcs.server.log_level = debug
561 ## Start VCSServer with this instance as a subprocess, useful for development
561 ## Start VCSServer with this instance as a subprocess, useful for development
562 vcs.start_server = false
562 vcs.start_server = false
563
563
564 ## List of enabled VCS backends, available options are:
564 ## List of enabled VCS backends, available options are:
565 ## `hg` - mercurial
565 ## `hg` - mercurial
566 ## `git` - git
566 ## `git` - git
567 ## `svn` - subversion
567 ## `svn` - subversion
568 vcs.backends = hg, git, svn
568 vcs.backends = hg, git, svn
569
569
570 vcs.connection_timeout = 3600
570 vcs.connection_timeout = 3600
571 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
571 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
572 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
572 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
573 #vcs.svn.compatible_version = pre-1.8-compatible
573 #vcs.svn.compatible_version = pre-1.8-compatible
574
574
575
575
576 ############################################################
576 ############################################################
577 ### Subversion proxy support (mod_dav_svn) ###
577 ### Subversion proxy support (mod_dav_svn) ###
578 ### Maps RhodeCode repo groups into SVN paths for Apache ###
578 ### Maps RhodeCode repo groups into SVN paths for Apache ###
579 ############################################################
579 ############################################################
580 ## Enable or disable the config file generation.
580 ## Enable or disable the config file generation.
581 svn.proxy.generate_config = false
581 svn.proxy.generate_config = false
582 ## Generate config file with `SVNListParentPath` set to `On`.
582 ## Generate config file with `SVNListParentPath` set to `On`.
583 svn.proxy.list_parent_path = true
583 svn.proxy.list_parent_path = true
584 ## Set location and file name of generated config file.
584 ## Set location and file name of generated config file.
585 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
585 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
586 ## alternative mod_dav config template. This needs to be a mako template
586 ## alternative mod_dav config template. This needs to be a mako template
587 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
587 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
588 ## Used as a prefix to the `Location` block in the generated config file.
588 ## Used as a prefix to the `Location` block in the generated config file.
589 ## In most cases it should be set to `/`.
589 ## In most cases it should be set to `/`.
590 svn.proxy.location_root = /
590 svn.proxy.location_root = /
591 ## Command to reload the mod dav svn configuration on change.
591 ## Command to reload the mod dav svn configuration on change.
592 ## Example: `/etc/init.d/apache2 reload`
592 ## Example: `/etc/init.d/apache2 reload`
593 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
593 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
594 ## If the timeout expires before the reload command finishes, the command will
594 ## If the timeout expires before the reload command finishes, the command will
595 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
595 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
596 #svn.proxy.reload_timeout = 10
596 #svn.proxy.reload_timeout = 10
597
597
598 ############################################################
598 ############################################################
599 ### SSH Support Settings ###
599 ### SSH Support Settings ###
600 ############################################################
600 ############################################################
601
601
602 ## Defines if a custom authorized_keys file should be created and written on
602 ## Defines if a custom authorized_keys file should be created and written on
603 ## any change user ssh keys. Setting this to false also disables posibility
603 ## any change user ssh keys. Setting this to false also disables posibility
604 ## of adding SSH keys by users from web interface. Super admins can still
604 ## of adding SSH keys by users from web interface. Super admins can still
605 ## manage SSH Keys.
605 ## manage SSH Keys.
606 ssh.generate_authorized_keyfile = false
606 ssh.generate_authorized_keyfile = false
607
607
608 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
608 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
609 # ssh.authorized_keys_ssh_opts =
609 # ssh.authorized_keys_ssh_opts =
610
610
611 ## Path to the authrozied_keys file where the generate entries are placed.
611 ## Path to the authrozied_keys file where the generate entries are placed.
612 ## It is possible to have multiple key files specified in `sshd_config` e.g.
612 ## It is possible to have multiple key files specified in `sshd_config` e.g.
613 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
613 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
614 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
614 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
615
615
616 ## Command to execute the SSH wrapper. The binary is available in the
616 ## Command to execute the SSH wrapper. The binary is available in the
617 ## rhodecode installation directory.
617 ## rhodecode installation directory.
618 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
618 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
619 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
619 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
620
620
621 ## Allow shell when executing the ssh-wrapper command
621 ## Allow shell when executing the ssh-wrapper command
622 ssh.wrapper_cmd_allow_shell = false
622 ssh.wrapper_cmd_allow_shell = false
623
623
624 ## Enables logging, and detailed output send back to the client during SSH
624 ## Enables logging, and detailed output send back to the client during SSH
625 ## operations. Usefull for debugging, shouldn't be used in production.
625 ## operations. Usefull for debugging, shouldn't be used in production.
626 ssh.enable_debug_logging = true
626 ssh.enable_debug_logging = true
627
627
628 ## Paths to binary executable, by default they are the names, but we can
628 ## Paths to binary executable, by default they are the names, but we can
629 ## override them if we want to use a custom one
629 ## override them if we want to use a custom one
630 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
630 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
631 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
631 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
632 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
632 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
633
633
634 ## Enables SSH key generator web interface. Disabling this still allows users
635 ## to add their own keys.
636 ssh.enable_ui_key_generator = true
637
634
638
635 ## Dummy marker to add new entries after.
639 ## Dummy marker to add new entries after.
636 ## Add any custom entries below. Please don't remove.
640 ## Add any custom entries below. Please don't remove.
637 custom.conf = 1
641 custom.conf = 1
638
642
639
643
640 ################################
644 ################################
641 ### LOGGING CONFIGURATION ####
645 ### LOGGING CONFIGURATION ####
642 ################################
646 ################################
643 [loggers]
647 [loggers]
644 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
648 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
645
649
646 [handlers]
650 [handlers]
647 keys = console, console_sql
651 keys = console, console_sql
648
652
649 [formatters]
653 [formatters]
650 keys = generic, color_formatter, color_formatter_sql
654 keys = generic, color_formatter, color_formatter_sql
651
655
652 #############
656 #############
653 ## LOGGERS ##
657 ## LOGGERS ##
654 #############
658 #############
655 [logger_root]
659 [logger_root]
656 level = NOTSET
660 level = NOTSET
657 handlers = console
661 handlers = console
658
662
659 [logger_sqlalchemy]
663 [logger_sqlalchemy]
660 level = INFO
664 level = INFO
661 handlers = console_sql
665 handlers = console_sql
662 qualname = sqlalchemy.engine
666 qualname = sqlalchemy.engine
663 propagate = 0
667 propagate = 0
664
668
665 [logger_beaker]
669 [logger_beaker]
666 level = DEBUG
670 level = DEBUG
667 handlers =
671 handlers =
668 qualname = beaker.container
672 qualname = beaker.container
669 propagate = 1
673 propagate = 1
670
674
671 [logger_rhodecode]
675 [logger_rhodecode]
672 level = DEBUG
676 level = DEBUG
673 handlers =
677 handlers =
674 qualname = rhodecode
678 qualname = rhodecode
675 propagate = 1
679 propagate = 1
676
680
677 [logger_ssh_wrapper]
681 [logger_ssh_wrapper]
678 level = DEBUG
682 level = DEBUG
679 handlers =
683 handlers =
680 qualname = ssh_wrapper
684 qualname = ssh_wrapper
681 propagate = 1
685 propagate = 1
682
686
683 [logger_celery]
687 [logger_celery]
684 level = DEBUG
688 level = DEBUG
685 handlers =
689 handlers =
686 qualname = celery
690 qualname = celery
687
691
688
692
689 ##############
693 ##############
690 ## HANDLERS ##
694 ## HANDLERS ##
691 ##############
695 ##############
692
696
693 [handler_console]
697 [handler_console]
694 class = StreamHandler
698 class = StreamHandler
695 args = (sys.stderr, )
699 args = (sys.stderr, )
696 level = DEBUG
700 level = DEBUG
697 formatter = color_formatter
701 formatter = color_formatter
698
702
699 [handler_console_sql]
703 [handler_console_sql]
700 # "level = DEBUG" logs SQL queries and results.
704 # "level = DEBUG" logs SQL queries and results.
701 # "level = INFO" logs SQL queries.
705 # "level = INFO" logs SQL queries.
702 # "level = WARN" logs neither. (Recommended for production systems.)
706 # "level = WARN" logs neither. (Recommended for production systems.)
703 class = StreamHandler
707 class = StreamHandler
704 args = (sys.stderr, )
708 args = (sys.stderr, )
705 level = WARN
709 level = WARN
706 formatter = color_formatter_sql
710 formatter = color_formatter_sql
707
711
708 ################
712 ################
709 ## FORMATTERS ##
713 ## FORMATTERS ##
710 ################
714 ################
711
715
712 [formatter_generic]
716 [formatter_generic]
713 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
717 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
714 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
718 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
715 datefmt = %Y-%m-%d %H:%M:%S
719 datefmt = %Y-%m-%d %H:%M:%S
716
720
717 [formatter_color_formatter]
721 [formatter_color_formatter]
718 class = rhodecode.lib.logging_formatter.ColorFormatter
722 class = rhodecode.lib.logging_formatter.ColorFormatter
719 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
723 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
720 datefmt = %Y-%m-%d %H:%M:%S
724 datefmt = %Y-%m-%d %H:%M:%S
721
725
722 [formatter_color_formatter_sql]
726 [formatter_color_formatter_sql]
723 class = rhodecode.lib.logging_formatter.ColorFormatterSql
727 class = rhodecode.lib.logging_formatter.ColorFormatterSql
724 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
728 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
725 datefmt = %Y-%m-%d %H:%M:%S
729 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,698 +1,702 b''
1
1
2
2
3 ################################################################################
3 ################################################################################
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 ################################################################################
5 ################################################################################
6
6
7 [DEFAULT]
7 [DEFAULT]
8 ## Debug flag sets all loggers to debug, and enables request tracking
8 ## Debug flag sets all loggers to debug, and enables request tracking
9 debug = false
9 debug = false
10
10
11 ################################################################################
11 ################################################################################
12 ## EMAIL CONFIGURATION ##
12 ## EMAIL CONFIGURATION ##
13 ## Uncomment and replace with the email address which should receive ##
13 ## Uncomment and replace with the email address which should receive ##
14 ## any error reports after an application crash ##
14 ## any error reports after an application crash ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 ################################################################################
16 ################################################################################
17
17
18 ## prefix all emails subjects with given prefix, helps filtering out emails
18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 #email_prefix = [RhodeCode]
19 #email_prefix = [RhodeCode]
20
20
21 ## email FROM address all mails will be sent
21 ## email FROM address all mails will be sent
22 #app_email_from = rhodecode-noreply@localhost
22 #app_email_from = rhodecode-noreply@localhost
23
23
24 #smtp_server = mail.server.com
24 #smtp_server = mail.server.com
25 #smtp_username =
25 #smtp_username =
26 #smtp_password =
26 #smtp_password =
27 #smtp_port =
27 #smtp_port =
28 #smtp_use_tls = false
28 #smtp_use_tls = false
29 #smtp_use_ssl = true
29 #smtp_use_ssl = true
30
30
31 [server:main]
31 [server:main]
32 ## COMMON ##
32 ## COMMON ##
33 host = 127.0.0.1
33 host = 127.0.0.1
34 port = 5000
34 port = 5000
35
35
36 ###########################################################
36 ###########################################################
37 ## WAITRESS WSGI SERVER - Recommended for Development ####
37 ## WAITRESS WSGI SERVER - Recommended for Development ####
38 ###########################################################
38 ###########################################################
39
39
40 #use = egg:waitress#main
40 #use = egg:waitress#main
41 ## number of worker threads
41 ## number of worker threads
42 #threads = 5
42 #threads = 5
43 ## MAX BODY SIZE 100GB
43 ## MAX BODY SIZE 100GB
44 #max_request_body_size = 107374182400
44 #max_request_body_size = 107374182400
45 ## Use poll instead of select, fixes file descriptors limits problems.
45 ## Use poll instead of select, fixes file descriptors limits problems.
46 ## May not work on old windows systems.
46 ## May not work on old windows systems.
47 #asyncore_use_poll = true
47 #asyncore_use_poll = true
48
48
49
49
50 ##########################
50 ##########################
51 ## GUNICORN WSGI SERVER ##
51 ## GUNICORN WSGI SERVER ##
52 ##########################
52 ##########################
53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
54
54
55 use = egg:gunicorn#main
55 use = egg:gunicorn#main
56 ## Sets the number of process workers. More workers means more concurent connections
56 ## Sets the number of process workers. More workers means more concurent connections
57 ## RhodeCode can handle at the same time. Each additional worker also it increases
57 ## RhodeCode can handle at the same time. Each additional worker also it increases
58 ## memory usage as each has it's own set of caches.
58 ## memory usage as each has it's own set of caches.
59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
62 ## when using more than 1 worker.
62 ## when using more than 1 worker.
63 workers = 2
63 workers = 2
64 ## process name visible in process list
64 ## process name visible in process list
65 proc_name = rhodecode
65 proc_name = rhodecode
66 ## type of worker class, one of sync, gevent
66 ## type of worker class, one of sync, gevent
67 ## recommended for bigger setup is using of of other than sync one
67 ## recommended for bigger setup is using of of other than sync one
68 worker_class = gevent
68 worker_class = gevent
69 ## The maximum number of simultaneous clients. Valid only for Gevent
69 ## The maximum number of simultaneous clients. Valid only for Gevent
70 worker_connections = 10
70 worker_connections = 10
71 ## max number of requests that worker will handle before being gracefully
71 ## max number of requests that worker will handle before being gracefully
72 ## restarted, could prevent memory leaks
72 ## restarted, could prevent memory leaks
73 max_requests = 1000
73 max_requests = 1000
74 max_requests_jitter = 30
74 max_requests_jitter = 30
75 ## amount of time a worker can spend with handling a request before it
75 ## amount of time a worker can spend with handling a request before it
76 ## gets killed and restarted. Set to 6hrs
76 ## gets killed and restarted. Set to 6hrs
77 timeout = 21600
77 timeout = 21600
78
78
79
79
80 ## prefix middleware for RhodeCode.
80 ## prefix middleware for RhodeCode.
81 ## recommended when using proxy setup.
81 ## recommended when using proxy setup.
82 ## allows to set RhodeCode under a prefix in server.
82 ## allows to set RhodeCode under a prefix in server.
83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
83 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
84 ## And set your prefix like: `prefix = /custom_prefix`
84 ## And set your prefix like: `prefix = /custom_prefix`
85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
85 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
86 ## to make your cookies only work on prefix url
86 ## to make your cookies only work on prefix url
87 [filter:proxy-prefix]
87 [filter:proxy-prefix]
88 use = egg:PasteDeploy#prefix
88 use = egg:PasteDeploy#prefix
89 prefix = /
89 prefix = /
90
90
91 [app:main]
91 [app:main]
92 ## The %(here)s variable will be replaced with the absolute path of parent directory
92 ## The %(here)s variable will be replaced with the absolute path of parent directory
93 ## of this file
93 ## of this file
94 ## In addition ENVIRONMENT variables usage is possible, e.g
94 ## In addition ENVIRONMENT variables usage is possible, e.g
95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
95 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
96
96
97 use = egg:rhodecode-enterprise-ce
97 use = egg:rhodecode-enterprise-ce
98
98
99 ## enable proxy prefix middleware, defined above
99 ## enable proxy prefix middleware, defined above
100 #filter-with = proxy-prefix
100 #filter-with = proxy-prefix
101
101
102 ## encryption key used to encrypt social plugin tokens,
102 ## encryption key used to encrypt social plugin tokens,
103 ## remote_urls with credentials etc, if not set it defaults to
103 ## remote_urls with credentials etc, if not set it defaults to
104 ## `beaker.session.secret`
104 ## `beaker.session.secret`
105 #rhodecode.encrypted_values.secret =
105 #rhodecode.encrypted_values.secret =
106
106
107 ## decryption strict mode (enabled by default). It controls if decryption raises
107 ## decryption strict mode (enabled by default). It controls if decryption raises
108 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
108 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
109 #rhodecode.encrypted_values.strict = false
109 #rhodecode.encrypted_values.strict = false
110
110
111 ## return gzipped responses from Rhodecode (static files/application)
111 ## return gzipped responses from Rhodecode (static files/application)
112 gzip_responses = false
112 gzip_responses = false
113
113
114 ## autogenerate javascript routes file on startup
114 ## autogenerate javascript routes file on startup
115 generate_js_files = false
115 generate_js_files = false
116
116
117 ## System global default language.
117 ## System global default language.
118 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
118 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
119 lang = en
119 lang = en
120
120
121 ## Perform a full repository scan and import on each server start.
121 ## Perform a full repository scan and import on each server start.
122 ## Settings this to true could lead to very long startup time.
122 ## Settings this to true could lead to very long startup time.
123 startup.import_repos = false
123 startup.import_repos = false
124
124
125 ## Uncomment and set this path to use archive download cache.
125 ## Uncomment and set this path to use archive download cache.
126 ## Once enabled, generated archives will be cached at this location
126 ## Once enabled, generated archives will be cached at this location
127 ## and served from the cache during subsequent requests for the same archive of
127 ## and served from the cache during subsequent requests for the same archive of
128 ## the repository.
128 ## the repository.
129 #archive_cache_dir = /tmp/tarballcache
129 #archive_cache_dir = /tmp/tarballcache
130
130
131 ## URL at which the application is running. This is used for bootstraping
131 ## URL at which the application is running. This is used for bootstraping
132 ## requests in context when no web request is available. Used in ishell, or
132 ## requests in context when no web request is available. Used in ishell, or
133 ## SSH calls. Set this for events to receive proper url for SSH calls.
133 ## SSH calls. Set this for events to receive proper url for SSH calls.
134 app.base_url = http://rhodecode.local
134 app.base_url = http://rhodecode.local
135
135
136 ## Unique application ID. Should be a random unique string for security.
136 ## Unique application ID. Should be a random unique string for security.
137 app_instance_uuid = rc-production
137 app_instance_uuid = rc-production
138
138
139 ## Cut off limit for large diffs (size in bytes). If overall diff size on
139 ## Cut off limit for large diffs (size in bytes). If overall diff size on
140 ## commit, or pull request exceeds this limit this diff will be displayed
140 ## commit, or pull request exceeds this limit this diff will be displayed
141 ## partially. E.g 512000 == 512Kb
141 ## partially. E.g 512000 == 512Kb
142 cut_off_limit_diff = 512000
142 cut_off_limit_diff = 512000
143
143
144 ## Cut off limit for large files inside diffs (size in bytes). Each individual
144 ## Cut off limit for large files inside diffs (size in bytes). Each individual
145 ## file inside diff which exceeds this limit will be displayed partially.
145 ## file inside diff which exceeds this limit will be displayed partially.
146 ## E.g 128000 == 128Kb
146 ## E.g 128000 == 128Kb
147 cut_off_limit_file = 128000
147 cut_off_limit_file = 128000
148
148
149 ## use cached version of vcs repositories everywhere. Recommended to be `true`
149 ## use cached version of vcs repositories everywhere. Recommended to be `true`
150 vcs_full_cache = true
150 vcs_full_cache = true
151
151
152 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
152 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
153 ## Normally this is controlled by proper http flags sent from http server
153 ## Normally this is controlled by proper http flags sent from http server
154 force_https = false
154 force_https = false
155
155
156 ## use Strict-Transport-Security headers
156 ## use Strict-Transport-Security headers
157 use_htsts = false
157 use_htsts = false
158
158
159 ## git rev filter option, --all is the default filter, if you need to
159 ## git rev filter option, --all is the default filter, if you need to
160 ## hide all refs in changelog switch this to --branches --tags
160 ## hide all refs in changelog switch this to --branches --tags
161 git_rev_filter = --branches --tags
161 git_rev_filter = --branches --tags
162
162
163 # Set to true if your repos are exposed using the dumb protocol
163 # Set to true if your repos are exposed using the dumb protocol
164 git_update_server_info = false
164 git_update_server_info = false
165
165
166 ## RSS/ATOM feed options
166 ## RSS/ATOM feed options
167 rss_cut_off_limit = 256000
167 rss_cut_off_limit = 256000
168 rss_items_per_page = 10
168 rss_items_per_page = 10
169 rss_include_diff = false
169 rss_include_diff = false
170
170
171 ## gist URL alias, used to create nicer urls for gist. This should be an
171 ## gist URL alias, used to create nicer urls for gist. This should be an
172 ## url that does rewrites to _admin/gists/{gistid}.
172 ## url that does rewrites to _admin/gists/{gistid}.
173 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
173 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
174 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
174 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
175 gist_alias_url =
175 gist_alias_url =
176
176
177 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
177 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
178 ## used for access.
178 ## used for access.
179 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
179 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
180 ## came from the the logged in user who own this authentication token.
180 ## came from the the logged in user who own this authentication token.
181 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
181 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
182 ## authentication token. Such view would be only accessible when used together
182 ## authentication token. Such view would be only accessible when used together
183 ## with this authentication token
183 ## with this authentication token
184 ##
184 ##
185 ## list of all views can be found under `/_admin/permissions/auth_token_access`
185 ## list of all views can be found under `/_admin/permissions/auth_token_access`
186 ## The list should be "," separated and on a single line.
186 ## The list should be "," separated and on a single line.
187 ##
187 ##
188 ## Most common views to enable:
188 ## Most common views to enable:
189 # RepoCommitsView:repo_commit_download
189 # RepoCommitsView:repo_commit_download
190 # RepoCommitsView:repo_commit_patch
190 # RepoCommitsView:repo_commit_patch
191 # RepoCommitsView:repo_commit_raw
191 # RepoCommitsView:repo_commit_raw
192 # RepoCommitsView:repo_commit_raw@TOKEN
192 # RepoCommitsView:repo_commit_raw@TOKEN
193 # RepoFilesView:repo_files_diff
193 # RepoFilesView:repo_files_diff
194 # RepoFilesView:repo_archivefile
194 # RepoFilesView:repo_archivefile
195 # RepoFilesView:repo_file_raw
195 # RepoFilesView:repo_file_raw
196 # GistView:*
196 # GistView:*
197 api_access_controllers_whitelist =
197 api_access_controllers_whitelist =
198
198
199 ## Default encoding used to convert from and to unicode
199 ## Default encoding used to convert from and to unicode
200 ## can be also a comma separated list of encoding in case of mixed encodings
200 ## can be also a comma separated list of encoding in case of mixed encodings
201 default_encoding = UTF-8
201 default_encoding = UTF-8
202
202
203 ## instance-id prefix
203 ## instance-id prefix
204 ## a prefix key for this instance used for cache invalidation when running
204 ## a prefix key for this instance used for cache invalidation when running
205 ## multiple instances of rhodecode, make sure it's globally unique for
205 ## multiple instances of rhodecode, make sure it's globally unique for
206 ## all running rhodecode instances. Leave empty if you don't use it
206 ## all running rhodecode instances. Leave empty if you don't use it
207 instance_id =
207 instance_id =
208
208
209 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
209 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
210 ## of an authentication plugin also if it is disabled by it's settings.
210 ## of an authentication plugin also if it is disabled by it's settings.
211 ## This could be useful if you are unable to log in to the system due to broken
211 ## This could be useful if you are unable to log in to the system due to broken
212 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
212 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
213 ## module to log in again and fix the settings.
213 ## module to log in again and fix the settings.
214 ##
214 ##
215 ## Available builtin plugin IDs (hash is part of the ID):
215 ## Available builtin plugin IDs (hash is part of the ID):
216 ## egg:rhodecode-enterprise-ce#rhodecode
216 ## egg:rhodecode-enterprise-ce#rhodecode
217 ## egg:rhodecode-enterprise-ce#pam
217 ## egg:rhodecode-enterprise-ce#pam
218 ## egg:rhodecode-enterprise-ce#ldap
218 ## egg:rhodecode-enterprise-ce#ldap
219 ## egg:rhodecode-enterprise-ce#jasig_cas
219 ## egg:rhodecode-enterprise-ce#jasig_cas
220 ## egg:rhodecode-enterprise-ce#headers
220 ## egg:rhodecode-enterprise-ce#headers
221 ## egg:rhodecode-enterprise-ce#crowd
221 ## egg:rhodecode-enterprise-ce#crowd
222 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
222 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
223
223
224 ## alternative return HTTP header for failed authentication. Default HTTP
224 ## alternative return HTTP header for failed authentication. Default HTTP
225 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
225 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
226 ## handling that causing a series of failed authentication calls.
226 ## handling that causing a series of failed authentication calls.
227 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
227 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
228 ## This will be served instead of default 401 on bad authnetication
228 ## This will be served instead of default 401 on bad authnetication
229 auth_ret_code =
229 auth_ret_code =
230
230
231 ## use special detection method when serving auth_ret_code, instead of serving
231 ## use special detection method when serving auth_ret_code, instead of serving
232 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
232 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
233 ## and then serve auth_ret_code to clients
233 ## and then serve auth_ret_code to clients
234 auth_ret_code_detection = false
234 auth_ret_code_detection = false
235
235
236 ## locking return code. When repository is locked return this HTTP code. 2XX
236 ## locking return code. When repository is locked return this HTTP code. 2XX
237 ## codes don't break the transactions while 4XX codes do
237 ## codes don't break the transactions while 4XX codes do
238 lock_ret_code = 423
238 lock_ret_code = 423
239
239
240 ## allows to change the repository location in settings page
240 ## allows to change the repository location in settings page
241 allow_repo_location_change = true
241 allow_repo_location_change = true
242
242
243 ## allows to setup custom hooks in settings page
243 ## allows to setup custom hooks in settings page
244 allow_custom_hooks_settings = true
244 allow_custom_hooks_settings = true
245
245
246 ## Generated license token required for EE edition license.
246 ## Generated license token required for EE edition license.
247 ## New generated token value can be found in Admin > settings > license page.
247 ## New generated token value can be found in Admin > settings > license page.
248 license_token =
248 license_token =
249
249
250 ## supervisor connection uri, for managing supervisor and logs.
250 ## supervisor connection uri, for managing supervisor and logs.
251 supervisor.uri =
251 supervisor.uri =
252 ## supervisord group name/id we only want this RC instance to handle
252 ## supervisord group name/id we only want this RC instance to handle
253 supervisor.group_id = prod
253 supervisor.group_id = prod
254
254
255 ## Display extended labs settings
255 ## Display extended labs settings
256 labs_settings_active = true
256 labs_settings_active = true
257
257
258 ## Custom exception store path, defaults to TMPDIR
258 ## Custom exception store path, defaults to TMPDIR
259 ## This is used to store exception from RhodeCode in shared directory
259 ## This is used to store exception from RhodeCode in shared directory
260 #exception_tracker.store_path =
260 #exception_tracker.store_path =
261
261
262 ## File store configuration. This is used to store and serve uploaded files
262 ## File store configuration. This is used to store and serve uploaded files
263 file_store.enabled = true
263 file_store.enabled = true
264 ## backend, only available one is local
264 ## backend, only available one is local
265 file_store.backend = local
265 file_store.backend = local
266 ## path to store the uploaded binaries
266 ## path to store the uploaded binaries
267 file_store.storage_path = %(here)s/data/file_store
267 file_store.storage_path = %(here)s/data/file_store
268
268
269
269
270 ####################################
270 ####################################
271 ### CELERY CONFIG ####
271 ### CELERY CONFIG ####
272 ####################################
272 ####################################
273 ## run: /path/to/celery worker \
273 ## run: /path/to/celery worker \
274 ## -E --beat --app rhodecode.lib.celerylib.loader \
274 ## -E --beat --app rhodecode.lib.celerylib.loader \
275 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
275 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
276 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
276 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
277
277
278 use_celery = false
278 use_celery = false
279
279
280 ## connection url to the message broker (default rabbitmq)
280 ## connection url to the message broker (default rabbitmq)
281 celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
281 celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
282
282
283 ## maximum tasks to execute before worker restart
283 ## maximum tasks to execute before worker restart
284 celery.max_tasks_per_child = 100
284 celery.max_tasks_per_child = 100
285
285
286 ## tasks will never be sent to the queue, but executed locally instead.
286 ## tasks will never be sent to the queue, but executed locally instead.
287 celery.task_always_eager = false
287 celery.task_always_eager = false
288
288
289 #####################################
289 #####################################
290 ### DOGPILE CACHE ####
290 ### DOGPILE CACHE ####
291 #####################################
291 #####################################
292 ## Default cache dir for caches. Putting this into a ramdisk
292 ## Default cache dir for caches. Putting this into a ramdisk
293 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
293 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
294 ## large amount of space
294 ## large amount of space
295 cache_dir = %(here)s/data
295 cache_dir = %(here)s/data
296
296
297 ## `cache_perms` cache settings for permission tree, auth TTL.
297 ## `cache_perms` cache settings for permission tree, auth TTL.
298 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
298 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
299 rc_cache.cache_perms.expiration_time = 300
299 rc_cache.cache_perms.expiration_time = 300
300
300
301 ## alternative `cache_perms` redis backend with distributed lock
301 ## alternative `cache_perms` redis backend with distributed lock
302 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
302 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
303 #rc_cache.cache_perms.expiration_time = 300
303 #rc_cache.cache_perms.expiration_time = 300
304 ## redis_expiration_time needs to be greater then expiration_time
304 ## redis_expiration_time needs to be greater then expiration_time
305 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
305 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
306 #rc_cache.cache_perms.arguments.socket_timeout = 30
306 #rc_cache.cache_perms.arguments.socket_timeout = 30
307 #rc_cache.cache_perms.arguments.host = localhost
307 #rc_cache.cache_perms.arguments.host = localhost
308 #rc_cache.cache_perms.arguments.port = 6379
308 #rc_cache.cache_perms.arguments.port = 6379
309 #rc_cache.cache_perms.arguments.db = 0
309 #rc_cache.cache_perms.arguments.db = 0
310 #rc_cache.cache_perms.arguments.distributed_lock = true
310 #rc_cache.cache_perms.arguments.distributed_lock = true
311
311
312 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
312 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
313 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
313 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
314 rc_cache.cache_repo.expiration_time = 2592000
314 rc_cache.cache_repo.expiration_time = 2592000
315
315
316 ## alternative `cache_repo` redis backend with distributed lock
316 ## alternative `cache_repo` redis backend with distributed lock
317 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
317 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
318 #rc_cache.cache_repo.expiration_time = 2592000
318 #rc_cache.cache_repo.expiration_time = 2592000
319 ## redis_expiration_time needs to be greater then expiration_time
319 ## redis_expiration_time needs to be greater then expiration_time
320 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
320 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
321 #rc_cache.cache_repo.arguments.socket_timeout = 30
321 #rc_cache.cache_repo.arguments.socket_timeout = 30
322 #rc_cache.cache_repo.arguments.host = localhost
322 #rc_cache.cache_repo.arguments.host = localhost
323 #rc_cache.cache_repo.arguments.port = 6379
323 #rc_cache.cache_repo.arguments.port = 6379
324 #rc_cache.cache_repo.arguments.db = 1
324 #rc_cache.cache_repo.arguments.db = 1
325 #rc_cache.cache_repo.arguments.distributed_lock = true
325 #rc_cache.cache_repo.arguments.distributed_lock = true
326
326
327 ## cache settings for SQL queries, this needs to use memory type backend
327 ## cache settings for SQL queries, this needs to use memory type backend
328 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
328 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
329 rc_cache.sql_cache_short.expiration_time = 30
329 rc_cache.sql_cache_short.expiration_time = 30
330
330
331 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
331 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
332 ## type backend as the objects kept are not pickle serializable
332 ## type backend as the objects kept are not pickle serializable
333 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
333 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
334 ## by default we use 96H, this is using invalidation on push anyway
334 ## by default we use 96H, this is using invalidation on push anyway
335 rc_cache.cache_repo_longterm.expiration_time = 345600
335 rc_cache.cache_repo_longterm.expiration_time = 345600
336 ## max items in LRU cache, reduce this number to save memory, and expire last used
336 ## max items in LRU cache, reduce this number to save memory, and expire last used
337 ## cached objects
337 ## cached objects
338 rc_cache.cache_repo_longterm.max_size = 10000
338 rc_cache.cache_repo_longterm.max_size = 10000
339
339
340
340
341 ####################################
341 ####################################
342 ### BEAKER SESSION ####
342 ### BEAKER SESSION ####
343 ####################################
343 ####################################
344
344
345 ## .session.type is type of storage options for the session, current allowed
345 ## .session.type is type of storage options for the session, current allowed
346 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
346 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
347 beaker.session.type = file
347 beaker.session.type = file
348 beaker.session.data_dir = %(here)s/data/sessions
348 beaker.session.data_dir = %(here)s/data/sessions
349
349
350 ## db based session, fast, and allows easy management over logged in users
350 ## db based session, fast, and allows easy management over logged in users
351 #beaker.session.type = ext:database
351 #beaker.session.type = ext:database
352 #beaker.session.table_name = db_session
352 #beaker.session.table_name = db_session
353 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
353 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
354 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
354 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
355 #beaker.session.sa.pool_recycle = 3600
355 #beaker.session.sa.pool_recycle = 3600
356 #beaker.session.sa.echo = false
356 #beaker.session.sa.echo = false
357
357
358 beaker.session.key = rhodecode
358 beaker.session.key = rhodecode
359 beaker.session.secret = production-rc-uytcxaz
359 beaker.session.secret = production-rc-uytcxaz
360 beaker.session.lock_dir = %(here)s/data/sessions/lock
360 beaker.session.lock_dir = %(here)s/data/sessions/lock
361
361
362 ## Secure encrypted cookie. Requires AES and AES python libraries
362 ## Secure encrypted cookie. Requires AES and AES python libraries
363 ## you must disable beaker.session.secret to use this
363 ## you must disable beaker.session.secret to use this
364 #beaker.session.encrypt_key = key_for_encryption
364 #beaker.session.encrypt_key = key_for_encryption
365 #beaker.session.validate_key = validation_key
365 #beaker.session.validate_key = validation_key
366
366
367 ## sets session as invalid(also logging out user) if it haven not been
367 ## sets session as invalid(also logging out user) if it haven not been
368 ## accessed for given amount of time in seconds
368 ## accessed for given amount of time in seconds
369 beaker.session.timeout = 2592000
369 beaker.session.timeout = 2592000
370 beaker.session.httponly = true
370 beaker.session.httponly = true
371 ## Path to use for the cookie. Set to prefix if you use prefix middleware
371 ## Path to use for the cookie. Set to prefix if you use prefix middleware
372 #beaker.session.cookie_path = /custom_prefix
372 #beaker.session.cookie_path = /custom_prefix
373
373
374 ## uncomment for https secure cookie
374 ## uncomment for https secure cookie
375 beaker.session.secure = false
375 beaker.session.secure = false
376
376
377 ## auto save the session to not to use .save()
377 ## auto save the session to not to use .save()
378 beaker.session.auto = false
378 beaker.session.auto = false
379
379
380 ## default cookie expiration time in seconds, set to `true` to set expire
380 ## default cookie expiration time in seconds, set to `true` to set expire
381 ## at browser close
381 ## at browser close
382 #beaker.session.cookie_expires = 3600
382 #beaker.session.cookie_expires = 3600
383
383
384 ###################################
384 ###################################
385 ## SEARCH INDEXING CONFIGURATION ##
385 ## SEARCH INDEXING CONFIGURATION ##
386 ###################################
386 ###################################
387 ## Full text search indexer is available in rhodecode-tools under
387 ## Full text search indexer is available in rhodecode-tools under
388 ## `rhodecode-tools index` command
388 ## `rhodecode-tools index` command
389
389
390 ## WHOOSH Backend, doesn't require additional services to run
390 ## WHOOSH Backend, doesn't require additional services to run
391 ## it works good with few dozen repos
391 ## it works good with few dozen repos
392 search.module = rhodecode.lib.index.whoosh
392 search.module = rhodecode.lib.index.whoosh
393 search.location = %(here)s/data/index
393 search.location = %(here)s/data/index
394
394
395 ########################################
395 ########################################
396 ### CHANNELSTREAM CONFIG ####
396 ### CHANNELSTREAM CONFIG ####
397 ########################################
397 ########################################
398 ## channelstream enables persistent connections and live notification
398 ## channelstream enables persistent connections and live notification
399 ## in the system. It's also used by the chat system
399 ## in the system. It's also used by the chat system
400
400
401 channelstream.enabled = false
401 channelstream.enabled = false
402
402
403 ## server address for channelstream server on the backend
403 ## server address for channelstream server on the backend
404 channelstream.server = 127.0.0.1:9800
404 channelstream.server = 127.0.0.1:9800
405
405
406 ## location of the channelstream server from outside world
406 ## location of the channelstream server from outside world
407 ## use ws:// for http or wss:// for https. This address needs to be handled
407 ## use ws:// for http or wss:// for https. This address needs to be handled
408 ## by external HTTP server such as Nginx or Apache
408 ## by external HTTP server such as Nginx or Apache
409 ## see nginx/apache configuration examples in our docs
409 ## see nginx/apache configuration examples in our docs
410 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
410 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
411 channelstream.secret = secret
411 channelstream.secret = secret
412 channelstream.history.location = %(here)s/channelstream_history
412 channelstream.history.location = %(here)s/channelstream_history
413
413
414 ## Internal application path that Javascript uses to connect into.
414 ## Internal application path that Javascript uses to connect into.
415 ## If you use proxy-prefix the prefix should be added before /_channelstream
415 ## If you use proxy-prefix the prefix should be added before /_channelstream
416 channelstream.proxy_path = /_channelstream
416 channelstream.proxy_path = /_channelstream
417
417
418
418
419 ###################################
419 ###################################
420 ## APPENLIGHT CONFIG ##
420 ## APPENLIGHT CONFIG ##
421 ###################################
421 ###################################
422
422
423 ## Appenlight is tailored to work with RhodeCode, see
423 ## Appenlight is tailored to work with RhodeCode, see
424 ## http://appenlight.com for details how to obtain an account
424 ## http://appenlight.com for details how to obtain an account
425
425
426 ## appenlight integration enabled
426 ## appenlight integration enabled
427 appenlight = false
427 appenlight = false
428
428
429 appenlight.server_url = https://api.appenlight.com
429 appenlight.server_url = https://api.appenlight.com
430 appenlight.api_key = YOUR_API_KEY
430 appenlight.api_key = YOUR_API_KEY
431 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
431 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
432
432
433 # used for JS client
433 # used for JS client
434 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
434 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
435
435
436 ## TWEAK AMOUNT OF INFO SENT HERE
436 ## TWEAK AMOUNT OF INFO SENT HERE
437
437
438 ## enables 404 error logging (default False)
438 ## enables 404 error logging (default False)
439 appenlight.report_404 = false
439 appenlight.report_404 = false
440
440
441 ## time in seconds after request is considered being slow (default 1)
441 ## time in seconds after request is considered being slow (default 1)
442 appenlight.slow_request_time = 1
442 appenlight.slow_request_time = 1
443
443
444 ## record slow requests in application
444 ## record slow requests in application
445 ## (needs to be enabled for slow datastore recording and time tracking)
445 ## (needs to be enabled for slow datastore recording and time tracking)
446 appenlight.slow_requests = true
446 appenlight.slow_requests = true
447
447
448 ## enable hooking to application loggers
448 ## enable hooking to application loggers
449 appenlight.logging = true
449 appenlight.logging = true
450
450
451 ## minimum log level for log capture
451 ## minimum log level for log capture
452 appenlight.logging.level = WARNING
452 appenlight.logging.level = WARNING
453
453
454 ## send logs only from erroneous/slow requests
454 ## send logs only from erroneous/slow requests
455 ## (saves API quota for intensive logging)
455 ## (saves API quota for intensive logging)
456 appenlight.logging_on_error = false
456 appenlight.logging_on_error = false
457
457
458 ## list of additonal keywords that should be grabbed from environ object
458 ## list of additonal keywords that should be grabbed from environ object
459 ## can be string with comma separated list of words in lowercase
459 ## can be string with comma separated list of words in lowercase
460 ## (by default client will always send following info:
460 ## (by default client will always send following info:
461 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
461 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
462 ## start with HTTP* this list be extended with additional keywords here
462 ## start with HTTP* this list be extended with additional keywords here
463 appenlight.environ_keys_whitelist =
463 appenlight.environ_keys_whitelist =
464
464
465 ## list of keywords that should be blanked from request object
465 ## list of keywords that should be blanked from request object
466 ## can be string with comma separated list of words in lowercase
466 ## can be string with comma separated list of words in lowercase
467 ## (by default client will always blank keys that contain following words
467 ## (by default client will always blank keys that contain following words
468 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
468 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
469 ## this list be extended with additional keywords set here
469 ## this list be extended with additional keywords set here
470 appenlight.request_keys_blacklist =
470 appenlight.request_keys_blacklist =
471
471
472 ## list of namespaces that should be ignores when gathering log entries
472 ## list of namespaces that should be ignores when gathering log entries
473 ## can be string with comma separated list of namespaces
473 ## can be string with comma separated list of namespaces
474 ## (by default the client ignores own entries: appenlight_client.client)
474 ## (by default the client ignores own entries: appenlight_client.client)
475 appenlight.log_namespace_blacklist =
475 appenlight.log_namespace_blacklist =
476
476
477
477
478 ###########################################
478 ###########################################
479 ### MAIN RHODECODE DATABASE CONFIG ###
479 ### MAIN RHODECODE DATABASE CONFIG ###
480 ###########################################
480 ###########################################
481 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
481 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
482 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
482 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
483 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
483 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
484 # pymysql is an alternative driver for MySQL, use in case of problems with default one
484 # pymysql is an alternative driver for MySQL, use in case of problems with default one
485 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
485 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
486
486
487 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
487 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
488
488
489 # see sqlalchemy docs for other advanced settings
489 # see sqlalchemy docs for other advanced settings
490
490
491 ## print the sql statements to output
491 ## print the sql statements to output
492 sqlalchemy.db1.echo = false
492 sqlalchemy.db1.echo = false
493 ## recycle the connections after this amount of seconds
493 ## recycle the connections after this amount of seconds
494 sqlalchemy.db1.pool_recycle = 3600
494 sqlalchemy.db1.pool_recycle = 3600
495 sqlalchemy.db1.convert_unicode = true
495 sqlalchemy.db1.convert_unicode = true
496
496
497 ## the number of connections to keep open inside the connection pool.
497 ## the number of connections to keep open inside the connection pool.
498 ## 0 indicates no limit
498 ## 0 indicates no limit
499 #sqlalchemy.db1.pool_size = 5
499 #sqlalchemy.db1.pool_size = 5
500
500
501 ## the number of connections to allow in connection pool "overflow", that is
501 ## the number of connections to allow in connection pool "overflow", that is
502 ## connections that can be opened above and beyond the pool_size setting,
502 ## connections that can be opened above and beyond the pool_size setting,
503 ## which defaults to five.
503 ## which defaults to five.
504 #sqlalchemy.db1.max_overflow = 10
504 #sqlalchemy.db1.max_overflow = 10
505
505
506 ## Connection check ping, used to detect broken database connections
506 ## Connection check ping, used to detect broken database connections
507 ## could be enabled to better handle cases if MySQL has gone away errors
507 ## could be enabled to better handle cases if MySQL has gone away errors
508 #sqlalchemy.db1.ping_connection = true
508 #sqlalchemy.db1.ping_connection = true
509
509
510 ##################
510 ##################
511 ### VCS CONFIG ###
511 ### VCS CONFIG ###
512 ##################
512 ##################
513 vcs.server.enable = true
513 vcs.server.enable = true
514 vcs.server = localhost:9900
514 vcs.server = localhost:9900
515
515
516 ## Web server connectivity protocol, responsible for web based VCS operatations
516 ## Web server connectivity protocol, responsible for web based VCS operatations
517 ## Available protocols are:
517 ## Available protocols are:
518 ## `http` - use http-rpc backend (default)
518 ## `http` - use http-rpc backend (default)
519 vcs.server.protocol = http
519 vcs.server.protocol = http
520
520
521 ## Push/Pull operations protocol, available options are:
521 ## Push/Pull operations protocol, available options are:
522 ## `http` - use http-rpc backend (default)
522 ## `http` - use http-rpc backend (default)
523 vcs.scm_app_implementation = http
523 vcs.scm_app_implementation = http
524
524
525 ## Push/Pull operations hooks protocol, available options are:
525 ## Push/Pull operations hooks protocol, available options are:
526 ## `http` - use http-rpc backend (default)
526 ## `http` - use http-rpc backend (default)
527 vcs.hooks.protocol = http
527 vcs.hooks.protocol = http
528
528
529 ## Host on which this instance is listening for hooks. If vcsserver is in other location
529 ## Host on which this instance is listening for hooks. If vcsserver is in other location
530 ## this should be adjusted.
530 ## this should be adjusted.
531 vcs.hooks.host = 127.0.0.1
531 vcs.hooks.host = 127.0.0.1
532
532
533 vcs.server.log_level = info
533 vcs.server.log_level = info
534 ## Start VCSServer with this instance as a subprocess, useful for development
534 ## Start VCSServer with this instance as a subprocess, useful for development
535 vcs.start_server = false
535 vcs.start_server = false
536
536
537 ## List of enabled VCS backends, available options are:
537 ## List of enabled VCS backends, available options are:
538 ## `hg` - mercurial
538 ## `hg` - mercurial
539 ## `git` - git
539 ## `git` - git
540 ## `svn` - subversion
540 ## `svn` - subversion
541 vcs.backends = hg, git, svn
541 vcs.backends = hg, git, svn
542
542
543 vcs.connection_timeout = 3600
543 vcs.connection_timeout = 3600
544 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
544 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
545 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
545 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
546 #vcs.svn.compatible_version = pre-1.8-compatible
546 #vcs.svn.compatible_version = pre-1.8-compatible
547
547
548
548
549 ############################################################
549 ############################################################
550 ### Subversion proxy support (mod_dav_svn) ###
550 ### Subversion proxy support (mod_dav_svn) ###
551 ### Maps RhodeCode repo groups into SVN paths for Apache ###
551 ### Maps RhodeCode repo groups into SVN paths for Apache ###
552 ############################################################
552 ############################################################
553 ## Enable or disable the config file generation.
553 ## Enable or disable the config file generation.
554 svn.proxy.generate_config = false
554 svn.proxy.generate_config = false
555 ## Generate config file with `SVNListParentPath` set to `On`.
555 ## Generate config file with `SVNListParentPath` set to `On`.
556 svn.proxy.list_parent_path = true
556 svn.proxy.list_parent_path = true
557 ## Set location and file name of generated config file.
557 ## Set location and file name of generated config file.
558 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
558 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
559 ## alternative mod_dav config template. This needs to be a mako template
559 ## alternative mod_dav config template. This needs to be a mako template
560 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
560 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
561 ## Used as a prefix to the `Location` block in the generated config file.
561 ## Used as a prefix to the `Location` block in the generated config file.
562 ## In most cases it should be set to `/`.
562 ## In most cases it should be set to `/`.
563 svn.proxy.location_root = /
563 svn.proxy.location_root = /
564 ## Command to reload the mod dav svn configuration on change.
564 ## Command to reload the mod dav svn configuration on change.
565 ## Example: `/etc/init.d/apache2 reload`
565 ## Example: `/etc/init.d/apache2 reload`
566 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
566 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
567 ## If the timeout expires before the reload command finishes, the command will
567 ## If the timeout expires before the reload command finishes, the command will
568 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
568 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
569 #svn.proxy.reload_timeout = 10
569 #svn.proxy.reload_timeout = 10
570
570
571 ############################################################
571 ############################################################
572 ### SSH Support Settings ###
572 ### SSH Support Settings ###
573 ############################################################
573 ############################################################
574
574
575 ## Defines if a custom authorized_keys file should be created and written on
575 ## Defines if a custom authorized_keys file should be created and written on
576 ## any change user ssh keys. Setting this to false also disables posibility
576 ## any change user ssh keys. Setting this to false also disables posibility
577 ## of adding SSH keys by users from web interface. Super admins can still
577 ## of adding SSH keys by users from web interface. Super admins can still
578 ## manage SSH Keys.
578 ## manage SSH Keys.
579 ssh.generate_authorized_keyfile = false
579 ssh.generate_authorized_keyfile = false
580
580
581 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
581 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
582 # ssh.authorized_keys_ssh_opts =
582 # ssh.authorized_keys_ssh_opts =
583
583
584 ## Path to the authrozied_keys file where the generate entries are placed.
584 ## Path to the authrozied_keys file where the generate entries are placed.
585 ## It is possible to have multiple key files specified in `sshd_config` e.g.
585 ## It is possible to have multiple key files specified in `sshd_config` e.g.
586 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
586 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
587 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
587 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
588
588
589 ## Command to execute the SSH wrapper. The binary is available in the
589 ## Command to execute the SSH wrapper. The binary is available in the
590 ## rhodecode installation directory.
590 ## rhodecode installation directory.
591 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
591 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
592 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
592 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
593
593
594 ## Allow shell when executing the ssh-wrapper command
594 ## Allow shell when executing the ssh-wrapper command
595 ssh.wrapper_cmd_allow_shell = false
595 ssh.wrapper_cmd_allow_shell = false
596
596
597 ## Enables logging, and detailed output send back to the client during SSH
597 ## Enables logging, and detailed output send back to the client during SSH
598 ## operations. Usefull for debugging, shouldn't be used in production.
598 ## operations. Usefull for debugging, shouldn't be used in production.
599 ssh.enable_debug_logging = false
599 ssh.enable_debug_logging = false
600
600
601 ## Paths to binary executable, by default they are the names, but we can
601 ## Paths to binary executable, by default they are the names, but we can
602 ## override them if we want to use a custom one
602 ## override them if we want to use a custom one
603 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
603 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
604 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
604 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
605 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
605 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
606
606
607 ## Enables SSH key generator web interface. Disabling this still allows users
608 ## to add their own keys.
609 ssh.enable_ui_key_generator = true
610
607
611
608 ## Dummy marker to add new entries after.
612 ## Dummy marker to add new entries after.
609 ## Add any custom entries below. Please don't remove.
613 ## Add any custom entries below. Please don't remove.
610 custom.conf = 1
614 custom.conf = 1
611
615
612
616
613 ################################
617 ################################
614 ### LOGGING CONFIGURATION ####
618 ### LOGGING CONFIGURATION ####
615 ################################
619 ################################
616 [loggers]
620 [loggers]
617 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
621 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
618
622
619 [handlers]
623 [handlers]
620 keys = console, console_sql
624 keys = console, console_sql
621
625
622 [formatters]
626 [formatters]
623 keys = generic, color_formatter, color_formatter_sql
627 keys = generic, color_formatter, color_formatter_sql
624
628
625 #############
629 #############
626 ## LOGGERS ##
630 ## LOGGERS ##
627 #############
631 #############
628 [logger_root]
632 [logger_root]
629 level = NOTSET
633 level = NOTSET
630 handlers = console
634 handlers = console
631
635
632 [logger_sqlalchemy]
636 [logger_sqlalchemy]
633 level = INFO
637 level = INFO
634 handlers = console_sql
638 handlers = console_sql
635 qualname = sqlalchemy.engine
639 qualname = sqlalchemy.engine
636 propagate = 0
640 propagate = 0
637
641
638 [logger_beaker]
642 [logger_beaker]
639 level = DEBUG
643 level = DEBUG
640 handlers =
644 handlers =
641 qualname = beaker.container
645 qualname = beaker.container
642 propagate = 1
646 propagate = 1
643
647
644 [logger_rhodecode]
648 [logger_rhodecode]
645 level = DEBUG
649 level = DEBUG
646 handlers =
650 handlers =
647 qualname = rhodecode
651 qualname = rhodecode
648 propagate = 1
652 propagate = 1
649
653
650 [logger_ssh_wrapper]
654 [logger_ssh_wrapper]
651 level = DEBUG
655 level = DEBUG
652 handlers =
656 handlers =
653 qualname = ssh_wrapper
657 qualname = ssh_wrapper
654 propagate = 1
658 propagate = 1
655
659
656 [logger_celery]
660 [logger_celery]
657 level = DEBUG
661 level = DEBUG
658 handlers =
662 handlers =
659 qualname = celery
663 qualname = celery
660
664
661
665
662 ##############
666 ##############
663 ## HANDLERS ##
667 ## HANDLERS ##
664 ##############
668 ##############
665
669
666 [handler_console]
670 [handler_console]
667 class = StreamHandler
671 class = StreamHandler
668 args = (sys.stderr, )
672 args = (sys.stderr, )
669 level = INFO
673 level = INFO
670 formatter = generic
674 formatter = generic
671
675
672 [handler_console_sql]
676 [handler_console_sql]
673 # "level = DEBUG" logs SQL queries and results.
677 # "level = DEBUG" logs SQL queries and results.
674 # "level = INFO" logs SQL queries.
678 # "level = INFO" logs SQL queries.
675 # "level = WARN" logs neither. (Recommended for production systems.)
679 # "level = WARN" logs neither. (Recommended for production systems.)
676 class = StreamHandler
680 class = StreamHandler
677 args = (sys.stderr, )
681 args = (sys.stderr, )
678 level = WARN
682 level = WARN
679 formatter = generic
683 formatter = generic
680
684
681 ################
685 ################
682 ## FORMATTERS ##
686 ## FORMATTERS ##
683 ################
687 ################
684
688
685 [formatter_generic]
689 [formatter_generic]
686 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
690 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
687 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
691 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
688 datefmt = %Y-%m-%d %H:%M:%S
692 datefmt = %Y-%m-%d %H:%M:%S
689
693
690 [formatter_color_formatter]
694 [formatter_color_formatter]
691 class = rhodecode.lib.logging_formatter.ColorFormatter
695 class = rhodecode.lib.logging_formatter.ColorFormatter
692 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
696 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
693 datefmt = %Y-%m-%d %H:%M:%S
697 datefmt = %Y-%m-%d %H:%M:%S
694
698
695 [formatter_color_formatter_sql]
699 [formatter_color_formatter_sql]
696 class = rhodecode.lib.logging_formatter.ColorFormatterSql
700 class = rhodecode.lib.logging_formatter.ColorFormatterSql
697 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
701 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
698 datefmt = %Y-%m-%d %H:%M:%S
702 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,140 +1,144 b''
1 .. _ssh-connection:
1 .. _ssh-connection:
2
2
3 SSH Connection
3 SSH Connection
4 --------------
4 --------------
5
5
6 If you wish to connect to your |repos| using SSH protocol, use the
6 If you wish to connect to your |repos| using SSH protocol, use the
7 following instructions.
7 following instructions.
8
8
9 1. Include |RCE| generated `authorized_keys` file into your sshd_config.
9 1. Include |RCE| generated `authorized_keys` file into your sshd_config.
10
10
11 By default a file `authorized_keys_rhodecode` is created containing
11 By default a file `authorized_keys_rhodecode` is created containing
12 configuration and all allowed user connection keys are stored inside.
12 configuration and all allowed user connection keys are stored inside.
13 On each change of stored keys inside |RCE| this file is updated with
13 On each change of stored keys inside |RCE| this file is updated with
14 proper data.
14 proper data.
15
15
16 .. code-block:: bash
16 .. code-block:: bash
17
17
18 # Edit sshd_config file most likely at /etc/ssh/sshd_config
18 # Edit sshd_config file most likely at /etc/ssh/sshd_config
19 # add or edit the AuthorizedKeysFile, and set to use custom files
19 # add or edit the AuthorizedKeysFile, and set to use custom files
20
20
21 AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
21 AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
22
22
23 This way we use a separate file for SSH access and separate one for
23 This way we use a separate file for SSH access and separate one for
24 SSH access to |RCE| repositories.
24 SSH access to |RCE| repositories.
25
25
26
26
27 2. Enable the SSH module on instance.
27 2. Enable the SSH module on instance.
28
28
29 On the server where |RCE| is running executing:
29 On the server where |RCE| is running executing:
30
30
31 .. code-block:: bash
31 .. code-block:: bash
32
32
33 rccontrol enable-module ssh {instance-id}
33 rccontrol enable-module ssh {instance-id}
34
34
35 This will add the following configuration into :file:`rhodecode.ini`.
35 This will add the following configuration into :file:`rhodecode.ini`.
36 This also can be done manually:
36 This also can be done manually:
37
37
38 .. code-block:: ini
38 .. code-block:: ini
39
39
40 ############################################################
40 ############################################################
41 ### SSH Support Settings ###
41 ### SSH Support Settings ###
42 ############################################################
42 ############################################################
43
43
44 ## Defines if a custom authorized_keys file should be created and written on
44 ## Defines if a custom authorized_keys file should be created and written on
45 ## any change user ssh keys. Setting this to false also disables posibility
45 ## any change user ssh keys. Setting this to false also disables posibility
46 ## of adding SSH keys by users from web interface. Super admins can still
46 ## of adding SSH keys by users from web interface. Super admins can still
47 ## manage SSH Keys.
47 ## manage SSH Keys.
48 ssh.generate_authorized_keyfile = true
48 ssh.generate_authorized_keyfile = true
49
49
50 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
50 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
51 # ssh.authorized_keys_ssh_opts =
51 # ssh.authorized_keys_ssh_opts =
52
52
53 ## Path to the authrozied_keys file where the generate entries are placed.
53 ## Path to the authrozied_keys file where the generate entries are placed.
54 ## It is possible to have multiple key files specified in `sshd_config` e.g.
54 ## It is possible to have multiple key files specified in `sshd_config` e.g.
55 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
55 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
56 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
56 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
57
57
58 ## Command to execute the SSH wrapper. The binary is available in the
58 ## Command to execute the SSH wrapper. The binary is available in the
59 ## rhodecode installation directory.
59 ## rhodecode installation directory.
60 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
60 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
61 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
61 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
62
62
63 ## Allow shell when executing the ssh-wrapper command
63 ## Allow shell when executing the ssh-wrapper command
64 ssh.wrapper_cmd_allow_shell = false
64 ssh.wrapper_cmd_allow_shell = false
65
65
66 ## Enables logging, and detailed output send back to the client during SSH
66 ## Enables logging, and detailed output send back to the client during SSH
67 ## operations. Useful for debugging, shouldn't be used in production.
67 ## operations. Useful for debugging, shouldn't be used in production.
68 ssh.enable_debug_logging = false
68 ssh.enable_debug_logging = false
69
69
70 ## Paths to binary executable, by default they are the names, but we can
70 ## Paths to binary executable, by default they are the names, but we can
71 ## override them if we want to use a custom one
71 ## override them if we want to use a custom one
72 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
72 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
73 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
74 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
75
75
76 ## Enables SSH key generator web interface. Disabling this still allows users
77 ## to add their own keys.
78 ssh.enable_ui_key_generator = true
79
76
80
77 3. Set base_url for instance to enable proper event handling (Optional):
81 3. Set base_url for instance to enable proper event handling (Optional):
78
82
79 If you wish to have integrations working correctly via SSH please configure
83 If you wish to have integrations working correctly via SSH please configure
80 The Application base_url.
84 The Application base_url.
81
85
82 Use the ``rccontrol status`` command to view instance details.
86 Use the ``rccontrol status`` command to view instance details.
83 Hostname is required for the integration to properly set the instance URL.
87 Hostname is required for the integration to properly set the instance URL.
84
88
85 When your hostname is known (e.g https://code.rhodecode.com) please set it
89 When your hostname is known (e.g https://code.rhodecode.com) please set it
86 inside :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
90 inside :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
87
91
88 add into `[app:main]` section the following configuration:
92 add into `[app:main]` section the following configuration:
89
93
90 .. code-block:: ini
94 .. code-block:: ini
91
95
92 app.base_url = https://code.rhodecode.com
96 app.base_url = https://code.rhodecode.com
93
97
94
98
95 4. Add the public key to your user account for testing.
99 4. Add the public key to your user account for testing.
96 First generate a new key, or use your existing one and have your public key
100 First generate a new key, or use your existing one and have your public key
97 at hand.
101 at hand.
98
102
99 Go to
103 Go to
100 :menuselection:`My Account --> SSH Keys` and add the public key with proper description.
104 :menuselection:`My Account --> SSH Keys` and add the public key with proper description.
101
105
102 This will generate a new entry inside our configured `authorized_keys_rhodecode` file.
106 This will generate a new entry inside our configured `authorized_keys_rhodecode` file.
103
107
104 Test the connection from your local machine using the following example:
108 Test the connection from your local machine using the following example:
105
109
106 .. note::
110 .. note::
107
111
108 In case of connection problems please set
112 In case of connection problems please set
109 `ssh.enable_debug_logging = true` inside the SSH configuration of
113 `ssh.enable_debug_logging = true` inside the SSH configuration of
110 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
114 :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
111 Then add, remove your SSH key and try connecting again.
115 Then add, remove your SSH key and try connecting again.
112 Debug logging will be printed to help find the problems on the server side.
116 Debug logging will be printed to help find the problems on the server side.
113
117
114 Test connection using the ssh command from the local machine. Make sure
118 Test connection using the ssh command from the local machine. Make sure
115 to use the use who is running the |RCE| server, and not your username from
119 to use the use who is running the |RCE| server, and not your username from
116 the web interface.
120 the web interface.
117
121
118
122
119 For SVN:
123 For SVN:
120
124
121 .. code-block:: bash
125 .. code-block:: bash
122
126
123 SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh_private.key" svn checkout svn+ssh://rhodecode@rc-server/repo_name
127 SVN_SSH="ssh -i ~/.ssh/id_rsa_test_ssh_private.key" svn checkout svn+ssh://rhodecode@rc-server/repo_name
124
128
125 For GIT:
129 For GIT:
126
130
127 .. code-block:: bash
131 .. code-block:: bash
128
132
129 GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh_private.key' git clone ssh://rhodecode@rc-server/repo_name
133 GIT_SSH_COMMAND='ssh -i ~/.ssh/id_rsa_test_ssh_private.key' git clone ssh://rhodecode@rc-server/repo_name
130
134
131 For Mercurial:
135 For Mercurial:
132
136
133 .. code-block:: bash
137 .. code-block:: bash
134
138
135 Add to hgrc:
139 Add to hgrc:
136
140
137 [ui]
141 [ui]
138 ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh_private.key
142 ssh = ssh -C -i ~/.ssh/id_rsa_test_ssh_private.key
139
143
140 hg clone ssh://rhodecode@rc-server/repo_name
144 hg clone ssh://rhodecode@rc-server/repo_name
@@ -1,155 +1,156 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2016-2019 RhodeCode GmbH
3 # Copyright (C) 2016-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from pyramid.httpexceptions import HTTPFound
23 from pyramid.httpexceptions import HTTPFound
24 from pyramid.view import view_config
24 from pyramid.view import view_config
25
25
26 from rhodecode.apps._base import BaseAppView, DataGridAppView
26 from rhodecode.apps._base import BaseAppView, DataGridAppView
27 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
27 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
28 from rhodecode.events import trigger
28 from rhodecode.events import trigger
29 from rhodecode.lib import helpers as h
29 from rhodecode.lib import helpers as h
30 from rhodecode.lib import audit_logger
30 from rhodecode.lib import audit_logger
31 from rhodecode.lib.auth import LoginRequired, NotAnonymous, CSRFRequired
31 from rhodecode.lib.auth import LoginRequired, NotAnonymous, CSRFRequired
32 from rhodecode.model.db import IntegrityError, UserSshKeys
32 from rhodecode.model.db import IntegrityError, UserSshKeys
33 from rhodecode.model.meta import Session
33 from rhodecode.model.meta import Session
34 from rhodecode.model.ssh_key import SshKeyModel
34 from rhodecode.model.ssh_key import SshKeyModel
35
35
36 log = logging.getLogger(__name__)
36 log = logging.getLogger(__name__)
37
37
38
38
39 class MyAccountSshKeysView(BaseAppView, DataGridAppView):
39 class MyAccountSshKeysView(BaseAppView, DataGridAppView):
40
40
41 def load_default_context(self):
41 def load_default_context(self):
42 c = self._get_local_tmpl_context()
42 c = self._get_local_tmpl_context()
43 c.user = c.auth_user.get_instance()
43 c.user = c.auth_user.get_instance()
44
44
45 c.ssh_enabled = self.request.registry.settings.get(
45 c.ssh_enabled = self.request.registry.settings.get(
46 'ssh.generate_authorized_keyfile')
46 'ssh.generate_authorized_keyfile')
47
47
48 return c
48 return c
49
49
50 @LoginRequired()
50 @LoginRequired()
51 @NotAnonymous()
51 @NotAnonymous()
52 @view_config(
52 @view_config(
53 route_name='my_account_ssh_keys', request_method='GET',
53 route_name='my_account_ssh_keys', request_method='GET',
54 renderer='rhodecode:templates/admin/my_account/my_account.mako')
54 renderer='rhodecode:templates/admin/my_account/my_account.mako')
55 def my_account_ssh_keys(self):
55 def my_account_ssh_keys(self):
56 _ = self.request.translate
56 _ = self.request.translate
57
57
58 c = self.load_default_context()
58 c = self.load_default_context()
59 c.active = 'ssh_keys'
59 c.active = 'ssh_keys'
60 c.default_key = self.request.GET.get('default_key')
60 c.default_key = self.request.GET.get('default_key')
61 c.user_ssh_keys = SshKeyModel().get_ssh_keys(c.user.user_id)
61 c.user_ssh_keys = SshKeyModel().get_ssh_keys(c.user.user_id)
62 return self._get_template_context(c)
62 return self._get_template_context(c)
63
63
64 @LoginRequired()
64 @LoginRequired()
65 @NotAnonymous()
65 @NotAnonymous()
66 @view_config(
66 @view_config(
67 route_name='my_account_ssh_keys_generate', request_method='GET',
67 route_name='my_account_ssh_keys_generate', request_method='GET',
68 renderer='rhodecode:templates/admin/my_account/my_account.mako')
68 renderer='rhodecode:templates/admin/my_account/my_account.mako')
69 def ssh_keys_generate_keypair(self):
69 def ssh_keys_generate_keypair(self):
70 _ = self.request.translate
70 _ = self.request.translate
71 c = self.load_default_context()
71 c = self.load_default_context()
72
72
73 c.active = 'ssh_keys_generate'
73 c.active = 'ssh_keys_generate'
74 if c.ssh_key_generator_enabled:
74 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
75 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
75 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
76 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
76 c.target_form_url = h.route_path(
77 c.target_form_url = h.route_path(
77 'my_account_ssh_keys', _query=dict(default_key=c.public))
78 'my_account_ssh_keys', _query=dict(default_key=c.public))
78 return self._get_template_context(c)
79 return self._get_template_context(c)
79
80
80 @LoginRequired()
81 @LoginRequired()
81 @NotAnonymous()
82 @NotAnonymous()
82 @CSRFRequired()
83 @CSRFRequired()
83 @view_config(
84 @view_config(
84 route_name='my_account_ssh_keys_add', request_method='POST',)
85 route_name='my_account_ssh_keys_add', request_method='POST',)
85 def my_account_ssh_keys_add(self):
86 def my_account_ssh_keys_add(self):
86 _ = self.request.translate
87 _ = self.request.translate
87 c = self.load_default_context()
88 c = self.load_default_context()
88
89
89 user_data = c.user.get_api_data()
90 user_data = c.user.get_api_data()
90 key_data = self.request.POST.get('key_data')
91 key_data = self.request.POST.get('key_data')
91 description = self.request.POST.get('description')
92 description = self.request.POST.get('description')
92 fingerprint = 'unknown'
93 fingerprint = 'unknown'
93 try:
94 try:
94 if not key_data:
95 if not key_data:
95 raise ValueError('Please add a valid public key')
96 raise ValueError('Please add a valid public key')
96
97
97 key = SshKeyModel().parse_key(key_data.strip())
98 key = SshKeyModel().parse_key(key_data.strip())
98 fingerprint = key.hash_md5()
99 fingerprint = key.hash_md5()
99
100
100 ssh_key = SshKeyModel().create(
101 ssh_key = SshKeyModel().create(
101 c.user.user_id, fingerprint, key.keydata, description)
102 c.user.user_id, fingerprint, key.keydata, description)
102 ssh_key_data = ssh_key.get_api_data()
103 ssh_key_data = ssh_key.get_api_data()
103
104
104 audit_logger.store_web(
105 audit_logger.store_web(
105 'user.edit.ssh_key.add', action_data={
106 'user.edit.ssh_key.add', action_data={
106 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
107 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
107 user=self._rhodecode_user, )
108 user=self._rhodecode_user, )
108 Session().commit()
109 Session().commit()
109
110
110 # Trigger an event on change of keys.
111 # Trigger an event on change of keys.
111 trigger(SshKeyFileChangeEvent(), self.request.registry)
112 trigger(SshKeyFileChangeEvent(), self.request.registry)
112
113
113 h.flash(_("Ssh Key successfully created"), category='success')
114 h.flash(_("Ssh Key successfully created"), category='success')
114
115
115 except IntegrityError:
116 except IntegrityError:
116 log.exception("Exception during ssh key saving")
117 log.exception("Exception during ssh key saving")
117 err = 'Such key with fingerprint `{}` already exists, ' \
118 err = 'Such key with fingerprint `{}` already exists, ' \
118 'please use a different one'.format(fingerprint)
119 'please use a different one'.format(fingerprint)
119 h.flash(_('An error occurred during ssh key saving: {}').format(err),
120 h.flash(_('An error occurred during ssh key saving: {}').format(err),
120 category='error')
121 category='error')
121 except Exception as e:
122 except Exception as e:
122 log.exception("Exception during ssh key saving")
123 log.exception("Exception during ssh key saving")
123 h.flash(_('An error occurred during ssh key saving: {}').format(e),
124 h.flash(_('An error occurred during ssh key saving: {}').format(e),
124 category='error')
125 category='error')
125
126
126 return HTTPFound(h.route_path('my_account_ssh_keys'))
127 return HTTPFound(h.route_path('my_account_ssh_keys'))
127
128
128 @LoginRequired()
129 @LoginRequired()
129 @NotAnonymous()
130 @NotAnonymous()
130 @CSRFRequired()
131 @CSRFRequired()
131 @view_config(
132 @view_config(
132 route_name='my_account_ssh_keys_delete', request_method='POST')
133 route_name='my_account_ssh_keys_delete', request_method='POST')
133 def my_account_ssh_keys_delete(self):
134 def my_account_ssh_keys_delete(self):
134 _ = self.request.translate
135 _ = self.request.translate
135 c = self.load_default_context()
136 c = self.load_default_context()
136
137
137 user_data = c.user.get_api_data()
138 user_data = c.user.get_api_data()
138
139
139 del_ssh_key = self.request.POST.get('del_ssh_key')
140 del_ssh_key = self.request.POST.get('del_ssh_key')
140
141
141 if del_ssh_key:
142 if del_ssh_key:
142 ssh_key = UserSshKeys.get_or_404(del_ssh_key)
143 ssh_key = UserSshKeys.get_or_404(del_ssh_key)
143 ssh_key_data = ssh_key.get_api_data()
144 ssh_key_data = ssh_key.get_api_data()
144
145
145 SshKeyModel().delete(del_ssh_key, c.user.user_id)
146 SshKeyModel().delete(del_ssh_key, c.user.user_id)
146 audit_logger.store_web(
147 audit_logger.store_web(
147 'user.edit.ssh_key.delete', action_data={
148 'user.edit.ssh_key.delete', action_data={
148 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
149 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
149 user=self._rhodecode_user,)
150 user=self._rhodecode_user,)
150 Session().commit()
151 Session().commit()
151 # Trigger an event on change of keys.
152 # Trigger an event on change of keys.
152 trigger(SshKeyFileChangeEvent(), self.request.registry)
153 trigger(SshKeyFileChangeEvent(), self.request.registry)
153 h.flash(_("Ssh key successfully deleted"), category='success')
154 h.flash(_("Ssh key successfully deleted"), category='success')
154
155
155 return HTTPFound(h.route_path('my_account_ssh_keys'))
156 return HTTPFound(h.route_path('my_account_ssh_keys'))
@@ -1,66 +1,67 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2016-2019 RhodeCode GmbH
3 # Copyright (C) 2016-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 import logging
21 import logging
22
22
23 from . import config_keys
23 from . import config_keys
24 from .events import SshKeyFileChangeEvent
24 from .events import SshKeyFileChangeEvent
25 from .subscribers import generate_ssh_authorized_keys_file_subscriber
25 from .subscribers import generate_ssh_authorized_keys_file_subscriber
26
26
27 from rhodecode.config.middleware import _bool_setting, _string_setting
27 from rhodecode.config.middleware import _bool_setting, _string_setting
28
28
29 log = logging.getLogger(__name__)
29 log = logging.getLogger(__name__)
30
30
31
31
32 def _sanitize_settings_and_apply_defaults(settings):
32 def _sanitize_settings_and_apply_defaults(settings):
33 """
33 """
34 Set defaults, convert to python types and validate settings.
34 Set defaults, convert to python types and validate settings.
35 """
35 """
36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
36 _bool_setting(settings, config_keys.generate_authorized_keyfile, 'false')
37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
37 _bool_setting(settings, config_keys.wrapper_allow_shell, 'false')
38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
38 _bool_setting(settings, config_keys.enable_debug_logging, 'false')
39 _bool_setting(settings, config_keys.ssh_key_generator_enabled, 'true')
39
40
40 _string_setting(settings, config_keys.authorized_keys_file_path,
41 _string_setting(settings, config_keys.authorized_keys_file_path,
41 '~/.ssh/authorized_keys_rhodecode',
42 '~/.ssh/authorized_keys_rhodecode',
42 lower=False)
43 lower=False)
43 _string_setting(settings, config_keys.wrapper_cmd, '',
44 _string_setting(settings, config_keys.wrapper_cmd, '',
44 lower=False)
45 lower=False)
45 _string_setting(settings, config_keys.authorized_keys_line_ssh_opts, '',
46 _string_setting(settings, config_keys.authorized_keys_line_ssh_opts, '',
46 lower=False)
47 lower=False)
47
48
48 _string_setting(settings, config_keys.ssh_hg_bin,
49 _string_setting(settings, config_keys.ssh_hg_bin,
49 '~/.rccontrol/vcsserver-1/profile/bin/hg',
50 '~/.rccontrol/vcsserver-1/profile/bin/hg',
50 lower=False)
51 lower=False)
51 _string_setting(settings, config_keys.ssh_git_bin,
52 _string_setting(settings, config_keys.ssh_git_bin,
52 '~/.rccontrol/vcsserver-1/profile/bin/git',
53 '~/.rccontrol/vcsserver-1/profile/bin/git',
53 lower=False)
54 lower=False)
54 _string_setting(settings, config_keys.ssh_svn_bin,
55 _string_setting(settings, config_keys.ssh_svn_bin,
55 '~/.rccontrol/vcsserver-1/profile/bin/svnserve',
56 '~/.rccontrol/vcsserver-1/profile/bin/svnserve',
56 lower=False)
57 lower=False)
57
58
58
59
59 def includeme(config):
60 def includeme(config):
60 settings = config.registry.settings
61 settings = config.registry.settings
61 _sanitize_settings_and_apply_defaults(settings)
62 _sanitize_settings_and_apply_defaults(settings)
62
63
63 # if we have enable generation of file, subscribe to event
64 # if we have enable generation of file, subscribe to event
64 if settings[config_keys.generate_authorized_keyfile]:
65 if settings[config_keys.generate_authorized_keyfile]:
65 config.add_subscriber(
66 config.add_subscriber(
66 generate_ssh_authorized_keys_file_subscriber, SshKeyFileChangeEvent)
67 generate_ssh_authorized_keys_file_subscriber, SshKeyFileChangeEvent)
@@ -1,33 +1,34 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2016-2019 RhodeCode GmbH
3 # Copyright (C) 2016-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21
21
22 # Definition of setting keys used to configure this module. Defined here to
22 # Definition of setting keys used to configure this module. Defined here to
23 # avoid repetition of keys throughout the module.
23 # avoid repetition of keys throughout the module.
24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
24 generate_authorized_keyfile = 'ssh.generate_authorized_keyfile'
25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
25 authorized_keys_file_path = 'ssh.authorized_keys_file_path'
26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
26 authorized_keys_line_ssh_opts = 'ssh.authorized_keys_ssh_opts'
27 ssh_key_generator_enabled = 'ssh.enable_ui_key_generator'
27 wrapper_cmd = 'ssh.wrapper_cmd'
28 wrapper_cmd = 'ssh.wrapper_cmd'
28 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
29 wrapper_allow_shell = 'ssh.wrapper_cmd_allow_shell'
29 enable_debug_logging = 'ssh.enable_debug_logging'
30 enable_debug_logging = 'ssh.enable_debug_logging'
30
31
31 ssh_hg_bin = 'ssh.executable.hg'
32 ssh_hg_bin = 'ssh.executable.hg'
32 ssh_git_bin = 'ssh.executable.git'
33 ssh_git_bin = 'ssh.executable.git'
33 ssh_svn_bin = 'ssh.executable.svn'
34 ssh_svn_bin = 'ssh.executable.svn'
@@ -1,582 +1,584 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2019 RhodeCode GmbH
3 # Copyright (C) 2010-2019 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 The base Controller API
22 The base Controller API
23 Provides the BaseController class for subclassing. And usage in different
23 Provides the BaseController class for subclassing. And usage in different
24 controllers
24 controllers
25 """
25 """
26
26
27 import logging
27 import logging
28 import socket
28 import socket
29
29
30 import markupsafe
30 import markupsafe
31 import ipaddress
31 import ipaddress
32
32
33 from paste.auth.basic import AuthBasicAuthenticator
33 from paste.auth.basic import AuthBasicAuthenticator
34 from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception
34 from paste.httpexceptions import HTTPUnauthorized, HTTPForbidden, get_exception
35 from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
35 from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
36
36
37 import rhodecode
37 import rhodecode
38 from rhodecode.apps._base import TemplateArgs
38 from rhodecode.apps._base import TemplateArgs
39 from rhodecode.authentication.base import VCS_TYPE
39 from rhodecode.authentication.base import VCS_TYPE
40 from rhodecode.lib import auth, utils2
40 from rhodecode.lib import auth, utils2
41 from rhodecode.lib import helpers as h
41 from rhodecode.lib import helpers as h
42 from rhodecode.lib.auth import AuthUser, CookieStoreWrapper
42 from rhodecode.lib.auth import AuthUser, CookieStoreWrapper
43 from rhodecode.lib.exceptions import UserCreationError
43 from rhodecode.lib.exceptions import UserCreationError
44 from rhodecode.lib.utils import (password_changed, get_enabled_hook_classes)
44 from rhodecode.lib.utils import (password_changed, get_enabled_hook_classes)
45 from rhodecode.lib.utils2 import (
45 from rhodecode.lib.utils2 import (
46 str2bool, safe_unicode, AttributeDict, safe_int, sha1, aslist, safe_str)
46 str2bool, safe_unicode, AttributeDict, safe_int, sha1, aslist, safe_str)
47 from rhodecode.model.db import Repository, User, ChangesetComment, UserBookmark
47 from rhodecode.model.db import Repository, User, ChangesetComment, UserBookmark
48 from rhodecode.model.notification import NotificationModel
48 from rhodecode.model.notification import NotificationModel
49 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
49 from rhodecode.model.settings import VcsSettingsModel, SettingsModel
50
50
51 log = logging.getLogger(__name__)
51 log = logging.getLogger(__name__)
52
52
53
53
54 def _filter_proxy(ip):
54 def _filter_proxy(ip):
55 """
55 """
56 Passed in IP addresses in HEADERS can be in a special format of multiple
56 Passed in IP addresses in HEADERS can be in a special format of multiple
57 ips. Those comma separated IPs are passed from various proxies in the
57 ips. Those comma separated IPs are passed from various proxies in the
58 chain of request processing. The left-most being the original client.
58 chain of request processing. The left-most being the original client.
59 We only care about the first IP which came from the org. client.
59 We only care about the first IP which came from the org. client.
60
60
61 :param ip: ip string from headers
61 :param ip: ip string from headers
62 """
62 """
63 if ',' in ip:
63 if ',' in ip:
64 _ips = ip.split(',')
64 _ips = ip.split(',')
65 _first_ip = _ips[0].strip()
65 _first_ip = _ips[0].strip()
66 log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)
66 log.debug('Got multiple IPs %s, using %s', ','.join(_ips), _first_ip)
67 return _first_ip
67 return _first_ip
68 return ip
68 return ip
69
69
70
70
71 def _filter_port(ip):
71 def _filter_port(ip):
72 """
72 """
73 Removes a port from ip, there are 4 main cases to handle here.
73 Removes a port from ip, there are 4 main cases to handle here.
74 - ipv4 eg. 127.0.0.1
74 - ipv4 eg. 127.0.0.1
75 - ipv6 eg. ::1
75 - ipv6 eg. ::1
76 - ipv4+port eg. 127.0.0.1:8080
76 - ipv4+port eg. 127.0.0.1:8080
77 - ipv6+port eg. [::1]:8080
77 - ipv6+port eg. [::1]:8080
78
78
79 :param ip:
79 :param ip:
80 """
80 """
81 def is_ipv6(ip_addr):
81 def is_ipv6(ip_addr):
82 if hasattr(socket, 'inet_pton'):
82 if hasattr(socket, 'inet_pton'):
83 try:
83 try:
84 socket.inet_pton(socket.AF_INET6, ip_addr)
84 socket.inet_pton(socket.AF_INET6, ip_addr)
85 except socket.error:
85 except socket.error:
86 return False
86 return False
87 else:
87 else:
88 # fallback to ipaddress
88 # fallback to ipaddress
89 try:
89 try:
90 ipaddress.IPv6Address(safe_unicode(ip_addr))
90 ipaddress.IPv6Address(safe_unicode(ip_addr))
91 except Exception:
91 except Exception:
92 return False
92 return False
93 return True
93 return True
94
94
95 if ':' not in ip: # must be ipv4 pure ip
95 if ':' not in ip: # must be ipv4 pure ip
96 return ip
96 return ip
97
97
98 if '[' in ip and ']' in ip: # ipv6 with port
98 if '[' in ip and ']' in ip: # ipv6 with port
99 return ip.split(']')[0][1:].lower()
99 return ip.split(']')[0][1:].lower()
100
100
101 # must be ipv6 or ipv4 with port
101 # must be ipv6 or ipv4 with port
102 if is_ipv6(ip):
102 if is_ipv6(ip):
103 return ip
103 return ip
104 else:
104 else:
105 ip, _port = ip.split(':')[:2] # means ipv4+port
105 ip, _port = ip.split(':')[:2] # means ipv4+port
106 return ip
106 return ip
107
107
108
108
109 def get_ip_addr(environ):
109 def get_ip_addr(environ):
110 proxy_key = 'HTTP_X_REAL_IP'
110 proxy_key = 'HTTP_X_REAL_IP'
111 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
111 proxy_key2 = 'HTTP_X_FORWARDED_FOR'
112 def_key = 'REMOTE_ADDR'
112 def_key = 'REMOTE_ADDR'
113 _filters = lambda x: _filter_port(_filter_proxy(x))
113 _filters = lambda x: _filter_port(_filter_proxy(x))
114
114
115 ip = environ.get(proxy_key)
115 ip = environ.get(proxy_key)
116 if ip:
116 if ip:
117 return _filters(ip)
117 return _filters(ip)
118
118
119 ip = environ.get(proxy_key2)
119 ip = environ.get(proxy_key2)
120 if ip:
120 if ip:
121 return _filters(ip)
121 return _filters(ip)
122
122
123 ip = environ.get(def_key, '0.0.0.0')
123 ip = environ.get(def_key, '0.0.0.0')
124 return _filters(ip)
124 return _filters(ip)
125
125
126
126
127 def get_server_ip_addr(environ, log_errors=True):
127 def get_server_ip_addr(environ, log_errors=True):
128 hostname = environ.get('SERVER_NAME')
128 hostname = environ.get('SERVER_NAME')
129 try:
129 try:
130 return socket.gethostbyname(hostname)
130 return socket.gethostbyname(hostname)
131 except Exception as e:
131 except Exception as e:
132 if log_errors:
132 if log_errors:
133 # in some cases this lookup is not possible, and we don't want to
133 # in some cases this lookup is not possible, and we don't want to
134 # make it an exception in logs
134 # make it an exception in logs
135 log.exception('Could not retrieve server ip address: %s', e)
135 log.exception('Could not retrieve server ip address: %s', e)
136 return hostname
136 return hostname
137
137
138
138
139 def get_server_port(environ):
139 def get_server_port(environ):
140 return environ.get('SERVER_PORT')
140 return environ.get('SERVER_PORT')
141
141
142
142
143 def get_access_path(environ):
143 def get_access_path(environ):
144 path = environ.get('PATH_INFO')
144 path = environ.get('PATH_INFO')
145 org_req = environ.get('pylons.original_request')
145 org_req = environ.get('pylons.original_request')
146 if org_req:
146 if org_req:
147 path = org_req.environ.get('PATH_INFO')
147 path = org_req.environ.get('PATH_INFO')
148 return path
148 return path
149
149
150
150
151 def get_user_agent(environ):
151 def get_user_agent(environ):
152 return environ.get('HTTP_USER_AGENT')
152 return environ.get('HTTP_USER_AGENT')
153
153
154
154
155 def vcs_operation_context(
155 def vcs_operation_context(
156 environ, repo_name, username, action, scm, check_locking=True,
156 environ, repo_name, username, action, scm, check_locking=True,
157 is_shadow_repo=False, check_branch_perms=False, detect_force_push=False):
157 is_shadow_repo=False, check_branch_perms=False, detect_force_push=False):
158 """
158 """
159 Generate the context for a vcs operation, e.g. push or pull.
159 Generate the context for a vcs operation, e.g. push or pull.
160
160
161 This context is passed over the layers so that hooks triggered by the
161 This context is passed over the layers so that hooks triggered by the
162 vcs operation know details like the user, the user's IP address etc.
162 vcs operation know details like the user, the user's IP address etc.
163
163
164 :param check_locking: Allows to switch of the computation of the locking
164 :param check_locking: Allows to switch of the computation of the locking
165 data. This serves mainly the need of the simplevcs middleware to be
165 data. This serves mainly the need of the simplevcs middleware to be
166 able to disable this for certain operations.
166 able to disable this for certain operations.
167
167
168 """
168 """
169 # Tri-state value: False: unlock, None: nothing, True: lock
169 # Tri-state value: False: unlock, None: nothing, True: lock
170 make_lock = None
170 make_lock = None
171 locked_by = [None, None, None]
171 locked_by = [None, None, None]
172 is_anonymous = username == User.DEFAULT_USER
172 is_anonymous = username == User.DEFAULT_USER
173 user = User.get_by_username(username)
173 user = User.get_by_username(username)
174 if not is_anonymous and check_locking:
174 if not is_anonymous and check_locking:
175 log.debug('Checking locking on repository "%s"', repo_name)
175 log.debug('Checking locking on repository "%s"', repo_name)
176 repo = Repository.get_by_repo_name(repo_name)
176 repo = Repository.get_by_repo_name(repo_name)
177 make_lock, __, locked_by = repo.get_locking_state(
177 make_lock, __, locked_by = repo.get_locking_state(
178 action, user.user_id)
178 action, user.user_id)
179 user_id = user.user_id
179 user_id = user.user_id
180 settings_model = VcsSettingsModel(repo=repo_name)
180 settings_model = VcsSettingsModel(repo=repo_name)
181 ui_settings = settings_model.get_ui_settings()
181 ui_settings = settings_model.get_ui_settings()
182
182
183 # NOTE(marcink): This should be also in sync with
183 # NOTE(marcink): This should be also in sync with
184 # rhodecode/apps/ssh_support/lib/backends/base.py:update_environment scm_data
184 # rhodecode/apps/ssh_support/lib/backends/base.py:update_environment scm_data
185 store = [x for x in ui_settings if x.key == '/']
185 store = [x for x in ui_settings if x.key == '/']
186 repo_store = ''
186 repo_store = ''
187 if store:
187 if store:
188 repo_store = store[0].value
188 repo_store = store[0].value
189
189
190 scm_data = {
190 scm_data = {
191 'ip': get_ip_addr(environ),
191 'ip': get_ip_addr(environ),
192 'username': username,
192 'username': username,
193 'user_id': user_id,
193 'user_id': user_id,
194 'action': action,
194 'action': action,
195 'repository': repo_name,
195 'repository': repo_name,
196 'scm': scm,
196 'scm': scm,
197 'config': rhodecode.CONFIG['__file__'],
197 'config': rhodecode.CONFIG['__file__'],
198 'repo_store': repo_store,
198 'repo_store': repo_store,
199 'make_lock': make_lock,
199 'make_lock': make_lock,
200 'locked_by': locked_by,
200 'locked_by': locked_by,
201 'server_url': utils2.get_server_url(environ),
201 'server_url': utils2.get_server_url(environ),
202 'user_agent': get_user_agent(environ),
202 'user_agent': get_user_agent(environ),
203 'hooks': get_enabled_hook_classes(ui_settings),
203 'hooks': get_enabled_hook_classes(ui_settings),
204 'is_shadow_repo': is_shadow_repo,
204 'is_shadow_repo': is_shadow_repo,
205 'detect_force_push': detect_force_push,
205 'detect_force_push': detect_force_push,
206 'check_branch_perms': check_branch_perms,
206 'check_branch_perms': check_branch_perms,
207 }
207 }
208 return scm_data
208 return scm_data
209
209
210
210
211 class BasicAuth(AuthBasicAuthenticator):
211 class BasicAuth(AuthBasicAuthenticator):
212
212
213 def __init__(self, realm, authfunc, registry, auth_http_code=None,
213 def __init__(self, realm, authfunc, registry, auth_http_code=None,
214 initial_call_detection=False, acl_repo_name=None):
214 initial_call_detection=False, acl_repo_name=None):
215 self.realm = realm
215 self.realm = realm
216 self.initial_call = initial_call_detection
216 self.initial_call = initial_call_detection
217 self.authfunc = authfunc
217 self.authfunc = authfunc
218 self.registry = registry
218 self.registry = registry
219 self.acl_repo_name = acl_repo_name
219 self.acl_repo_name = acl_repo_name
220 self._rc_auth_http_code = auth_http_code
220 self._rc_auth_http_code = auth_http_code
221
221
222 def _get_response_from_code(self, http_code):
222 def _get_response_from_code(self, http_code):
223 try:
223 try:
224 return get_exception(safe_int(http_code))
224 return get_exception(safe_int(http_code))
225 except Exception:
225 except Exception:
226 log.exception('Failed to fetch response for code %s', http_code)
226 log.exception('Failed to fetch response for code %s', http_code)
227 return HTTPForbidden
227 return HTTPForbidden
228
228
229 def get_rc_realm(self):
229 def get_rc_realm(self):
230 return safe_str(self.registry.rhodecode_settings.get('rhodecode_realm'))
230 return safe_str(self.registry.rhodecode_settings.get('rhodecode_realm'))
231
231
232 def build_authentication(self):
232 def build_authentication(self):
233 head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
233 head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
234 if self._rc_auth_http_code and not self.initial_call:
234 if self._rc_auth_http_code and not self.initial_call:
235 # return alternative HTTP code if alternative http return code
235 # return alternative HTTP code if alternative http return code
236 # is specified in RhodeCode config, but ONLY if it's not the
236 # is specified in RhodeCode config, but ONLY if it's not the
237 # FIRST call
237 # FIRST call
238 custom_response_klass = self._get_response_from_code(
238 custom_response_klass = self._get_response_from_code(
239 self._rc_auth_http_code)
239 self._rc_auth_http_code)
240 return custom_response_klass(headers=head)
240 return custom_response_klass(headers=head)
241 return HTTPUnauthorized(headers=head)
241 return HTTPUnauthorized(headers=head)
242
242
243 def authenticate(self, environ):
243 def authenticate(self, environ):
244 authorization = AUTHORIZATION(environ)
244 authorization = AUTHORIZATION(environ)
245 if not authorization:
245 if not authorization:
246 return self.build_authentication()
246 return self.build_authentication()
247 (authmeth, auth) = authorization.split(' ', 1)
247 (authmeth, auth) = authorization.split(' ', 1)
248 if 'basic' != authmeth.lower():
248 if 'basic' != authmeth.lower():
249 return self.build_authentication()
249 return self.build_authentication()
250 auth = auth.strip().decode('base64')
250 auth = auth.strip().decode('base64')
251 _parts = auth.split(':', 1)
251 _parts = auth.split(':', 1)
252 if len(_parts) == 2:
252 if len(_parts) == 2:
253 username, password = _parts
253 username, password = _parts
254 auth_data = self.authfunc(
254 auth_data = self.authfunc(
255 username, password, environ, VCS_TYPE,
255 username, password, environ, VCS_TYPE,
256 registry=self.registry, acl_repo_name=self.acl_repo_name)
256 registry=self.registry, acl_repo_name=self.acl_repo_name)
257 if auth_data:
257 if auth_data:
258 return {'username': username, 'auth_data': auth_data}
258 return {'username': username, 'auth_data': auth_data}
259 if username and password:
259 if username and password:
260 # we mark that we actually executed authentication once, at
260 # we mark that we actually executed authentication once, at
261 # that point we can use the alternative auth code
261 # that point we can use the alternative auth code
262 self.initial_call = False
262 self.initial_call = False
263
263
264 return self.build_authentication()
264 return self.build_authentication()
265
265
266 __call__ = authenticate
266 __call__ = authenticate
267
267
268
268
269 def calculate_version_hash(config):
269 def calculate_version_hash(config):
270 return sha1(
270 return sha1(
271 config.get('beaker.session.secret', '') +
271 config.get('beaker.session.secret', '') +
272 rhodecode.__version__)[:8]
272 rhodecode.__version__)[:8]
273
273
274
274
275 def get_current_lang(request):
275 def get_current_lang(request):
276 # NOTE(marcink): remove after pyramid move
276 # NOTE(marcink): remove after pyramid move
277 try:
277 try:
278 return translation.get_lang()[0]
278 return translation.get_lang()[0]
279 except:
279 except:
280 pass
280 pass
281
281
282 return getattr(request, '_LOCALE_', request.locale_name)
282 return getattr(request, '_LOCALE_', request.locale_name)
283
283
284
284
285 def attach_context_attributes(context, request, user_id=None):
285 def attach_context_attributes(context, request, user_id=None):
286 """
286 """
287 Attach variables into template context called `c`.
287 Attach variables into template context called `c`.
288 """
288 """
289 config = request.registry.settings
289 config = request.registry.settings
290
290
291
291
292 rc_config = SettingsModel().get_all_settings(cache=True)
292 rc_config = SettingsModel().get_all_settings(cache=True)
293
293
294 context.rhodecode_version = rhodecode.__version__
294 context.rhodecode_version = rhodecode.__version__
295 context.rhodecode_edition = config.get('rhodecode.edition')
295 context.rhodecode_edition = config.get('rhodecode.edition')
296 # unique secret + version does not leak the version but keep consistency
296 # unique secret + version does not leak the version but keep consistency
297 context.rhodecode_version_hash = calculate_version_hash(config)
297 context.rhodecode_version_hash = calculate_version_hash(config)
298
298
299 # Default language set for the incoming request
299 # Default language set for the incoming request
300 context.language = get_current_lang(request)
300 context.language = get_current_lang(request)
301
301
302 # Visual options
302 # Visual options
303 context.visual = AttributeDict({})
303 context.visual = AttributeDict({})
304
304
305 # DB stored Visual Items
305 # DB stored Visual Items
306 context.visual.show_public_icon = str2bool(
306 context.visual.show_public_icon = str2bool(
307 rc_config.get('rhodecode_show_public_icon'))
307 rc_config.get('rhodecode_show_public_icon'))
308 context.visual.show_private_icon = str2bool(
308 context.visual.show_private_icon = str2bool(
309 rc_config.get('rhodecode_show_private_icon'))
309 rc_config.get('rhodecode_show_private_icon'))
310 context.visual.stylify_metatags = str2bool(
310 context.visual.stylify_metatags = str2bool(
311 rc_config.get('rhodecode_stylify_metatags'))
311 rc_config.get('rhodecode_stylify_metatags'))
312 context.visual.dashboard_items = safe_int(
312 context.visual.dashboard_items = safe_int(
313 rc_config.get('rhodecode_dashboard_items', 100))
313 rc_config.get('rhodecode_dashboard_items', 100))
314 context.visual.admin_grid_items = safe_int(
314 context.visual.admin_grid_items = safe_int(
315 rc_config.get('rhodecode_admin_grid_items', 100))
315 rc_config.get('rhodecode_admin_grid_items', 100))
316 context.visual.show_revision_number = str2bool(
316 context.visual.show_revision_number = str2bool(
317 rc_config.get('rhodecode_show_revision_number', True))
317 rc_config.get('rhodecode_show_revision_number', True))
318 context.visual.show_sha_length = safe_int(
318 context.visual.show_sha_length = safe_int(
319 rc_config.get('rhodecode_show_sha_length', 100))
319 rc_config.get('rhodecode_show_sha_length', 100))
320 context.visual.repository_fields = str2bool(
320 context.visual.repository_fields = str2bool(
321 rc_config.get('rhodecode_repository_fields'))
321 rc_config.get('rhodecode_repository_fields'))
322 context.visual.show_version = str2bool(
322 context.visual.show_version = str2bool(
323 rc_config.get('rhodecode_show_version'))
323 rc_config.get('rhodecode_show_version'))
324 context.visual.use_gravatar = str2bool(
324 context.visual.use_gravatar = str2bool(
325 rc_config.get('rhodecode_use_gravatar'))
325 rc_config.get('rhodecode_use_gravatar'))
326 context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')
326 context.visual.gravatar_url = rc_config.get('rhodecode_gravatar_url')
327 context.visual.default_renderer = rc_config.get(
327 context.visual.default_renderer = rc_config.get(
328 'rhodecode_markup_renderer', 'rst')
328 'rhodecode_markup_renderer', 'rst')
329 context.visual.comment_types = ChangesetComment.COMMENT_TYPES
329 context.visual.comment_types = ChangesetComment.COMMENT_TYPES
330 context.visual.rhodecode_support_url = \
330 context.visual.rhodecode_support_url = \
331 rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')
331 rc_config.get('rhodecode_support_url') or h.route_url('rhodecode_support')
332
332
333 context.visual.affected_files_cut_off = 60
333 context.visual.affected_files_cut_off = 60
334
334
335 context.pre_code = rc_config.get('rhodecode_pre_code')
335 context.pre_code = rc_config.get('rhodecode_pre_code')
336 context.post_code = rc_config.get('rhodecode_post_code')
336 context.post_code = rc_config.get('rhodecode_post_code')
337 context.rhodecode_name = rc_config.get('rhodecode_title')
337 context.rhodecode_name = rc_config.get('rhodecode_title')
338 context.default_encodings = aslist(config.get('default_encoding'), sep=',')
338 context.default_encodings = aslist(config.get('default_encoding'), sep=',')
339 # if we have specified default_encoding in the request, it has more
339 # if we have specified default_encoding in the request, it has more
340 # priority
340 # priority
341 if request.GET.get('default_encoding'):
341 if request.GET.get('default_encoding'):
342 context.default_encodings.insert(0, request.GET.get('default_encoding'))
342 context.default_encodings.insert(0, request.GET.get('default_encoding'))
343 context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')
343 context.clone_uri_tmpl = rc_config.get('rhodecode_clone_uri_tmpl')
344 context.clone_uri_ssh_tmpl = rc_config.get('rhodecode_clone_uri_ssh_tmpl')
344 context.clone_uri_ssh_tmpl = rc_config.get('rhodecode_clone_uri_ssh_tmpl')
345
345
346 # INI stored
346 # INI stored
347 context.labs_active = str2bool(
347 context.labs_active = str2bool(
348 config.get('labs_settings_active', 'false'))
348 config.get('labs_settings_active', 'false'))
349 context.ssh_enabled = str2bool(
349 context.ssh_enabled = str2bool(
350 config.get('ssh.generate_authorized_keyfile', 'false'))
350 config.get('ssh.generate_authorized_keyfile', 'false'))
351 context.ssh_key_generator_enabled = str2bool(
352 config.get('ssh.enable_ui_key_generator', 'true'))
351
353
352 context.visual.allow_repo_location_change = str2bool(
354 context.visual.allow_repo_location_change = str2bool(
353 config.get('allow_repo_location_change', True))
355 config.get('allow_repo_location_change', True))
354 context.visual.allow_custom_hooks_settings = str2bool(
356 context.visual.allow_custom_hooks_settings = str2bool(
355 config.get('allow_custom_hooks_settings', True))
357 config.get('allow_custom_hooks_settings', True))
356 context.debug_style = str2bool(config.get('debug_style', False))
358 context.debug_style = str2bool(config.get('debug_style', False))
357
359
358 context.rhodecode_instanceid = config.get('instance_id')
360 context.rhodecode_instanceid = config.get('instance_id')
359
361
360 context.visual.cut_off_limit_diff = safe_int(
362 context.visual.cut_off_limit_diff = safe_int(
361 config.get('cut_off_limit_diff'))
363 config.get('cut_off_limit_diff'))
362 context.visual.cut_off_limit_file = safe_int(
364 context.visual.cut_off_limit_file = safe_int(
363 config.get('cut_off_limit_file'))
365 config.get('cut_off_limit_file'))
364
366
365 # AppEnlight
367 # AppEnlight
366 context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))
368 context.appenlight_enabled = str2bool(config.get('appenlight', 'false'))
367 context.appenlight_api_public_key = config.get(
369 context.appenlight_api_public_key = config.get(
368 'appenlight.api_public_key', '')
370 'appenlight.api_public_key', '')
369 context.appenlight_server_url = config.get('appenlight.server_url', '')
371 context.appenlight_server_url = config.get('appenlight.server_url', '')
370
372
371 diffmode = {
373 diffmode = {
372 "unified": "unified",
374 "unified": "unified",
373 "sideside": "sideside"
375 "sideside": "sideside"
374 }.get(request.GET.get('diffmode'))
376 }.get(request.GET.get('diffmode'))
375
377
376 if diffmode and diffmode != request.session.get('rc_user_session_attr.diffmode'):
378 if diffmode and diffmode != request.session.get('rc_user_session_attr.diffmode'):
377 request.session['rc_user_session_attr.diffmode'] = diffmode
379 request.session['rc_user_session_attr.diffmode'] = diffmode
378
380
379 # session settings per user
381 # session settings per user
380 session_attrs = {
382 session_attrs = {
381 # defaults
383 # defaults
382 "clone_url_format": "http",
384 "clone_url_format": "http",
383 "diffmode": "sideside"
385 "diffmode": "sideside"
384 }
386 }
385 for k, v in request.session.items():
387 for k, v in request.session.items():
386 pref = 'rc_user_session_attr.'
388 pref = 'rc_user_session_attr.'
387 if k and k.startswith(pref):
389 if k and k.startswith(pref):
388 k = k[len(pref):]
390 k = k[len(pref):]
389 session_attrs[k] = v
391 session_attrs[k] = v
390
392
391 context.user_session_attrs = session_attrs
393 context.user_session_attrs = session_attrs
392
394
393 # JS template context
395 # JS template context
394 context.template_context = {
396 context.template_context = {
395 'repo_name': None,
397 'repo_name': None,
396 'repo_type': None,
398 'repo_type': None,
397 'repo_landing_commit': None,
399 'repo_landing_commit': None,
398 'rhodecode_user': {
400 'rhodecode_user': {
399 'username': None,
401 'username': None,
400 'email': None,
402 'email': None,
401 'notification_status': False
403 'notification_status': False
402 },
404 },
403 'session_attrs': session_attrs,
405 'session_attrs': session_attrs,
404 'visual': {
406 'visual': {
405 'default_renderer': None
407 'default_renderer': None
406 },
408 },
407 'commit_data': {
409 'commit_data': {
408 'commit_id': None
410 'commit_id': None
409 },
411 },
410 'pull_request_data': {'pull_request_id': None},
412 'pull_request_data': {'pull_request_id': None},
411 'timeago': {
413 'timeago': {
412 'refresh_time': 120 * 1000,
414 'refresh_time': 120 * 1000,
413 'cutoff_limit': 1000 * 60 * 60 * 24 * 7
415 'cutoff_limit': 1000 * 60 * 60 * 24 * 7
414 },
416 },
415 'pyramid_dispatch': {
417 'pyramid_dispatch': {
416
418
417 },
419 },
418 'extra': {'plugins': {}}
420 'extra': {'plugins': {}}
419 }
421 }
420 # END CONFIG VARS
422 # END CONFIG VARS
421
423
422 context.csrf_token = auth.get_csrf_token(session=request.session)
424 context.csrf_token = auth.get_csrf_token(session=request.session)
423 context.backends = rhodecode.BACKENDS.keys()
425 context.backends = rhodecode.BACKENDS.keys()
424 context.backends.sort()
426 context.backends.sort()
425 unread_count = 0
427 unread_count = 0
426 user_bookmark_list = []
428 user_bookmark_list = []
427 if user_id:
429 if user_id:
428 unread_count = NotificationModel().get_unread_cnt_for_user(user_id)
430 unread_count = NotificationModel().get_unread_cnt_for_user(user_id)
429 user_bookmark_list = UserBookmark.get_bookmarks_for_user(user_id)
431 user_bookmark_list = UserBookmark.get_bookmarks_for_user(user_id)
430 context.unread_notifications = unread_count
432 context.unread_notifications = unread_count
431 context.bookmark_items = user_bookmark_list
433 context.bookmark_items = user_bookmark_list
432
434
433 # web case
435 # web case
434 if hasattr(request, 'user'):
436 if hasattr(request, 'user'):
435 context.auth_user = request.user
437 context.auth_user = request.user
436 context.rhodecode_user = request.user
438 context.rhodecode_user = request.user
437
439
438 # api case
440 # api case
439 if hasattr(request, 'rpc_user'):
441 if hasattr(request, 'rpc_user'):
440 context.auth_user = request.rpc_user
442 context.auth_user = request.rpc_user
441 context.rhodecode_user = request.rpc_user
443 context.rhodecode_user = request.rpc_user
442
444
443 # attach the whole call context to the request
445 # attach the whole call context to the request
444 request.call_context = context
446 request.call_context = context
445
447
446
448
447 def get_auth_user(request):
449 def get_auth_user(request):
448 environ = request.environ
450 environ = request.environ
449 session = request.session
451 session = request.session
450
452
451 ip_addr = get_ip_addr(environ)
453 ip_addr = get_ip_addr(environ)
452 # make sure that we update permissions each time we call controller
454 # make sure that we update permissions each time we call controller
453 _auth_token = (request.GET.get('auth_token', '') or
455 _auth_token = (request.GET.get('auth_token', '') or
454 request.GET.get('api_key', ''))
456 request.GET.get('api_key', ''))
455
457
456 if _auth_token:
458 if _auth_token:
457 # when using API_KEY we assume user exists, and
459 # when using API_KEY we assume user exists, and
458 # doesn't need auth based on cookies.
460 # doesn't need auth based on cookies.
459 auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)
461 auth_user = AuthUser(api_key=_auth_token, ip_addr=ip_addr)
460 authenticated = False
462 authenticated = False
461 else:
463 else:
462 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
464 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
463 try:
465 try:
464 auth_user = AuthUser(user_id=cookie_store.get('user_id', None),
466 auth_user = AuthUser(user_id=cookie_store.get('user_id', None),
465 ip_addr=ip_addr)
467 ip_addr=ip_addr)
466 except UserCreationError as e:
468 except UserCreationError as e:
467 h.flash(e, 'error')
469 h.flash(e, 'error')
468 # container auth or other auth functions that create users
470 # container auth or other auth functions that create users
469 # on the fly can throw this exception signaling that there's
471 # on the fly can throw this exception signaling that there's
470 # issue with user creation, explanation should be provided
472 # issue with user creation, explanation should be provided
471 # in Exception itself. We then create a simple blank
473 # in Exception itself. We then create a simple blank
472 # AuthUser
474 # AuthUser
473 auth_user = AuthUser(ip_addr=ip_addr)
475 auth_user = AuthUser(ip_addr=ip_addr)
474
476
475 # in case someone changes a password for user it triggers session
477 # in case someone changes a password for user it triggers session
476 # flush and forces a re-login
478 # flush and forces a re-login
477 if password_changed(auth_user, session):
479 if password_changed(auth_user, session):
478 session.invalidate()
480 session.invalidate()
479 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
481 cookie_store = CookieStoreWrapper(session.get('rhodecode_user'))
480 auth_user = AuthUser(ip_addr=ip_addr)
482 auth_user = AuthUser(ip_addr=ip_addr)
481
483
482 authenticated = cookie_store.get('is_authenticated')
484 authenticated = cookie_store.get('is_authenticated')
483
485
484 if not auth_user.is_authenticated and auth_user.is_user_object:
486 if not auth_user.is_authenticated and auth_user.is_user_object:
485 # user is not authenticated and not empty
487 # user is not authenticated and not empty
486 auth_user.set_authenticated(authenticated)
488 auth_user.set_authenticated(authenticated)
487
489
488 return auth_user
490 return auth_user
489
491
490
492
491 def h_filter(s):
493 def h_filter(s):
492 """
494 """
493 Custom filter for Mako templates. Mako by standard uses `markupsafe.escape`
495 Custom filter for Mako templates. Mako by standard uses `markupsafe.escape`
494 we wrap this with additional functionality that converts None to empty
496 we wrap this with additional functionality that converts None to empty
495 strings
497 strings
496 """
498 """
497 if s is None:
499 if s is None:
498 return markupsafe.Markup()
500 return markupsafe.Markup()
499 return markupsafe.escape(s)
501 return markupsafe.escape(s)
500
502
501
503
502 def add_events_routes(config):
504 def add_events_routes(config):
503 """
505 """
504 Adds routing that can be used in events. Because some events are triggered
506 Adds routing that can be used in events. Because some events are triggered
505 outside of pyramid context, we need to bootstrap request with some
507 outside of pyramid context, we need to bootstrap request with some
506 routing registered
508 routing registered
507 """
509 """
508
510
509 from rhodecode.apps._base import ADMIN_PREFIX
511 from rhodecode.apps._base import ADMIN_PREFIX
510
512
511 config.add_route(name='home', pattern='/')
513 config.add_route(name='home', pattern='/')
512
514
513 config.add_route(name='login', pattern=ADMIN_PREFIX + '/login')
515 config.add_route(name='login', pattern=ADMIN_PREFIX + '/login')
514 config.add_route(name='logout', pattern=ADMIN_PREFIX + '/logout')
516 config.add_route(name='logout', pattern=ADMIN_PREFIX + '/logout')
515 config.add_route(name='repo_summary', pattern='/{repo_name}')
517 config.add_route(name='repo_summary', pattern='/{repo_name}')
516 config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')
518 config.add_route(name='repo_summary_explicit', pattern='/{repo_name}/summary')
517 config.add_route(name='repo_group_home', pattern='/{repo_group_name}')
519 config.add_route(name='repo_group_home', pattern='/{repo_group_name}')
518
520
519 config.add_route(name='pullrequest_show',
521 config.add_route(name='pullrequest_show',
520 pattern='/{repo_name}/pull-request/{pull_request_id}')
522 pattern='/{repo_name}/pull-request/{pull_request_id}')
521 config.add_route(name='pull_requests_global',
523 config.add_route(name='pull_requests_global',
522 pattern='/pull-request/{pull_request_id}')
524 pattern='/pull-request/{pull_request_id}')
523 config.add_route(name='repo_commit',
525 config.add_route(name='repo_commit',
524 pattern='/{repo_name}/changeset/{commit_id}')
526 pattern='/{repo_name}/changeset/{commit_id}')
525
527
526 config.add_route(name='repo_files',
528 config.add_route(name='repo_files',
527 pattern='/{repo_name}/files/{commit_id}/{f_path}')
529 pattern='/{repo_name}/files/{commit_id}/{f_path}')
528
530
529
531
530 def bootstrap_config(request):
532 def bootstrap_config(request):
531 import pyramid.testing
533 import pyramid.testing
532 registry = pyramid.testing.Registry('RcTestRegistry')
534 registry = pyramid.testing.Registry('RcTestRegistry')
533
535
534 config = pyramid.testing.setUp(registry=registry, request=request)
536 config = pyramid.testing.setUp(registry=registry, request=request)
535
537
536 # allow pyramid lookup in testing
538 # allow pyramid lookup in testing
537 config.include('pyramid_mako')
539 config.include('pyramid_mako')
538 config.include('pyramid_beaker')
540 config.include('pyramid_beaker')
539 config.include('rhodecode.lib.rc_cache')
541 config.include('rhodecode.lib.rc_cache')
540
542
541 add_events_routes(config)
543 add_events_routes(config)
542
544
543 return config
545 return config
544
546
545
547
546 def bootstrap_request(**kwargs):
548 def bootstrap_request(**kwargs):
547 import pyramid.testing
549 import pyramid.testing
548
550
549 class TestRequest(pyramid.testing.DummyRequest):
551 class TestRequest(pyramid.testing.DummyRequest):
550 application_url = kwargs.pop('application_url', 'http://example.com')
552 application_url = kwargs.pop('application_url', 'http://example.com')
551 host = kwargs.pop('host', 'example.com:80')
553 host = kwargs.pop('host', 'example.com:80')
552 domain = kwargs.pop('domain', 'example.com')
554 domain = kwargs.pop('domain', 'example.com')
553
555
554 def translate(self, msg):
556 def translate(self, msg):
555 return msg
557 return msg
556
558
557 def plularize(self, singular, plural, n):
559 def plularize(self, singular, plural, n):
558 return singular
560 return singular
559
561
560 def get_partial_renderer(self, tmpl_name):
562 def get_partial_renderer(self, tmpl_name):
561
563
562 from rhodecode.lib.partial_renderer import get_partial_renderer
564 from rhodecode.lib.partial_renderer import get_partial_renderer
563 return get_partial_renderer(request=self, tmpl_name=tmpl_name)
565 return get_partial_renderer(request=self, tmpl_name=tmpl_name)
564
566
565 _call_context = TemplateArgs()
567 _call_context = TemplateArgs()
566 _call_context.visual = TemplateArgs()
568 _call_context.visual = TemplateArgs()
567 _call_context.visual.show_sha_length = 12
569 _call_context.visual.show_sha_length = 12
568 _call_context.visual.show_revision_number = True
570 _call_context.visual.show_revision_number = True
569
571
570 @property
572 @property
571 def call_context(self):
573 def call_context(self):
572 return self._call_context
574 return self._call_context
573
575
574 class TestDummySession(pyramid.testing.DummySession):
576 class TestDummySession(pyramid.testing.DummySession):
575 def save(*arg, **kw):
577 def save(*arg, **kw):
576 pass
578 pass
577
579
578 request = TestRequest(**kwargs)
580 request = TestRequest(**kwargs)
579 request.session = TestDummySession()
581 request.session = TestDummySession()
580
582
581 return request
583 return request
582
584
@@ -1,89 +1,91 b''
1 <div class="panel panel-default">
1 <div class="panel panel-default">
2 <div class="panel-heading">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('SSH Keys')}</h3>
3 <h3 class="panel-title">${_('SSH Keys')}</h3>
4 </div>
4 </div>
5 <div class="panel-body">
5 <div class="panel-body">
6 <div class="sshkeys_wrap">
6 <div class="sshkeys_wrap">
7 <table class="rctable ssh_keys">
7 <table class="rctable ssh_keys">
8 <tr>
8 <tr>
9 <th>${_('Fingerprint')}</th>
9 <th>${_('Fingerprint')}</th>
10 <th>${_('Description')}</th>
10 <th>${_('Description')}</th>
11 <th>${_('Created on')}</th>
11 <th>${_('Created on')}</th>
12 <th>${_('Accessed on')}</th>
12 <th>${_('Accessed on')}</th>
13 <th>${_('Action')}</th>
13 <th>${_('Action')}</th>
14 </tr>
14 </tr>
15 % if not c.ssh_enabled:
15 % if not c.ssh_enabled:
16 <tr><td colspan="4"><div class="">${_('SSH Keys usage is currently disabled, please ask your administrator to enable them.')}</div></td></tr>
16 <tr><td colspan="4"><div class="">${_('SSH Keys usage is currently disabled, please ask your administrator to enable them.')}</div></td></tr>
17 % else:
17 % else:
18 %if c.user_ssh_keys:
18 %if c.user_ssh_keys:
19 %for ssh_key in c.user_ssh_keys:
19 %for ssh_key in c.user_ssh_keys:
20 <tr class="">
20 <tr class="">
21 <td class="">
21 <td class="">
22 <code>${ssh_key.ssh_key_fingerprint}</code>
22 <code>${ssh_key.ssh_key_fingerprint}</code>
23 </td>
23 </td>
24 <td class="td-wrap">${ssh_key.description}</td>
24 <td class="td-wrap">${ssh_key.description}</td>
25 <td class="td-tags">${h.format_date(ssh_key.created_on)}</td>
25 <td class="td-tags">${h.format_date(ssh_key.created_on)}</td>
26 <td class="td-tags">${h.format_date(ssh_key.accessed_on)}</td>
26 <td class="td-tags">${h.format_date(ssh_key.accessed_on)}</td>
27
27
28 <td class="td-action">
28 <td class="td-action">
29 ${h.secure_form(h.route_path('my_account_ssh_keys_delete'), request=request)}
29 ${h.secure_form(h.route_path('my_account_ssh_keys_delete'), request=request)}
30 ${h.hidden('del_ssh_key', ssh_key.ssh_key_id)}
30 ${h.hidden('del_ssh_key', ssh_key.ssh_key_id)}
31 <button class="btn btn-link btn-danger" type="submit"
31 <button class="btn btn-link btn-danger" type="submit"
32 onclick="return confirm('${_('Confirm to remove ssh key %s') % ssh_key.ssh_key_fingerprint}');">
32 onclick="return confirm('${_('Confirm to remove ssh key %s') % ssh_key.ssh_key_fingerprint}');">
33 ${_('Delete')}
33 ${_('Delete')}
34 </button>
34 </button>
35 ${h.end_form()}
35 ${h.end_form()}
36 </td>
36 </td>
37 </tr>
37 </tr>
38 %endfor
38 %endfor
39 %else:
39 %else:
40 <tr><td colspan="4"><div class="">${_('No additional ssh keys specified')}</div></td></tr>
40 <tr><td colspan="4"><div class="">${_('No additional ssh keys specified')}</div></td></tr>
41 %endif
41 %endif
42 % endif
42 % endif
43 </table>
43 </table>
44 </div>
44 </div>
45
45
46 % if c.ssh_enabled:
46 % if c.ssh_enabled:
47 <div class="user_ssh_keys">
47 <div class="user_ssh_keys">
48 ${h.secure_form(h.route_path('my_account_ssh_keys_add'), request=request)}
48 ${h.secure_form(h.route_path('my_account_ssh_keys_add'), request=request)}
49 <div class="form form-vertical">
49 <div class="form form-vertical">
50 <!-- fields -->
50 <!-- fields -->
51 <div class="fields">
51 <div class="fields">
52 <div class="field">
52 <div class="field">
53 <div class="label">
53 <div class="label">
54 <label for="new_email">${_('New ssh key')}:</label>
54 <label for="new_email">${_('New ssh key')}:</label>
55 </div>
55 </div>
56 <div class="input">
56 <div class="input">
57 ${h.text('description', class_='medium', placeholder=_('Description'))}
57 ${h.text('description', class_='medium', placeholder=_('Description'))}
58 % if c.ssh_key_generator_enabled:
58 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
59 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
60 % endif
59 </div>
61 </div>
60 </div>
62 </div>
61
63
62 <div class="field">
64 <div class="field">
63 <div class="textarea text-area editor">
65 <div class="textarea text-area editor">
64 ${h.textarea('key_data',c.default_key, size=30, placeholder=_("Public key, begins with 'ssh-rsa', 'ssh-dss', 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', or 'ecdsa-sha2-nistp521'"))}
66 ${h.textarea('key_data',c.default_key, size=30, placeholder=_("Public key, begins with 'ssh-rsa', 'ssh-dss', 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', or 'ecdsa-sha2-nistp521'"))}
65 </div>
67 </div>
66 </div>
68 </div>
67
69
68 <div class="buttons">
70 <div class="buttons">
69 ${h.submit('save',_('Add'),class_="btn")}
71 ${h.submit('save',_('Add'),class_="btn")}
70 ${h.reset('reset',_('Reset'),class_="btn")}
72 ${h.reset('reset',_('Reset'),class_="btn")}
71 </div>
73 </div>
72 % if c.default_key:
74 % if c.default_key:
73 ${_('Click add to use this generate SSH key')}
75 ${_('Click add to use this generated SSH key')}
74 % endif
76 % endif
75 </div>
77 </div>
76 </div>
78 </div>
77 ${h.end_form()}
79 ${h.end_form()}
78 </div>
80 </div>
79 % endif
81 % endif
80 </div>
82 </div>
81 </div>
83 </div>
82
84
83 <script>
85 <script>
84
86
85 $(document).ready(function(){
87 $(document).ready(function(){
86
88
87
89
88 });
90 });
89 </script>
91 </script>
@@ -1,83 +1,85 b''
1 <div class="panel panel-default">
1 <div class="panel panel-default">
2 <div class="panel-heading">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('SSH Keys')}</h3>
3 <h3 class="panel-title">${_('SSH Keys')}</h3>
4 </div>
4 </div>
5 <div class="panel-body">
5 <div class="panel-body">
6 <div class="sshkeys_wrap">
6 <div class="sshkeys_wrap">
7 <table class="rctable ssh_keys">
7 <table class="rctable ssh_keys">
8 <tr>
8 <tr>
9 <th>${_('Fingerprint')}</th>
9 <th>${_('Fingerprint')}</th>
10 <th>${_('Description')}</th>
10 <th>${_('Description')}</th>
11 <th>${_('Created on')}</th>
11 <th>${_('Created on')}</th>
12 <th>${_('Accessed on')}</th>
12 <th>${_('Accessed on')}</th>
13 <th>${_('Action')}</th>
13 <th>${_('Action')}</th>
14 </tr>
14 </tr>
15 %if c.user_ssh_keys:
15 %if c.user_ssh_keys:
16 %for ssh_key in c.user_ssh_keys:
16 %for ssh_key in c.user_ssh_keys:
17 <tr class="">
17 <tr class="">
18 <td class="">
18 <td class="">
19 <code>${ssh_key.ssh_key_fingerprint}</code>
19 <code>${ssh_key.ssh_key_fingerprint}</code>
20 </td>
20 </td>
21 <td class="td-wrap">${ssh_key.description}</td>
21 <td class="td-wrap">${ssh_key.description}</td>
22 <td class="td-tags">${h.format_date(ssh_key.created_on)}</td>
22 <td class="td-tags">${h.format_date(ssh_key.created_on)}</td>
23 <td class="td-tags">${h.format_date(ssh_key.accessed_on)}</td>
23 <td class="td-tags">${h.format_date(ssh_key.accessed_on)}</td>
24
24
25 <td class="td-action">
25 <td class="td-action">
26 ${h.secure_form(h.route_path('edit_user_ssh_keys_delete', user_id=c.user.user_id), request=request)}
26 ${h.secure_form(h.route_path('edit_user_ssh_keys_delete', user_id=c.user.user_id), request=request)}
27 ${h.hidden('del_ssh_key', ssh_key.ssh_key_id)}
27 ${h.hidden('del_ssh_key', ssh_key.ssh_key_id)}
28 <button class="btn btn-link btn-danger" type="submit"
28 <button class="btn btn-link btn-danger" type="submit"
29 onclick="return confirm('${_('Confirm to remove ssh key %s') % ssh_key.ssh_key_fingerprint}');">
29 onclick="return confirm('${_('Confirm to remove ssh key %s') % ssh_key.ssh_key_fingerprint}');">
30 ${_('Delete')}
30 ${_('Delete')}
31 </button>
31 </button>
32 ${h.end_form()}
32 ${h.end_form()}
33 </td>
33 </td>
34 </tr>
34 </tr>
35 %endfor
35 %endfor
36 %else:
36 %else:
37 <tr><td><div class="ip">${_('No additional ssh keys specified')}</div></td></tr>
37 <tr><td><div class="ip">${_('No additional ssh keys specified')}</div></td></tr>
38 %endif
38 %endif
39 </table>
39 </table>
40 </div>
40 </div>
41
41
42 <div class="user_ssh_keys">
42 <div class="user_ssh_keys">
43 ${h.secure_form(h.route_path('edit_user_ssh_keys_add', user_id=c.user.user_id), request=request)}
43 ${h.secure_form(h.route_path('edit_user_ssh_keys_add', user_id=c.user.user_id), request=request)}
44 <div class="form form-vertical">
44 <div class="form form-vertical">
45 <!-- fields -->
45 <!-- fields -->
46 <div class="fields">
46 <div class="fields">
47 <div class="field">
47 <div class="field">
48 <div class="label">
48 <div class="label">
49 <label for="new_email">${_('New ssh key')}:</label>
49 <label for="new_email">${_('New ssh key')}:</label>
50 </div>
50 </div>
51 <div class="input">
51 <div class="input">
52 ${h.text('description', class_='medium', placeholder=_('Description'))}
52 ${h.text('description', class_='medium', placeholder=_('Description'))}
53 % if c.ssh_key_generator_enabled:
53 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
54 <a href="${h.route_path('edit_user_ssh_keys_generate_keypair', user_id=c.user.user_id)}">${_('Generate random RSA key')}</a>
55 % endif
54 </div>
56 </div>
55 </div>
57 </div>
56
58
57 <div class="field">
59 <div class="field">
58 <div class="textarea text-area editor">
60 <div class="textarea text-area editor">
59 ${h.textarea('key_data',c.default_key, size=30, placeholder=_("Public key, begins with 'ssh-rsa', 'ssh-dss', 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', or 'ecdsa-sha2-nistp521'"))}
61 ${h.textarea('key_data',c.default_key, size=30, placeholder=_("Public key, begins with 'ssh-rsa', 'ssh-dss', 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', or 'ecdsa-sha2-nistp521'"))}
60 </div>
62 </div>
61 </div>
63 </div>
62
64
63 <div class="buttons">
65 <div class="buttons">
64 ${h.submit('save',_('Add'),class_="btn")}
66 ${h.submit('save',_('Add'),class_="btn")}
65 ${h.reset('reset',_('Reset'),class_="btn")}
67 ${h.reset('reset',_('Reset'),class_="btn")}
66 </div>
68 </div>
67 % if c.default_key:
69 % if c.default_key:
68 ${_('Click add to use this generate SSH key')}
70 ${_('Click add to use this generate SSH key')}
69 % endif
71 % endif
70 </div>
72 </div>
71 </div>
73 </div>
72 ${h.end_form()}
74 ${h.end_form()}
73 </div>
75 </div>
74 </div>
76 </div>
75 </div>
77 </div>
76
78
77 <script>
79 <script>
78
80
79 $(document).ready(function(){
81 $(document).ready(function(){
80
82
81
83
82 });
84 });
83 </script>
85 </script>
@@ -1,52 +1,58 b''
1 <div class="panel panel-default">
1 <div class="panel panel-default">
2 <div class="panel-heading">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('New SSH Key generated')}</h3>
3 <h3 class="panel-title">${_('New SSH Key generation')}</h3>
4 </div>
4 </div>
5 <div class="panel-body">
5 <div class="panel-body">
6 %if c.ssh_enabled and c.ssh_key_generator_enabled:
6 <p>
7 <p>
7 ${_('Below is a 2048 bit generated SSH RSA key.')}<br/>
8 ${_('Below is a 2048 bit generated SSH RSA key.')}<br/>
8 ${_('If You wish to use it to access RhodeCode via the SSH please save the private key and click `Use this generated key` at the bottom.')}
9 ${_('If You wish to use it to access RhodeCode via the SSH please save the private key and click `Use this generated key` at the bottom.')}
9 </p>
10 </p>
10 <h4>${_('Private key')}</h4>
11 <h4>${_('Private key')}</h4>
11 <pre>
12 <pre>
12 # Save the below content as
13 # Save the below content as
13 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
14 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_priv.key
14 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
15 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_priv.key
15 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
16 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
16
17
17 # Change permissions to 0600 to make it secure, and usable.
18 # Change permissions to 0600 to make it secure, and usable.
18 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
19 e.g chmod 0600 /home/{username}/.ssh/id_rsa_rhodecode_access_priv.key
19 </pre>
20 </pre>
20
21
21 <div>
22 <div>
22 <textarea style="height: 300px">${c.private}</textarea>
23 <textarea style="height: 300px">${c.private}</textarea>
23 </div>
24 </div>
24 <br/>
25 <br/>
25
26
26 <h4>${_('Public key')}</h4>
27 <h4>${_('Public key')}</h4>
27 <pre>
28 <pre>
28 # Save the below content as
29 # Save the below content as
29 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
30 # Windows: /Users/{username}/.ssh/id_rsa_rhodecode_access_pub.key
30 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
31 # macOS: /Users/{yourname}/.ssh/id_rsa_rhodecode_access_pub.key
31 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
32 # Linux: /home/{username}/.ssh/id_rsa_rhodecode_access_pub.key
32 </pre>
33 </pre>
33
34
34 <input type="text" value="${c.public}" class="large text" size="100"/>
35 <input type="text" value="${c.public}" class="large text" size="100"/>
35 <p>
36 <p>
36 % if hasattr(c, 'target_form_url'):
37 % if hasattr(c, 'target_form_url'):
37 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
38 <a href="${c.target_form_url}">${_('Use this generated key')}.</a>
38 % else:
39 % else:
39 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
40 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Use this generated key')}.</a>
40 % endif
41 % endif
41 ${_('Confirmation required on the next screen')}.
42 ${_('Confirmation required on the next screen')}.
42 </p>
43 </p>
44 % else:
45 <h2>
46 ${_('SSH key generator has been disabled.')}
47 </h2>
48 % endif
43 </div>
49 </div>
44 </div>
50 </div>
45
51
46 <script>
52 <script>
47
53
48 $(document).ready(function(){
54 $(document).ready(function(){
49
55
50
56
51 });
57 });
52 </script>
58 </script>
@@ -1,665 +1,669 b''
1
1
2
2
3 ################################################################################
3 ################################################################################
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 # The %(here)s variable will be replaced with the parent directory of this file#
5 # The %(here)s variable will be replaced with the parent directory of this file#
6 ################################################################################
6 ################################################################################
7
7
8 [DEFAULT]
8 [DEFAULT]
9 debug = true
9 debug = true
10
10
11 ################################################################################
11 ################################################################################
12 ## EMAIL CONFIGURATION ##
12 ## EMAIL CONFIGURATION ##
13 ## Uncomment and replace with the email address which should receive ##
13 ## Uncomment and replace with the email address which should receive ##
14 ## any error reports after an application crash ##
14 ## any error reports after an application crash ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 ################################################################################
16 ################################################################################
17
17
18 ## prefix all emails subjects with given prefix, helps filtering out emails
18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 #email_prefix = [RhodeCode]
19 #email_prefix = [RhodeCode]
20
20
21 ## email FROM address all mails will be sent
21 ## email FROM address all mails will be sent
22 #app_email_from = rhodecode-noreply@localhost
22 #app_email_from = rhodecode-noreply@localhost
23
23
24 ## Uncomment and replace with the address which should receive any error report
24 ## Uncomment and replace with the address which should receive any error report
25 ## note: using appenlight for error handling doesn't need this to be uncommented
25 ## note: using appenlight for error handling doesn't need this to be uncommented
26 #email_to = admin@localhost
26 #email_to = admin@localhost
27
27
28 #smtp_server = mail.server.com
28 #smtp_server = mail.server.com
29 #smtp_username =
29 #smtp_username =
30 #smtp_password =
30 #smtp_password =
31 #smtp_port =
31 #smtp_port =
32 #smtp_use_tls = false
32 #smtp_use_tls = false
33 #smtp_use_ssl = true
33 #smtp_use_ssl = true
34
34
35 [server:main]
35 [server:main]
36 ## COMMON ##
36 ## COMMON ##
37 host = 0.0.0.0
37 host = 0.0.0.0
38 port = 5000
38 port = 5000
39
39
40 ##########################
40 ##########################
41 ## GUNICORN WSGI SERVER ##
41 ## GUNICORN WSGI SERVER ##
42 ##########################
42 ##########################
43 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
43 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
44
44
45 use = egg:gunicorn#main
45 use = egg:gunicorn#main
46 ## Sets the number of process workers. You must set `instance_id = *`
46 ## Sets the number of process workers. You must set `instance_id = *`
47 ## when this option is set to more than one worker, recommended
47 ## when this option is set to more than one worker, recommended
48 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
48 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
49 ## The `instance_id = *` must be set in the [app:main] section below
49 ## The `instance_id = *` must be set in the [app:main] section below
50 #workers = 2
50 #workers = 2
51 ## number of threads for each of the worker, must be set to 1 for gevent
51 ## number of threads for each of the worker, must be set to 1 for gevent
52 ## generally recommened to be at 1
52 ## generally recommened to be at 1
53 #threads = 1
53 #threads = 1
54 ## process name
54 ## process name
55 #proc_name = rhodecode
55 #proc_name = rhodecode
56 ## type of worker class, one of sync, gevent
56 ## type of worker class, one of sync, gevent
57 ## recommended for bigger setup is using of of other than sync one
57 ## recommended for bigger setup is using of of other than sync one
58 #worker_class = sync
58 #worker_class = sync
59 ## The maximum number of simultaneous clients. Valid only for Gevent
59 ## The maximum number of simultaneous clients. Valid only for Gevent
60 #worker_connections = 10
60 #worker_connections = 10
61 ## max number of requests that worker will handle before being gracefully
61 ## max number of requests that worker will handle before being gracefully
62 ## restarted, could prevent memory leaks
62 ## restarted, could prevent memory leaks
63 #max_requests = 1000
63 #max_requests = 1000
64 #max_requests_jitter = 30
64 #max_requests_jitter = 30
65 ## amount of time a worker can spend with handling a request before it
65 ## amount of time a worker can spend with handling a request before it
66 ## gets killed and restarted. Set to 6hrs
66 ## gets killed and restarted. Set to 6hrs
67 #timeout = 21600
67 #timeout = 21600
68
68
69 ## prefix middleware for RhodeCode.
69 ## prefix middleware for RhodeCode.
70 ## recommended when using proxy setup.
70 ## recommended when using proxy setup.
71 ## allows to set RhodeCode under a prefix in server.
71 ## allows to set RhodeCode under a prefix in server.
72 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
72 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
73 ## And set your prefix like: `prefix = /custom_prefix`
73 ## And set your prefix like: `prefix = /custom_prefix`
74 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
74 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
75 ## to make your cookies only work on prefix url
75 ## to make your cookies only work on prefix url
76 [filter:proxy-prefix]
76 [filter:proxy-prefix]
77 use = egg:PasteDeploy#prefix
77 use = egg:PasteDeploy#prefix
78 prefix = /
78 prefix = /
79
79
80 [app:main]
80 [app:main]
81 is_test = True
81 is_test = True
82 use = egg:rhodecode-enterprise-ce
82 use = egg:rhodecode-enterprise-ce
83
83
84 ## enable proxy prefix middleware, defined above
84 ## enable proxy prefix middleware, defined above
85 #filter-with = proxy-prefix
85 #filter-with = proxy-prefix
86
86
87
87
88 ## RHODECODE PLUGINS ##
88 ## RHODECODE PLUGINS ##
89 rhodecode.includes = rhodecode.api
89 rhodecode.includes = rhodecode.api
90
90
91 # api prefix url
91 # api prefix url
92 rhodecode.api.url = /_admin/api
92 rhodecode.api.url = /_admin/api
93
93
94
94
95 ## END RHODECODE PLUGINS ##
95 ## END RHODECODE PLUGINS ##
96
96
97 ## encryption key used to encrypt social plugin tokens,
97 ## encryption key used to encrypt social plugin tokens,
98 ## remote_urls with credentials etc, if not set it defaults to
98 ## remote_urls with credentials etc, if not set it defaults to
99 ## `beaker.session.secret`
99 ## `beaker.session.secret`
100 #rhodecode.encrypted_values.secret =
100 #rhodecode.encrypted_values.secret =
101
101
102 ## decryption strict mode (enabled by default). It controls if decryption raises
102 ## decryption strict mode (enabled by default). It controls if decryption raises
103 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
103 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
104 #rhodecode.encrypted_values.strict = false
104 #rhodecode.encrypted_values.strict = false
105
105
106 ## return gzipped responses from Rhodecode (static files/application)
106 ## return gzipped responses from Rhodecode (static files/application)
107 gzip_responses = false
107 gzip_responses = false
108
108
109 ## autogenerate javascript routes file on startup
109 ## autogenerate javascript routes file on startup
110 generate_js_files = false
110 generate_js_files = false
111
111
112 ## Optional Languages
112 ## Optional Languages
113 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
113 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
114 lang = en
114 lang = en
115
115
116 ## perform a full repository scan on each server start, this should be
116 ## perform a full repository scan on each server start, this should be
117 ## set to false after first startup, to allow faster server restarts.
117 ## set to false after first startup, to allow faster server restarts.
118 startup.import_repos = true
118 startup.import_repos = true
119
119
120 ## Uncomment and set this path to use archive download cache.
120 ## Uncomment and set this path to use archive download cache.
121 ## Once enabled, generated archives will be cached at this location
121 ## Once enabled, generated archives will be cached at this location
122 ## and served from the cache during subsequent requests for the same archive of
122 ## and served from the cache during subsequent requests for the same archive of
123 ## the repository.
123 ## the repository.
124 #archive_cache_dir = /tmp/tarballcache
124 #archive_cache_dir = /tmp/tarballcache
125
125
126 ## URL at which the application is running. This is used for bootstraping
126 ## URL at which the application is running. This is used for bootstraping
127 ## requests in context when no web request is available. Used in ishell, or
127 ## requests in context when no web request is available. Used in ishell, or
128 ## SSH calls. Set this for events to receive proper url for SSH calls.
128 ## SSH calls. Set this for events to receive proper url for SSH calls.
129 app.base_url = http://rhodecode.local
129 app.base_url = http://rhodecode.local
130
130
131 ## change this to unique ID for security
131 ## change this to unique ID for security
132 app_instance_uuid = rc-production
132 app_instance_uuid = rc-production
133
133
134 ## cut off limit for large diffs (size in bytes)
134 ## cut off limit for large diffs (size in bytes)
135 cut_off_limit_diff = 1024000
135 cut_off_limit_diff = 1024000
136 cut_off_limit_file = 256000
136 cut_off_limit_file = 256000
137
137
138 ## use cache version of scm repo everywhere
138 ## use cache version of scm repo everywhere
139 vcs_full_cache = false
139 vcs_full_cache = false
140
140
141 ## force https in RhodeCode, fixes https redirects, assumes it's always https
141 ## force https in RhodeCode, fixes https redirects, assumes it's always https
142 ## Normally this is controlled by proper http flags sent from http server
142 ## Normally this is controlled by proper http flags sent from http server
143 force_https = false
143 force_https = false
144
144
145 ## use Strict-Transport-Security headers
145 ## use Strict-Transport-Security headers
146 use_htsts = false
146 use_htsts = false
147
147
148 ## git rev filter option, --all is the default filter, if you need to
148 ## git rev filter option, --all is the default filter, if you need to
149 ## hide all refs in changelog switch this to --branches --tags
149 ## hide all refs in changelog switch this to --branches --tags
150 git_rev_filter = --all
150 git_rev_filter = --all
151
151
152 # Set to true if your repos are exposed using the dumb protocol
152 # Set to true if your repos are exposed using the dumb protocol
153 git_update_server_info = false
153 git_update_server_info = false
154
154
155 ## RSS/ATOM feed options
155 ## RSS/ATOM feed options
156 rss_cut_off_limit = 256000
156 rss_cut_off_limit = 256000
157 rss_items_per_page = 10
157 rss_items_per_page = 10
158 rss_include_diff = false
158 rss_include_diff = false
159
159
160 ## gist URL alias, used to create nicer urls for gist. This should be an
160 ## gist URL alias, used to create nicer urls for gist. This should be an
161 ## url that does rewrites to _admin/gists/{gistid}.
161 ## url that does rewrites to _admin/gists/{gistid}.
162 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
162 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
163 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
163 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
164 gist_alias_url =
164 gist_alias_url =
165
165
166 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
166 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
167 ## used for access.
167 ## used for access.
168 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
168 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
169 ## came from the the logged in user who own this authentication token.
169 ## came from the the logged in user who own this authentication token.
170 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
170 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
171 ## authentication token. Such view would be only accessible when used together
171 ## authentication token. Such view would be only accessible when used together
172 ## with this authentication token
172 ## with this authentication token
173 ##
173 ##
174 ## list of all views can be found under `/_admin/permissions/auth_token_access`
174 ## list of all views can be found under `/_admin/permissions/auth_token_access`
175 ## The list should be "," separated and on a single line.
175 ## The list should be "," separated and on a single line.
176 ##
176 ##
177 ## Most common views to enable:
177 ## Most common views to enable:
178 # RepoCommitsView:repo_commit_download
178 # RepoCommitsView:repo_commit_download
179 # RepoCommitsView:repo_commit_patch
179 # RepoCommitsView:repo_commit_patch
180 # RepoCommitsView:repo_commit_raw
180 # RepoCommitsView:repo_commit_raw
181 # RepoCommitsView:repo_commit_raw@TOKEN
181 # RepoCommitsView:repo_commit_raw@TOKEN
182 # RepoFilesView:repo_files_diff
182 # RepoFilesView:repo_files_diff
183 # RepoFilesView:repo_archivefile
183 # RepoFilesView:repo_archivefile
184 # RepoFilesView:repo_file_raw
184 # RepoFilesView:repo_file_raw
185 # GistView:*
185 # GistView:*
186 api_access_controllers_whitelist =
186 api_access_controllers_whitelist =
187
187
188 ## default encoding used to convert from and to unicode
188 ## default encoding used to convert from and to unicode
189 ## can be also a comma separated list of encoding in case of mixed encodings
189 ## can be also a comma separated list of encoding in case of mixed encodings
190 default_encoding = UTF-8
190 default_encoding = UTF-8
191
191
192 ## instance-id prefix
192 ## instance-id prefix
193 ## a prefix key for this instance used for cache invalidation when running
193 ## a prefix key for this instance used for cache invalidation when running
194 ## multiple instances of rhodecode, make sure it's globally unique for
194 ## multiple instances of rhodecode, make sure it's globally unique for
195 ## all running rhodecode instances. Leave empty if you don't use it
195 ## all running rhodecode instances. Leave empty if you don't use it
196 instance_id =
196 instance_id =
197
197
198 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
198 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
199 ## of an authentication plugin also if it is disabled by it's settings.
199 ## of an authentication plugin also if it is disabled by it's settings.
200 ## This could be useful if you are unable to log in to the system due to broken
200 ## This could be useful if you are unable to log in to the system due to broken
201 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
201 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
202 ## module to log in again and fix the settings.
202 ## module to log in again and fix the settings.
203 ##
203 ##
204 ## Available builtin plugin IDs (hash is part of the ID):
204 ## Available builtin plugin IDs (hash is part of the ID):
205 ## egg:rhodecode-enterprise-ce#rhodecode
205 ## egg:rhodecode-enterprise-ce#rhodecode
206 ## egg:rhodecode-enterprise-ce#pam
206 ## egg:rhodecode-enterprise-ce#pam
207 ## egg:rhodecode-enterprise-ce#ldap
207 ## egg:rhodecode-enterprise-ce#ldap
208 ## egg:rhodecode-enterprise-ce#jasig_cas
208 ## egg:rhodecode-enterprise-ce#jasig_cas
209 ## egg:rhodecode-enterprise-ce#headers
209 ## egg:rhodecode-enterprise-ce#headers
210 ## egg:rhodecode-enterprise-ce#crowd
210 ## egg:rhodecode-enterprise-ce#crowd
211 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
211 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
212
212
213 ## alternative return HTTP header for failed authentication. Default HTTP
213 ## alternative return HTTP header for failed authentication. Default HTTP
214 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
214 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
215 ## handling that causing a series of failed authentication calls.
215 ## handling that causing a series of failed authentication calls.
216 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
216 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
217 ## This will be served instead of default 401 on bad authnetication
217 ## This will be served instead of default 401 on bad authnetication
218 auth_ret_code =
218 auth_ret_code =
219
219
220 ## use special detection method when serving auth_ret_code, instead of serving
220 ## use special detection method when serving auth_ret_code, instead of serving
221 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
221 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
222 ## and then serve auth_ret_code to clients
222 ## and then serve auth_ret_code to clients
223 auth_ret_code_detection = false
223 auth_ret_code_detection = false
224
224
225 ## locking return code. When repository is locked return this HTTP code. 2XX
225 ## locking return code. When repository is locked return this HTTP code. 2XX
226 ## codes don't break the transactions while 4XX codes do
226 ## codes don't break the transactions while 4XX codes do
227 lock_ret_code = 423
227 lock_ret_code = 423
228
228
229 ## allows to change the repository location in settings page
229 ## allows to change the repository location in settings page
230 allow_repo_location_change = true
230 allow_repo_location_change = true
231
231
232 ## allows to setup custom hooks in settings page
232 ## allows to setup custom hooks in settings page
233 allow_custom_hooks_settings = true
233 allow_custom_hooks_settings = true
234
234
235 ## generated license token, goto license page in RhodeCode settings to obtain
235 ## generated license token, goto license page in RhodeCode settings to obtain
236 ## new token
236 ## new token
237 license_token = abra-cada-bra1-rce3
237 license_token = abra-cada-bra1-rce3
238
238
239 ## supervisor connection uri, for managing supervisor and logs.
239 ## supervisor connection uri, for managing supervisor and logs.
240 supervisor.uri =
240 supervisor.uri =
241 ## supervisord group name/id we only want this RC instance to handle
241 ## supervisord group name/id we only want this RC instance to handle
242 supervisor.group_id = dev
242 supervisor.group_id = dev
243
243
244 ## Display extended labs settings
244 ## Display extended labs settings
245 labs_settings_active = true
245 labs_settings_active = true
246
246
247 ####################################
247 ####################################
248 ### CELERY CONFIG ####
248 ### CELERY CONFIG ####
249 ####################################
249 ####################################
250 use_celery = false
250 use_celery = false
251 broker.host = localhost
251 broker.host = localhost
252 broker.vhost = rabbitmqhost
252 broker.vhost = rabbitmqhost
253 broker.port = 5672
253 broker.port = 5672
254 broker.user = rabbitmq
254 broker.user = rabbitmq
255 broker.password = qweqwe
255 broker.password = qweqwe
256
256
257 celery.imports = rhodecode.lib.celerylib.tasks
257 celery.imports = rhodecode.lib.celerylib.tasks
258
258
259 celery.result.backend = amqp
259 celery.result.backend = amqp
260 celery.result.dburi = amqp://
260 celery.result.dburi = amqp://
261 celery.result.serialier = json
261 celery.result.serialier = json
262
262
263 #celery.send.task.error.emails = true
263 #celery.send.task.error.emails = true
264 #celery.amqp.task.result.expires = 18000
264 #celery.amqp.task.result.expires = 18000
265
265
266 celeryd.concurrency = 2
266 celeryd.concurrency = 2
267 #celeryd.log.file = celeryd.log
267 #celeryd.log.file = celeryd.log
268 celeryd.log.level = debug
268 celeryd.log.level = debug
269 celeryd.max.tasks.per.child = 1
269 celeryd.max.tasks.per.child = 1
270
270
271 ## tasks will never be sent to the queue, but executed locally instead.
271 ## tasks will never be sent to the queue, but executed locally instead.
272 celery.always.eager = false
272 celery.always.eager = false
273
273
274 ####################################
274 ####################################
275 ### BEAKER CACHE ####
275 ### BEAKER CACHE ####
276 ####################################
276 ####################################
277 # default cache dir for templates. Putting this into a ramdisk
277 # default cache dir for templates. Putting this into a ramdisk
278 ## can boost performance, eg. %(here)s/data_ramdisk
278 ## can boost performance, eg. %(here)s/data_ramdisk
279 cache_dir = %(here)s/data
279 cache_dir = %(here)s/data
280
280
281 ## locking and default file storage for Beaker. Putting this into a ramdisk
281 ## locking and default file storage for Beaker. Putting this into a ramdisk
282 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
282 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
283 beaker.cache.data_dir = %(here)s/rc/data/cache/beaker_data
283 beaker.cache.data_dir = %(here)s/rc/data/cache/beaker_data
284 beaker.cache.lock_dir = %(here)s/rc/data/cache/beaker_lock
284 beaker.cache.lock_dir = %(here)s/rc/data/cache/beaker_lock
285
285
286 beaker.cache.regions = long_term
286 beaker.cache.regions = long_term
287
287
288 beaker.cache.long_term.type = memory
288 beaker.cache.long_term.type = memory
289 beaker.cache.long_term.expire = 36000
289 beaker.cache.long_term.expire = 36000
290 beaker.cache.long_term.key_length = 256
290 beaker.cache.long_term.key_length = 256
291
291
292
292
293 #####################################
293 #####################################
294 ### DOGPILE CACHE ####
294 ### DOGPILE CACHE ####
295 #####################################
295 #####################################
296
296
297 ## permission tree cache settings
297 ## permission tree cache settings
298 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
298 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
299 rc_cache.cache_perms.expiration_time = 0
299 rc_cache.cache_perms.expiration_time = 0
300 rc_cache.cache_perms.arguments.filename = /tmp/rc_cache_1
300 rc_cache.cache_perms.arguments.filename = /tmp/rc_cache_1
301
301
302
302
303 ## cache settings for SQL queries
303 ## cache settings for SQL queries
304 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
304 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
305 rc_cache.sql_cache_short.expiration_time = 0
305 rc_cache.sql_cache_short.expiration_time = 0
306
306
307
307
308 ####################################
308 ####################################
309 ### BEAKER SESSION ####
309 ### BEAKER SESSION ####
310 ####################################
310 ####################################
311
311
312 ## .session.type is type of storage options for the session, current allowed
312 ## .session.type is type of storage options for the session, current allowed
313 ## types are file, ext:memcached, ext:database, and memory (default).
313 ## types are file, ext:memcached, ext:database, and memory (default).
314 beaker.session.type = file
314 beaker.session.type = file
315 beaker.session.data_dir = %(here)s/rc/data/sessions/data
315 beaker.session.data_dir = %(here)s/rc/data/sessions/data
316
316
317 ## db based session, fast, and allows easy management over logged in users
317 ## db based session, fast, and allows easy management over logged in users
318 #beaker.session.type = ext:database
318 #beaker.session.type = ext:database
319 #beaker.session.table_name = db_session
319 #beaker.session.table_name = db_session
320 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
320 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
321 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
321 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
322 #beaker.session.sa.pool_recycle = 3600
322 #beaker.session.sa.pool_recycle = 3600
323 #beaker.session.sa.echo = false
323 #beaker.session.sa.echo = false
324
324
325 beaker.session.key = rhodecode
325 beaker.session.key = rhodecode
326 beaker.session.secret = test-rc-uytcxaz
326 beaker.session.secret = test-rc-uytcxaz
327 beaker.session.lock_dir = %(here)s/rc/data/sessions/lock
327 beaker.session.lock_dir = %(here)s/rc/data/sessions/lock
328
328
329 ## Secure encrypted cookie. Requires AES and AES python libraries
329 ## Secure encrypted cookie. Requires AES and AES python libraries
330 ## you must disable beaker.session.secret to use this
330 ## you must disable beaker.session.secret to use this
331 #beaker.session.encrypt_key = key_for_encryption
331 #beaker.session.encrypt_key = key_for_encryption
332 #beaker.session.validate_key = validation_key
332 #beaker.session.validate_key = validation_key
333
333
334 ## sets session as invalid(also logging out user) if it haven not been
334 ## sets session as invalid(also logging out user) if it haven not been
335 ## accessed for given amount of time in seconds
335 ## accessed for given amount of time in seconds
336 beaker.session.timeout = 2592000
336 beaker.session.timeout = 2592000
337 beaker.session.httponly = true
337 beaker.session.httponly = true
338 ## Path to use for the cookie. Set to prefix if you use prefix middleware
338 ## Path to use for the cookie. Set to prefix if you use prefix middleware
339 #beaker.session.cookie_path = /custom_prefix
339 #beaker.session.cookie_path = /custom_prefix
340
340
341 ## uncomment for https secure cookie
341 ## uncomment for https secure cookie
342 beaker.session.secure = false
342 beaker.session.secure = false
343
343
344 ## auto save the session to not to use .save()
344 ## auto save the session to not to use .save()
345 beaker.session.auto = false
345 beaker.session.auto = false
346
346
347 ## default cookie expiration time in seconds, set to `true` to set expire
347 ## default cookie expiration time in seconds, set to `true` to set expire
348 ## at browser close
348 ## at browser close
349 #beaker.session.cookie_expires = 3600
349 #beaker.session.cookie_expires = 3600
350
350
351 ###################################
351 ###################################
352 ## SEARCH INDEXING CONFIGURATION ##
352 ## SEARCH INDEXING CONFIGURATION ##
353 ###################################
353 ###################################
354 ## Full text search indexer is available in rhodecode-tools under
354 ## Full text search indexer is available in rhodecode-tools under
355 ## `rhodecode-tools index` command
355 ## `rhodecode-tools index` command
356
356
357 ## WHOOSH Backend, doesn't require additional services to run
357 ## WHOOSH Backend, doesn't require additional services to run
358 ## it works good with few dozen repos
358 ## it works good with few dozen repos
359 search.module = rhodecode.lib.index.whoosh
359 search.module = rhodecode.lib.index.whoosh
360 search.location = %(here)s/data/index
360 search.location = %(here)s/data/index
361
361
362 ########################################
362 ########################################
363 ### CHANNELSTREAM CONFIG ####
363 ### CHANNELSTREAM CONFIG ####
364 ########################################
364 ########################################
365 ## channelstream enables persistent connections and live notification
365 ## channelstream enables persistent connections and live notification
366 ## in the system. It's also used by the chat system
366 ## in the system. It's also used by the chat system
367
367
368 channelstream.enabled = false
368 channelstream.enabled = false
369
369
370 ## server address for channelstream server on the backend
370 ## server address for channelstream server on the backend
371 channelstream.server = 127.0.0.1:9800
371 channelstream.server = 127.0.0.1:9800
372 ## location of the channelstream server from outside world
372 ## location of the channelstream server from outside world
373 ## use ws:// for http or wss:// for https. This address needs to be handled
373 ## use ws:// for http or wss:// for https. This address needs to be handled
374 ## by external HTTP server such as Nginx or Apache
374 ## by external HTTP server such as Nginx or Apache
375 ## see nginx/apache configuration examples in our docs
375 ## see nginx/apache configuration examples in our docs
376 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
376 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
377 channelstream.secret = secret
377 channelstream.secret = secret
378 channelstream.history.location = %(here)s/channelstream_history
378 channelstream.history.location = %(here)s/channelstream_history
379
379
380 ## Internal application path that Javascript uses to connect into.
380 ## Internal application path that Javascript uses to connect into.
381 ## If you use proxy-prefix the prefix should be added before /_channelstream
381 ## If you use proxy-prefix the prefix should be added before /_channelstream
382 channelstream.proxy_path = /_channelstream
382 channelstream.proxy_path = /_channelstream
383
383
384
384
385 ###################################
385 ###################################
386 ## APPENLIGHT CONFIG ##
386 ## APPENLIGHT CONFIG ##
387 ###################################
387 ###################################
388
388
389 ## Appenlight is tailored to work with RhodeCode, see
389 ## Appenlight is tailored to work with RhodeCode, see
390 ## http://appenlight.com for details how to obtain an account
390 ## http://appenlight.com for details how to obtain an account
391
391
392 ## appenlight integration enabled
392 ## appenlight integration enabled
393 appenlight = false
393 appenlight = false
394
394
395 appenlight.server_url = https://api.appenlight.com
395 appenlight.server_url = https://api.appenlight.com
396 appenlight.api_key = YOUR_API_KEY
396 appenlight.api_key = YOUR_API_KEY
397 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
397 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
398
398
399 # used for JS client
399 # used for JS client
400 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
400 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
401
401
402 ## TWEAK AMOUNT OF INFO SENT HERE
402 ## TWEAK AMOUNT OF INFO SENT HERE
403
403
404 ## enables 404 error logging (default False)
404 ## enables 404 error logging (default False)
405 appenlight.report_404 = false
405 appenlight.report_404 = false
406
406
407 ## time in seconds after request is considered being slow (default 1)
407 ## time in seconds after request is considered being slow (default 1)
408 appenlight.slow_request_time = 1
408 appenlight.slow_request_time = 1
409
409
410 ## record slow requests in application
410 ## record slow requests in application
411 ## (needs to be enabled for slow datastore recording and time tracking)
411 ## (needs to be enabled for slow datastore recording and time tracking)
412 appenlight.slow_requests = true
412 appenlight.slow_requests = true
413
413
414 ## enable hooking to application loggers
414 ## enable hooking to application loggers
415 appenlight.logging = true
415 appenlight.logging = true
416
416
417 ## minimum log level for log capture
417 ## minimum log level for log capture
418 appenlight.logging.level = WARNING
418 appenlight.logging.level = WARNING
419
419
420 ## send logs only from erroneous/slow requests
420 ## send logs only from erroneous/slow requests
421 ## (saves API quota for intensive logging)
421 ## (saves API quota for intensive logging)
422 appenlight.logging_on_error = false
422 appenlight.logging_on_error = false
423
423
424 ## list of additonal keywords that should be grabbed from environ object
424 ## list of additonal keywords that should be grabbed from environ object
425 ## can be string with comma separated list of words in lowercase
425 ## can be string with comma separated list of words in lowercase
426 ## (by default client will always send following info:
426 ## (by default client will always send following info:
427 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
427 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
428 ## start with HTTP* this list be extended with additional keywords here
428 ## start with HTTP* this list be extended with additional keywords here
429 appenlight.environ_keys_whitelist =
429 appenlight.environ_keys_whitelist =
430
430
431 ## list of keywords that should be blanked from request object
431 ## list of keywords that should be blanked from request object
432 ## can be string with comma separated list of words in lowercase
432 ## can be string with comma separated list of words in lowercase
433 ## (by default client will always blank keys that contain following words
433 ## (by default client will always blank keys that contain following words
434 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
434 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
435 ## this list be extended with additional keywords set here
435 ## this list be extended with additional keywords set here
436 appenlight.request_keys_blacklist =
436 appenlight.request_keys_blacklist =
437
437
438 ## list of namespaces that should be ignores when gathering log entries
438 ## list of namespaces that should be ignores when gathering log entries
439 ## can be string with comma separated list of namespaces
439 ## can be string with comma separated list of namespaces
440 ## (by default the client ignores own entries: appenlight_client.client)
440 ## (by default the client ignores own entries: appenlight_client.client)
441 appenlight.log_namespace_blacklist =
441 appenlight.log_namespace_blacklist =
442
442
443
443
444 ################################################################################
444 ################################################################################
445 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
445 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
446 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
446 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
447 ## execute malicious code after an exception is raised. ##
447 ## execute malicious code after an exception is raised. ##
448 ################################################################################
448 ################################################################################
449 set debug = false
449 set debug = false
450
450
451
451
452 ##############
452 ##############
453 ## STYLING ##
453 ## STYLING ##
454 ##############
454 ##############
455 debug_style = false
455 debug_style = false
456
456
457 ###########################################
457 ###########################################
458 ### MAIN RHODECODE DATABASE CONFIG ###
458 ### MAIN RHODECODE DATABASE CONFIG ###
459 ###########################################
459 ###########################################
460 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode_test.db?timeout=30
460 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode_test.db?timeout=30
461 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode_test
461 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode_test
462 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode_test
462 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode_test
463 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode_test.db?timeout=30
463 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode_test.db?timeout=30
464
464
465 # see sqlalchemy docs for other advanced settings
465 # see sqlalchemy docs for other advanced settings
466
466
467 ## print the sql statements to output
467 ## print the sql statements to output
468 sqlalchemy.db1.echo = false
468 sqlalchemy.db1.echo = false
469 ## recycle the connections after this amount of seconds
469 ## recycle the connections after this amount of seconds
470 sqlalchemy.db1.pool_recycle = 3600
470 sqlalchemy.db1.pool_recycle = 3600
471 sqlalchemy.db1.convert_unicode = true
471 sqlalchemy.db1.convert_unicode = true
472
472
473 ## the number of connections to keep open inside the connection pool.
473 ## the number of connections to keep open inside the connection pool.
474 ## 0 indicates no limit
474 ## 0 indicates no limit
475 #sqlalchemy.db1.pool_size = 5
475 #sqlalchemy.db1.pool_size = 5
476
476
477 ## the number of connections to allow in connection pool "overflow", that is
477 ## the number of connections to allow in connection pool "overflow", that is
478 ## connections that can be opened above and beyond the pool_size setting,
478 ## connections that can be opened above and beyond the pool_size setting,
479 ## which defaults to five.
479 ## which defaults to five.
480 #sqlalchemy.db1.max_overflow = 10
480 #sqlalchemy.db1.max_overflow = 10
481
481
482
482
483 ##################
483 ##################
484 ### VCS CONFIG ###
484 ### VCS CONFIG ###
485 ##################
485 ##################
486 vcs.server.enable = true
486 vcs.server.enable = true
487 vcs.server = localhost:9901
487 vcs.server = localhost:9901
488
488
489 ## Web server connectivity protocol, responsible for web based VCS operatations
489 ## Web server connectivity protocol, responsible for web based VCS operatations
490 ## Available protocols are:
490 ## Available protocols are:
491 ## `http` - use http-rpc backend (default)
491 ## `http` - use http-rpc backend (default)
492 vcs.server.protocol = http
492 vcs.server.protocol = http
493
493
494 ## Push/Pull operations protocol, available options are:
494 ## Push/Pull operations protocol, available options are:
495 ## `http` - use http-rpc backend (default)
495 ## `http` - use http-rpc backend (default)
496 ## `vcsserver.scm_app` - internal app (EE only)
496 ## `vcsserver.scm_app` - internal app (EE only)
497 vcs.scm_app_implementation = http
497 vcs.scm_app_implementation = http
498
498
499 ## Push/Pull operations hooks protocol, available options are:
499 ## Push/Pull operations hooks protocol, available options are:
500 ## `http` - use http-rpc backend (default)
500 ## `http` - use http-rpc backend (default)
501 vcs.hooks.protocol = http
501 vcs.hooks.protocol = http
502 vcs.hooks.host = 127.0.0.1
502 vcs.hooks.host = 127.0.0.1
503
503
504 vcs.server.log_level = debug
504 vcs.server.log_level = debug
505 ## Start VCSServer with this instance as a subprocess, Useful for development
505 ## Start VCSServer with this instance as a subprocess, Useful for development
506 vcs.start_server = false
506 vcs.start_server = false
507
507
508 ## List of enabled VCS backends, available options are:
508 ## List of enabled VCS backends, available options are:
509 ## `hg` - mercurial
509 ## `hg` - mercurial
510 ## `git` - git
510 ## `git` - git
511 ## `svn` - subversion
511 ## `svn` - subversion
512 vcs.backends = hg, git, svn
512 vcs.backends = hg, git, svn
513
513
514 vcs.connection_timeout = 3600
514 vcs.connection_timeout = 3600
515 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
515 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
516 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
516 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
517 #vcs.svn.compatible_version = pre-1.8-compatible
517 #vcs.svn.compatible_version = pre-1.8-compatible
518
518
519
519
520 ############################################################
520 ############################################################
521 ### Subversion proxy support (mod_dav_svn) ###
521 ### Subversion proxy support (mod_dav_svn) ###
522 ### Maps RhodeCode repo groups into SVN paths for Apache ###
522 ### Maps RhodeCode repo groups into SVN paths for Apache ###
523 ############################################################
523 ############################################################
524 ## Enable or disable the config file generation.
524 ## Enable or disable the config file generation.
525 svn.proxy.generate_config = false
525 svn.proxy.generate_config = false
526 ## Generate config file with `SVNListParentPath` set to `On`.
526 ## Generate config file with `SVNListParentPath` set to `On`.
527 svn.proxy.list_parent_path = true
527 svn.proxy.list_parent_path = true
528 ## Set location and file name of generated config file.
528 ## Set location and file name of generated config file.
529 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
529 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
530 ## Used as a prefix to the `Location` block in the generated config file.
530 ## Used as a prefix to the `Location` block in the generated config file.
531 ## In most cases it should be set to `/`.
531 ## In most cases it should be set to `/`.
532 svn.proxy.location_root = /
532 svn.proxy.location_root = /
533 ## Command to reload the mod dav svn configuration on change.
533 ## Command to reload the mod dav svn configuration on change.
534 ## Example: `/etc/init.d/apache2 reload`
534 ## Example: `/etc/init.d/apache2 reload`
535 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
535 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
536 ## If the timeout expires before the reload command finishes, the command will
536 ## If the timeout expires before the reload command finishes, the command will
537 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
537 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
538 #svn.proxy.reload_timeout = 10
538 #svn.proxy.reload_timeout = 10
539
539
540 ############################################################
540 ############################################################
541 ### SSH Support Settings ###
541 ### SSH Support Settings ###
542 ############################################################
542 ############################################################
543
543
544 ## Defines if the authorized_keys file should be written on any change of
544 ## Defines if the authorized_keys file should be written on any change of
545 ## user ssh keys, setting this to false also disables posibility of adding
545 ## user ssh keys, setting this to false also disables posibility of adding
546 ## ssh keys for users from web interface.
546 ## ssh keys for users from web interface.
547 ssh.generate_authorized_keyfile = true
547 ssh.generate_authorized_keyfile = true
548
548
549 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
549 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
550 # ssh.authorized_keys_ssh_opts =
550 # ssh.authorized_keys_ssh_opts =
551
551
552 ## File to generate the authorized keys together with options
552 ## File to generate the authorized keys together with options
553 ## It is possible to have multiple key files specified in `sshd_config` e.g.
553 ## It is possible to have multiple key files specified in `sshd_config` e.g.
554 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
554 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
555 ssh.authorized_keys_file_path = %(here)s/rc/authorized_keys_rhodecode
555 ssh.authorized_keys_file_path = %(here)s/rc/authorized_keys_rhodecode
556
556
557 ## Command to execute the SSH wrapper. The binary is available in the
557 ## Command to execute the SSH wrapper. The binary is available in the
558 ## rhodecode installation directory.
558 ## rhodecode installation directory.
559 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
559 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
560 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
560 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
561
561
562 ## Allow shell when executing the ssh-wrapper command
562 ## Allow shell when executing the ssh-wrapper command
563 ssh.wrapper_cmd_allow_shell = false
563 ssh.wrapper_cmd_allow_shell = false
564
564
565 ## Enables logging, and detailed output send back to the client. Useful for
565 ## Enables logging, and detailed output send back to the client. Useful for
566 ## debugging, shouldn't be used in production.
566 ## debugging, shouldn't be used in production.
567 ssh.enable_debug_logging = false
567 ssh.enable_debug_logging = false
568
568
569 ## Paths to binary executrables, by default they are the names, but we can
569 ## Paths to binary executrables, by default they are the names, but we can
570 ## override them if we want to use a custom one
570 ## override them if we want to use a custom one
571 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
571 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
572 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
573 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
574
574
575 ## Enables SSH key generator web interface. Disabling this still allows users
576 ## to add their own keys.
577 ssh.enable_ui_key_generator = true
578
575
579
576 ## Dummy marker to add new entries after.
580 ## Dummy marker to add new entries after.
577 ## Add any custom entries below. Please don't remove.
581 ## Add any custom entries below. Please don't remove.
578 custom.conf = 1
582 custom.conf = 1
579
583
580
584
581 ################################
585 ################################
582 ### LOGGING CONFIGURATION ####
586 ### LOGGING CONFIGURATION ####
583 ################################
587 ################################
584 [loggers]
588 [loggers]
585 keys = root, sqlalchemy, beaker, rhodecode, ssh_wrapper
589 keys = root, sqlalchemy, beaker, rhodecode, ssh_wrapper
586
590
587 [handlers]
591 [handlers]
588 keys = console, console_sql
592 keys = console, console_sql
589
593
590 [formatters]
594 [formatters]
591 keys = generic, color_formatter, color_formatter_sql
595 keys = generic, color_formatter, color_formatter_sql
592
596
593 #############
597 #############
594 ## LOGGERS ##
598 ## LOGGERS ##
595 #############
599 #############
596 [logger_root]
600 [logger_root]
597 level = NOTSET
601 level = NOTSET
598 handlers = console
602 handlers = console
599
603
600 [logger_routes]
604 [logger_routes]
601 level = DEBUG
605 level = DEBUG
602 handlers =
606 handlers =
603 qualname = routes.middleware
607 qualname = routes.middleware
604 ## "level = DEBUG" logs the route matched and routing variables.
608 ## "level = DEBUG" logs the route matched and routing variables.
605 propagate = 1
609 propagate = 1
606
610
607 [logger_beaker]
611 [logger_beaker]
608 level = DEBUG
612 level = DEBUG
609 handlers =
613 handlers =
610 qualname = beaker.container
614 qualname = beaker.container
611 propagate = 1
615 propagate = 1
612
616
613 [logger_rhodecode]
617 [logger_rhodecode]
614 level = DEBUG
618 level = DEBUG
615 handlers =
619 handlers =
616 qualname = rhodecode
620 qualname = rhodecode
617 propagate = 1
621 propagate = 1
618
622
619 [logger_sqlalchemy]
623 [logger_sqlalchemy]
620 level = ERROR
624 level = ERROR
621 handlers = console_sql
625 handlers = console_sql
622 qualname = sqlalchemy.engine
626 qualname = sqlalchemy.engine
623 propagate = 0
627 propagate = 0
624
628
625 [logger_ssh_wrapper]
629 [logger_ssh_wrapper]
626 level = DEBUG
630 level = DEBUG
627 handlers =
631 handlers =
628 qualname = ssh_wrapper
632 qualname = ssh_wrapper
629 propagate = 1
633 propagate = 1
630
634
631
635
632 ##############
636 ##############
633 ## HANDLERS ##
637 ## HANDLERS ##
634 ##############
638 ##############
635
639
636 [handler_console]
640 [handler_console]
637 class = StreamHandler
641 class = StreamHandler
638 args = (sys.stderr,)
642 args = (sys.stderr,)
639 level = DEBUG
643 level = DEBUG
640 formatter = generic
644 formatter = generic
641
645
642 [handler_console_sql]
646 [handler_console_sql]
643 class = StreamHandler
647 class = StreamHandler
644 args = (sys.stderr,)
648 args = (sys.stderr,)
645 level = WARN
649 level = WARN
646 formatter = generic
650 formatter = generic
647
651
648 ################
652 ################
649 ## FORMATTERS ##
653 ## FORMATTERS ##
650 ################
654 ################
651
655
652 [formatter_generic]
656 [formatter_generic]
653 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
657 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
654 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
658 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
655 datefmt = %Y-%m-%d %H:%M:%S
659 datefmt = %Y-%m-%d %H:%M:%S
656
660
657 [formatter_color_formatter]
661 [formatter_color_formatter]
658 class = rhodecode.lib.logging_formatter.ColorFormatter
662 class = rhodecode.lib.logging_formatter.ColorFormatter
659 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
663 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
660 datefmt = %Y-%m-%d %H:%M:%S
664 datefmt = %Y-%m-%d %H:%M:%S
661
665
662 [formatter_color_formatter_sql]
666 [formatter_color_formatter_sql]
663 class = rhodecode.lib.logging_formatter.ColorFormatterSql
667 class = rhodecode.lib.logging_formatter.ColorFormatterSql
664 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
668 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
665 datefmt = %Y-%m-%d %H:%M:%S
669 datefmt = %Y-%m-%d %H:%M:%S
General Comments 0
You need to be logged in to leave comments. Login now