##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
gunicorn: moved loglevel control to .ini file
marcink -
r4107:98d4e27b default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,782 +1,785 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 5 ################################################################################
6 6
7 7 [DEFAULT]
8 8 ## Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = true
10 10
11 11 ################################################################################
12 12 ## EMAIL CONFIGURATION ##
13 13 ## Uncomment and replace with the email address which should receive ##
14 14 ## any error reports after an application crash ##
15 15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 16 ################################################################################
17 17
18 18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 19 #email_prefix = [RhodeCode]
20 20
21 21 ## email FROM address all mails will be sent
22 22 #app_email_from = rhodecode-noreply@localhost
23 23
24 24 #smtp_server = mail.server.com
25 25 #smtp_username =
26 26 #smtp_password =
27 27 #smtp_port =
28 28 #smtp_use_tls = false
29 29 #smtp_use_ssl = true
30 30
31 31 [server:main]
32 32 ## COMMON ##
33 33 host = 127.0.0.1
34 34 port = 5000
35 35
36 36 ###########################################################
37 37 ## WAITRESS WSGI SERVER - Recommended for Development ####
38 38 ###########################################################
39 39
40 40 use = egg:waitress#main
41 41 ## number of worker threads
42 42 threads = 5
43 43 ## MAX BODY SIZE 100GB
44 44 max_request_body_size = 107374182400
45 45 ## Use poll instead of select, fixes file descriptors limits problems.
46 46 ## May not work on old windows systems.
47 47 asyncore_use_poll = true
48 48
49 49
50 50 ##########################
51 51 ## GUNICORN WSGI SERVER ##
52 52 ##########################
53 53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
54 54
55 55 #use = egg:gunicorn#main
56 56 ## Sets the number of process workers. More workers means more concurrent connections
57 57 ## RhodeCode can handle at the same time. Each additional worker also it increases
58 58 ## memory usage as each has it's own set of caches.
59 59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
60 60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
61 61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
62 62 ## when using more than 1 worker.
63 63 #workers = 2
64 64
65 ## Gunicorn access log level
66 #loglevel = info
67
65 68 ## process name visible in process list
66 69 #proc_name = rhodecode
67 70
68 71 ## type of worker class, one of sync, gevent
69 72 ## recommended for bigger setup is using of of other than sync one
70 73 #worker_class = gevent
71 74
72 75 ## The maximum number of simultaneous clients. Valid only for Gevent
73 76 #worker_connections = 10
74 77
75 78 ## max number of requests that worker will handle before being gracefully
76 79 ## restarted, could prevent memory leaks
77 80 #max_requests = 1000
78 81 #max_requests_jitter = 30
79 82
80 83 ## amount of time a worker can spend with handling a request before it
81 84 ## gets killed and restarted. Set to 6hrs
82 85 #timeout = 21600
83 86
84 87 ## The maximum size of HTTP request line in bytes.
85 88 ## 0 for unlimited
86 89 #limit_request_line = 0
87 90
88 91 ## Limit the number of HTTP headers fields in a request.
89 92 ## By default this value is 100 and can't be larger than 32768.
90 93 #limit_request_fields = 32768
91 94
92 95 ## Limit the allowed size of an HTTP request header field.
93 96 ## Value is a positive number or 0.
94 97 ## Setting it to 0 will allow unlimited header field sizes.
95 98 #limit_request_field_size = 0
96 99
97 100 ## Timeout for graceful workers restart.
98 101 ## After receiving a restart signal, workers have this much time to finish
99 102 ## serving requests. Workers still alive after the timeout (starting from the
100 103 ## receipt of the restart signal) are force killed.
101 104 #graceful_timeout = 3600
102 105
103 106 # The number of seconds to wait for requests on a Keep-Alive connection.
104 107 # Generally set in the 1-5 seconds range.
105 108 #keepalive = 2
106 109
107 110 ## Maximum memory usage that each worker can use before it will receive a
108 111 ## graceful restart signal, e.g 10MB = 10485760 (10 * 1024 * 1024)
109 112 # 0 = memory monitoring is disabled
110 113 #memory_max_usage = 0
111 114
112 115 ## How often in seconds to check for memory usage for each gunicorn worker
113 116 #memory_usage_check_interval = 60
114 117
115 118 ## Threshold value for which we don't recycle worker if GarbageCollection
116 119 ## frees up enough resources. Before each restart we try to run GC on worker
117 120 ## in case we get enough free memory after that, restart will not happen.
118 121 #memory_usage_recovery_threshold = 0.8
119 122
120 123 ## prefix middleware for RhodeCode.
121 124 ## recommended when using proxy setup.
122 125 ## allows to set RhodeCode under a prefix in server.
123 126 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
124 127 ## And set your prefix like: `prefix = /custom_prefix`
125 128 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
126 129 ## to make your cookies only work on prefix url
127 130 [filter:proxy-prefix]
128 131 use = egg:PasteDeploy#prefix
129 132 prefix = /
130 133
131 134 [app:main]
132 135 ## The %(here)s variable will be replaced with the absolute path of parent directory
133 136 ## of this file
134 137 ## In addition ENVIRONMENT variables usage is possible, e.g
135 138 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
136 139
137 140 use = egg:rhodecode-enterprise-ce
138 141
139 142 ## enable proxy prefix middleware, defined above
140 143 #filter-with = proxy-prefix
141 144
142 145 # During development the we want to have the debug toolbar enabled
143 146 pyramid.includes =
144 147 pyramid_debugtoolbar
145 148 rhodecode.lib.middleware.request_wrapper
146 149
147 150 pyramid.reload_templates = true
148 151
149 152 debugtoolbar.hosts = 0.0.0.0/0
150 153 debugtoolbar.exclude_prefixes =
151 154 /css
152 155 /fonts
153 156 /images
154 157 /js
155 158
156 159 ## RHODECODE PLUGINS ##
157 160 rhodecode.includes =
158 161 rhodecode.api
159 162
160 163
161 164 # api prefix url
162 165 rhodecode.api.url = /_admin/api
163 166
164 167
165 168 ## END RHODECODE PLUGINS ##
166 169
167 170 ## encryption key used to encrypt social plugin tokens,
168 171 ## remote_urls with credentials etc, if not set it defaults to
169 172 ## `beaker.session.secret`
170 173 #rhodecode.encrypted_values.secret =
171 174
172 175 ## decryption strict mode (enabled by default). It controls if decryption raises
173 176 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
174 177 #rhodecode.encrypted_values.strict = false
175 178
176 179 ## Pick algorithm for encryption. Either fernet (more secure) or aes (default)
177 180 ## fernet is safer, and we strongly recommend switching to it.
178 181 ## Due to backward compatibility aes is used as default.
179 182 #rhodecode.encrypted_values.algorithm = fernet
180 183
181 184 ## return gzipped responses from RhodeCode (static files/application)
182 185 gzip_responses = false
183 186
184 187 ## auto-generate javascript routes file on startup
185 188 generate_js_files = false
186 189
187 190 ## System global default language.
188 191 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
189 192 lang = en
190 193
191 194 ## Perform a full repository scan and import on each server start.
192 195 ## Settings this to true could lead to very long startup time.
193 196 startup.import_repos = false
194 197
195 198 ## Uncomment and set this path to use archive download cache.
196 199 ## Once enabled, generated archives will be cached at this location
197 200 ## and served from the cache during subsequent requests for the same archive of
198 201 ## the repository.
199 202 #archive_cache_dir = /tmp/tarballcache
200 203
201 204 ## URL at which the application is running. This is used for Bootstrapping
202 205 ## requests in context when no web request is available. Used in ishell, or
203 206 ## SSH calls. Set this for events to receive proper url for SSH calls.
204 207 app.base_url = http://rhodecode.local
205 208
206 209 ## Unique application ID. Should be a random unique string for security.
207 210 app_instance_uuid = rc-production
208 211
209 212 ## Cut off limit for large diffs (size in bytes). If overall diff size on
210 213 ## commit, or pull request exceeds this limit this diff will be displayed
211 214 ## partially. E.g 512000 == 512Kb
212 215 cut_off_limit_diff = 512000
213 216
214 217 ## Cut off limit for large files inside diffs (size in bytes). Each individual
215 218 ## file inside diff which exceeds this limit will be displayed partially.
216 219 ## E.g 128000 == 128Kb
217 220 cut_off_limit_file = 128000
218 221
219 222 ## use cached version of vcs repositories everywhere. Recommended to be `true`
220 223 vcs_full_cache = true
221 224
222 225 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
223 226 ## Normally this is controlled by proper http flags sent from http server
224 227 force_https = false
225 228
226 229 ## use Strict-Transport-Security headers
227 230 use_htsts = false
228 231
229 232 # Set to true if your repos are exposed using the dumb protocol
230 233 git_update_server_info = false
231 234
232 235 ## RSS/ATOM feed options
233 236 rss_cut_off_limit = 256000
234 237 rss_items_per_page = 10
235 238 rss_include_diff = false
236 239
237 240 ## gist URL alias, used to create nicer urls for gist. This should be an
238 241 ## url that does rewrites to _admin/gists/{gistid}.
239 242 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
240 243 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
241 244 gist_alias_url =
242 245
243 246 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
244 247 ## used for access.
245 248 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
246 249 ## came from the the logged in user who own this authentication token.
247 250 ## Additionally @TOKEN syntax can be used to bound the view to specific
248 251 ## authentication token. Such view would be only accessible when used together
249 252 ## with this authentication token
250 253 ##
251 254 ## list of all views can be found under `/_admin/permissions/auth_token_access`
252 255 ## The list should be "," separated and on a single line.
253 256 ##
254 257 ## Most common views to enable:
255 258 # RepoCommitsView:repo_commit_download
256 259 # RepoCommitsView:repo_commit_patch
257 260 # RepoCommitsView:repo_commit_raw
258 261 # RepoCommitsView:repo_commit_raw@TOKEN
259 262 # RepoFilesView:repo_files_diff
260 263 # RepoFilesView:repo_archivefile
261 264 # RepoFilesView:repo_file_raw
262 265 # GistView:*
263 266 api_access_controllers_whitelist =
264 267
265 268 ## Default encoding used to convert from and to unicode
266 269 ## can be also a comma separated list of encoding in case of mixed encodings
267 270 default_encoding = UTF-8
268 271
269 272 ## instance-id prefix
270 273 ## a prefix key for this instance used for cache invalidation when running
271 274 ## multiple instances of RhodeCode, make sure it's globally unique for
272 275 ## all running RhodeCode instances. Leave empty if you don't use it
273 276 instance_id =
274 277
275 278 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
276 279 ## of an authentication plugin also if it is disabled by it's settings.
277 280 ## This could be useful if you are unable to log in to the system due to broken
278 281 ## authentication settings. Then you can enable e.g. the internal RhodeCode auth
279 282 ## module to log in again and fix the settings.
280 283 ##
281 284 ## Available builtin plugin IDs (hash is part of the ID):
282 285 ## egg:rhodecode-enterprise-ce#rhodecode
283 286 ## egg:rhodecode-enterprise-ce#pam
284 287 ## egg:rhodecode-enterprise-ce#ldap
285 288 ## egg:rhodecode-enterprise-ce#jasig_cas
286 289 ## egg:rhodecode-enterprise-ce#headers
287 290 ## egg:rhodecode-enterprise-ce#crowd
288 291 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
289 292
290 293 ## alternative return HTTP header for failed authentication. Default HTTP
291 294 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
292 295 ## handling that causing a series of failed authentication calls.
293 296 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
294 297 ## This will be served instead of default 401 on bad authentication
295 298 auth_ret_code =
296 299
297 300 ## use special detection method when serving auth_ret_code, instead of serving
298 301 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
299 302 ## and then serve auth_ret_code to clients
300 303 auth_ret_code_detection = false
301 304
302 305 ## locking return code. When repository is locked return this HTTP code. 2XX
303 306 ## codes don't break the transactions while 4XX codes do
304 307 lock_ret_code = 423
305 308
306 309 ## allows to change the repository location in settings page
307 310 allow_repo_location_change = true
308 311
309 312 ## allows to setup custom hooks in settings page
310 313 allow_custom_hooks_settings = true
311 314
312 315 ## Generated license token required for EE edition license.
313 316 ## New generated token value can be found in Admin > settings > license page.
314 317 license_token =
315 318
316 319 ## This flag would hide sensitive information on the license page
317 320 license.hide_license_info = false
318 321
319 322 ## supervisor connection uri, for managing supervisor and logs.
320 323 supervisor.uri =
321 324 ## supervisord group name/id we only want this RC instance to handle
322 325 supervisor.group_id = dev
323 326
324 327 ## Display extended labs settings
325 328 labs_settings_active = true
326 329
327 330 ## Custom exception store path, defaults to TMPDIR
328 331 ## This is used to store exception from RhodeCode in shared directory
329 332 #exception_tracker.store_path =
330 333
331 334 ## File store configuration. This is used to store and serve uploaded files
332 335 file_store.enabled = true
333 336 ## Storage backend, available options are: local
334 337 file_store.backend = local
335 338 ## path to store the uploaded binaries
336 339 file_store.storage_path = %(here)s/data/file_store
337 340
338 341
339 342 ####################################
340 343 ### CELERY CONFIG ####
341 344 ####################################
342 345 ## run: /path/to/celery worker \
343 346 ## -E --beat --app rhodecode.lib.celerylib.loader \
344 347 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
345 348 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
346 349
347 350 use_celery = false
348 351
349 352 ## connection url to the message broker (default redis)
350 353 celery.broker_url = redis://localhost:6379/8
351 354
352 355 ## rabbitmq example
353 356 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
354 357
355 358 ## maximum tasks to execute before worker restart
356 359 celery.max_tasks_per_child = 100
357 360
358 361 ## tasks will never be sent to the queue, but executed locally instead.
359 362 celery.task_always_eager = false
360 363
361 364 #####################################
362 365 ### DOGPILE CACHE ####
363 366 #####################################
364 367 ## Default cache dir for caches. Putting this into a ramdisk
365 368 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
366 369 ## large amount of space
367 370 cache_dir = %(here)s/data
368 371
369 372 ## `cache_perms` cache settings for permission tree, auth TTL.
370 373 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
371 374 rc_cache.cache_perms.expiration_time = 300
372 375
373 376 ## alternative `cache_perms` redis backend with distributed lock
374 377 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
375 378 #rc_cache.cache_perms.expiration_time = 300
376 379 ## redis_expiration_time needs to be greater then expiration_time
377 380 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
378 381 #rc_cache.cache_perms.arguments.socket_timeout = 30
379 382 #rc_cache.cache_perms.arguments.host = localhost
380 383 #rc_cache.cache_perms.arguments.port = 6379
381 384 #rc_cache.cache_perms.arguments.db = 0
382 385 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
383 386 #rc_cache.cache_perms.arguments.distributed_lock = true
384 387
385 388 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
386 389 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
387 390 rc_cache.cache_repo.expiration_time = 2592000
388 391
389 392 ## alternative `cache_repo` redis backend with distributed lock
390 393 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
391 394 #rc_cache.cache_repo.expiration_time = 2592000
392 395 ## redis_expiration_time needs to be greater then expiration_time
393 396 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
394 397 #rc_cache.cache_repo.arguments.socket_timeout = 30
395 398 #rc_cache.cache_repo.arguments.host = localhost
396 399 #rc_cache.cache_repo.arguments.port = 6379
397 400 #rc_cache.cache_repo.arguments.db = 1
398 401 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
399 402 #rc_cache.cache_repo.arguments.distributed_lock = true
400 403
401 404 ## cache settings for SQL queries, this needs to use memory type backend
402 405 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
403 406 rc_cache.sql_cache_short.expiration_time = 30
404 407
405 408 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
406 409 ## type backend as the objects kept are not pickle serializable
407 410 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
408 411 ## by default we use 96H, this is using invalidation on push anyway
409 412 rc_cache.cache_repo_longterm.expiration_time = 345600
410 413 ## max items in LRU cache, reduce this number to save memory, and expire last used
411 414 ## cached objects
412 415 rc_cache.cache_repo_longterm.max_size = 10000
413 416
414 417
415 418 ####################################
416 419 ### BEAKER SESSION ####
417 420 ####################################
418 421
419 422 ## .session.type is type of storage options for the session, current allowed
420 423 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
421 424 beaker.session.type = file
422 425 beaker.session.data_dir = %(here)s/data/sessions
423 426
424 427 ## redis sessions
425 428 #beaker.session.type = ext:redis
426 429 #beaker.session.url = redis://127.0.0.1:6379/2
427 430
428 431 ## db based session, fast, and allows easy management over logged in users
429 432 #beaker.session.type = ext:database
430 433 #beaker.session.table_name = db_session
431 434 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
432 435 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
433 436 #beaker.session.sa.pool_recycle = 3600
434 437 #beaker.session.sa.echo = false
435 438
436 439 beaker.session.key = rhodecode
437 440 beaker.session.secret = develop-rc-uytcxaz
438 441 beaker.session.lock_dir = %(here)s/data/sessions/lock
439 442
440 443 ## Secure encrypted cookie. Requires AES and AES python libraries
441 444 ## you must disable beaker.session.secret to use this
442 445 #beaker.session.encrypt_key = key_for_encryption
443 446 #beaker.session.validate_key = validation_key
444 447
445 448 ## sets session as invalid(also logging out user) if it haven not been
446 449 ## accessed for given amount of time in seconds
447 450 beaker.session.timeout = 2592000
448 451 beaker.session.httponly = true
449 452 ## Path to use for the cookie. Set to prefix if you use prefix middleware
450 453 #beaker.session.cookie_path = /custom_prefix
451 454
452 455 ## uncomment for https secure cookie
453 456 beaker.session.secure = false
454 457
455 458 ## auto save the session to not to use .save()
456 459 beaker.session.auto = false
457 460
458 461 ## default cookie expiration time in seconds, set to `true` to set expire
459 462 ## at browser close
460 463 #beaker.session.cookie_expires = 3600
461 464
462 465 ###################################
463 466 ## SEARCH INDEXING CONFIGURATION ##
464 467 ###################################
465 468 ## Full text search indexer is available in rhodecode-tools under
466 469 ## `rhodecode-tools index` command
467 470
468 471 ## WHOOSH Backend, doesn't require additional services to run
469 472 ## it works good with few dozen repos
470 473 search.module = rhodecode.lib.index.whoosh
471 474 search.location = %(here)s/data/index
472 475
473 476 ########################################
474 477 ### CHANNELSTREAM CONFIG ####
475 478 ########################################
476 479 ## channelstream enables persistent connections and live notification
477 480 ## in the system. It's also used by the chat system
478 481
479 482 channelstream.enabled = false
480 483
481 484 ## server address for channelstream server on the backend
482 485 channelstream.server = 127.0.0.1:9800
483 486
484 487 ## location of the channelstream server from outside world
485 488 ## use ws:// for http or wss:// for https. This address needs to be handled
486 489 ## by external HTTP server such as Nginx or Apache
487 490 ## see Nginx/Apache configuration examples in our docs
488 491 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
489 492 channelstream.secret = secret
490 493 channelstream.history.location = %(here)s/channelstream_history
491 494
492 495 ## Internal application path that Javascript uses to connect into.
493 496 ## If you use proxy-prefix the prefix should be added before /_channelstream
494 497 channelstream.proxy_path = /_channelstream
495 498
496 499
497 500 ###################################
498 501 ## APPENLIGHT CONFIG ##
499 502 ###################################
500 503
501 504 ## Appenlight is tailored to work with RhodeCode, see
502 505 ## http://appenlight.com for details how to obtain an account
503 506
504 507 ## Appenlight integration enabled
505 508 appenlight = false
506 509
507 510 appenlight.server_url = https://api.appenlight.com
508 511 appenlight.api_key = YOUR_API_KEY
509 512 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
510 513
511 514 ## used for JS client
512 515 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
513 516
514 517 ## TWEAK AMOUNT OF INFO SENT HERE
515 518
516 519 ## enables 404 error logging (default False)
517 520 appenlight.report_404 = false
518 521
519 522 ## time in seconds after request is considered being slow (default 1)
520 523 appenlight.slow_request_time = 1
521 524
522 525 ## record slow requests in application
523 526 ## (needs to be enabled for slow datastore recording and time tracking)
524 527 appenlight.slow_requests = true
525 528
526 529 ## enable hooking to application loggers
527 530 appenlight.logging = true
528 531
529 532 ## minimum log level for log capture
530 533 appenlight.logging.level = WARNING
531 534
532 535 ## send logs only from erroneous/slow requests
533 536 ## (saves API quota for intensive logging)
534 537 appenlight.logging_on_error = false
535 538
536 539 ## list of additional keywords that should be grabbed from environ object
537 540 ## can be string with comma separated list of words in lowercase
538 541 ## (by default client will always send following info:
539 542 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
540 543 ## start with HTTP* this list be extended with additional keywords here
541 544 appenlight.environ_keys_whitelist =
542 545
543 546 ## list of keywords that should be blanked from request object
544 547 ## can be string with comma separated list of words in lowercase
545 548 ## (by default client will always blank keys that contain following words
546 549 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
547 550 ## this list be extended with additional keywords set here
548 551 appenlight.request_keys_blacklist =
549 552
550 553 ## list of namespaces that should be ignores when gathering log entries
551 554 ## can be string with comma separated list of namespaces
552 555 ## (by default the client ignores own entries: appenlight_client.client)
553 556 appenlight.log_namespace_blacklist =
554 557
555 558 # enable debug style page
556 559 debug_style = true
557 560
558 561 ###########################################
559 562 ### MAIN RHODECODE DATABASE CONFIG ###
560 563 ###########################################
561 564 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
562 565 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
563 566 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
564 567 # pymysql is an alternative driver for MySQL, use in case of problems with default one
565 568 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
566 569
567 570 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
568 571
569 572 # see sqlalchemy docs for other advanced settings
570 573
571 574 ## print the sql statements to output
572 575 sqlalchemy.db1.echo = false
573 576 ## recycle the connections after this amount of seconds
574 577 sqlalchemy.db1.pool_recycle = 3600
575 578
576 579 ## the number of connections to keep open inside the connection pool.
577 580 ## 0 indicates no limit
578 581 #sqlalchemy.db1.pool_size = 5
579 582
580 583 ## the number of connections to allow in connection pool "overflow", that is
581 584 ## connections that can be opened above and beyond the pool_size setting,
582 585 ## which defaults to five.
583 586 #sqlalchemy.db1.max_overflow = 10
584 587
585 588 ## Connection check ping, used to detect broken database connections
586 589 ## could be enabled to better handle cases if MySQL has gone away errors
587 590 #sqlalchemy.db1.ping_connection = true
588 591
589 592 ##################
590 593 ### VCS CONFIG ###
591 594 ##################
592 595 vcs.server.enable = true
593 596 vcs.server = localhost:9900
594 597
595 598 ## Web server connectivity protocol, responsible for web based VCS operations
596 599 ## Available protocols are:
597 600 ## `http` - use http-rpc backend (default)
598 601 vcs.server.protocol = http
599 602
600 603 ## Push/Pull operations protocol, available options are:
601 604 ## `http` - use http-rpc backend (default)
602 605 vcs.scm_app_implementation = http
603 606
604 607 ## Push/Pull operations hooks protocol, available options are:
605 608 ## `http` - use http-rpc backend (default)
606 609 vcs.hooks.protocol = http
607 610
608 611 ## Host on which this instance is listening for hooks. If vcsserver is in other location
609 612 ## this should be adjusted.
610 613 vcs.hooks.host = 127.0.0.1
611 614
612 615 vcs.server.log_level = debug
613 616 ## Start VCSServer with this instance as a subprocess, useful for development
614 617 vcs.start_server = false
615 618
616 619 ## List of enabled VCS backends, available options are:
617 620 ## `hg` - mercurial
618 621 ## `git` - git
619 622 ## `svn` - subversion
620 623 vcs.backends = hg, git, svn
621 624
622 625 vcs.connection_timeout = 3600
623 626 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
624 627 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
625 628 #vcs.svn.compatible_version = pre-1.8-compatible
626 629
627 630
628 631 ############################################################
629 632 ### Subversion proxy support (mod_dav_svn) ###
630 633 ### Maps RhodeCode repo groups into SVN paths for Apache ###
631 634 ############################################################
632 635 ## Enable or disable the config file generation.
633 636 svn.proxy.generate_config = false
634 637 ## Generate config file with `SVNListParentPath` set to `On`.
635 638 svn.proxy.list_parent_path = true
636 639 ## Set location and file name of generated config file.
637 640 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
638 641 ## alternative mod_dav config template. This needs to be a mako template
639 642 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
640 643 ## Used as a prefix to the `Location` block in the generated config file.
641 644 ## In most cases it should be set to `/`.
642 645 svn.proxy.location_root = /
643 646 ## Command to reload the mod dav svn configuration on change.
644 647 ## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
645 648 ## Make sure user who runs RhodeCode process is allowed to reload Apache
646 649 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
647 650 ## If the timeout expires before the reload command finishes, the command will
648 651 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
649 652 #svn.proxy.reload_timeout = 10
650 653
651 654 ############################################################
652 655 ### SSH Support Settings ###
653 656 ############################################################
654 657
655 658 ## Defines if a custom authorized_keys file should be created and written on
656 659 ## any change user ssh keys. Setting this to false also disables possibility
657 660 ## of adding SSH keys by users from web interface. Super admins can still
658 661 ## manage SSH Keys.
659 662 ssh.generate_authorized_keyfile = false
660 663
661 664 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
662 665 # ssh.authorized_keys_ssh_opts =
663 666
664 667 ## Path to the authorized_keys file where the generate entries are placed.
665 668 ## It is possible to have multiple key files specified in `sshd_config` e.g.
666 669 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
667 670 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
668 671
669 672 ## Command to execute the SSH wrapper. The binary is available in the
670 673 ## RhodeCode installation directory.
671 674 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
672 675 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
673 676
674 677 ## Allow shell when executing the ssh-wrapper command
675 678 ssh.wrapper_cmd_allow_shell = false
676 679
677 680 ## Enables logging, and detailed output send back to the client during SSH
678 681 ## operations. Useful for debugging, shouldn't be used in production.
679 682 ssh.enable_debug_logging = true
680 683
681 684 ## Paths to binary executable, by default they are the names, but we can
682 685 ## override them if we want to use a custom one
683 686 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
684 687 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
685 688 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
686 689
687 690 ## Enables SSH key generator web interface. Disabling this still allows users
688 691 ## to add their own keys.
689 692 ssh.enable_ui_key_generator = true
690 693
691 694
692 695 ## Dummy marker to add new entries after.
693 696 ## Add any custom entries below. Please don't remove.
694 697 custom.conf = 1
695 698
696 699
697 700 ################################
698 701 ### LOGGING CONFIGURATION ####
699 702 ################################
700 703 [loggers]
701 704 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
702 705
703 706 [handlers]
704 707 keys = console, console_sql
705 708
706 709 [formatters]
707 710 keys = generic, color_formatter, color_formatter_sql
708 711
709 712 #############
710 713 ## LOGGERS ##
711 714 #############
712 715 [logger_root]
713 716 level = NOTSET
714 717 handlers = console
715 718
716 719 [logger_sqlalchemy]
717 720 level = INFO
718 721 handlers = console_sql
719 722 qualname = sqlalchemy.engine
720 723 propagate = 0
721 724
722 725 [logger_beaker]
723 726 level = DEBUG
724 727 handlers =
725 728 qualname = beaker.container
726 729 propagate = 1
727 730
728 731 [logger_rhodecode]
729 732 level = DEBUG
730 733 handlers =
731 734 qualname = rhodecode
732 735 propagate = 1
733 736
734 737 [logger_ssh_wrapper]
735 738 level = DEBUG
736 739 handlers =
737 740 qualname = ssh_wrapper
738 741 propagate = 1
739 742
740 743 [logger_celery]
741 744 level = DEBUG
742 745 handlers =
743 746 qualname = celery
744 747
745 748
746 749 ##############
747 750 ## HANDLERS ##
748 751 ##############
749 752
750 753 [handler_console]
751 754 class = StreamHandler
752 755 args = (sys.stderr, )
753 756 level = DEBUG
754 757 formatter = color_formatter
755 758
756 759 [handler_console_sql]
757 760 # "level = DEBUG" logs SQL queries and results.
758 761 # "level = INFO" logs SQL queries.
759 762 # "level = WARN" logs neither. (Recommended for production systems.)
760 763 class = StreamHandler
761 764 args = (sys.stderr, )
762 765 level = WARN
763 766 formatter = color_formatter_sql
764 767
765 768 ################
766 769 ## FORMATTERS ##
767 770 ################
768 771
769 772 [formatter_generic]
770 773 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
771 774 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
772 775 datefmt = %Y-%m-%d %H:%M:%S
773 776
774 777 [formatter_color_formatter]
775 778 class = rhodecode.lib.logging_formatter.ColorFormatter
776 779 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
777 780 datefmt = %Y-%m-%d %H:%M:%S
778 781
779 782 [formatter_color_formatter_sql]
780 783 class = rhodecode.lib.logging_formatter.ColorFormatterSql
781 784 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
782 785 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,271 +1,270 b''
1 1 """
2 2 gunicorn config extension and hooks. Sets additional configuration that is
3 3 available post the .ini config.
4 4
5 5 - workers = ${cpu_number}
6 6 - threads = 1
7 7 - proc_name = ${gunicorn_proc_name}
8 8 - worker_class = sync
9 9 - worker_connections = 10
10 10 - max_requests = 1000
11 11 - max_requests_jitter = 30
12 12 - timeout = 21600
13 13
14 14 """
15 15
16 16 import gc
17 17 import os
18 18 import sys
19 19 import math
20 20 import time
21 21 import threading
22 22 import traceback
23 23 import random
24 24 from gunicorn.glogging import Logger
25 25
26 26
27 27 def get_workers():
28 28 import multiprocessing
29 29 return multiprocessing.cpu_count() * 2 + 1
30 30
31 31 # GLOBAL
32 32 errorlog = '-'
33 33 accesslog = '-'
34 loglevel = 'info'
35 34
36 35
37 36 # SERVER MECHANICS
38 37 # None == system temp dir
39 38 # worker_tmp_dir is recommended to be set to some tmpfs
40 39 worker_tmp_dir = None
41 40 tmp_upload_dir = None
42 41
43 42 # Custom log format
44 43 access_log_format = (
45 44 '%(t)s %(p)s INFO [GNCRN] %(h)-15s rqt:%(L)s %(s)s %(b)-6s "%(m)s:%(U)s %(q)s" usr:%(u)s "%(f)s" "%(a)s"')
46 45
47 46 # self adjust workers based on CPU count
48 47 # workers = get_workers()
49 48
50 49
51 50 def _get_process_rss(pid=None):
52 51 try:
53 52 import psutil
54 53 if pid:
55 54 proc = psutil.Process(pid)
56 55 else:
57 56 proc = psutil.Process()
58 57 return proc.memory_info().rss
59 58 except Exception:
60 59 return None
61 60
62 61
63 62 def _get_config(ini_path):
64 63
65 64 try:
66 65 import configparser
67 66 except ImportError:
68 67 import ConfigParser as configparser
69 68 try:
70 69 config = configparser.ConfigParser()
71 70 config.read(ini_path)
72 71 return config
73 72 except Exception:
74 73 return None
75 74
76 75
77 76 def _time_with_offset(memory_usage_check_interval):
78 77 return time.time() - random.randint(0, memory_usage_check_interval/2.0)
79 78
80 79
81 80 def pre_fork(server, worker):
82 81 pass
83 82
84 83
85 84 def post_fork(server, worker):
86 85
87 86 # memory spec defaults
88 87 _memory_max_usage = 0
89 88 _memory_usage_check_interval = 60
90 89 _memory_usage_recovery_threshold = 0.8
91 90
92 91 ini_path = os.path.abspath(server.cfg.paste)
93 92 conf = _get_config(ini_path)
94 93 if conf and 'server:main' in conf:
95 94 section = conf['server:main']
96 95
97 96 if section.get('memory_max_usage'):
98 97 _memory_max_usage = int(section.get('memory_max_usage'))
99 98 if section.get('memory_usage_check_interval'):
100 99 _memory_usage_check_interval = int(section.get('memory_usage_check_interval'))
101 100 if section.get('memory_usage_recovery_threshold'):
102 101 _memory_usage_recovery_threshold = float(section.get('memory_usage_recovery_threshold'))
103 102
104 103 worker._memory_max_usage = _memory_max_usage
105 104 worker._memory_usage_check_interval = _memory_usage_check_interval
106 105 worker._memory_usage_recovery_threshold = _memory_usage_recovery_threshold
107 106
108 107 # register memory last check time, with some random offset so we don't recycle all
109 108 # at once
110 109 worker._last_memory_check_time = _time_with_offset(_memory_usage_check_interval)
111 110
112 111 if _memory_max_usage:
113 112 server.log.info("[%-10s] WORKER spawned with max memory set at %s", worker.pid,
114 113 _format_data_size(_memory_max_usage))
115 114 else:
116 115 server.log.info("[%-10s] WORKER spawned", worker.pid)
117 116
118 117
119 118 def pre_exec(server):
120 119 server.log.info("Forked child, re-executing.")
121 120
122 121
123 122 def on_starting(server):
124 123 server_lbl = '{} {}'.format(server.proc_name, server.address)
125 124 server.log.info("Server %s is starting.", server_lbl)
126 125
127 126
128 127 def when_ready(server):
129 128 server.log.info("Server %s is ready. Spawning workers", server)
130 129
131 130
132 131 def on_reload(server):
133 132 pass
134 133
135 134
136 135 def _format_data_size(size, unit="B", precision=1, binary=True):
137 136 """Format a number using SI units (kilo, mega, etc.).
138 137
139 138 ``size``: The number as a float or int.
140 139
141 140 ``unit``: The unit name in plural form. Examples: "bytes", "B".
142 141
143 142 ``precision``: How many digits to the right of the decimal point. Default
144 143 is 1. 0 suppresses the decimal point.
145 144
146 145 ``binary``: If false, use base-10 decimal prefixes (kilo = K = 1000).
147 146 If true, use base-2 binary prefixes (kibi = Ki = 1024).
148 147
149 148 ``full_name``: If false (default), use the prefix abbreviation ("k" or
150 149 "Ki"). If true, use the full prefix ("kilo" or "kibi"). If false,
151 150 use abbreviation ("k" or "Ki").
152 151
153 152 """
154 153
155 154 if not binary:
156 155 base = 1000
157 156 multiples = ('', 'k', 'M', 'G', 'T', 'P', 'E', 'Z', 'Y')
158 157 else:
159 158 base = 1024
160 159 multiples = ('', 'Ki', 'Mi', 'Gi', 'Ti', 'Pi', 'Ei', 'Zi', 'Yi')
161 160
162 161 sign = ""
163 162 if size > 0:
164 163 m = int(math.log(size, base))
165 164 elif size < 0:
166 165 sign = "-"
167 166 size = -size
168 167 m = int(math.log(size, base))
169 168 else:
170 169 m = 0
171 170 if m > 8:
172 171 m = 8
173 172
174 173 if m == 0:
175 174 precision = '%.0f'
176 175 else:
177 176 precision = '%%.%df' % precision
178 177
179 178 size = precision % (size / math.pow(base, m))
180 179
181 180 return '%s%s %s%s' % (sign, size.strip(), multiples[m], unit)
182 181
183 182
184 183 def _check_memory_usage(worker):
185 184 memory_max_usage = worker._memory_max_usage
186 185 if not memory_max_usage:
187 186 return
188 187
189 188 memory_usage_check_interval = worker._memory_usage_check_interval
190 189 memory_usage_recovery_threshold = memory_max_usage * worker._memory_usage_recovery_threshold
191 190
192 191 elapsed = time.time() - worker._last_memory_check_time
193 192 if elapsed > memory_usage_check_interval:
194 193 mem_usage = _get_process_rss()
195 194 if mem_usage and mem_usage > memory_max_usage:
196 195 worker.log.info(
197 196 "memory usage %s > %s, forcing gc",
198 197 _format_data_size(mem_usage), _format_data_size(memory_max_usage))
199 198 # Try to clean it up by forcing a full collection.
200 199 gc.collect()
201 200 mem_usage = _get_process_rss()
202 201 if mem_usage > memory_usage_recovery_threshold:
203 202 # Didn't clean up enough, we'll have to terminate.
204 203 worker.log.warning(
205 204 "memory usage %s > %s after gc, quitting",
206 205 _format_data_size(mem_usage), _format_data_size(memory_max_usage))
207 206 # This will cause worker to auto-restart itself
208 207 worker.alive = False
209 208 worker._last_memory_check_time = time.time()
210 209
211 210
212 211 def worker_int(worker):
213 212 worker.log.info("[%-10s] worker received INT or QUIT signal", worker.pid)
214 213
215 214 # get traceback info, on worker crash
216 215 id2name = dict([(th.ident, th.name) for th in threading.enumerate()])
217 216 code = []
218 217 for thread_id, stack in sys._current_frames().items():
219 218 code.append(
220 219 "\n# Thread: %s(%d)" % (id2name.get(thread_id, ""), thread_id))
221 220 for fname, lineno, name, line in traceback.extract_stack(stack):
222 221 code.append('File: "%s", line %d, in %s' % (fname, lineno, name))
223 222 if line:
224 223 code.append(" %s" % (line.strip()))
225 224 worker.log.debug("\n".join(code))
226 225
227 226
228 227 def worker_abort(worker):
229 228 worker.log.info("[%-10s] worker received SIGABRT signal", worker.pid)
230 229
231 230
232 231 def worker_exit(server, worker):
233 232 worker.log.info("[%-10s] worker exit", worker.pid)
234 233
235 234
236 235 def child_exit(server, worker):
237 236 worker.log.info("[%-10s] worker child exit", worker.pid)
238 237
239 238
240 239 def pre_request(worker, req):
241 240 worker.start_time = time.time()
242 241 worker.log.debug(
243 242 "GNCRN PRE WORKER [cnt:%s]: %s %s", worker.nr, req.method, req.path)
244 243
245 244
246 245 def post_request(worker, req, environ, resp):
247 246 total_time = time.time() - worker.start_time
248 247 worker.log.debug(
249 248 "GNCRN POST WORKER [cnt:%s]: %s %s resp: %s, Load Time: %.4fs",
250 249 worker.nr, req.method, req.path, resp.status_code, total_time)
251 250 _check_memory_usage(worker)
252 251
253 252
254 253 class RhodeCodeLogger(Logger):
255 254 """
256 255 Custom Logger that allows some customization that gunicorn doesn't allow
257 256 """
258 257
259 258 datefmt = r"%Y-%m-%d %H:%M:%S"
260 259
261 260 def __init__(self, cfg):
262 261 Logger.__init__(self, cfg)
263 262
264 263 def now(self):
265 264 """ return date in RhodeCode Log format """
266 265 now = time.time()
267 266 msecs = int((now - long(now)) * 1000)
268 267 return time.strftime(self.datefmt, time.localtime(now)) + '.{0:03d}'.format(msecs)
269 268
270 269
271 270 logger_class = RhodeCodeLogger
Show file before | Show file after | Hide comments
@@ -1,759 +1,762 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 5 ################################################################################
6 6
7 7 [DEFAULT]
8 8 ## Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = false
10 10
11 11 ################################################################################
12 12 ## EMAIL CONFIGURATION ##
13 13 ## Uncomment and replace with the email address which should receive ##
14 14 ## any error reports after an application crash ##
15 15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 16 ################################################################################
17 17
18 18 ## prefix all emails subjects with given prefix, helps filtering out emails
19 19 #email_prefix = [RhodeCode]
20 20
21 21 ## email FROM address all mails will be sent
22 22 #app_email_from = rhodecode-noreply@localhost
23 23
24 24 #smtp_server = mail.server.com
25 25 #smtp_username =
26 26 #smtp_password =
27 27 #smtp_port =
28 28 #smtp_use_tls = false
29 29 #smtp_use_ssl = true
30 30
31 31 [server:main]
32 32 ## COMMON ##
33 33 host = 127.0.0.1
34 34 port = 5000
35 35
36 36 ###########################################################
37 37 ## WAITRESS WSGI SERVER - Recommended for Development ####
38 38 ###########################################################
39 39
40 40 #use = egg:waitress#main
41 41 ## number of worker threads
42 42 #threads = 5
43 43 ## MAX BODY SIZE 100GB
44 44 #max_request_body_size = 107374182400
45 45 ## Use poll instead of select, fixes file descriptors limits problems.
46 46 ## May not work on old windows systems.
47 47 #asyncore_use_poll = true
48 48
49 49
50 50 ##########################
51 51 ## GUNICORN WSGI SERVER ##
52 52 ##########################
53 53 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
54 54
55 55 use = egg:gunicorn#main
56 56 ## Sets the number of process workers. More workers means more concurrent connections
57 57 ## RhodeCode can handle at the same time. Each additional worker also it increases
58 58 ## memory usage as each has it's own set of caches.
59 59 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
60 60 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
61 61 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
62 62 ## when using more than 1 worker.
63 63 workers = 2
64 64
65 ## Gunicorn access log level
66 loglevel = info
67
65 68 ## process name visible in process list
66 69 proc_name = rhodecode
67 70
68 71 ## type of worker class, one of sync, gevent
69 72 ## recommended for bigger setup is using of of other than sync one
70 73 worker_class = gevent
71 74
72 75 ## The maximum number of simultaneous clients. Valid only for Gevent
73 76 worker_connections = 10
74 77
75 78 ## max number of requests that worker will handle before being gracefully
76 79 ## restarted, could prevent memory leaks
77 80 max_requests = 1000
78 81 max_requests_jitter = 30
79 82
80 83 ## amount of time a worker can spend with handling a request before it
81 84 ## gets killed and restarted. Set to 6hrs
82 85 timeout = 21600
83 86
84 87 ## The maximum size of HTTP request line in bytes.
85 88 ## 0 for unlimited
86 89 limit_request_line = 0
87 90
88 91 ## Limit the number of HTTP headers fields in a request.
89 92 ## By default this value is 100 and can't be larger than 32768.
90 93 limit_request_fields = 32768
91 94
92 95 ## Limit the allowed size of an HTTP request header field.
93 96 ## Value is a positive number or 0.
94 97 ## Setting it to 0 will allow unlimited header field sizes.
95 98 limit_request_field_size = 0
96 99
97 100 ## Timeout for graceful workers restart.
98 101 ## After receiving a restart signal, workers have this much time to finish
99 102 ## serving requests. Workers still alive after the timeout (starting from the
100 103 ## receipt of the restart signal) are force killed.
101 104 graceful_timeout = 3600
102 105
103 106 # The number of seconds to wait for requests on a Keep-Alive connection.
104 107 # Generally set in the 1-5 seconds range.
105 108 keepalive = 2
106 109
107 110 ## Maximum memory usage that each worker can use before it will receive a
108 111 ## graceful restart signal, e.g 10MB = 10485760 (10 * 1024 * 1024)
109 112 # 0 = memory monitoring is disabled
110 113 memory_max_usage = 0
111 114
112 115 ## How often in seconds to check for memory usage for each gunicorn worker
113 116 memory_usage_check_interval = 60
114 117
115 118 ## Threshold value for which we don't recycle worker if GarbageCollection
116 119 ## frees up enough resources. Before each restart we try to run GC on worker
117 120 ## in case we get enough free memory after that, restart will not happen.
118 121 memory_usage_recovery_threshold = 0.8
119 122
120 123 ## prefix middleware for RhodeCode.
121 124 ## recommended when using proxy setup.
122 125 ## allows to set RhodeCode under a prefix in server.
123 126 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
124 127 ## And set your prefix like: `prefix = /custom_prefix`
125 128 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
126 129 ## to make your cookies only work on prefix url
127 130 [filter:proxy-prefix]
128 131 use = egg:PasteDeploy#prefix
129 132 prefix = /
130 133
131 134 [app:main]
132 135 ## The %(here)s variable will be replaced with the absolute path of parent directory
133 136 ## of this file
134 137 ## In addition ENVIRONMENT variables usage is possible, e.g
135 138 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
136 139
137 140 use = egg:rhodecode-enterprise-ce
138 141
139 142 ## enable proxy prefix middleware, defined above
140 143 #filter-with = proxy-prefix
141 144
142 145 ## encryption key used to encrypt social plugin tokens,
143 146 ## remote_urls with credentials etc, if not set it defaults to
144 147 ## `beaker.session.secret`
145 148 #rhodecode.encrypted_values.secret =
146 149
147 150 ## decryption strict mode (enabled by default). It controls if decryption raises
148 151 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
149 152 #rhodecode.encrypted_values.strict = false
150 153
151 154 ## Pick algorithm for encryption. Either fernet (more secure) or aes (default)
152 155 ## fernet is safer, and we strongly recommend switching to it.
153 156 ## Due to backward compatibility aes is used as default.
154 157 #rhodecode.encrypted_values.algorithm = fernet
155 158
156 159 ## return gzipped responses from RhodeCode (static files/application)
157 160 gzip_responses = false
158 161
159 162 ## auto-generate javascript routes file on startup
160 163 generate_js_files = false
161 164
162 165 ## System global default language.
163 166 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
164 167 lang = en
165 168
166 169 ## Perform a full repository scan and import on each server start.
167 170 ## Settings this to true could lead to very long startup time.
168 171 startup.import_repos = false
169 172
170 173 ## Uncomment and set this path to use archive download cache.
171 174 ## Once enabled, generated archives will be cached at this location
172 175 ## and served from the cache during subsequent requests for the same archive of
173 176 ## the repository.
174 177 #archive_cache_dir = /tmp/tarballcache
175 178
176 179 ## URL at which the application is running. This is used for Bootstrapping
177 180 ## requests in context when no web request is available. Used in ishell, or
178 181 ## SSH calls. Set this for events to receive proper url for SSH calls.
179 182 app.base_url = http://rhodecode.local
180 183
181 184 ## Unique application ID. Should be a random unique string for security.
182 185 app_instance_uuid = rc-production
183 186
184 187 ## Cut off limit for large diffs (size in bytes). If overall diff size on
185 188 ## commit, or pull request exceeds this limit this diff will be displayed
186 189 ## partially. E.g 512000 == 512Kb
187 190 cut_off_limit_diff = 512000
188 191
189 192 ## Cut off limit for large files inside diffs (size in bytes). Each individual
190 193 ## file inside diff which exceeds this limit will be displayed partially.
191 194 ## E.g 128000 == 128Kb
192 195 cut_off_limit_file = 128000
193 196
194 197 ## use cached version of vcs repositories everywhere. Recommended to be `true`
195 198 vcs_full_cache = true
196 199
197 200 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
198 201 ## Normally this is controlled by proper http flags sent from http server
199 202 force_https = false
200 203
201 204 ## use Strict-Transport-Security headers
202 205 use_htsts = false
203 206
204 207 # Set to true if your repos are exposed using the dumb protocol
205 208 git_update_server_info = false
206 209
207 210 ## RSS/ATOM feed options
208 211 rss_cut_off_limit = 256000
209 212 rss_items_per_page = 10
210 213 rss_include_diff = false
211 214
212 215 ## gist URL alias, used to create nicer urls for gist. This should be an
213 216 ## url that does rewrites to _admin/gists/{gistid}.
214 217 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
215 218 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
216 219 gist_alias_url =
217 220
218 221 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
219 222 ## used for access.
220 223 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
221 224 ## came from the the logged in user who own this authentication token.
222 225 ## Additionally @TOKEN syntax can be used to bound the view to specific
223 226 ## authentication token. Such view would be only accessible when used together
224 227 ## with this authentication token
225 228 ##
226 229 ## list of all views can be found under `/_admin/permissions/auth_token_access`
227 230 ## The list should be "," separated and on a single line.
228 231 ##
229 232 ## Most common views to enable:
230 233 # RepoCommitsView:repo_commit_download
231 234 # RepoCommitsView:repo_commit_patch
232 235 # RepoCommitsView:repo_commit_raw
233 236 # RepoCommitsView:repo_commit_raw@TOKEN
234 237 # RepoFilesView:repo_files_diff
235 238 # RepoFilesView:repo_archivefile
236 239 # RepoFilesView:repo_file_raw
237 240 # GistView:*
238 241 api_access_controllers_whitelist =
239 242
240 243 ## Default encoding used to convert from and to unicode
241 244 ## can be also a comma separated list of encoding in case of mixed encodings
242 245 default_encoding = UTF-8
243 246
244 247 ## instance-id prefix
245 248 ## a prefix key for this instance used for cache invalidation when running
246 249 ## multiple instances of RhodeCode, make sure it's globally unique for
247 250 ## all running RhodeCode instances. Leave empty if you don't use it
248 251 instance_id =
249 252
250 253 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
251 254 ## of an authentication plugin also if it is disabled by it's settings.
252 255 ## This could be useful if you are unable to log in to the system due to broken
253 256 ## authentication settings. Then you can enable e.g. the internal RhodeCode auth
254 257 ## module to log in again and fix the settings.
255 258 ##
256 259 ## Available builtin plugin IDs (hash is part of the ID):
257 260 ## egg:rhodecode-enterprise-ce#rhodecode
258 261 ## egg:rhodecode-enterprise-ce#pam
259 262 ## egg:rhodecode-enterprise-ce#ldap
260 263 ## egg:rhodecode-enterprise-ce#jasig_cas
261 264 ## egg:rhodecode-enterprise-ce#headers
262 265 ## egg:rhodecode-enterprise-ce#crowd
263 266 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
264 267
265 268 ## alternative return HTTP header for failed authentication. Default HTTP
266 269 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
267 270 ## handling that causing a series of failed authentication calls.
268 271 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
269 272 ## This will be served instead of default 401 on bad authentication
270 273 auth_ret_code =
271 274
272 275 ## use special detection method when serving auth_ret_code, instead of serving
273 276 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
274 277 ## and then serve auth_ret_code to clients
275 278 auth_ret_code_detection = false
276 279
277 280 ## locking return code. When repository is locked return this HTTP code. 2XX
278 281 ## codes don't break the transactions while 4XX codes do
279 282 lock_ret_code = 423
280 283
281 284 ## allows to change the repository location in settings page
282 285 allow_repo_location_change = true
283 286
284 287 ## allows to setup custom hooks in settings page
285 288 allow_custom_hooks_settings = true
286 289
287 290 ## Generated license token required for EE edition license.
288 291 ## New generated token value can be found in Admin > settings > license page.
289 292 license_token =
290 293
291 294 ## This flag would hide sensitive information on the license page
292 295 license.hide_license_info = false
293 296
294 297 ## supervisor connection uri, for managing supervisor and logs.
295 298 supervisor.uri =
296 299 ## supervisord group name/id we only want this RC instance to handle
297 300 supervisor.group_id = prod
298 301
299 302 ## Display extended labs settings
300 303 labs_settings_active = true
301 304
302 305 ## Custom exception store path, defaults to TMPDIR
303 306 ## This is used to store exception from RhodeCode in shared directory
304 307 #exception_tracker.store_path =
305 308
306 309 ## File store configuration. This is used to store and serve uploaded files
307 310 file_store.enabled = true
308 311 ## Storage backend, available options are: local
309 312 file_store.backend = local
310 313 ## path to store the uploaded binaries
311 314 file_store.storage_path = %(here)s/data/file_store
312 315
313 316
314 317 ####################################
315 318 ### CELERY CONFIG ####
316 319 ####################################
317 320 ## run: /path/to/celery worker \
318 321 ## -E --beat --app rhodecode.lib.celerylib.loader \
319 322 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
320 323 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
321 324
322 325 use_celery = false
323 326
324 327 ## connection url to the message broker (default redis)
325 328 celery.broker_url = redis://localhost:6379/8
326 329
327 330 ## rabbitmq example
328 331 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
329 332
330 333 ## maximum tasks to execute before worker restart
331 334 celery.max_tasks_per_child = 100
332 335
333 336 ## tasks will never be sent to the queue, but executed locally instead.
334 337 celery.task_always_eager = false
335 338
336 339 #####################################
337 340 ### DOGPILE CACHE ####
338 341 #####################################
339 342 ## Default cache dir for caches. Putting this into a ramdisk
340 343 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
341 344 ## large amount of space
342 345 cache_dir = %(here)s/data
343 346
344 347 ## `cache_perms` cache settings for permission tree, auth TTL.
345 348 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
346 349 rc_cache.cache_perms.expiration_time = 300
347 350
348 351 ## alternative `cache_perms` redis backend with distributed lock
349 352 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
350 353 #rc_cache.cache_perms.expiration_time = 300
351 354 ## redis_expiration_time needs to be greater then expiration_time
352 355 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
353 356 #rc_cache.cache_perms.arguments.socket_timeout = 30
354 357 #rc_cache.cache_perms.arguments.host = localhost
355 358 #rc_cache.cache_perms.arguments.port = 6379
356 359 #rc_cache.cache_perms.arguments.db = 0
357 360 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
358 361 #rc_cache.cache_perms.arguments.distributed_lock = true
359 362
360 363 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
361 364 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
362 365 rc_cache.cache_repo.expiration_time = 2592000
363 366
364 367 ## alternative `cache_repo` redis backend with distributed lock
365 368 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
366 369 #rc_cache.cache_repo.expiration_time = 2592000
367 370 ## redis_expiration_time needs to be greater then expiration_time
368 371 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
369 372 #rc_cache.cache_repo.arguments.socket_timeout = 30
370 373 #rc_cache.cache_repo.arguments.host = localhost
371 374 #rc_cache.cache_repo.arguments.port = 6379
372 375 #rc_cache.cache_repo.arguments.db = 1
373 376 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
374 377 #rc_cache.cache_repo.arguments.distributed_lock = true
375 378
376 379 ## cache settings for SQL queries, this needs to use memory type backend
377 380 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
378 381 rc_cache.sql_cache_short.expiration_time = 30
379 382
380 383 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
381 384 ## type backend as the objects kept are not pickle serializable
382 385 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
383 386 ## by default we use 96H, this is using invalidation on push anyway
384 387 rc_cache.cache_repo_longterm.expiration_time = 345600
385 388 ## max items in LRU cache, reduce this number to save memory, and expire last used
386 389 ## cached objects
387 390 rc_cache.cache_repo_longterm.max_size = 10000
388 391
389 392
390 393 ####################################
391 394 ### BEAKER SESSION ####
392 395 ####################################
393 396
394 397 ## .session.type is type of storage options for the session, current allowed
395 398 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
396 399 beaker.session.type = file
397 400 beaker.session.data_dir = %(here)s/data/sessions
398 401
399 402 ## redis sessions
400 403 #beaker.session.type = ext:redis
401 404 #beaker.session.url = redis://127.0.0.1:6379/2
402 405
403 406 ## db based session, fast, and allows easy management over logged in users
404 407 #beaker.session.type = ext:database
405 408 #beaker.session.table_name = db_session
406 409 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
407 410 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
408 411 #beaker.session.sa.pool_recycle = 3600
409 412 #beaker.session.sa.echo = false
410 413
411 414 beaker.session.key = rhodecode
412 415 beaker.session.secret = production-rc-uytcxaz
413 416 beaker.session.lock_dir = %(here)s/data/sessions/lock
414 417
415 418 ## Secure encrypted cookie. Requires AES and AES python libraries
416 419 ## you must disable beaker.session.secret to use this
417 420 #beaker.session.encrypt_key = key_for_encryption
418 421 #beaker.session.validate_key = validation_key
419 422
420 423 ## sets session as invalid(also logging out user) if it haven not been
421 424 ## accessed for given amount of time in seconds
422 425 beaker.session.timeout = 2592000
423 426 beaker.session.httponly = true
424 427 ## Path to use for the cookie. Set to prefix if you use prefix middleware
425 428 #beaker.session.cookie_path = /custom_prefix
426 429
427 430 ## uncomment for https secure cookie
428 431 beaker.session.secure = false
429 432
430 433 ## auto save the session to not to use .save()
431 434 beaker.session.auto = false
432 435
433 436 ## default cookie expiration time in seconds, set to `true` to set expire
434 437 ## at browser close
435 438 #beaker.session.cookie_expires = 3600
436 439
437 440 ###################################
438 441 ## SEARCH INDEXING CONFIGURATION ##
439 442 ###################################
440 443 ## Full text search indexer is available in rhodecode-tools under
441 444 ## `rhodecode-tools index` command
442 445
443 446 ## WHOOSH Backend, doesn't require additional services to run
444 447 ## it works good with few dozen repos
445 448 search.module = rhodecode.lib.index.whoosh
446 449 search.location = %(here)s/data/index
447 450
448 451 ########################################
449 452 ### CHANNELSTREAM CONFIG ####
450 453 ########################################
451 454 ## channelstream enables persistent connections and live notification
452 455 ## in the system. It's also used by the chat system
453 456
454 457 channelstream.enabled = false
455 458
456 459 ## server address for channelstream server on the backend
457 460 channelstream.server = 127.0.0.1:9800
458 461
459 462 ## location of the channelstream server from outside world
460 463 ## use ws:// for http or wss:// for https. This address needs to be handled
461 464 ## by external HTTP server such as Nginx or Apache
462 465 ## see Nginx/Apache configuration examples in our docs
463 466 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
464 467 channelstream.secret = secret
465 468 channelstream.history.location = %(here)s/channelstream_history
466 469
467 470 ## Internal application path that Javascript uses to connect into.
468 471 ## If you use proxy-prefix the prefix should be added before /_channelstream
469 472 channelstream.proxy_path = /_channelstream
470 473
471 474 ## Live chat for commits/pull requests. Requires CHANNELSTREAM to be enabled
472 475 ## and configured. (EE edition only)
473 476 chat.enabled = true
474 477
475 478
476 479 ###################################
477 480 ## APPENLIGHT CONFIG ##
478 481 ###################################
479 482
480 483 ## Appenlight is tailored to work with RhodeCode, see
481 484 ## http://appenlight.com for details how to obtain an account
482 485
483 486 ## Appenlight integration enabled
484 487 appenlight = false
485 488
486 489 appenlight.server_url = https://api.appenlight.com
487 490 appenlight.api_key = YOUR_API_KEY
488 491 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
489 492
490 493 ## used for JS client
491 494 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
492 495
493 496 ## TWEAK AMOUNT OF INFO SENT HERE
494 497
495 498 ## enables 404 error logging (default False)
496 499 appenlight.report_404 = false
497 500
498 501 ## time in seconds after request is considered being slow (default 1)
499 502 appenlight.slow_request_time = 1
500 503
501 504 ## record slow requests in application
502 505 ## (needs to be enabled for slow datastore recording and time tracking)
503 506 appenlight.slow_requests = true
504 507
505 508 ## enable hooking to application loggers
506 509 appenlight.logging = true
507 510
508 511 ## minimum log level for log capture
509 512 appenlight.logging.level = WARNING
510 513
511 514 ## send logs only from erroneous/slow requests
512 515 ## (saves API quota for intensive logging)
513 516 appenlight.logging_on_error = false
514 517
515 518 ## list of additional keywords that should be grabbed from environ object
516 519 ## can be string with comma separated list of words in lowercase
517 520 ## (by default client will always send following info:
518 521 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
519 522 ## start with HTTP* this list be extended with additional keywords here
520 523 appenlight.environ_keys_whitelist =
521 524
522 525 ## list of keywords that should be blanked from request object
523 526 ## can be string with comma separated list of words in lowercase
524 527 ## (by default client will always blank keys that contain following words
525 528 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
526 529 ## this list be extended with additional keywords set here
527 530 appenlight.request_keys_blacklist =
528 531
529 532 ## list of namespaces that should be ignores when gathering log entries
530 533 ## can be string with comma separated list of namespaces
531 534 ## (by default the client ignores own entries: appenlight_client.client)
532 535 appenlight.log_namespace_blacklist =
533 536
534 537
535 538 ###########################################
536 539 ### MAIN RHODECODE DATABASE CONFIG ###
537 540 ###########################################
538 541 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
539 542 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
540 543 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
541 544 # pymysql is an alternative driver for MySQL, use in case of problems with default one
542 545 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
543 546
544 547 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
545 548
546 549 # see sqlalchemy docs for other advanced settings
547 550
548 551 ## print the sql statements to output
549 552 sqlalchemy.db1.echo = false
550 553 ## recycle the connections after this amount of seconds
551 554 sqlalchemy.db1.pool_recycle = 3600
552 555
553 556 ## the number of connections to keep open inside the connection pool.
554 557 ## 0 indicates no limit
555 558 #sqlalchemy.db1.pool_size = 5
556 559
557 560 ## the number of connections to allow in connection pool "overflow", that is
558 561 ## connections that can be opened above and beyond the pool_size setting,
559 562 ## which defaults to five.
560 563 #sqlalchemy.db1.max_overflow = 10
561 564
562 565 ## Connection check ping, used to detect broken database connections
563 566 ## could be enabled to better handle cases if MySQL has gone away errors
564 567 #sqlalchemy.db1.ping_connection = true
565 568
566 569 ##################
567 570 ### VCS CONFIG ###
568 571 ##################
569 572 vcs.server.enable = true
570 573 vcs.server = localhost:9900
571 574
572 575 ## Web server connectivity protocol, responsible for web based VCS operations
573 576 ## Available protocols are:
574 577 ## `http` - use http-rpc backend (default)
575 578 vcs.server.protocol = http
576 579
577 580 ## Push/Pull operations protocol, available options are:
578 581 ## `http` - use http-rpc backend (default)
579 582 vcs.scm_app_implementation = http
580 583
581 584 ## Push/Pull operations hooks protocol, available options are:
582 585 ## `http` - use http-rpc backend (default)
583 586 vcs.hooks.protocol = http
584 587
585 588 ## Host on which this instance is listening for hooks. If vcsserver is in other location
586 589 ## this should be adjusted.
587 590 vcs.hooks.host = 127.0.0.1
588 591
589 592 vcs.server.log_level = info
590 593 ## Start VCSServer with this instance as a subprocess, useful for development
591 594 vcs.start_server = false
592 595
593 596 ## List of enabled VCS backends, available options are:
594 597 ## `hg` - mercurial
595 598 ## `git` - git
596 599 ## `svn` - subversion
597 600 vcs.backends = hg, git, svn
598 601
599 602 vcs.connection_timeout = 3600
600 603 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
601 604 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
602 605 #vcs.svn.compatible_version = pre-1.8-compatible
603 606
604 607
605 608 ############################################################
606 609 ### Subversion proxy support (mod_dav_svn) ###
607 610 ### Maps RhodeCode repo groups into SVN paths for Apache ###
608 611 ############################################################
609 612 ## Enable or disable the config file generation.
610 613 svn.proxy.generate_config = false
611 614 ## Generate config file with `SVNListParentPath` set to `On`.
612 615 svn.proxy.list_parent_path = true
613 616 ## Set location and file name of generated config file.
614 617 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
615 618 ## alternative mod_dav config template. This needs to be a mako template
616 619 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
617 620 ## Used as a prefix to the `Location` block in the generated config file.
618 621 ## In most cases it should be set to `/`.
619 622 svn.proxy.location_root = /
620 623 ## Command to reload the mod dav svn configuration on change.
621 624 ## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
622 625 ## Make sure user who runs RhodeCode process is allowed to reload Apache
623 626 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
624 627 ## If the timeout expires before the reload command finishes, the command will
625 628 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
626 629 #svn.proxy.reload_timeout = 10
627 630
628 631 ############################################################
629 632 ### SSH Support Settings ###
630 633 ############################################################
631 634
632 635 ## Defines if a custom authorized_keys file should be created and written on
633 636 ## any change user ssh keys. Setting this to false also disables possibility
634 637 ## of adding SSH keys by users from web interface. Super admins can still
635 638 ## manage SSH Keys.
636 639 ssh.generate_authorized_keyfile = false
637 640
638 641 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
639 642 # ssh.authorized_keys_ssh_opts =
640 643
641 644 ## Path to the authorized_keys file where the generate entries are placed.
642 645 ## It is possible to have multiple key files specified in `sshd_config` e.g.
643 646 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
644 647 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
645 648
646 649 ## Command to execute the SSH wrapper. The binary is available in the
647 650 ## RhodeCode installation directory.
648 651 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
649 652 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
650 653
651 654 ## Allow shell when executing the ssh-wrapper command
652 655 ssh.wrapper_cmd_allow_shell = false
653 656
654 657 ## Enables logging, and detailed output send back to the client during SSH
655 658 ## operations. Useful for debugging, shouldn't be used in production.
656 659 ssh.enable_debug_logging = false
657 660
658 661 ## Paths to binary executable, by default they are the names, but we can
659 662 ## override them if we want to use a custom one
660 663 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
661 664 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
662 665 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
663 666
664 667 ## Enables SSH key generator web interface. Disabling this still allows users
665 668 ## to add their own keys.
666 669 ssh.enable_ui_key_generator = true
667 670
668 671
669 672 ## Dummy marker to add new entries after.
670 673 ## Add any custom entries below. Please don't remove.
671 674 custom.conf = 1
672 675
673 676
674 677 ################################
675 678 ### LOGGING CONFIGURATION ####
676 679 ################################
677 680 [loggers]
678 681 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
679 682
680 683 [handlers]
681 684 keys = console, console_sql
682 685
683 686 [formatters]
684 687 keys = generic, color_formatter, color_formatter_sql
685 688
686 689 #############
687 690 ## LOGGERS ##
688 691 #############
689 692 [logger_root]
690 693 level = NOTSET
691 694 handlers = console
692 695
693 696 [logger_sqlalchemy]
694 697 level = INFO
695 698 handlers = console_sql
696 699 qualname = sqlalchemy.engine
697 700 propagate = 0
698 701
699 702 [logger_beaker]
700 703 level = DEBUG
701 704 handlers =
702 705 qualname = beaker.container
703 706 propagate = 1
704 707
705 708 [logger_rhodecode]
706 709 level = DEBUG
707 710 handlers =
708 711 qualname = rhodecode
709 712 propagate = 1
710 713
711 714 [logger_ssh_wrapper]
712 715 level = DEBUG
713 716 handlers =
714 717 qualname = ssh_wrapper
715 718 propagate = 1
716 719
717 720 [logger_celery]
718 721 level = DEBUG
719 722 handlers =
720 723 qualname = celery
721 724
722 725
723 726 ##############
724 727 ## HANDLERS ##
725 728 ##############
726 729
727 730 [handler_console]
728 731 class = StreamHandler
729 732 args = (sys.stderr, )
730 733 level = INFO
731 734 formatter = generic
732 735
733 736 [handler_console_sql]
734 737 # "level = DEBUG" logs SQL queries and results.
735 738 # "level = INFO" logs SQL queries.
736 739 # "level = WARN" logs neither. (Recommended for production systems.)
737 740 class = StreamHandler
738 741 args = (sys.stderr, )
739 742 level = WARN
740 743 formatter = generic
741 744
742 745 ################
743 746 ## FORMATTERS ##
744 747 ################
745 748
746 749 [formatter_generic]
747 750 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
748 751 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
749 752 datefmt = %Y-%m-%d %H:%M:%S
750 753
751 754 [formatter_color_formatter]
752 755 class = rhodecode.lib.logging_formatter.ColorFormatter
753 756 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
754 757 datefmt = %Y-%m-%d %H:%M:%S
755 758
756 759 [formatter_color_formatter_sql]
757 760 class = rhodecode.lib.logging_formatter.ColorFormatterSql
758 761 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
759 762 datefmt = %Y-%m-%d %H:%M:%S
General Comments 0
You need to be logged in to leave comments. Login now