##// END OF EJS Templates
ini: updated .ini templates
marcink -
r4177:986125b8 default
parent child Browse files
Show More
@@ -1,829 +1,833 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 ; #########################################
4 4 ; RHODECODE COMMUNITY EDITION CONFIGURATION
5 5 ; #########################################
6 6
7 7 [DEFAULT]
8 8 ; Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = true
10 10
11 11 ; ########################################################################
12 12 ; EMAIL CONFIGURATION
13 13 ; These settings will be used by the RhodeCode mailing system
14 14 ; ########################################################################
15 15
16 16 ; prefix all emails subjects with given prefix, helps filtering out emails
17 17 #email_prefix = [RhodeCode]
18 18
19 19 ; email FROM address all mails will be sent
20 20 #app_email_from = rhodecode-noreply@localhost
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28
29 29 [server:main]
30 30 ; COMMON HOST/IP CONFIG
31 31 host = 127.0.0.1
32 32 port = 5000
33 33
34 34 ; ##################################################
35 35 ; WAITRESS WSGI SERVER - Recommended for Development
36 36 ; ##################################################
37 37
38 38 ; use server type
39 39 use = egg:waitress#main
40 40
41 41 ; number of worker threads
42 42 threads = 5
43 43
44 44 ; MAX BODY SIZE 100GB
45 45 max_request_body_size = 107374182400
46 46
47 47 ; Use poll instead of select, fixes file descriptors limits problems.
48 48 ; May not work on old windows systems.
49 49 asyncore_use_poll = true
50 50
51 51
52 52 ; ###########################
53 53 ; GUNICORN APPLICATION SERVER
54 54 ; ###########################
55 55
56 56 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
57 57
58 58 ; Module to use, this setting shouldn't be changed
59 59 #use = egg:gunicorn#main
60 60
61 61 ; Sets the number of process workers. More workers means more concurrent connections
62 62 ; RhodeCode can handle at the same time. Each additional worker also it increases
63 63 ; memory usage as each has it's own set of caches.
64 64 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
65 65 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
66 66 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
67 67 ; when using more than 1 worker.
68 68 #workers = 2
69 69
70 70 ; Gunicorn access log level
71 71 #loglevel = info
72 72
73 73 ; Process name visible in process list
74 74 #proc_name = rhodecode
75 75
76 76 ; Type of worker class, one of `sync`, `gevent`
77 77 ; Recommended type is `gevent`
78 78 #worker_class = gevent
79 79
80 80 ; The maximum number of simultaneous clients. Valid only for gevent
81 81 #worker_connections = 10
82 82
83 83 ; Max number of requests that worker will handle before being gracefully restarted.
84 84 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
85 85 #max_requests = 1000
86 86 #max_requests_jitter = 30
87 87
88 88 ; Amount of time a worker can spend with handling a request before it
89 89 ; gets killed and restarted. By default set to 21600 (6hrs)
90 90 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
91 91 #timeout = 21600
92 92
93 93 ; The maximum size of HTTP request line in bytes.
94 94 ; 0 for unlimited
95 95 #limit_request_line = 0
96 96
97 97 ; Limit the number of HTTP headers fields in a request.
98 98 ; By default this value is 100 and can't be larger than 32768.
99 99 #limit_request_fields = 32768
100 100
101 101 ; Limit the allowed size of an HTTP request header field.
102 102 ; Value is a positive number or 0.
103 103 ; Setting it to 0 will allow unlimited header field sizes.
104 104 #limit_request_field_size = 0
105 105
106 106 ; Timeout for graceful workers restart.
107 107 ; After receiving a restart signal, workers have this much time to finish
108 108 ; serving requests. Workers still alive after the timeout (starting from the
109 109 ; receipt of the restart signal) are force killed.
110 110 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
111 111 #graceful_timeout = 3600
112 112
113 113 # The number of seconds to wait for requests on a Keep-Alive connection.
114 114 # Generally set in the 1-5 seconds range.
115 115 #keepalive = 2
116 116
117 117 ; Maximum memory usage that each worker can use before it will receive a
118 118 ; graceful restart signal 0 = memory monitoring is disabled
119 119 ; Examples: 268435456 (256MB), 536870912 (512MB)
120 120 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
121 121 #memory_max_usage = 0
122 122
123 123 ; How often in seconds to check for memory usage for each gunicorn worker
124 124 #memory_usage_check_interval = 60
125 125
126 126 ; Threshold value for which we don't recycle worker if GarbageCollection
127 127 ; frees up enough resources. Before each restart we try to run GC on worker
128 128 ; in case we get enough free memory after that, restart will not happen.
129 129 #memory_usage_recovery_threshold = 0.8
130 130
131 131
132 132 ; Prefix middleware for RhodeCode.
133 133 ; recommended when using proxy setup.
134 134 ; allows to set RhodeCode under a prefix in server.
135 135 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
136 136 ; And set your prefix like: `prefix = /custom_prefix`
137 137 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
138 138 ; to make your cookies only work on prefix url
139 139 [filter:proxy-prefix]
140 140 use = egg:PasteDeploy#prefix
141 141 prefix = /
142 142
143 143 [app:main]
144 144 ; The %(here)s variable will be replaced with the absolute path of parent directory
145 145 ; of this file
146 146 ; In addition ENVIRONMENT variables usage is possible, e.g
147 147 ; sqlalchemy.db1.url = {ENV_RC_DB_URL}
148 148
149 149 use = egg:rhodecode-enterprise-ce
150 150
151 151 ; enable proxy prefix middleware, defined above
152 152 #filter-with = proxy-prefix
153 153
154 154 ; #############
155 155 ; DEBUG OPTIONS
156 156 ; #############
157 157
158 158 pyramid.reload_templates = true
159 159
160 160 # During development the we want to have the debug toolbar enabled
161 161 pyramid.includes =
162 162 pyramid_debugtoolbar
163 163
164 164 debugtoolbar.hosts = 0.0.0.0/0
165 165 debugtoolbar.exclude_prefixes =
166 166 /css
167 167 /fonts
168 168 /images
169 169 /js
170 170
171 171 ## RHODECODE PLUGINS ##
172 172 rhodecode.includes =
173 173 rhodecode.api
174 174
175 175
176 176 # api prefix url
177 177 rhodecode.api.url = /_admin/api
178 178
179 179 ; enable debug style page
180 180 debug_style = true
181 181
182 182 ; #################
183 183 ; END DEBUG OPTIONS
184 184 ; #################
185 185
186 186 ; encryption key used to encrypt social plugin tokens,
187 187 ; remote_urls with credentials etc, if not set it defaults to
188 188 ; `beaker.session.secret`
189 189 #rhodecode.encrypted_values.secret =
190 190
191 191 ; decryption strict mode (enabled by default). It controls if decryption raises
192 192 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
193 193 #rhodecode.encrypted_values.strict = false
194 194
195 195 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
196 196 ; fernet is safer, and we strongly recommend switching to it.
197 197 ; Due to backward compatibility aes is used as default.
198 198 #rhodecode.encrypted_values.algorithm = fernet
199 199
200 200 ; Return gzipped responses from RhodeCode (static files/application)
201 201 gzip_responses = false
202 202
203 203 ; Auto-generate javascript routes file on startup
204 204 generate_js_files = false
205 205
206 206 ; System global default language.
207 207 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
208 208 lang = en
209 209
210 210 ; Perform a full repository scan and import on each server start.
211 211 ; Settings this to true could lead to very long startup time.
212 212 startup.import_repos = false
213 213
214 214 ; Uncomment and set this path to use archive download cache.
215 215 ; Once enabled, generated archives will be cached at this location
216 216 ; and served from the cache during subsequent requests for the same archive of
217 217 ; the repository.
218 218 #archive_cache_dir = /tmp/tarballcache
219 219
220 220 ; URL at which the application is running. This is used for Bootstrapping
221 221 ; requests in context when no web request is available. Used in ishell, or
222 222 ; SSH calls. Set this for events to receive proper url for SSH calls.
223 223 app.base_url = http://rhodecode.local
224 224
225 225 ; Unique application ID. Should be a random unique string for security.
226 226 app_instance_uuid = rc-production
227 227
228 228 ; Cut off limit for large diffs (size in bytes). If overall diff size on
229 229 ; commit, or pull request exceeds this limit this diff will be displayed
230 230 ; partially. E.g 512000 == 512Kb
231 231 cut_off_limit_diff = 512000
232 232
233 233 ; Cut off limit for large files inside diffs (size in bytes). Each individual
234 234 ; file inside diff which exceeds this limit will be displayed partially.
235 235 ; E.g 128000 == 128Kb
236 236 cut_off_limit_file = 128000
237 237
238 238 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
239 239 vcs_full_cache = true
240 240
241 241 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
242 242 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
243 243 force_https = false
244 244
245 245 ; use Strict-Transport-Security headers
246 246 use_htsts = false
247 247
248 248 ; Set to true if your repos are exposed using the dumb protocol
249 249 git_update_server_info = false
250 250
251 251 ; RSS/ATOM feed options
252 252 rss_cut_off_limit = 256000
253 253 rss_items_per_page = 10
254 254 rss_include_diff = false
255 255
256 256 ; gist URL alias, used to create nicer urls for gist. This should be an
257 257 ; url that does rewrites to _admin/gists/{gistid}.
258 258 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
259 259 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
260 260 gist_alias_url =
261 261
262 262 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
263 263 ; used for access.
264 264 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
265 265 ; came from the the logged in user who own this authentication token.
266 266 ; Additionally @TOKEN syntax can be used to bound the view to specific
267 267 ; authentication token. Such view would be only accessible when used together
268 268 ; with this authentication token
269 269 ; list of all views can be found under `/_admin/permissions/auth_token_access`
270 270 ; The list should be "," separated and on a single line.
271 271 ; Most common views to enable:
272 272
273 273 # RepoCommitsView:repo_commit_download
274 274 # RepoCommitsView:repo_commit_patch
275 275 # RepoCommitsView:repo_commit_raw
276 276 # RepoCommitsView:repo_commit_raw@TOKEN
277 277 # RepoFilesView:repo_files_diff
278 278 # RepoFilesView:repo_archivefile
279 279 # RepoFilesView:repo_file_raw
280 280 # GistView:*
281 281 api_access_controllers_whitelist =
282 282
283 283 ; Default encoding used to convert from and to unicode
284 284 ; can be also a comma separated list of encoding in case of mixed encodings
285 285 default_encoding = UTF-8
286 286
287 287 ; instance-id prefix
288 288 ; a prefix key for this instance used for cache invalidation when running
289 289 ; multiple instances of RhodeCode, make sure it's globally unique for
290 290 ; all running RhodeCode instances. Leave empty if you don't use it
291 291 instance_id =
292 292
293 293 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
294 294 ; of an authentication plugin also if it is disabled by it's settings.
295 295 ; This could be useful if you are unable to log in to the system due to broken
296 296 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
297 297 ; module to log in again and fix the settings.
298 298 ; Available builtin plugin IDs (hash is part of the ID):
299 299 ; egg:rhodecode-enterprise-ce#rhodecode
300 300 ; egg:rhodecode-enterprise-ce#pam
301 301 ; egg:rhodecode-enterprise-ce#ldap
302 302 ; egg:rhodecode-enterprise-ce#jasig_cas
303 303 ; egg:rhodecode-enterprise-ce#headers
304 304 ; egg:rhodecode-enterprise-ce#crowd
305 305
306 306 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
307 307
308 308 ; Flag to control loading of legacy plugins in py:/path format
309 309 auth_plugin.import_legacy_plugins = true
310 310
311 311 ; alternative return HTTP header for failed authentication. Default HTTP
312 312 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
313 313 ; handling that causing a series of failed authentication calls.
314 314 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
315 315 ; This will be served instead of default 401 on bad authentication
316 316 auth_ret_code =
317 317
318 318 ; use special detection method when serving auth_ret_code, instead of serving
319 319 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
320 320 ; and then serve auth_ret_code to clients
321 321 auth_ret_code_detection = false
322 322
323 323 ; locking return code. When repository is locked return this HTTP code. 2XX
324 324 ; codes don't break the transactions while 4XX codes do
325 325 lock_ret_code = 423
326 326
327 327 ; allows to change the repository location in settings page
328 328 allow_repo_location_change = true
329 329
330 330 ; allows to setup custom hooks in settings page
331 331 allow_custom_hooks_settings = true
332 332
333 333 ; Generated license token required for EE edition license.
334 334 ; New generated token value can be found in Admin > settings > license page.
335 335 license_token =
336 336
337 337 ; This flag hides sensitive information on the license page such as token, and license data
338 338 license.hide_license_info = false
339 339
340 340 ; supervisor connection uri, for managing supervisor and logs.
341 341 supervisor.uri =
342 342
343 343 ; supervisord group name/id we only want this RC instance to handle
344 344 supervisor.group_id = dev
345 345
346 346 ; Display extended labs settings
347 347 labs_settings_active = true
348 348
349 349 ; Custom exception store path, defaults to TMPDIR
350 350 ; This is used to store exception from RhodeCode in shared directory
351 351 #exception_tracker.store_path =
352 352
353 353 ; File store configuration. This is used to store and serve uploaded files
354 354 file_store.enabled = true
355 355
356 356 ; Storage backend, available options are: local
357 357 file_store.backend = local
358 358
359 359 ; path to store the uploaded binaries
360 360 file_store.storage_path = %(here)s/data/file_store
361 361
362 362
363 363 ; #############
364 364 ; CELERY CONFIG
365 365 ; #############
366 366
367 367 ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
368 368
369 369 use_celery = false
370 370
371 371 ; connection url to the message broker (default redis)
372 372 celery.broker_url = redis://localhost:6379/8
373 373
374 374 ; rabbitmq example
375 375 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
376 376
377 377 ; maximum tasks to execute before worker restart
378 378 celery.max_tasks_per_child = 100
379 379
380 380 ; tasks will never be sent to the queue, but executed locally instead.
381 381 celery.task_always_eager = false
382 382
383 383 ; #############
384 384 ; DOGPILE CACHE
385 385 ; #############
386 386
387 387 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
388 388 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
389 389 cache_dir = %(here)s/data
390 390
391 391 ; *********************************************
392 392 ; `sql_cache_short` cache for heavy SQL queries
393 393 ; Only supported backend is `memory_lru`
394 394 ; *********************************************
395 395 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
396 396 rc_cache.sql_cache_short.expiration_time = 30
397 397
398 398
399 399 ; *****************************************************
400 400 ; `cache_repo_longterm` cache for repo object instances
401 401 ; Only supported backend is `memory_lru`
402 402 ; *****************************************************
403 403 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
404 404 ; by default we use 30 Days, cache is still invalidated on push
405 405 rc_cache.cache_repo_longterm.expiration_time = 2592000
406 406 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
407 407 rc_cache.cache_repo_longterm.max_size = 10000
408 408
409 409
410 410 ; *************************************************
411 411 ; `cache_perms` cache for permission tree, auth TTL
412 412 ; *************************************************
413 413 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
414 414 rc_cache.cache_perms.expiration_time = 300
415 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
416 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
415 417
416 418 ; alternative `cache_perms` redis backend with distributed lock
417 419 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
418 420 #rc_cache.cache_perms.expiration_time = 300
419 421
420 422 ; redis_expiration_time needs to be greater then expiration_time
421 423 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
422 424
423 425 #rc_cache.cache_perms.arguments.host = localhost
424 426 #rc_cache.cache_perms.arguments.port = 6379
425 427 #rc_cache.cache_perms.arguments.db = 0
426 428 #rc_cache.cache_perms.arguments.socket_timeout = 30
427 429 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
428 430 #rc_cache.cache_perms.arguments.distributed_lock = true
429 431
430 432
431 433 ; ***************************************************
432 434 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
433 435 ; ***************************************************
434 436 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
435 437 rc_cache.cache_repo.expiration_time = 2592000
438 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
439 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
436 440
437 441 ; alternative `cache_repo` redis backend with distributed lock
438 442 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
439 443 #rc_cache.cache_repo.expiration_time = 2592000
440 444
441 445 ; redis_expiration_time needs to be greater then expiration_time
442 446 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
443 447
444 448 #rc_cache.cache_repo.arguments.host = localhost
445 449 #rc_cache.cache_repo.arguments.port = 6379
446 450 #rc_cache.cache_repo.arguments.db = 1
447 451 #rc_cache.cache_repo.arguments.socket_timeout = 30
448 452 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
449 453 #rc_cache.cache_repo.arguments.distributed_lock = true
450 454
451 455
452 456 ; ##############
453 457 ; BEAKER SESSION
454 458 ; ##############
455 459
456 460 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
457 461 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
458 462 ; Fastest ones are Redis and ext:database
459 463 beaker.session.type = file
460 464 beaker.session.data_dir = %(here)s/data/sessions
461 465
462 466 ; Redis based sessions
463 467 #beaker.session.type = ext:redis
464 468 #beaker.session.url = redis://127.0.0.1:6379/2
465 469
466 470 ; DB based session, fast, and allows easy management over logged in users
467 471 #beaker.session.type = ext:database
468 472 #beaker.session.table_name = db_session
469 473 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
470 474 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
471 475 #beaker.session.sa.pool_recycle = 3600
472 476 #beaker.session.sa.echo = false
473 477
474 478 beaker.session.key = rhodecode
475 479 beaker.session.secret = develop-rc-uytcxaz
476 480 beaker.session.lock_dir = %(here)s/data/sessions/lock
477 481
478 482 ; Secure encrypted cookie. Requires AES and AES python libraries
479 483 ; you must disable beaker.session.secret to use this
480 484 #beaker.session.encrypt_key = key_for_encryption
481 485 #beaker.session.validate_key = validation_key
482 486
483 487 ; Sets session as invalid (also logging out user) if it haven not been
484 488 ; accessed for given amount of time in seconds
485 489 beaker.session.timeout = 2592000
486 490 beaker.session.httponly = true
487 491
488 492 ; Path to use for the cookie. Set to prefix if you use prefix middleware
489 493 #beaker.session.cookie_path = /custom_prefix
490 494
491 495 ; Set https secure cookie
492 496 beaker.session.secure = false
493 497
494 498 ; default cookie expiration time in seconds, set to `true` to set expire
495 499 ; at browser close
496 500 #beaker.session.cookie_expires = 3600
497 501
498 502 ; #############################
499 503 ; SEARCH INDEXING CONFIGURATION
500 504 ; #############################
501 505
502 506 ; Full text search indexer is available in rhodecode-tools under
503 507 ; `rhodecode-tools index` command
504 508
505 509 ; WHOOSH Backend, doesn't require additional services to run
506 510 ; it works good with few dozen repos
507 511 search.module = rhodecode.lib.index.whoosh
508 512 search.location = %(here)s/data/index
509 513
510 514 ; ####################
511 515 ; CHANNELSTREAM CONFIG
512 516 ; ####################
513 517
514 518 ; channelstream enables persistent connections and live notification
515 519 ; in the system. It's also used by the chat system
516 520
517 521 channelstream.enabled = false
518 522
519 523 ; server address for channelstream server on the backend
520 524 channelstream.server = 127.0.0.1:9800
521 525
522 526 ; location of the channelstream server from outside world
523 527 ; use ws:// for http or wss:// for https. This address needs to be handled
524 528 ; by external HTTP server such as Nginx or Apache
525 529 ; see Nginx/Apache configuration examples in our docs
526 530 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
527 531 channelstream.secret = secret
528 532 channelstream.history.location = %(here)s/channelstream_history
529 533
530 534 ; Internal application path that Javascript uses to connect into.
531 535 ; If you use proxy-prefix the prefix should be added before /_channelstream
532 536 channelstream.proxy_path = /_channelstream
533 537
534 538
535 539 ; ##############################
536 540 ; MAIN RHODECODE DATABASE CONFIG
537 541 ; ##############################
538 542
539 543 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
540 544 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
541 545 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
542 546 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
543 547 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
544 548
545 549 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
546 550
547 551 ; see sqlalchemy docs for other advanced settings
548 552 ; print the sql statements to output
549 553 sqlalchemy.db1.echo = false
550 554
551 555 ; recycle the connections after this amount of seconds
552 556 sqlalchemy.db1.pool_recycle = 3600
553 557 sqlalchemy.db1.convert_unicode = true
554 558
555 559 ; the number of connections to keep open inside the connection pool.
556 560 ; 0 indicates no limit
557 561 #sqlalchemy.db1.pool_size = 5
558 562
559 563 ; The number of connections to allow in connection pool "overflow", that is
560 564 ; connections that can be opened above and beyond the pool_size setting,
561 565 ; which defaults to five.
562 566 #sqlalchemy.db1.max_overflow = 10
563 567
564 568 ; Connection check ping, used to detect broken database connections
565 569 ; could be enabled to better handle cases if MySQL has gone away errors
566 570 #sqlalchemy.db1.ping_connection = true
567 571
568 572 ; ##########
569 573 ; VCS CONFIG
570 574 ; ##########
571 575 vcs.server.enable = true
572 576 vcs.server = localhost:9900
573 577
574 578 ; Web server connectivity protocol, responsible for web based VCS operations
575 579 ; Available protocols are:
576 580 ; `http` - use http-rpc backend (default)
577 581 vcs.server.protocol = http
578 582
579 583 ; Push/Pull operations protocol, available options are:
580 584 ; `http` - use http-rpc backend (default)
581 585 vcs.scm_app_implementation = http
582 586
583 587 ; Push/Pull operations hooks protocol, available options are:
584 588 ; `http` - use http-rpc backend (default)
585 589 vcs.hooks.protocol = http
586 590
587 591 ; Host on which this instance is listening for hooks. If vcsserver is in other location
588 592 ; this should be adjusted.
589 593 vcs.hooks.host = 127.0.0.1
590 594
591 595 ; Start VCSServer with this instance as a subprocess, useful for development
592 596 vcs.start_server = false
593 597
594 598 ; List of enabled VCS backends, available options are:
595 599 ; `hg` - mercurial
596 600 ; `git` - git
597 601 ; `svn` - subversion
598 602 vcs.backends = hg, git, svn
599 603
600 604 ; Wait this number of seconds before killing connection to the vcsserver
601 605 vcs.connection_timeout = 3600
602 606
603 607 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
604 608 ; Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
605 609 #vcs.svn.compatible_version = pre-1.8-compatible
606 610
607 611
608 612 ; ####################################################
609 613 ; Subversion proxy support (mod_dav_svn)
610 614 ; Maps RhodeCode repo groups into SVN paths for Apache
611 615 ; ####################################################
612 616
613 617 ; Enable or disable the config file generation.
614 618 svn.proxy.generate_config = false
615 619
616 620 ; Generate config file with `SVNListParentPath` set to `On`.
617 621 svn.proxy.list_parent_path = true
618 622
619 623 ; Set location and file name of generated config file.
620 624 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
621 625
622 626 ; alternative mod_dav config template. This needs to be a valid mako template
623 627 ; Example template can be found in the source code:
624 628 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
625 629 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
626 630
627 631 ; Used as a prefix to the `Location` block in the generated config file.
628 632 ; In most cases it should be set to `/`.
629 633 svn.proxy.location_root = /
630 634
631 635 ; Command to reload the mod dav svn configuration on change.
632 636 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
633 637 ; Make sure user who runs RhodeCode process is allowed to reload Apache
634 638 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
635 639
636 640 ; If the timeout expires before the reload command finishes, the command will
637 641 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
638 642 #svn.proxy.reload_timeout = 10
639 643
640 644 ; ####################
641 645 ; SSH Support Settings
642 646 ; ####################
643 647
644 648 ; Defines if a custom authorized_keys file should be created and written on
645 649 ; any change user ssh keys. Setting this to false also disables possibility
646 650 ; of adding SSH keys by users from web interface. Super admins can still
647 651 ; manage SSH Keys.
648 652 ssh.generate_authorized_keyfile = false
649 653
650 654 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
651 655 # ssh.authorized_keys_ssh_opts =
652 656
653 657 ; Path to the authorized_keys file where the generate entries are placed.
654 658 ; It is possible to have multiple key files specified in `sshd_config` e.g.
655 659 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
656 660 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
657 661
658 662 ; Command to execute the SSH wrapper. The binary is available in the
659 663 ; RhodeCode installation directory.
660 664 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
661 665 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
662 666
663 667 ; Allow shell when executing the ssh-wrapper command
664 668 ssh.wrapper_cmd_allow_shell = false
665 669
666 670 ; Enables logging, and detailed output send back to the client during SSH
667 671 ; operations. Useful for debugging, shouldn't be used in production.
668 672 ssh.enable_debug_logging = true
669 673
670 674 ; Paths to binary executable, by default they are the names, but we can
671 675 ; override them if we want to use a custom one
672 676 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
673 677 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
674 678 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
675 679
676 680 ; Enables SSH key generator web interface. Disabling this still allows users
677 681 ; to add their own keys.
678 682 ssh.enable_ui_key_generator = true
679 683
680 684
681 685 ; #################
682 686 ; APPENLIGHT CONFIG
683 687 ; #################
684 688
685 689 ; Appenlight is tailored to work with RhodeCode, see
686 690 ; http://appenlight.rhodecode.com for details how to obtain an account
687 691
688 692 ; Appenlight integration enabled
689 693 appenlight = false
690 694
691 695 appenlight.server_url = https://api.appenlight.com
692 696 appenlight.api_key = YOUR_API_KEY
693 697 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
694 698
695 699 ; used for JS client
696 700 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
697 701
698 702 ; TWEAK AMOUNT OF INFO SENT HERE
699 703
700 704 ; enables 404 error logging (default False)
701 705 appenlight.report_404 = false
702 706
703 707 ; time in seconds after request is considered being slow (default 1)
704 708 appenlight.slow_request_time = 1
705 709
706 710 ; record slow requests in application
707 711 ; (needs to be enabled for slow datastore recording and time tracking)
708 712 appenlight.slow_requests = true
709 713
710 714 ; enable hooking to application loggers
711 715 appenlight.logging = true
712 716
713 717 ; minimum log level for log capture
714 718 appenlight.logging.level = WARNING
715 719
716 720 ; send logs only from erroneous/slow requests
717 721 ; (saves API quota for intensive logging)
718 722 appenlight.logging_on_error = false
719 723
720 724 ; list of additional keywords that should be grabbed from environ object
721 725 ; can be string with comma separated list of words in lowercase
722 726 ; (by default client will always send following info:
723 727 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
724 728 ; start with HTTP* this list be extended with additional keywords here
725 729 appenlight.environ_keys_whitelist =
726 730
727 731 ; list of keywords that should be blanked from request object
728 732 ; can be string with comma separated list of words in lowercase
729 733 ; (by default client will always blank keys that contain following words
730 734 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
731 735 ; this list be extended with additional keywords set here
732 736 appenlight.request_keys_blacklist =
733 737
734 738 ; list of namespaces that should be ignores when gathering log entries
735 739 ; can be string with comma separated list of namespaces
736 740 ; (by default the client ignores own entries: appenlight_client.client)
737 741 appenlight.log_namespace_blacklist =
738 742
739 743 ; Dummy marker to add new entries after.
740 744 ; Add any custom entries below. Please don't remove this marker.
741 745 custom.conf = 1
742 746
743 747
744 748 ; #####################
745 749 ; LOGGING CONFIGURATION
746 750 ; #####################
747 751 [loggers]
748 752 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
749 753
750 754 [handlers]
751 755 keys = console, console_sql
752 756
753 757 [formatters]
754 758 keys = generic, color_formatter, color_formatter_sql
755 759
756 760 ; #######
757 761 ; LOGGERS
758 762 ; #######
759 763 [logger_root]
760 764 level = NOTSET
761 765 handlers = console
762 766
763 767 [logger_sqlalchemy]
764 768 level = INFO
765 769 handlers = console_sql
766 770 qualname = sqlalchemy.engine
767 771 propagate = 0
768 772
769 773 [logger_beaker]
770 774 level = DEBUG
771 775 handlers =
772 776 qualname = beaker.container
773 777 propagate = 1
774 778
775 779 [logger_rhodecode]
776 780 level = DEBUG
777 781 handlers =
778 782 qualname = rhodecode
779 783 propagate = 1
780 784
781 785 [logger_ssh_wrapper]
782 786 level = DEBUG
783 787 handlers =
784 788 qualname = ssh_wrapper
785 789 propagate = 1
786 790
787 791 [logger_celery]
788 792 level = DEBUG
789 793 handlers =
790 794 qualname = celery
791 795
792 796
793 797 ; ########
794 798 ; HANDLERS
795 799 ; ########
796 800
797 801 [handler_console]
798 802 class = StreamHandler
799 803 args = (sys.stderr, )
800 804 level = DEBUG
801 805 formatter = color_formatter
802 806
803 807 [handler_console_sql]
804 808 ; "level = DEBUG" logs SQL queries and results.
805 809 ; "level = INFO" logs SQL queries.
806 810 ; "level = WARN" logs neither. (Recommended for production systems.)
807 811 class = StreamHandler
808 812 args = (sys.stderr, )
809 813 level = WARN
810 814 formatter = color_formatter_sql
811 815
812 816 ; ##########
813 817 ; FORMATTERS
814 818 ; ##########
815 819
816 820 [formatter_generic]
817 821 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
818 822 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
819 823 datefmt = %Y-%m-%d %H:%M:%S
820 824
821 825 [formatter_color_formatter]
822 826 class = rhodecode.lib.logging_formatter.ColorFormatter
823 827 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
824 828 datefmt = %Y-%m-%d %H:%M:%S
825 829
826 830 [formatter_color_formatter_sql]
827 831 class = rhodecode.lib.logging_formatter.ColorFormatterSql
828 832 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
829 833 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,780 +1,784 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 ; #########################################
4 4 ; RHODECODE COMMUNITY EDITION CONFIGURATION
5 5 ; #########################################
6 6
7 7 [DEFAULT]
8 8 ; Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = false
10 10
11 11 ; ########################################################################
12 12 ; EMAIL CONFIGURATION
13 13 ; These settings will be used by the RhodeCode mailing system
14 14 ; ########################################################################
15 15
16 16 ; prefix all emails subjects with given prefix, helps filtering out emails
17 17 #email_prefix = [RhodeCode]
18 18
19 19 ; email FROM address all mails will be sent
20 20 #app_email_from = rhodecode-noreply@localhost
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28
29 29 [server:main]
30 30 ; COMMON HOST/IP CONFIG
31 31 host = 127.0.0.1
32 32 port = 5000
33 33
34 34
35 35 ; ###########################
36 36 ; GUNICORN APPLICATION SERVER
37 37 ; ###########################
38 38
39 39 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
40 40
41 41 ; Module to use, this setting shouldn't be changed
42 42 use = egg:gunicorn#main
43 43
44 44 ; Sets the number of process workers. More workers means more concurrent connections
45 45 ; RhodeCode can handle at the same time. Each additional worker also it increases
46 46 ; memory usage as each has it's own set of caches.
47 47 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
48 48 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
49 49 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
50 50 ; when using more than 1 worker.
51 51 workers = 2
52 52
53 53 ; Gunicorn access log level
54 54 loglevel = info
55 55
56 56 ; Process name visible in process list
57 57 proc_name = rhodecode
58 58
59 59 ; Type of worker class, one of `sync`, `gevent`
60 60 ; Recommended type is `gevent`
61 61 worker_class = gevent
62 62
63 63 ; The maximum number of simultaneous clients per worker. Valid only for gevent
64 64 worker_connections = 10
65 65
66 66 ; Max number of requests that worker will handle before being gracefully restarted.
67 67 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
68 68 max_requests = 1000
69 69 max_requests_jitter = 30
70 70
71 71 ; Amount of time a worker can spend with handling a request before it
72 72 ; gets killed and restarted. By default set to 21600 (6hrs)
73 73 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
74 74 timeout = 21600
75 75
76 76 ; The maximum size of HTTP request line in bytes.
77 77 ; 0 for unlimited
78 78 limit_request_line = 0
79 79
80 80 ; Limit the number of HTTP headers fields in a request.
81 81 ; By default this value is 100 and can't be larger than 32768.
82 82 limit_request_fields = 32768
83 83
84 84 ; Limit the allowed size of an HTTP request header field.
85 85 ; Value is a positive number or 0.
86 86 ; Setting it to 0 will allow unlimited header field sizes.
87 87 limit_request_field_size = 0
88 88
89 89 ; Timeout for graceful workers restart.
90 90 ; After receiving a restart signal, workers have this much time to finish
91 91 ; serving requests. Workers still alive after the timeout (starting from the
92 92 ; receipt of the restart signal) are force killed.
93 93 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
94 94 graceful_timeout = 3600
95 95
96 96 # The number of seconds to wait for requests on a Keep-Alive connection.
97 97 # Generally set in the 1-5 seconds range.
98 98 keepalive = 2
99 99
100 100 ; Maximum memory usage that each worker can use before it will receive a
101 101 ; graceful restart signal 0 = memory monitoring is disabled
102 102 ; Examples: 268435456 (256MB), 536870912 (512MB)
103 103 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
104 104 memory_max_usage = 0
105 105
106 106 ; How often in seconds to check for memory usage for each gunicorn worker
107 107 memory_usage_check_interval = 60
108 108
109 109 ; Threshold value for which we don't recycle worker if GarbageCollection
110 110 ; frees up enough resources. Before each restart we try to run GC on worker
111 111 ; in case we get enough free memory after that, restart will not happen.
112 112 memory_usage_recovery_threshold = 0.8
113 113
114 114
115 115 ; Prefix middleware for RhodeCode.
116 116 ; recommended when using proxy setup.
117 117 ; allows to set RhodeCode under a prefix in server.
118 118 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
119 119 ; And set your prefix like: `prefix = /custom_prefix`
120 120 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
121 121 ; to make your cookies only work on prefix url
122 122 [filter:proxy-prefix]
123 123 use = egg:PasteDeploy#prefix
124 124 prefix = /
125 125
126 126 [app:main]
127 127 ; The %(here)s variable will be replaced with the absolute path of parent directory
128 128 ; of this file
129 129 ; In addition ENVIRONMENT variables usage is possible, e.g
130 130 ; sqlalchemy.db1.url = {ENV_RC_DB_URL}
131 131
132 132 use = egg:rhodecode-enterprise-ce
133 133
134 134 ; enable proxy prefix middleware, defined above
135 135 #filter-with = proxy-prefix
136 136
137 137 ; encryption key used to encrypt social plugin tokens,
138 138 ; remote_urls with credentials etc, if not set it defaults to
139 139 ; `beaker.session.secret`
140 140 #rhodecode.encrypted_values.secret =
141 141
142 142 ; decryption strict mode (enabled by default). It controls if decryption raises
143 143 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
144 144 #rhodecode.encrypted_values.strict = false
145 145
146 146 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
147 147 ; fernet is safer, and we strongly recommend switching to it.
148 148 ; Due to backward compatibility aes is used as default.
149 149 #rhodecode.encrypted_values.algorithm = fernet
150 150
151 151 ; Return gzipped responses from RhodeCode (static files/application)
152 152 gzip_responses = false
153 153
154 154 ; Auto-generate javascript routes file on startup
155 155 generate_js_files = false
156 156
157 157 ; System global default language.
158 158 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
159 159 lang = en
160 160
161 161 ; Perform a full repository scan and import on each server start.
162 162 ; Settings this to true could lead to very long startup time.
163 163 startup.import_repos = false
164 164
165 165 ; Uncomment and set this path to use archive download cache.
166 166 ; Once enabled, generated archives will be cached at this location
167 167 ; and served from the cache during subsequent requests for the same archive of
168 168 ; the repository.
169 169 #archive_cache_dir = /tmp/tarballcache
170 170
171 171 ; URL at which the application is running. This is used for Bootstrapping
172 172 ; requests in context when no web request is available. Used in ishell, or
173 173 ; SSH calls. Set this for events to receive proper url for SSH calls.
174 174 app.base_url = http://rhodecode.local
175 175
176 176 ; Unique application ID. Should be a random unique string for security.
177 177 app_instance_uuid = rc-production
178 178
179 179 ; Cut off limit for large diffs (size in bytes). If overall diff size on
180 180 ; commit, or pull request exceeds this limit this diff will be displayed
181 181 ; partially. E.g 512000 == 512Kb
182 182 cut_off_limit_diff = 512000
183 183
184 184 ; Cut off limit for large files inside diffs (size in bytes). Each individual
185 185 ; file inside diff which exceeds this limit will be displayed partially.
186 186 ; E.g 128000 == 128Kb
187 187 cut_off_limit_file = 128000
188 188
189 189 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
190 190 vcs_full_cache = true
191 191
192 192 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
193 193 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
194 194 force_https = false
195 195
196 196 ; use Strict-Transport-Security headers
197 197 use_htsts = false
198 198
199 199 ; Set to true if your repos are exposed using the dumb protocol
200 200 git_update_server_info = false
201 201
202 202 ; RSS/ATOM feed options
203 203 rss_cut_off_limit = 256000
204 204 rss_items_per_page = 10
205 205 rss_include_diff = false
206 206
207 207 ; gist URL alias, used to create nicer urls for gist. This should be an
208 208 ; url that does rewrites to _admin/gists/{gistid}.
209 209 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
210 210 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
211 211 gist_alias_url =
212 212
213 213 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
214 214 ; used for access.
215 215 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
216 216 ; came from the the logged in user who own this authentication token.
217 217 ; Additionally @TOKEN syntax can be used to bound the view to specific
218 218 ; authentication token. Such view would be only accessible when used together
219 219 ; with this authentication token
220 220 ; list of all views can be found under `/_admin/permissions/auth_token_access`
221 221 ; The list should be "," separated and on a single line.
222 222 ; Most common views to enable:
223 223
224 224 # RepoCommitsView:repo_commit_download
225 225 # RepoCommitsView:repo_commit_patch
226 226 # RepoCommitsView:repo_commit_raw
227 227 # RepoCommitsView:repo_commit_raw@TOKEN
228 228 # RepoFilesView:repo_files_diff
229 229 # RepoFilesView:repo_archivefile
230 230 # RepoFilesView:repo_file_raw
231 231 # GistView:*
232 232 api_access_controllers_whitelist =
233 233
234 234 ; Default encoding used to convert from and to unicode
235 235 ; can be also a comma separated list of encoding in case of mixed encodings
236 236 default_encoding = UTF-8
237 237
238 238 ; instance-id prefix
239 239 ; a prefix key for this instance used for cache invalidation when running
240 240 ; multiple instances of RhodeCode, make sure it's globally unique for
241 241 ; all running RhodeCode instances. Leave empty if you don't use it
242 242 instance_id =
243 243
244 244 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
245 245 ; of an authentication plugin also if it is disabled by it's settings.
246 246 ; This could be useful if you are unable to log in to the system due to broken
247 247 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
248 248 ; module to log in again and fix the settings.
249 249 ; Available builtin plugin IDs (hash is part of the ID):
250 250 ; egg:rhodecode-enterprise-ce#rhodecode
251 251 ; egg:rhodecode-enterprise-ce#pam
252 252 ; egg:rhodecode-enterprise-ce#ldap
253 253 ; egg:rhodecode-enterprise-ce#jasig_cas
254 254 ; egg:rhodecode-enterprise-ce#headers
255 255 ; egg:rhodecode-enterprise-ce#crowd
256 256
257 257 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
258 258
259 259 ; Flag to control loading of legacy plugins in py:/path format
260 260 auth_plugin.import_legacy_plugins = true
261 261
262 262 ; alternative return HTTP header for failed authentication. Default HTTP
263 263 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
264 264 ; handling that causing a series of failed authentication calls.
265 265 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
266 266 ; This will be served instead of default 401 on bad authentication
267 267 auth_ret_code =
268 268
269 269 ; use special detection method when serving auth_ret_code, instead of serving
270 270 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
271 271 ; and then serve auth_ret_code to clients
272 272 auth_ret_code_detection = false
273 273
274 274 ; locking return code. When repository is locked return this HTTP code. 2XX
275 275 ; codes don't break the transactions while 4XX codes do
276 276 lock_ret_code = 423
277 277
278 278 ; allows to change the repository location in settings page
279 279 allow_repo_location_change = true
280 280
281 281 ; allows to setup custom hooks in settings page
282 282 allow_custom_hooks_settings = true
283 283
284 284 ; Generated license token required for EE edition license.
285 285 ; New generated token value can be found in Admin > settings > license page.
286 286 license_token =
287 287
288 288 ; This flag hides sensitive information on the license page such as token, and license data
289 289 license.hide_license_info = false
290 290
291 291 ; supervisor connection uri, for managing supervisor and logs.
292 292 supervisor.uri =
293 293
294 294 ; supervisord group name/id we only want this RC instance to handle
295 295 supervisor.group_id = prod
296 296
297 297 ; Display extended labs settings
298 298 labs_settings_active = true
299 299
300 300 ; Custom exception store path, defaults to TMPDIR
301 301 ; This is used to store exception from RhodeCode in shared directory
302 302 #exception_tracker.store_path =
303 303
304 304 ; File store configuration. This is used to store and serve uploaded files
305 305 file_store.enabled = true
306 306
307 307 ; Storage backend, available options are: local
308 308 file_store.backend = local
309 309
310 310 ; path to store the uploaded binaries
311 311 file_store.storage_path = %(here)s/data/file_store
312 312
313 313
314 314 ; #############
315 315 ; CELERY CONFIG
316 316 ; #############
317 317
318 318 ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
319 319
320 320 use_celery = false
321 321
322 322 ; connection url to the message broker (default redis)
323 323 celery.broker_url = redis://localhost:6379/8
324 324
325 325 ; rabbitmq example
326 326 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
327 327
328 328 ; maximum tasks to execute before worker restart
329 329 celery.max_tasks_per_child = 100
330 330
331 331 ; tasks will never be sent to the queue, but executed locally instead.
332 332 celery.task_always_eager = false
333 333
334 334 ; #############
335 335 ; DOGPILE CACHE
336 336 ; #############
337 337
338 338 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
339 339 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
340 340 cache_dir = %(here)s/data
341 341
342 342 ; *********************************************
343 343 ; `sql_cache_short` cache for heavy SQL queries
344 344 ; Only supported backend is `memory_lru`
345 345 ; *********************************************
346 346 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
347 347 rc_cache.sql_cache_short.expiration_time = 30
348 348
349 349
350 350 ; *****************************************************
351 351 ; `cache_repo_longterm` cache for repo object instances
352 352 ; Only supported backend is `memory_lru`
353 353 ; *****************************************************
354 354 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
355 355 ; by default we use 30 Days, cache is still invalidated on push
356 356 rc_cache.cache_repo_longterm.expiration_time = 2592000
357 357 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
358 358 rc_cache.cache_repo_longterm.max_size = 10000
359 359
360 360
361 361 ; *************************************************
362 362 ; `cache_perms` cache for permission tree, auth TTL
363 363 ; *************************************************
364 364 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
365 365 rc_cache.cache_perms.expiration_time = 300
366 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
367 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
366 368
367 369 ; alternative `cache_perms` redis backend with distributed lock
368 370 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
369 371 #rc_cache.cache_perms.expiration_time = 300
370 372
371 373 ; redis_expiration_time needs to be greater then expiration_time
372 374 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
373 375
374 376 #rc_cache.cache_perms.arguments.host = localhost
375 377 #rc_cache.cache_perms.arguments.port = 6379
376 378 #rc_cache.cache_perms.arguments.db = 0
377 379 #rc_cache.cache_perms.arguments.socket_timeout = 30
378 380 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
379 381 #rc_cache.cache_perms.arguments.distributed_lock = true
380 382
381 383
382 384 ; ***************************************************
383 385 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
384 386 ; ***************************************************
385 387 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
386 388 rc_cache.cache_repo.expiration_time = 2592000
389 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
390 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
387 391
388 392 ; alternative `cache_repo` redis backend with distributed lock
389 393 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
390 394 #rc_cache.cache_repo.expiration_time = 2592000
391 395
392 396 ; redis_expiration_time needs to be greater then expiration_time
393 397 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
394 398
395 399 #rc_cache.cache_repo.arguments.host = localhost
396 400 #rc_cache.cache_repo.arguments.port = 6379
397 401 #rc_cache.cache_repo.arguments.db = 1
398 402 #rc_cache.cache_repo.arguments.socket_timeout = 30
399 403 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
400 404 #rc_cache.cache_repo.arguments.distributed_lock = true
401 405
402 406
403 407 ; ##############
404 408 ; BEAKER SESSION
405 409 ; ##############
406 410
407 411 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
408 412 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
409 413 ; Fastest ones are Redis and ext:database
410 414 beaker.session.type = file
411 415 beaker.session.data_dir = %(here)s/data/sessions
412 416
413 417 ; Redis based sessions
414 418 #beaker.session.type = ext:redis
415 419 #beaker.session.url = redis://127.0.0.1:6379/2
416 420
417 421 ; DB based session, fast, and allows easy management over logged in users
418 422 #beaker.session.type = ext:database
419 423 #beaker.session.table_name = db_session
420 424 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
421 425 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
422 426 #beaker.session.sa.pool_recycle = 3600
423 427 #beaker.session.sa.echo = false
424 428
425 429 beaker.session.key = rhodecode
426 430 beaker.session.secret = production-rc-uytcxaz
427 431 beaker.session.lock_dir = %(here)s/data/sessions/lock
428 432
429 433 ; Secure encrypted cookie. Requires AES and AES python libraries
430 434 ; you must disable beaker.session.secret to use this
431 435 #beaker.session.encrypt_key = key_for_encryption
432 436 #beaker.session.validate_key = validation_key
433 437
434 438 ; Sets session as invalid (also logging out user) if it haven not been
435 439 ; accessed for given amount of time in seconds
436 440 beaker.session.timeout = 2592000
437 441 beaker.session.httponly = true
438 442
439 443 ; Path to use for the cookie. Set to prefix if you use prefix middleware
440 444 #beaker.session.cookie_path = /custom_prefix
441 445
442 446 ; Set https secure cookie
443 447 beaker.session.secure = false
444 448
445 449 ; default cookie expiration time in seconds, set to `true` to set expire
446 450 ; at browser close
447 451 #beaker.session.cookie_expires = 3600
448 452
449 453 ; #############################
450 454 ; SEARCH INDEXING CONFIGURATION
451 455 ; #############################
452 456
453 457 ; Full text search indexer is available in rhodecode-tools under
454 458 ; `rhodecode-tools index` command
455 459
456 460 ; WHOOSH Backend, doesn't require additional services to run
457 461 ; it works good with few dozen repos
458 462 search.module = rhodecode.lib.index.whoosh
459 463 search.location = %(here)s/data/index
460 464
461 465 ; ####################
462 466 ; CHANNELSTREAM CONFIG
463 467 ; ####################
464 468
465 469 ; channelstream enables persistent connections and live notification
466 470 ; in the system. It's also used by the chat system
467 471
468 472 channelstream.enabled = false
469 473
470 474 ; server address for channelstream server on the backend
471 475 channelstream.server = 127.0.0.1:9800
472 476
473 477 ; location of the channelstream server from outside world
474 478 ; use ws:// for http or wss:// for https. This address needs to be handled
475 479 ; by external HTTP server such as Nginx or Apache
476 480 ; see Nginx/Apache configuration examples in our docs
477 481 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
478 482 channelstream.secret = secret
479 483 channelstream.history.location = %(here)s/channelstream_history
480 484
481 485 ; Internal application path that Javascript uses to connect into.
482 486 ; If you use proxy-prefix the prefix should be added before /_channelstream
483 487 channelstream.proxy_path = /_channelstream
484 488
485 489
486 490 ; ##############################
487 491 ; MAIN RHODECODE DATABASE CONFIG
488 492 ; ##############################
489 493
490 494 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
491 495 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
492 496 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
493 497 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
494 498 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
495 499
496 500 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
497 501
498 502 ; see sqlalchemy docs for other advanced settings
499 503 ; print the sql statements to output
500 504 sqlalchemy.db1.echo = false
501 505
502 506 ; recycle the connections after this amount of seconds
503 507 sqlalchemy.db1.pool_recycle = 3600
504 508 sqlalchemy.db1.convert_unicode = true
505 509
506 510 ; the number of connections to keep open inside the connection pool.
507 511 ; 0 indicates no limit
508 512 #sqlalchemy.db1.pool_size = 5
509 513
510 514 ; The number of connections to allow in connection pool "overflow", that is
511 515 ; connections that can be opened above and beyond the pool_size setting,
512 516 ; which defaults to five.
513 517 #sqlalchemy.db1.max_overflow = 10
514 518
515 519 ; Connection check ping, used to detect broken database connections
516 520 ; could be enabled to better handle cases if MySQL has gone away errors
517 521 #sqlalchemy.db1.ping_connection = true
518 522
519 523 ; ##########
520 524 ; VCS CONFIG
521 525 ; ##########
522 526 vcs.server.enable = true
523 527 vcs.server = localhost:9900
524 528
525 529 ; Web server connectivity protocol, responsible for web based VCS operations
526 530 ; Available protocols are:
527 531 ; `http` - use http-rpc backend (default)
528 532 vcs.server.protocol = http
529 533
530 534 ; Push/Pull operations protocol, available options are:
531 535 ; `http` - use http-rpc backend (default)
532 536 vcs.scm_app_implementation = http
533 537
534 538 ; Push/Pull operations hooks protocol, available options are:
535 539 ; `http` - use http-rpc backend (default)
536 540 vcs.hooks.protocol = http
537 541
538 542 ; Host on which this instance is listening for hooks. If vcsserver is in other location
539 543 ; this should be adjusted.
540 544 vcs.hooks.host = 127.0.0.1
541 545
542 546 ; Start VCSServer with this instance as a subprocess, useful for development
543 547 vcs.start_server = false
544 548
545 549 ; List of enabled VCS backends, available options are:
546 550 ; `hg` - mercurial
547 551 ; `git` - git
548 552 ; `svn` - subversion
549 553 vcs.backends = hg, git, svn
550 554
551 555 ; Wait this number of seconds before killing connection to the vcsserver
552 556 vcs.connection_timeout = 3600
553 557
554 558 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
555 559 ; Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
556 560 #vcs.svn.compatible_version = pre-1.8-compatible
557 561
558 562
559 563 ; ####################################################
560 564 ; Subversion proxy support (mod_dav_svn)
561 565 ; Maps RhodeCode repo groups into SVN paths for Apache
562 566 ; ####################################################
563 567
564 568 ; Enable or disable the config file generation.
565 569 svn.proxy.generate_config = false
566 570
567 571 ; Generate config file with `SVNListParentPath` set to `On`.
568 572 svn.proxy.list_parent_path = true
569 573
570 574 ; Set location and file name of generated config file.
571 575 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
572 576
573 577 ; alternative mod_dav config template. This needs to be a valid mako template
574 578 ; Example template can be found in the source code:
575 579 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
576 580 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
577 581
578 582 ; Used as a prefix to the `Location` block in the generated config file.
579 583 ; In most cases it should be set to `/`.
580 584 svn.proxy.location_root = /
581 585
582 586 ; Command to reload the mod dav svn configuration on change.
583 587 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
584 588 ; Make sure user who runs RhodeCode process is allowed to reload Apache
585 589 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
586 590
587 591 ; If the timeout expires before the reload command finishes, the command will
588 592 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
589 593 #svn.proxy.reload_timeout = 10
590 594
591 595 ; ####################
592 596 ; SSH Support Settings
593 597 ; ####################
594 598
595 599 ; Defines if a custom authorized_keys file should be created and written on
596 600 ; any change user ssh keys. Setting this to false also disables possibility
597 601 ; of adding SSH keys by users from web interface. Super admins can still
598 602 ; manage SSH Keys.
599 603 ssh.generate_authorized_keyfile = false
600 604
601 605 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
602 606 # ssh.authorized_keys_ssh_opts =
603 607
604 608 ; Path to the authorized_keys file where the generate entries are placed.
605 609 ; It is possible to have multiple key files specified in `sshd_config` e.g.
606 610 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
607 611 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
608 612
609 613 ; Command to execute the SSH wrapper. The binary is available in the
610 614 ; RhodeCode installation directory.
611 615 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
612 616 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
613 617
614 618 ; Allow shell when executing the ssh-wrapper command
615 619 ssh.wrapper_cmd_allow_shell = false
616 620
617 621 ; Enables logging, and detailed output send back to the client during SSH
618 622 ; operations. Useful for debugging, shouldn't be used in production.
619 623 ssh.enable_debug_logging = false
620 624
621 625 ; Paths to binary executable, by default they are the names, but we can
622 626 ; override them if we want to use a custom one
623 627 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
624 628 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
625 629 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
626 630
627 631 ; Enables SSH key generator web interface. Disabling this still allows users
628 632 ; to add their own keys.
629 633 ssh.enable_ui_key_generator = true
630 634
631 635
632 636 ; #################
633 637 ; APPENLIGHT CONFIG
634 638 ; #################
635 639
636 640 ; Appenlight is tailored to work with RhodeCode, see
637 641 ; http://appenlight.rhodecode.com for details how to obtain an account
638 642
639 643 ; Appenlight integration enabled
640 644 appenlight = false
641 645
642 646 appenlight.server_url = https://api.appenlight.com
643 647 appenlight.api_key = YOUR_API_KEY
644 648 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
645 649
646 650 ; used for JS client
647 651 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
648 652
649 653 ; TWEAK AMOUNT OF INFO SENT HERE
650 654
651 655 ; enables 404 error logging (default False)
652 656 appenlight.report_404 = false
653 657
654 658 ; time in seconds after request is considered being slow (default 1)
655 659 appenlight.slow_request_time = 1
656 660
657 661 ; record slow requests in application
658 662 ; (needs to be enabled for slow datastore recording and time tracking)
659 663 appenlight.slow_requests = true
660 664
661 665 ; enable hooking to application loggers
662 666 appenlight.logging = true
663 667
664 668 ; minimum log level for log capture
665 669 appenlight.logging.level = WARNING
666 670
667 671 ; send logs only from erroneous/slow requests
668 672 ; (saves API quota for intensive logging)
669 673 appenlight.logging_on_error = false
670 674
671 675 ; list of additional keywords that should be grabbed from environ object
672 676 ; can be string with comma separated list of words in lowercase
673 677 ; (by default client will always send following info:
674 678 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
675 679 ; start with HTTP* this list be extended with additional keywords here
676 680 appenlight.environ_keys_whitelist =
677 681
678 682 ; list of keywords that should be blanked from request object
679 683 ; can be string with comma separated list of words in lowercase
680 684 ; (by default client will always blank keys that contain following words
681 685 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
682 686 ; this list be extended with additional keywords set here
683 687 appenlight.request_keys_blacklist =
684 688
685 689 ; list of namespaces that should be ignores when gathering log entries
686 690 ; can be string with comma separated list of namespaces
687 691 ; (by default the client ignores own entries: appenlight_client.client)
688 692 appenlight.log_namespace_blacklist =
689 693
690 694 ; Dummy marker to add new entries after.
691 695 ; Add any custom entries below. Please don't remove this marker.
692 696 custom.conf = 1
693 697
694 698
695 699 ; #####################
696 700 ; LOGGING CONFIGURATION
697 701 ; #####################
698 702 [loggers]
699 703 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
700 704
701 705 [handlers]
702 706 keys = console, console_sql
703 707
704 708 [formatters]
705 709 keys = generic, color_formatter, color_formatter_sql
706 710
707 711 ; #######
708 712 ; LOGGERS
709 713 ; #######
710 714 [logger_root]
711 715 level = NOTSET
712 716 handlers = console
713 717
714 718 [logger_sqlalchemy]
715 719 level = INFO
716 720 handlers = console_sql
717 721 qualname = sqlalchemy.engine
718 722 propagate = 0
719 723
720 724 [logger_beaker]
721 725 level = DEBUG
722 726 handlers =
723 727 qualname = beaker.container
724 728 propagate = 1
725 729
726 730 [logger_rhodecode]
727 731 level = DEBUG
728 732 handlers =
729 733 qualname = rhodecode
730 734 propagate = 1
731 735
732 736 [logger_ssh_wrapper]
733 737 level = DEBUG
734 738 handlers =
735 739 qualname = ssh_wrapper
736 740 propagate = 1
737 741
738 742 [logger_celery]
739 743 level = DEBUG
740 744 handlers =
741 745 qualname = celery
742 746
743 747
744 748 ; ########
745 749 ; HANDLERS
746 750 ; ########
747 751
748 752 [handler_console]
749 753 class = StreamHandler
750 754 args = (sys.stderr, )
751 755 level = INFO
752 756 formatter = generic
753 757
754 758 [handler_console_sql]
755 759 ; "level = DEBUG" logs SQL queries and results.
756 760 ; "level = INFO" logs SQL queries.
757 761 ; "level = WARN" logs neither. (Recommended for production systems.)
758 762 class = StreamHandler
759 763 args = (sys.stderr, )
760 764 level = WARN
761 765 formatter = generic
762 766
763 767 ; ##########
764 768 ; FORMATTERS
765 769 ; ##########
766 770
767 771 [formatter_generic]
768 772 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
769 773 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
770 774 datefmt = %Y-%m-%d %H:%M:%S
771 775
772 776 [formatter_color_formatter]
773 777 class = rhodecode.lib.logging_formatter.ColorFormatter
774 778 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
775 779 datefmt = %Y-%m-%d %H:%M:%S
776 780
777 781 [formatter_color_formatter_sql]
778 782 class = rhodecode.lib.logging_formatter.ColorFormatterSql
779 783 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
780 784 datefmt = %Y-%m-%d %H:%M:%S
General Comments 0
You need to be logged in to leave comments. Login now