##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
feat(region for s3 storage): added configurable region of s3 storage.
ilin.s -
r5456:b740f1c3 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,849 +1,852 b''
1 1
2 2 ; #########################################
3 3 ; RHODECODE COMMUNITY EDITION CONFIGURATION
4 4 ; #########################################
5 5
6 6 [DEFAULT]
7 7 ; Debug flag sets all loggers to debug, and enables request tracking
8 8 debug = true
9 9
10 10 ; ########################################################################
11 11 ; EMAIL CONFIGURATION
12 12 ; These settings will be used by the RhodeCode mailing system
13 13 ; ########################################################################
14 14
15 15 ; prefix all emails subjects with given prefix, helps filtering out emails
16 16 #email_prefix = [RhodeCode]
17 17
18 18 ; email FROM address all mails will be sent
19 19 #app_email_from = rhodecode-noreply@localhost
20 20
21 21 #smtp_server = mail.server.com
22 22 #smtp_username =
23 23 #smtp_password =
24 24 #smtp_port =
25 25 #smtp_use_tls = false
26 26 #smtp_use_ssl = true
27 27
28 28 [server:main]
29 29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
30 30 ; Host port for gunicorn are controlled by gunicorn_conf.py
31 31 host = 127.0.0.1
32 32 port = 10020
33 33
34 34
35 35 ; ###########################
36 36 ; GUNICORN APPLICATION SERVER
37 37 ; ###########################
38 38
39 39 ; run with gunicorn --paste rhodecode.ini --config gunicorn_conf.py
40 40
41 41 ; Module to use, this setting shouldn't be changed
42 42 use = egg:gunicorn#main
43 43
44 44 ; Prefix middleware for RhodeCode.
45 45 ; recommended when using proxy setup.
46 46 ; allows to set RhodeCode under a prefix in server.
47 47 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
48 48 ; And set your prefix like: `prefix = /custom_prefix`
49 49 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
50 50 ; to make your cookies only work on prefix url
51 51 [filter:proxy-prefix]
52 52 use = egg:PasteDeploy#prefix
53 53 prefix = /
54 54
55 55 [app:main]
56 56 ; The %(here)s variable will be replaced with the absolute path of parent directory
57 57 ; of this file
58 58 ; Each option in the app:main can be override by an environmental variable
59 59 ;
60 60 ;To override an option:
61 61 ;
62 62 ;RC_<KeyName>
63 63 ;Everything should be uppercase, . and - should be replaced by _.
64 64 ;For example, if you have these configuration settings:
65 65 ;rc_cache.repo_object.backend = foo
66 66 ;can be overridden by
67 67 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
68 68
69 69 use = egg:rhodecode-enterprise-ce
70 70
71 71 ; enable proxy prefix middleware, defined above
72 72 #filter-with = proxy-prefix
73 73
74 74 ; #############
75 75 ; DEBUG OPTIONS
76 76 ; #############
77 77
78 78 pyramid.reload_templates = true
79 79
80 80 # During development the we want to have the debug toolbar enabled
81 81 pyramid.includes =
82 82 pyramid_debugtoolbar
83 83
84 84 debugtoolbar.hosts = 0.0.0.0/0
85 85 debugtoolbar.exclude_prefixes =
86 86 /css
87 87 /fonts
88 88 /images
89 89 /js
90 90
91 91 ## RHODECODE PLUGINS ##
92 92 rhodecode.includes =
93 93 rhodecode.api
94 94
95 95
96 96 # api prefix url
97 97 rhodecode.api.url = /_admin/api
98 98
99 99 ; enable debug style page
100 100 debug_style = true
101 101
102 102 ; #################
103 103 ; END DEBUG OPTIONS
104 104 ; #################
105 105
106 106 ; encryption key used to encrypt social plugin tokens,
107 107 ; remote_urls with credentials etc, if not set it defaults to
108 108 ; `beaker.session.secret`
109 109 #rhodecode.encrypted_values.secret =
110 110
111 111 ; decryption strict mode (enabled by default). It controls if decryption raises
112 112 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
113 113 #rhodecode.encrypted_values.strict = false
114 114
115 115 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
116 116 ; fernet is safer, and we strongly recommend switching to it.
117 117 ; Due to backward compatibility aes is used as default.
118 118 #rhodecode.encrypted_values.algorithm = fernet
119 119
120 120 ; Return gzipped responses from RhodeCode (static files/application)
121 121 gzip_responses = false
122 122
123 123 ; Auto-generate javascript routes file on startup
124 124 generate_js_files = false
125 125
126 126 ; System global default language.
127 127 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
128 128 lang = en
129 129
130 130 ; Perform a full repository scan and import on each server start.
131 131 ; Settings this to true could lead to very long startup time.
132 132 startup.import_repos = false
133 133
134 134 ; URL at which the application is running. This is used for Bootstrapping
135 135 ; requests in context when no web request is available. Used in ishell, or
136 136 ; SSH calls. Set this for events to receive proper url for SSH calls.
137 137 app.base_url = http://rhodecode.local
138 138
139 139 ; Host at which the Service API is running.
140 140 app.service_api.host = http://rhodecode.local:10020
141 141
142 142 ; Secret for Service API authentication.
143 143 app.service_api.token =
144 144
145 145 ; Unique application ID. Should be a random unique string for security.
146 146 app_instance_uuid = rc-production
147 147
148 148 ; Cut off limit for large diffs (size in bytes). If overall diff size on
149 149 ; commit, or pull request exceeds this limit this diff will be displayed
150 150 ; partially. E.g 512000 == 512Kb
151 151 cut_off_limit_diff = 512000
152 152
153 153 ; Cut off limit for large files inside diffs (size in bytes). Each individual
154 154 ; file inside diff which exceeds this limit will be displayed partially.
155 155 ; E.g 128000 == 128Kb
156 156 cut_off_limit_file = 128000
157 157
158 158 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
159 159 vcs_full_cache = true
160 160
161 161 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
162 162 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
163 163 force_https = false
164 164
165 165 ; use Strict-Transport-Security headers
166 166 use_htsts = false
167 167
168 168 ; Set to true if your repos are exposed using the dumb protocol
169 169 git_update_server_info = false
170 170
171 171 ; RSS/ATOM feed options
172 172 rss_cut_off_limit = 256000
173 173 rss_items_per_page = 10
174 174 rss_include_diff = false
175 175
176 176 ; gist URL alias, used to create nicer urls for gist. This should be an
177 177 ; url that does rewrites to _admin/gists/{gistid}.
178 178 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
179 179 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
180 180 gist_alias_url =
181 181
182 182 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
183 183 ; used for access.
184 184 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
185 185 ; came from the the logged in user who own this authentication token.
186 186 ; Additionally @TOKEN syntax can be used to bound the view to specific
187 187 ; authentication token. Such view would be only accessible when used together
188 188 ; with this authentication token
189 189 ; list of all views can be found under `/_admin/permissions/auth_token_access`
190 190 ; The list should be "," separated and on a single line.
191 191 ; Most common views to enable:
192 192
193 193 # RepoCommitsView:repo_commit_download
194 194 # RepoCommitsView:repo_commit_patch
195 195 # RepoCommitsView:repo_commit_raw
196 196 # RepoCommitsView:repo_commit_raw@TOKEN
197 197 # RepoFilesView:repo_files_diff
198 198 # RepoFilesView:repo_archivefile
199 199 # RepoFilesView:repo_file_raw
200 200 # GistView:*
201 201 api_access_controllers_whitelist =
202 202
203 203 ; Default encoding used to convert from and to unicode
204 204 ; can be also a comma separated list of encoding in case of mixed encodings
205 205 default_encoding = UTF-8
206 206
207 207 ; instance-id prefix
208 208 ; a prefix key for this instance used for cache invalidation when running
209 209 ; multiple instances of RhodeCode, make sure it's globally unique for
210 210 ; all running RhodeCode instances. Leave empty if you don't use it
211 211 instance_id =
212 212
213 213 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
214 214 ; of an authentication plugin also if it is disabled by it's settings.
215 215 ; This could be useful if you are unable to log in to the system due to broken
216 216 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
217 217 ; module to log in again and fix the settings.
218 218 ; Available builtin plugin IDs (hash is part of the ID):
219 219 ; egg:rhodecode-enterprise-ce#rhodecode
220 220 ; egg:rhodecode-enterprise-ce#pam
221 221 ; egg:rhodecode-enterprise-ce#ldap
222 222 ; egg:rhodecode-enterprise-ce#jasig_cas
223 223 ; egg:rhodecode-enterprise-ce#headers
224 224 ; egg:rhodecode-enterprise-ce#crowd
225 225
226 226 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
227 227
228 228 ; Flag to control loading of legacy plugins in py:/path format
229 229 auth_plugin.import_legacy_plugins = true
230 230
231 231 ; alternative return HTTP header for failed authentication. Default HTTP
232 232 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
233 233 ; handling that causing a series of failed authentication calls.
234 234 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
235 235 ; This will be served instead of default 401 on bad authentication
236 236 auth_ret_code =
237 237
238 238 ; use special detection method when serving auth_ret_code, instead of serving
239 239 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
240 240 ; and then serve auth_ret_code to clients
241 241 auth_ret_code_detection = false
242 242
243 243 ; locking return code. When repository is locked return this HTTP code. 2XX
244 244 ; codes don't break the transactions while 4XX codes do
245 245 lock_ret_code = 423
246 246
247 247 ; Filesystem location were repositories should be stored
248 248 repo_store.path = /var/opt/rhodecode_repo_store
249 249
250 250 ; allows to setup custom hooks in settings page
251 251 allow_custom_hooks_settings = true
252 252
253 253 ; Generated license token required for EE edition license.
254 254 ; New generated token value can be found in Admin > settings > license page.
255 255 license_token =
256 256
257 257 ; This flag hides sensitive information on the license page such as token, and license data
258 258 license.hide_license_info = false
259 259
260 260 ; supervisor connection uri, for managing supervisor and logs.
261 261 supervisor.uri =
262 262
263 263 ; supervisord group name/id we only want this RC instance to handle
264 264 supervisor.group_id = dev
265 265
266 266 ; Display extended labs settings
267 267 labs_settings_active = true
268 268
269 269 ; Custom exception store path, defaults to TMPDIR
270 270 ; This is used to store exception from RhodeCode in shared directory
271 271 #exception_tracker.store_path =
272 272
273 273 ; Send email with exception details when it happens
274 274 #exception_tracker.send_email = false
275 275
276 276 ; Comma separated list of recipients for exception emails,
277 277 ; e.g admin@rhodecode.com,devops@rhodecode.com
278 278 ; Can be left empty, then emails will be sent to ALL super-admins
279 279 #exception_tracker.send_email_recipients =
280 280
281 281 ; optional prefix to Add to email Subject
282 282 #exception_tracker.email_prefix = [RHODECODE ERROR]
283 283
284 284 ; File store configuration. This is used to store and serve uploaded files
285 285 file_store.enabled = true
286 286
287 287 ; Storage backend, available options are: local
288 288 file_store.backend = local
289 289
290 290 ; path to store the uploaded binaries and artifacts
291 291 file_store.storage_path = /var/opt/rhodecode_data/file_store
292 292
293 293
294 294 ; Redis url to acquire/check generation of archives locks
295 295 archive_cache.locking.url = redis://redis:6379/1
296 296
297 297 ; Storage backend, only 'filesystem' and 'objectstore' are available now
298 298 archive_cache.backend.type = filesystem
299 299
300 300 ; url for s3 compatible storage that allows to upload artifacts
301 301 ; e.g http://minio:9000
302 302 archive_cache.objectstore.url = http://s3-minio:9000
303 303
304 304 ; key for s3 auth
305 305 archive_cache.objectstore.key = key
306 306
307 307 ; secret for s3 auth
308 308 archive_cache.objectstore.secret = secret
309 309
310 ;region for s3 storage
311 archive_cache.objectstore.region = eu-central-1
312
310 313 ; number of sharded buckets to create to distribute archives across
311 314 ; default is 8 shards
312 315 archive_cache.objectstore.bucket_shards = 8
313 316
314 317 ; a top-level bucket to put all other shards in
315 318 ; objects will be stored in rhodecode-archive-cache/shard-N based on the bucket_shards number
316 319 archive_cache.objectstore.bucket = rhodecode-archive-cache
317 320
318 321 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
319 322 archive_cache.objectstore.retry = false
320 323
321 324 ; number of seconds to wait for next try using retry
322 325 archive_cache.objectstore.retry_backoff = 1
323 326
324 327 ; how many tries do do a retry fetch from this backend
325 328 archive_cache.objectstore.retry_attempts = 10
326 329
327 330 ; Default is $cache_dir/archive_cache if not set
328 331 ; Generated repo archives will be cached at this location
329 332 ; and served from the cache during subsequent requests for the same archive of
330 333 ; the repository. This path is important to be shared across filesystems and with
331 334 ; RhodeCode and vcsserver
332 335 archive_cache.filesystem.store_dir = /var/opt/rhodecode_data/archive_cache
333 336
334 337 ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb
335 338 archive_cache.filesystem.cache_size_gb = 1
336 339
337 340 ; Eviction policy used to clear out after cache_size_gb limit is reached
338 341 archive_cache.filesystem.eviction_policy = least-recently-stored
339 342
340 343 ; By default cache uses sharding technique, this specifies how many shards are there
341 344 ; default is 8 shards
342 345 archive_cache.filesystem.cache_shards = 8
343 346
344 347 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
345 348 archive_cache.filesystem.retry = false
346 349
347 350 ; number of seconds to wait for next try using retry
348 351 archive_cache.filesystem.retry_backoff = 1
349 352
350 353 ; how many tries do do a retry fetch from this backend
351 354 archive_cache.filesystem.retry_attempts = 10
352 355
353 356
354 357 ; #############
355 358 ; CELERY CONFIG
356 359 ; #############
357 360
358 361 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
359 362
360 363 use_celery = true
361 364
362 365 ; path to store schedule database
363 366 #celerybeat-schedule.path =
364 367
365 368 ; connection url to the message broker (default redis)
366 369 celery.broker_url = redis://redis:6379/8
367 370
368 371 ; results backend to get results for (default redis)
369 372 celery.result_backend = redis://redis:6379/8
370 373
371 374 ; rabbitmq example
372 375 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
373 376
374 377 ; maximum tasks to execute before worker restart
375 378 celery.max_tasks_per_child = 20
376 379
377 380 ; tasks will never be sent to the queue, but executed locally instead.
378 381 celery.task_always_eager = false
379 382
380 383 ; #############
381 384 ; DOGPILE CACHE
382 385 ; #############
383 386
384 387 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
385 388 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
386 389 cache_dir = /var/opt/rhodecode_data
387 390
388 391 ; *********************************************
389 392 ; `sql_cache_short` cache for heavy SQL queries
390 393 ; Only supported backend is `memory_lru`
391 394 ; *********************************************
392 395 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
393 396 rc_cache.sql_cache_short.expiration_time = 30
394 397
395 398
396 399 ; *****************************************************
397 400 ; `cache_repo_longterm` cache for repo object instances
398 401 ; Only supported backend is `memory_lru`
399 402 ; *****************************************************
400 403 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
401 404 ; by default we use 30 Days, cache is still invalidated on push
402 405 rc_cache.cache_repo_longterm.expiration_time = 2592000
403 406 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
404 407 rc_cache.cache_repo_longterm.max_size = 10000
405 408
406 409
407 410 ; *********************************************
408 411 ; `cache_general` cache for general purpose use
409 412 ; for simplicity use rc.file_namespace backend,
410 413 ; for performance and scale use rc.redis
411 414 ; *********************************************
412 415 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
413 416 rc_cache.cache_general.expiration_time = 43200
414 417 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
415 418 #rc_cache.cache_general.arguments.filename = /tmp/cache_general_db
416 419
417 420 ; alternative `cache_general` redis backend with distributed lock
418 421 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
419 422 #rc_cache.cache_general.expiration_time = 300
420 423
421 424 ; redis_expiration_time needs to be greater then expiration_time
422 425 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
423 426
424 427 #rc_cache.cache_general.arguments.host = localhost
425 428 #rc_cache.cache_general.arguments.port = 6379
426 429 #rc_cache.cache_general.arguments.db = 0
427 430 #rc_cache.cache_general.arguments.socket_timeout = 30
428 431 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
429 432 #rc_cache.cache_general.arguments.distributed_lock = true
430 433
431 434 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
432 435 #rc_cache.cache_general.arguments.lock_auto_renewal = true
433 436
434 437 ; *************************************************
435 438 ; `cache_perms` cache for permission tree, auth TTL
436 439 ; for simplicity use rc.file_namespace backend,
437 440 ; for performance and scale use rc.redis
438 441 ; *************************************************
439 442 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
440 443 rc_cache.cache_perms.expiration_time = 3600
441 444 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
442 445 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms_db
443 446
444 447 ; alternative `cache_perms` redis backend with distributed lock
445 448 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
446 449 #rc_cache.cache_perms.expiration_time = 300
447 450
448 451 ; redis_expiration_time needs to be greater then expiration_time
449 452 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
450 453
451 454 #rc_cache.cache_perms.arguments.host = localhost
452 455 #rc_cache.cache_perms.arguments.port = 6379
453 456 #rc_cache.cache_perms.arguments.db = 0
454 457 #rc_cache.cache_perms.arguments.socket_timeout = 30
455 458 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
456 459 #rc_cache.cache_perms.arguments.distributed_lock = true
457 460
458 461 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
459 462 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
460 463
461 464 ; ***************************************************
462 465 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
463 466 ; for simplicity use rc.file_namespace backend,
464 467 ; for performance and scale use rc.redis
465 468 ; ***************************************************
466 469 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
467 470 rc_cache.cache_repo.expiration_time = 2592000
468 471 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
469 472 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo_db
470 473
471 474 ; alternative `cache_repo` redis backend with distributed lock
472 475 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
473 476 #rc_cache.cache_repo.expiration_time = 2592000
474 477
475 478 ; redis_expiration_time needs to be greater then expiration_time
476 479 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
477 480
478 481 #rc_cache.cache_repo.arguments.host = localhost
479 482 #rc_cache.cache_repo.arguments.port = 6379
480 483 #rc_cache.cache_repo.arguments.db = 1
481 484 #rc_cache.cache_repo.arguments.socket_timeout = 30
482 485 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
483 486 #rc_cache.cache_repo.arguments.distributed_lock = true
484 487
485 488 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
486 489 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
487 490
488 491 ; ##############
489 492 ; BEAKER SESSION
490 493 ; ##############
491 494
492 495 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
493 496 ; types are file, ext:redis, ext:database, ext:memcached
494 497 ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session
495 498 #beaker.session.type = file
496 499 #beaker.session.data_dir = %(here)s/data/sessions
497 500
498 501 ; Redis based sessions
499 502 beaker.session.type = ext:redis
500 503 beaker.session.url = redis://redis:6379/2
501 504
502 505 ; DB based session, fast, and allows easy management over logged in users
503 506 #beaker.session.type = ext:database
504 507 #beaker.session.table_name = db_session
505 508 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
506 509 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
507 510 #beaker.session.sa.pool_recycle = 3600
508 511 #beaker.session.sa.echo = false
509 512
510 513 beaker.session.key = rhodecode
511 514 beaker.session.secret = develop-rc-uytcxaz
512 515 beaker.session.lock_dir = /data_ramdisk/lock
513 516
514 517 ; Secure encrypted cookie. Requires AES and AES python libraries
515 518 ; you must disable beaker.session.secret to use this
516 519 #beaker.session.encrypt_key = key_for_encryption
517 520 #beaker.session.validate_key = validation_key
518 521
519 522 ; Sets session as invalid (also logging out user) if it haven not been
520 523 ; accessed for given amount of time in seconds
521 524 beaker.session.timeout = 2592000
522 525 beaker.session.httponly = true
523 526
524 527 ; Path to use for the cookie. Set to prefix if you use prefix middleware
525 528 #beaker.session.cookie_path = /custom_prefix
526 529
527 530 ; Set https secure cookie
528 531 beaker.session.secure = false
529 532
530 533 ; default cookie expiration time in seconds, set to `true` to set expire
531 534 ; at browser close
532 535 #beaker.session.cookie_expires = 3600
533 536
534 537 ; #############################
535 538 ; SEARCH INDEXING CONFIGURATION
536 539 ; #############################
537 540
538 541 ; Full text search indexer is available in rhodecode-tools under
539 542 ; `rhodecode-tools index` command
540 543
541 544 ; WHOOSH Backend, doesn't require additional services to run
542 545 ; it works good with few dozen repos
543 546 search.module = rhodecode.lib.index.whoosh
544 547 search.location = %(here)s/data/index
545 548
546 549 ; ####################
547 550 ; CHANNELSTREAM CONFIG
548 551 ; ####################
549 552
550 553 ; channelstream enables persistent connections and live notification
551 554 ; in the system. It's also used by the chat system
552 555
553 556 channelstream.enabled = true
554 557
555 558 ; server address for channelstream server on the backend
556 559 channelstream.server = channelstream:9800
557 560
558 561 ; location of the channelstream server from outside world
559 562 ; use ws:// for http or wss:// for https. This address needs to be handled
560 563 ; by external HTTP server such as Nginx or Apache
561 564 ; see Nginx/Apache configuration examples in our docs
562 565 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
563 566 channelstream.secret = ENV_GENERATED
564 567 channelstream.history.location = /var/opt/rhodecode_data/channelstream_history
565 568
566 569 ; Internal application path that Javascript uses to connect into.
567 570 ; If you use proxy-prefix the prefix should be added before /_channelstream
568 571 channelstream.proxy_path = /_channelstream
569 572
570 573
571 574 ; ##############################
572 575 ; MAIN RHODECODE DATABASE CONFIG
573 576 ; ##############################
574 577
575 578 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
576 579 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
577 580 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
578 581 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
579 582 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
580 583
581 584 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
582 585
583 586 ; see sqlalchemy docs for other advanced settings
584 587 ; print the sql statements to output
585 588 sqlalchemy.db1.echo = false
586 589
587 590 ; recycle the connections after this amount of seconds
588 591 sqlalchemy.db1.pool_recycle = 3600
589 592
590 593 ; the number of connections to keep open inside the connection pool.
591 594 ; 0 indicates no limit
592 595 ; the general calculus with gevent is:
593 596 ; if your system allows 500 concurrent greenlets (max_connections) that all do database access,
594 597 ; then increase pool size + max overflow so that they add up to 500.
595 598 #sqlalchemy.db1.pool_size = 5
596 599
597 600 ; The number of connections to allow in connection pool "overflow", that is
598 601 ; connections that can be opened above and beyond the pool_size setting,
599 602 ; which defaults to five.
600 603 #sqlalchemy.db1.max_overflow = 10
601 604
602 605 ; Connection check ping, used to detect broken database connections
603 606 ; could be enabled to better handle cases if MySQL has gone away errors
604 607 #sqlalchemy.db1.ping_connection = true
605 608
606 609 ; ##########
607 610 ; VCS CONFIG
608 611 ; ##########
609 612 vcs.server.enable = true
610 613 vcs.server = vcsserver:10010
611 614
612 615 ; Web server connectivity protocol, responsible for web based VCS operations
613 616 ; Available protocols are:
614 617 ; `http` - use http-rpc backend (default)
615 618 vcs.server.protocol = http
616 619
617 620 ; Push/Pull operations protocol, available options are:
618 621 ; `http` - use http-rpc backend (default)
619 622 vcs.scm_app_implementation = http
620 623
621 624 ; Push/Pull operations hooks protocol, available options are:
622 625 ; `http` - use http-rpc backend (default)
623 626 ; `celery` - use celery based hooks
624 627 vcs.hooks.protocol = http
625 628
626 629 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
627 630 ; accessible via network.
628 631 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
629 632 vcs.hooks.host = *
630 633
631 634 ; Start VCSServer with this instance as a subprocess, useful for development
632 635 vcs.start_server = false
633 636
634 637 ; List of enabled VCS backends, available options are:
635 638 ; `hg` - mercurial
636 639 ; `git` - git
637 640 ; `svn` - subversion
638 641 vcs.backends = hg, git, svn
639 642
640 643 ; Wait this number of seconds before killing connection to the vcsserver
641 644 vcs.connection_timeout = 3600
642 645
643 646 ; Cache flag to cache vcsserver remote calls locally
644 647 ; It uses cache_region `cache_repo`
645 648 vcs.methods.cache = true
646 649
647 650 ; ####################################################
648 651 ; Subversion proxy support (mod_dav_svn)
649 652 ; Maps RhodeCode repo groups into SVN paths for Apache
650 653 ; ####################################################
651 654
652 655 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
653 656 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
654 657 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
655 658 #vcs.svn.compatible_version = 1.8
656 659
657 660 ; Enable SVN proxy of requests over HTTP
658 661 vcs.svn.proxy.enabled = true
659 662
660 663 ; host to connect to running SVN subsystem
661 664 vcs.svn.proxy.host = http://svn:8090
662 665
663 666 ; Enable or disable the config file generation.
664 667 svn.proxy.generate_config = true
665 668
666 669 ; Generate config file with `SVNListParentPath` set to `On`.
667 670 svn.proxy.list_parent_path = true
668 671
669 672 ; Set location and file name of generated config file.
670 673 svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf
671 674
672 675 ; alternative mod_dav config template. This needs to be a valid mako template
673 676 ; Example template can be found in the source code:
674 677 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
675 678 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
676 679
677 680 ; Used as a prefix to the `Location` block in the generated config file.
678 681 ; In most cases it should be set to `/`.
679 682 svn.proxy.location_root = /
680 683
681 684 ; Command to reload the mod dav svn configuration on change.
682 685 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
683 686 ; Make sure user who runs RhodeCode process is allowed to reload Apache
684 687 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
685 688
686 689 ; If the timeout expires before the reload command finishes, the command will
687 690 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
688 691 #svn.proxy.reload_timeout = 10
689 692
690 693 ; ####################
691 694 ; SSH Support Settings
692 695 ; ####################
693 696
694 697 ; Defines if a custom authorized_keys file should be created and written on
695 698 ; any change user ssh keys. Setting this to false also disables possibility
696 699 ; of adding SSH keys by users from web interface. Super admins can still
697 700 ; manage SSH Keys.
698 701 ssh.generate_authorized_keyfile = true
699 702
700 703 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
701 704 # ssh.authorized_keys_ssh_opts =
702 705
703 706 ; Path to the authorized_keys file where the generate entries are placed.
704 707 ; It is possible to have multiple key files specified in `sshd_config` e.g.
705 708 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
706 709 ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode
707 710
708 711 ; Command to execute the SSH wrapper. The binary is available in the
709 712 ; RhodeCode installation directory.
710 713 ; legacy: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
711 714 ; new rewrite: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2
712 715 ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
713 716
714 717 ; Allow shell when executing the ssh-wrapper command
715 718 ssh.wrapper_cmd_allow_shell = false
716 719
717 720 ; Enables logging, and detailed output send back to the client during SSH
718 721 ; operations. Useful for debugging, shouldn't be used in production.
719 722 ssh.enable_debug_logging = true
720 723
721 724 ; Paths to binary executable, by default they are the names, but we can
722 725 ; override them if we want to use a custom one
723 726 ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg
724 727 ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git
725 728 ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve
726 729
727 730 ; Enables SSH key generator web interface. Disabling this still allows users
728 731 ; to add their own keys.
729 732 ssh.enable_ui_key_generator = true
730 733
731 734 ; Statsd client config, this is used to send metrics to statsd
732 735 ; We recommend setting statsd_exported and scrape them using Prometheus
733 736 #statsd.enabled = false
734 737 #statsd.statsd_host = 0.0.0.0
735 738 #statsd.statsd_port = 8125
736 739 #statsd.statsd_prefix =
737 740 #statsd.statsd_ipv6 = false
738 741
739 742 ; configure logging automatically at server startup set to false
740 743 ; to use the below custom logging config.
741 744 ; RC_LOGGING_FORMATTER
742 745 ; RC_LOGGING_LEVEL
743 746 ; env variables can control the settings for logging in case of autoconfigure
744 747
745 748 #logging.autoconfigure = true
746 749
747 750 ; specify your own custom logging config file to configure logging
748 751 #logging.logging_conf_file = /path/to/custom_logging.ini
749 752
750 753 ; Dummy marker to add new entries after.
751 754 ; Add any custom entries below. Please don't remove this marker.
752 755 custom.conf = 1
753 756
754 757
755 758 ; #####################
756 759 ; LOGGING CONFIGURATION
757 760 ; #####################
758 761
759 762 [loggers]
760 763 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
761 764
762 765 [handlers]
763 766 keys = console, console_sql
764 767
765 768 [formatters]
766 769 keys = generic, json, color_formatter, color_formatter_sql
767 770
768 771 ; #######
769 772 ; LOGGERS
770 773 ; #######
771 774 [logger_root]
772 775 level = NOTSET
773 776 handlers = console
774 777
775 778 [logger_sqlalchemy]
776 779 level = INFO
777 780 handlers = console_sql
778 781 qualname = sqlalchemy.engine
779 782 propagate = 0
780 783
781 784 [logger_beaker]
782 785 level = DEBUG
783 786 handlers =
784 787 qualname = beaker.container
785 788 propagate = 1
786 789
787 790 [logger_rhodecode]
788 791 level = DEBUG
789 792 handlers =
790 793 qualname = rhodecode
791 794 propagate = 1
792 795
793 796 [logger_ssh_wrapper]
794 797 level = DEBUG
795 798 handlers =
796 799 qualname = ssh_wrapper
797 800 propagate = 1
798 801
799 802 [logger_celery]
800 803 level = DEBUG
801 804 handlers =
802 805 qualname = celery
803 806
804 807
805 808 ; ########
806 809 ; HANDLERS
807 810 ; ########
808 811
809 812 [handler_console]
810 813 class = StreamHandler
811 814 args = (sys.stderr, )
812 815 level = DEBUG
813 816 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
814 817 ; This allows sending properly formatted logs to grafana loki or elasticsearch
815 818 formatter = color_formatter
816 819
817 820 [handler_console_sql]
818 821 ; "level = DEBUG" logs SQL queries and results.
819 822 ; "level = INFO" logs SQL queries.
820 823 ; "level = WARN" logs neither. (Recommended for production systems.)
821 824 class = StreamHandler
822 825 args = (sys.stderr, )
823 826 level = WARN
824 827 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
825 828 ; This allows sending properly formatted logs to grafana loki or elasticsearch
826 829 formatter = color_formatter_sql
827 830
828 831 ; ##########
829 832 ; FORMATTERS
830 833 ; ##########
831 834
832 835 [formatter_generic]
833 836 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
834 837 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
835 838 datefmt = %Y-%m-%d %H:%M:%S
836 839
837 840 [formatter_color_formatter]
838 841 class = rhodecode.lib.logging_formatter.ColorFormatter
839 842 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
840 843 datefmt = %Y-%m-%d %H:%M:%S
841 844
842 845 [formatter_color_formatter_sql]
843 846 class = rhodecode.lib.logging_formatter.ColorFormatterSql
844 847 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
845 848 datefmt = %Y-%m-%d %H:%M:%S
846 849
847 850 [formatter_json]
848 851 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
849 852 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
Show file before | Show file after | Hide comments
@@ -1,817 +1,820 b''
1 1
2 2 ; #########################################
3 3 ; RHODECODE COMMUNITY EDITION CONFIGURATION
4 4 ; #########################################
5 5
6 6 [DEFAULT]
7 7 ; Debug flag sets all loggers to debug, and enables request tracking
8 8 debug = false
9 9
10 10 ; ########################################################################
11 11 ; EMAIL CONFIGURATION
12 12 ; These settings will be used by the RhodeCode mailing system
13 13 ; ########################################################################
14 14
15 15 ; prefix all emails subjects with given prefix, helps filtering out emails
16 16 #email_prefix = [RhodeCode]
17 17
18 18 ; email FROM address all mails will be sent
19 19 #app_email_from = rhodecode-noreply@localhost
20 20
21 21 #smtp_server = mail.server.com
22 22 #smtp_username =
23 23 #smtp_password =
24 24 #smtp_port =
25 25 #smtp_use_tls = false
26 26 #smtp_use_ssl = true
27 27
28 28 [server:main]
29 29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
30 30 ; Host port for gunicorn are controlled by gunicorn_conf.py
31 31 host = 127.0.0.1
32 32 port = 10020
33 33
34 34
35 35 ; ###########################
36 36 ; GUNICORN APPLICATION SERVER
37 37 ; ###########################
38 38
39 39 ; run with gunicorn --paste rhodecode.ini --config gunicorn_conf.py
40 40
41 41 ; Module to use, this setting shouldn't be changed
42 42 use = egg:gunicorn#main
43 43
44 44 ; Prefix middleware for RhodeCode.
45 45 ; recommended when using proxy setup.
46 46 ; allows to set RhodeCode under a prefix in server.
47 47 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
48 48 ; And set your prefix like: `prefix = /custom_prefix`
49 49 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
50 50 ; to make your cookies only work on prefix url
51 51 [filter:proxy-prefix]
52 52 use = egg:PasteDeploy#prefix
53 53 prefix = /
54 54
55 55 [app:main]
56 56 ; The %(here)s variable will be replaced with the absolute path of parent directory
57 57 ; of this file
58 58 ; Each option in the app:main can be override by an environmental variable
59 59 ;
60 60 ;To override an option:
61 61 ;
62 62 ;RC_<KeyName>
63 63 ;Everything should be uppercase, . and - should be replaced by _.
64 64 ;For example, if you have these configuration settings:
65 65 ;rc_cache.repo_object.backend = foo
66 66 ;can be overridden by
67 67 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
68 68
69 69 use = egg:rhodecode-enterprise-ce
70 70
71 71 ; enable proxy prefix middleware, defined above
72 72 #filter-with = proxy-prefix
73 73
74 74 ; encryption key used to encrypt social plugin tokens,
75 75 ; remote_urls with credentials etc, if not set it defaults to
76 76 ; `beaker.session.secret`
77 77 #rhodecode.encrypted_values.secret =
78 78
79 79 ; decryption strict mode (enabled by default). It controls if decryption raises
80 80 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
81 81 #rhodecode.encrypted_values.strict = false
82 82
83 83 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
84 84 ; fernet is safer, and we strongly recommend switching to it.
85 85 ; Due to backward compatibility aes is used as default.
86 86 #rhodecode.encrypted_values.algorithm = fernet
87 87
88 88 ; Return gzipped responses from RhodeCode (static files/application)
89 89 gzip_responses = false
90 90
91 91 ; Auto-generate javascript routes file on startup
92 92 generate_js_files = false
93 93
94 94 ; System global default language.
95 95 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
96 96 lang = en
97 97
98 98 ; Perform a full repository scan and import on each server start.
99 99 ; Settings this to true could lead to very long startup time.
100 100 startup.import_repos = false
101 101
102 102 ; URL at which the application is running. This is used for Bootstrapping
103 103 ; requests in context when no web request is available. Used in ishell, or
104 104 ; SSH calls. Set this for events to receive proper url for SSH calls.
105 105 app.base_url = http://rhodecode.local
106 106
107 107 ; Host at which the Service API is running.
108 108 app.service_api.host = http://rhodecode.local:10020
109 109
110 110 ; Secret for Service API authentication.
111 111 app.service_api.token =
112 112
113 113 ; Unique application ID. Should be a random unique string for security.
114 114 app_instance_uuid = rc-production
115 115
116 116 ; Cut off limit for large diffs (size in bytes). If overall diff size on
117 117 ; commit, or pull request exceeds this limit this diff will be displayed
118 118 ; partially. E.g 512000 == 512Kb
119 119 cut_off_limit_diff = 512000
120 120
121 121 ; Cut off limit for large files inside diffs (size in bytes). Each individual
122 122 ; file inside diff which exceeds this limit will be displayed partially.
123 123 ; E.g 128000 == 128Kb
124 124 cut_off_limit_file = 128000
125 125
126 126 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
127 127 vcs_full_cache = true
128 128
129 129 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
130 130 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
131 131 force_https = false
132 132
133 133 ; use Strict-Transport-Security headers
134 134 use_htsts = false
135 135
136 136 ; Set to true if your repos are exposed using the dumb protocol
137 137 git_update_server_info = false
138 138
139 139 ; RSS/ATOM feed options
140 140 rss_cut_off_limit = 256000
141 141 rss_items_per_page = 10
142 142 rss_include_diff = false
143 143
144 144 ; gist URL alias, used to create nicer urls for gist. This should be an
145 145 ; url that does rewrites to _admin/gists/{gistid}.
146 146 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
147 147 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
148 148 gist_alias_url =
149 149
150 150 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
151 151 ; used for access.
152 152 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
153 153 ; came from the the logged in user who own this authentication token.
154 154 ; Additionally @TOKEN syntax can be used to bound the view to specific
155 155 ; authentication token. Such view would be only accessible when used together
156 156 ; with this authentication token
157 157 ; list of all views can be found under `/_admin/permissions/auth_token_access`
158 158 ; The list should be "," separated and on a single line.
159 159 ; Most common views to enable:
160 160
161 161 # RepoCommitsView:repo_commit_download
162 162 # RepoCommitsView:repo_commit_patch
163 163 # RepoCommitsView:repo_commit_raw
164 164 # RepoCommitsView:repo_commit_raw@TOKEN
165 165 # RepoFilesView:repo_files_diff
166 166 # RepoFilesView:repo_archivefile
167 167 # RepoFilesView:repo_file_raw
168 168 # GistView:*
169 169 api_access_controllers_whitelist =
170 170
171 171 ; Default encoding used to convert from and to unicode
172 172 ; can be also a comma separated list of encoding in case of mixed encodings
173 173 default_encoding = UTF-8
174 174
175 175 ; instance-id prefix
176 176 ; a prefix key for this instance used for cache invalidation when running
177 177 ; multiple instances of RhodeCode, make sure it's globally unique for
178 178 ; all running RhodeCode instances. Leave empty if you don't use it
179 179 instance_id =
180 180
181 181 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
182 182 ; of an authentication plugin also if it is disabled by it's settings.
183 183 ; This could be useful if you are unable to log in to the system due to broken
184 184 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
185 185 ; module to log in again and fix the settings.
186 186 ; Available builtin plugin IDs (hash is part of the ID):
187 187 ; egg:rhodecode-enterprise-ce#rhodecode
188 188 ; egg:rhodecode-enterprise-ce#pam
189 189 ; egg:rhodecode-enterprise-ce#ldap
190 190 ; egg:rhodecode-enterprise-ce#jasig_cas
191 191 ; egg:rhodecode-enterprise-ce#headers
192 192 ; egg:rhodecode-enterprise-ce#crowd
193 193
194 194 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
195 195
196 196 ; Flag to control loading of legacy plugins in py:/path format
197 197 auth_plugin.import_legacy_plugins = true
198 198
199 199 ; alternative return HTTP header for failed authentication. Default HTTP
200 200 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
201 201 ; handling that causing a series of failed authentication calls.
202 202 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
203 203 ; This will be served instead of default 401 on bad authentication
204 204 auth_ret_code =
205 205
206 206 ; use special detection method when serving auth_ret_code, instead of serving
207 207 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
208 208 ; and then serve auth_ret_code to clients
209 209 auth_ret_code_detection = false
210 210
211 211 ; locking return code. When repository is locked return this HTTP code. 2XX
212 212 ; codes don't break the transactions while 4XX codes do
213 213 lock_ret_code = 423
214 214
215 215 ; Filesystem location were repositories should be stored
216 216 repo_store.path = /var/opt/rhodecode_repo_store
217 217
218 218 ; allows to setup custom hooks in settings page
219 219 allow_custom_hooks_settings = true
220 220
221 221 ; Generated license token required for EE edition license.
222 222 ; New generated token value can be found in Admin > settings > license page.
223 223 license_token =
224 224
225 225 ; This flag hides sensitive information on the license page such as token, and license data
226 226 license.hide_license_info = false
227 227
228 228 ; supervisor connection uri, for managing supervisor and logs.
229 229 supervisor.uri =
230 230
231 231 ; supervisord group name/id we only want this RC instance to handle
232 232 supervisor.group_id = prod
233 233
234 234 ; Display extended labs settings
235 235 labs_settings_active = true
236 236
237 237 ; Custom exception store path, defaults to TMPDIR
238 238 ; This is used to store exception from RhodeCode in shared directory
239 239 #exception_tracker.store_path =
240 240
241 241 ; Send email with exception details when it happens
242 242 #exception_tracker.send_email = false
243 243
244 244 ; Comma separated list of recipients for exception emails,
245 245 ; e.g admin@rhodecode.com,devops@rhodecode.com
246 246 ; Can be left empty, then emails will be sent to ALL super-admins
247 247 #exception_tracker.send_email_recipients =
248 248
249 249 ; optional prefix to Add to email Subject
250 250 #exception_tracker.email_prefix = [RHODECODE ERROR]
251 251
252 252 ; File store configuration. This is used to store and serve uploaded files
253 253 file_store.enabled = true
254 254
255 255 ; Storage backend, available options are: local
256 256 file_store.backend = local
257 257
258 258 ; path to store the uploaded binaries and artifacts
259 259 file_store.storage_path = /var/opt/rhodecode_data/file_store
260 260
261 261
262 262 ; Redis url to acquire/check generation of archives locks
263 263 archive_cache.locking.url = redis://redis:6379/1
264 264
265 265 ; Storage backend, only 'filesystem' and 'objectstore' are available now
266 266 archive_cache.backend.type = filesystem
267 267
268 268 ; url for s3 compatible storage that allows to upload artifacts
269 269 ; e.g http://minio:9000
270 270 archive_cache.objectstore.url = http://s3-minio:9000
271 271
272 272 ; key for s3 auth
273 273 archive_cache.objectstore.key = key
274 274
275 275 ; secret for s3 auth
276 276 archive_cache.objectstore.secret = secret
277 277
278 ;region for s3 storage
279 archive_cache.objectstore.region = eu-central-1
280
278 281 ; number of sharded buckets to create to distribute archives across
279 282 ; default is 8 shards
280 283 archive_cache.objectstore.bucket_shards = 8
281 284
282 285 ; a top-level bucket to put all other shards in
283 286 ; objects will be stored in rhodecode-archive-cache/shard-N based on the bucket_shards number
284 287 archive_cache.objectstore.bucket = rhodecode-archive-cache
285 288
286 289 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
287 290 archive_cache.objectstore.retry = false
288 291
289 292 ; number of seconds to wait for next try using retry
290 293 archive_cache.objectstore.retry_backoff = 1
291 294
292 295 ; how many tries do do a retry fetch from this backend
293 296 archive_cache.objectstore.retry_attempts = 10
294 297
295 298 ; Default is $cache_dir/archive_cache if not set
296 299 ; Generated repo archives will be cached at this location
297 300 ; and served from the cache during subsequent requests for the same archive of
298 301 ; the repository. This path is important to be shared across filesystems and with
299 302 ; RhodeCode and vcsserver
300 303 archive_cache.filesystem.store_dir = /var/opt/rhodecode_data/archive_cache
301 304
302 305 ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb
303 306 archive_cache.filesystem.cache_size_gb = 40
304 307
305 308 ; Eviction policy used to clear out after cache_size_gb limit is reached
306 309 archive_cache.filesystem.eviction_policy = least-recently-stored
307 310
308 311 ; By default cache uses sharding technique, this specifies how many shards are there
309 312 ; default is 8 shards
310 313 archive_cache.filesystem.cache_shards = 8
311 314
312 315 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
313 316 archive_cache.filesystem.retry = false
314 317
315 318 ; number of seconds to wait for next try using retry
316 319 archive_cache.filesystem.retry_backoff = 1
317 320
318 321 ; how many tries do do a retry fetch from this backend
319 322 archive_cache.filesystem.retry_attempts = 10
320 323
321 324
322 325 ; #############
323 326 ; CELERY CONFIG
324 327 ; #############
325 328
326 329 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
327 330
328 331 use_celery = true
329 332
330 333 ; path to store schedule database
331 334 #celerybeat-schedule.path =
332 335
333 336 ; connection url to the message broker (default redis)
334 337 celery.broker_url = redis://redis:6379/8
335 338
336 339 ; results backend to get results for (default redis)
337 340 celery.result_backend = redis://redis:6379/8
338 341
339 342 ; rabbitmq example
340 343 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
341 344
342 345 ; maximum tasks to execute before worker restart
343 346 celery.max_tasks_per_child = 20
344 347
345 348 ; tasks will never be sent to the queue, but executed locally instead.
346 349 celery.task_always_eager = false
347 350
348 351 ; #############
349 352 ; DOGPILE CACHE
350 353 ; #############
351 354
352 355 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
353 356 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
354 357 cache_dir = /var/opt/rhodecode_data
355 358
356 359 ; *********************************************
357 360 ; `sql_cache_short` cache for heavy SQL queries
358 361 ; Only supported backend is `memory_lru`
359 362 ; *********************************************
360 363 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
361 364 rc_cache.sql_cache_short.expiration_time = 30
362 365
363 366
364 367 ; *****************************************************
365 368 ; `cache_repo_longterm` cache for repo object instances
366 369 ; Only supported backend is `memory_lru`
367 370 ; *****************************************************
368 371 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
369 372 ; by default we use 30 Days, cache is still invalidated on push
370 373 rc_cache.cache_repo_longterm.expiration_time = 2592000
371 374 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
372 375 rc_cache.cache_repo_longterm.max_size = 10000
373 376
374 377
375 378 ; *********************************************
376 379 ; `cache_general` cache for general purpose use
377 380 ; for simplicity use rc.file_namespace backend,
378 381 ; for performance and scale use rc.redis
379 382 ; *********************************************
380 383 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
381 384 rc_cache.cache_general.expiration_time = 43200
382 385 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
383 386 #rc_cache.cache_general.arguments.filename = /tmp/cache_general_db
384 387
385 388 ; alternative `cache_general` redis backend with distributed lock
386 389 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
387 390 #rc_cache.cache_general.expiration_time = 300
388 391
389 392 ; redis_expiration_time needs to be greater then expiration_time
390 393 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
391 394
392 395 #rc_cache.cache_general.arguments.host = localhost
393 396 #rc_cache.cache_general.arguments.port = 6379
394 397 #rc_cache.cache_general.arguments.db = 0
395 398 #rc_cache.cache_general.arguments.socket_timeout = 30
396 399 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
397 400 #rc_cache.cache_general.arguments.distributed_lock = true
398 401
399 402 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
400 403 #rc_cache.cache_general.arguments.lock_auto_renewal = true
401 404
402 405 ; *************************************************
403 406 ; `cache_perms` cache for permission tree, auth TTL
404 407 ; for simplicity use rc.file_namespace backend,
405 408 ; for performance and scale use rc.redis
406 409 ; *************************************************
407 410 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
408 411 rc_cache.cache_perms.expiration_time = 3600
409 412 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
410 413 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms_db
411 414
412 415 ; alternative `cache_perms` redis backend with distributed lock
413 416 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
414 417 #rc_cache.cache_perms.expiration_time = 300
415 418
416 419 ; redis_expiration_time needs to be greater then expiration_time
417 420 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
418 421
419 422 #rc_cache.cache_perms.arguments.host = localhost
420 423 #rc_cache.cache_perms.arguments.port = 6379
421 424 #rc_cache.cache_perms.arguments.db = 0
422 425 #rc_cache.cache_perms.arguments.socket_timeout = 30
423 426 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
424 427 #rc_cache.cache_perms.arguments.distributed_lock = true
425 428
426 429 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
427 430 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
428 431
429 432 ; ***************************************************
430 433 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
431 434 ; for simplicity use rc.file_namespace backend,
432 435 ; for performance and scale use rc.redis
433 436 ; ***************************************************
434 437 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
435 438 rc_cache.cache_repo.expiration_time = 2592000
436 439 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
437 440 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo_db
438 441
439 442 ; alternative `cache_repo` redis backend with distributed lock
440 443 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
441 444 #rc_cache.cache_repo.expiration_time = 2592000
442 445
443 446 ; redis_expiration_time needs to be greater then expiration_time
444 447 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
445 448
446 449 #rc_cache.cache_repo.arguments.host = localhost
447 450 #rc_cache.cache_repo.arguments.port = 6379
448 451 #rc_cache.cache_repo.arguments.db = 1
449 452 #rc_cache.cache_repo.arguments.socket_timeout = 30
450 453 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
451 454 #rc_cache.cache_repo.arguments.distributed_lock = true
452 455
453 456 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
454 457 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
455 458
456 459 ; ##############
457 460 ; BEAKER SESSION
458 461 ; ##############
459 462
460 463 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
461 464 ; types are file, ext:redis, ext:database, ext:memcached
462 465 ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session
463 466 #beaker.session.type = file
464 467 #beaker.session.data_dir = %(here)s/data/sessions
465 468
466 469 ; Redis based sessions
467 470 beaker.session.type = ext:redis
468 471 beaker.session.url = redis://redis:6379/2
469 472
470 473 ; DB based session, fast, and allows easy management over logged in users
471 474 #beaker.session.type = ext:database
472 475 #beaker.session.table_name = db_session
473 476 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
474 477 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
475 478 #beaker.session.sa.pool_recycle = 3600
476 479 #beaker.session.sa.echo = false
477 480
478 481 beaker.session.key = rhodecode
479 482 beaker.session.secret = production-rc-uytcxaz
480 483 beaker.session.lock_dir = /data_ramdisk/lock
481 484
482 485 ; Secure encrypted cookie. Requires AES and AES python libraries
483 486 ; you must disable beaker.session.secret to use this
484 487 #beaker.session.encrypt_key = key_for_encryption
485 488 #beaker.session.validate_key = validation_key
486 489
487 490 ; Sets session as invalid (also logging out user) if it haven not been
488 491 ; accessed for given amount of time in seconds
489 492 beaker.session.timeout = 2592000
490 493 beaker.session.httponly = true
491 494
492 495 ; Path to use for the cookie. Set to prefix if you use prefix middleware
493 496 #beaker.session.cookie_path = /custom_prefix
494 497
495 498 ; Set https secure cookie
496 499 beaker.session.secure = false
497 500
498 501 ; default cookie expiration time in seconds, set to `true` to set expire
499 502 ; at browser close
500 503 #beaker.session.cookie_expires = 3600
501 504
502 505 ; #############################
503 506 ; SEARCH INDEXING CONFIGURATION
504 507 ; #############################
505 508
506 509 ; Full text search indexer is available in rhodecode-tools under
507 510 ; `rhodecode-tools index` command
508 511
509 512 ; WHOOSH Backend, doesn't require additional services to run
510 513 ; it works good with few dozen repos
511 514 search.module = rhodecode.lib.index.whoosh
512 515 search.location = %(here)s/data/index
513 516
514 517 ; ####################
515 518 ; CHANNELSTREAM CONFIG
516 519 ; ####################
517 520
518 521 ; channelstream enables persistent connections and live notification
519 522 ; in the system. It's also used by the chat system
520 523
521 524 channelstream.enabled = true
522 525
523 526 ; server address for channelstream server on the backend
524 527 channelstream.server = channelstream:9800
525 528
526 529 ; location of the channelstream server from outside world
527 530 ; use ws:// for http or wss:// for https. This address needs to be handled
528 531 ; by external HTTP server such as Nginx or Apache
529 532 ; see Nginx/Apache configuration examples in our docs
530 533 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
531 534 channelstream.secret = ENV_GENERATED
532 535 channelstream.history.location = /var/opt/rhodecode_data/channelstream_history
533 536
534 537 ; Internal application path that Javascript uses to connect into.
535 538 ; If you use proxy-prefix the prefix should be added before /_channelstream
536 539 channelstream.proxy_path = /_channelstream
537 540
538 541
539 542 ; ##############################
540 543 ; MAIN RHODECODE DATABASE CONFIG
541 544 ; ##############################
542 545
543 546 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
544 547 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
545 548 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
546 549 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
547 550 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
548 551
549 552 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
550 553
551 554 ; see sqlalchemy docs for other advanced settings
552 555 ; print the sql statements to output
553 556 sqlalchemy.db1.echo = false
554 557
555 558 ; recycle the connections after this amount of seconds
556 559 sqlalchemy.db1.pool_recycle = 3600
557 560
558 561 ; the number of connections to keep open inside the connection pool.
559 562 ; 0 indicates no limit
560 563 ; the general calculus with gevent is:
561 564 ; if your system allows 500 concurrent greenlets (max_connections) that all do database access,
562 565 ; then increase pool size + max overflow so that they add up to 500.
563 566 #sqlalchemy.db1.pool_size = 5
564 567
565 568 ; The number of connections to allow in connection pool "overflow", that is
566 569 ; connections that can be opened above and beyond the pool_size setting,
567 570 ; which defaults to five.
568 571 #sqlalchemy.db1.max_overflow = 10
569 572
570 573 ; Connection check ping, used to detect broken database connections
571 574 ; could be enabled to better handle cases if MySQL has gone away errors
572 575 #sqlalchemy.db1.ping_connection = true
573 576
574 577 ; ##########
575 578 ; VCS CONFIG
576 579 ; ##########
577 580 vcs.server.enable = true
578 581 vcs.server = vcsserver:10010
579 582
580 583 ; Web server connectivity protocol, responsible for web based VCS operations
581 584 ; Available protocols are:
582 585 ; `http` - use http-rpc backend (default)
583 586 vcs.server.protocol = http
584 587
585 588 ; Push/Pull operations protocol, available options are:
586 589 ; `http` - use http-rpc backend (default)
587 590 vcs.scm_app_implementation = http
588 591
589 592 ; Push/Pull operations hooks protocol, available options are:
590 593 ; `http` - use http-rpc backend (default)
591 594 ; `celery` - use celery based hooks
592 595 vcs.hooks.protocol = http
593 596
594 597 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
595 598 ; accessible via network.
596 599 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
597 600 vcs.hooks.host = *
598 601
599 602 ; Start VCSServer with this instance as a subprocess, useful for development
600 603 vcs.start_server = false
601 604
602 605 ; List of enabled VCS backends, available options are:
603 606 ; `hg` - mercurial
604 607 ; `git` - git
605 608 ; `svn` - subversion
606 609 vcs.backends = hg, git, svn
607 610
608 611 ; Wait this number of seconds before killing connection to the vcsserver
609 612 vcs.connection_timeout = 3600
610 613
611 614 ; Cache flag to cache vcsserver remote calls locally
612 615 ; It uses cache_region `cache_repo`
613 616 vcs.methods.cache = true
614 617
615 618 ; ####################################################
616 619 ; Subversion proxy support (mod_dav_svn)
617 620 ; Maps RhodeCode repo groups into SVN paths for Apache
618 621 ; ####################################################
619 622
620 623 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
621 624 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
622 625 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
623 626 #vcs.svn.compatible_version = 1.8
624 627
625 628 ; Enable SVN proxy of requests over HTTP
626 629 vcs.svn.proxy.enabled = true
627 630
628 631 ; host to connect to running SVN subsystem
629 632 vcs.svn.proxy.host = http://svn:8090
630 633
631 634 ; Enable or disable the config file generation.
632 635 svn.proxy.generate_config = true
633 636
634 637 ; Generate config file with `SVNListParentPath` set to `On`.
635 638 svn.proxy.list_parent_path = true
636 639
637 640 ; Set location and file name of generated config file.
638 641 svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf
639 642
640 643 ; alternative mod_dav config template. This needs to be a valid mako template
641 644 ; Example template can be found in the source code:
642 645 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
643 646 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
644 647
645 648 ; Used as a prefix to the `Location` block in the generated config file.
646 649 ; In most cases it should be set to `/`.
647 650 svn.proxy.location_root = /
648 651
649 652 ; Command to reload the mod dav svn configuration on change.
650 653 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
651 654 ; Make sure user who runs RhodeCode process is allowed to reload Apache
652 655 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
653 656
654 657 ; If the timeout expires before the reload command finishes, the command will
655 658 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
656 659 #svn.proxy.reload_timeout = 10
657 660
658 661 ; ####################
659 662 ; SSH Support Settings
660 663 ; ####################
661 664
662 665 ; Defines if a custom authorized_keys file should be created and written on
663 666 ; any change user ssh keys. Setting this to false also disables possibility
664 667 ; of adding SSH keys by users from web interface. Super admins can still
665 668 ; manage SSH Keys.
666 669 ssh.generate_authorized_keyfile = true
667 670
668 671 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
669 672 # ssh.authorized_keys_ssh_opts =
670 673
671 674 ; Path to the authorized_keys file where the generate entries are placed.
672 675 ; It is possible to have multiple key files specified in `sshd_config` e.g.
673 676 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
674 677 ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode
675 678
676 679 ; Command to execute the SSH wrapper. The binary is available in the
677 680 ; RhodeCode installation directory.
678 681 ; legacy: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
679 682 ; new rewrite: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2
680 683 ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
681 684
682 685 ; Allow shell when executing the ssh-wrapper command
683 686 ssh.wrapper_cmd_allow_shell = false
684 687
685 688 ; Enables logging, and detailed output send back to the client during SSH
686 689 ; operations. Useful for debugging, shouldn't be used in production.
687 690 ssh.enable_debug_logging = false
688 691
689 692 ; Paths to binary executable, by default they are the names, but we can
690 693 ; override them if we want to use a custom one
691 694 ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg
692 695 ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git
693 696 ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve
694 697
695 698 ; Enables SSH key generator web interface. Disabling this still allows users
696 699 ; to add their own keys.
697 700 ssh.enable_ui_key_generator = true
698 701
699 702 ; Statsd client config, this is used to send metrics to statsd
700 703 ; We recommend setting statsd_exported and scrape them using Prometheus
701 704 #statsd.enabled = false
702 705 #statsd.statsd_host = 0.0.0.0
703 706 #statsd.statsd_port = 8125
704 707 #statsd.statsd_prefix =
705 708 #statsd.statsd_ipv6 = false
706 709
707 710 ; configure logging automatically at server startup set to false
708 711 ; to use the below custom logging config.
709 712 ; RC_LOGGING_FORMATTER
710 713 ; RC_LOGGING_LEVEL
711 714 ; env variables can control the settings for logging in case of autoconfigure
712 715
713 716 #logging.autoconfigure = true
714 717
715 718 ; specify your own custom logging config file to configure logging
716 719 #logging.logging_conf_file = /path/to/custom_logging.ini
717 720
718 721 ; Dummy marker to add new entries after.
719 722 ; Add any custom entries below. Please don't remove this marker.
720 723 custom.conf = 1
721 724
722 725
723 726 ; #####################
724 727 ; LOGGING CONFIGURATION
725 728 ; #####################
726 729
727 730 [loggers]
728 731 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
729 732
730 733 [handlers]
731 734 keys = console, console_sql
732 735
733 736 [formatters]
734 737 keys = generic, json, color_formatter, color_formatter_sql
735 738
736 739 ; #######
737 740 ; LOGGERS
738 741 ; #######
739 742 [logger_root]
740 743 level = NOTSET
741 744 handlers = console
742 745
743 746 [logger_sqlalchemy]
744 747 level = INFO
745 748 handlers = console_sql
746 749 qualname = sqlalchemy.engine
747 750 propagate = 0
748 751
749 752 [logger_beaker]
750 753 level = DEBUG
751 754 handlers =
752 755 qualname = beaker.container
753 756 propagate = 1
754 757
755 758 [logger_rhodecode]
756 759 level = DEBUG
757 760 handlers =
758 761 qualname = rhodecode
759 762 propagate = 1
760 763
761 764 [logger_ssh_wrapper]
762 765 level = DEBUG
763 766 handlers =
764 767 qualname = ssh_wrapper
765 768 propagate = 1
766 769
767 770 [logger_celery]
768 771 level = DEBUG
769 772 handlers =
770 773 qualname = celery
771 774
772 775
773 776 ; ########
774 777 ; HANDLERS
775 778 ; ########
776 779
777 780 [handler_console]
778 781 class = StreamHandler
779 782 args = (sys.stderr, )
780 783 level = INFO
781 784 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
782 785 ; This allows sending properly formatted logs to grafana loki or elasticsearch
783 786 formatter = generic
784 787
785 788 [handler_console_sql]
786 789 ; "level = DEBUG" logs SQL queries and results.
787 790 ; "level = INFO" logs SQL queries.
788 791 ; "level = WARN" logs neither. (Recommended for production systems.)
789 792 class = StreamHandler
790 793 args = (sys.stderr, )
791 794 level = WARN
792 795 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
793 796 ; This allows sending properly formatted logs to grafana loki or elasticsearch
794 797 formatter = generic
795 798
796 799 ; ##########
797 800 ; FORMATTERS
798 801 ; ##########
799 802
800 803 [formatter_generic]
801 804 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
802 805 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
803 806 datefmt = %Y-%m-%d %H:%M:%S
804 807
805 808 [formatter_color_formatter]
806 809 class = rhodecode.lib.logging_formatter.ColorFormatter
807 810 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
808 811 datefmt = %Y-%m-%d %H:%M:%S
809 812
810 813 [formatter_color_formatter_sql]
811 814 class = rhodecode.lib.logging_formatter.ColorFormatterSql
812 815 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
813 816 datefmt = %Y-%m-%d %H:%M:%S
814 817
815 818 [formatter_json]
816 819 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
817 820 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
Show file before | Show file after | Hide comments
@@ -1,222 +1,223 b''
1 1 # Copyright (C) 2010-2023 RhodeCode GmbH
2 2 #
3 3 # This program is free software: you can redistribute it and/or modify
4 4 # it under the terms of the GNU Affero General Public License, version 3
5 5 # (only), as published by the Free Software Foundation.
6 6 #
7 7 # This program is distributed in the hope that it will be useful,
8 8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 10 # GNU General Public License for more details.
11 11 #
12 12 # You should have received a copy of the GNU Affero General Public License
13 13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 14 #
15 15 # This program is dual-licensed. If you wish to learn more about the
16 16 # RhodeCode Enterprise Edition, including its added features, Support services,
17 17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18 18
19 19 import os
20 20 import tempfile
21 21 import logging
22 22
23 23 from pyramid.settings import asbool
24 24
25 25 from rhodecode.config.settings_maker import SettingsMaker
26 26 from rhodecode.config import utils as config_utils
27 27
28 28 log = logging.getLogger(__name__)
29 29
30 30
31 31 def sanitize_settings_and_apply_defaults(global_config, settings):
32 32 """
33 33 Applies settings defaults and does all type conversion.
34 34
35 35 We would move all settings parsing and preparation into this place, so that
36 36 we have only one place left which deals with this part. The remaining parts
37 37 of the application would start to rely fully on well-prepared settings.
38 38
39 39 This piece would later be split up per topic to avoid a big fat monster
40 40 function.
41 41 """
42 42 jn = os.path.join
43 43
44 44 global_settings_maker = SettingsMaker(global_config)
45 45 global_settings_maker.make_setting('debug', default=False, parser='bool')
46 46 debug_enabled = asbool(global_config.get('debug'))
47 47
48 48 settings_maker = SettingsMaker(settings)
49 49
50 50 settings_maker.make_setting(
51 51 'logging.autoconfigure',
52 52 default=False,
53 53 parser='bool')
54 54
55 55 logging_conf = jn(os.path.dirname(global_config.get('__file__')), 'logging.ini')
56 56 settings_maker.enable_logging(logging_conf, level='INFO' if debug_enabled else 'DEBUG')
57 57
58 58 # Default includes, possible to change as a user
59 59 pyramid_includes = settings_maker.make_setting('pyramid.includes', [], parser='list:newline')
60 60 log.debug(
61 61 "Using the following pyramid.includes: %s",
62 62 pyramid_includes)
63 63
64 64 settings_maker.make_setting('rhodecode.edition', 'Community Edition')
65 65 settings_maker.make_setting('rhodecode.edition_id', 'CE')
66 66
67 67 if 'mako.default_filters' not in settings:
68 68 # set custom default filters if we don't have it defined
69 69 settings['mako.imports'] = 'from rhodecode.lib.base import h_filter'
70 70 settings['mako.default_filters'] = 'h_filter'
71 71
72 72 if 'mako.directories' not in settings:
73 73 mako_directories = settings.setdefault('mako.directories', [
74 74 # Base templates of the original application
75 75 'rhodecode:templates',
76 76 ])
77 77 log.debug(
78 78 "Using the following Mako template directories: %s",
79 79 mako_directories)
80 80
81 81 # NOTE(marcink): fix redis requirement for schema of connection since 3.X
82 82 if 'beaker.session.type' in settings and settings['beaker.session.type'] == 'ext:redis':
83 83 raw_url = settings['beaker.session.url']
84 84 if not raw_url.startswith(('redis://', 'rediss://', 'unix://')):
85 85 settings['beaker.session.url'] = 'redis://' + raw_url
86 86
87 87 settings_maker.make_setting('__file__', global_config.get('__file__'))
88 88
89 89 # TODO: johbo: Re-think this, usually the call to config.include
90 90 # should allow to pass in a prefix.
91 91 settings_maker.make_setting('rhodecode.api.url', '/_admin/api')
92 92
93 93 # Sanitize generic settings.
94 94 settings_maker.make_setting('default_encoding', 'UTF-8', parser='list')
95 95 settings_maker.make_setting('gzip_responses', False, parser='bool')
96 96 settings_maker.make_setting('startup.import_repos', 'false', parser='bool')
97 97
98 98 # statsd
99 99 settings_maker.make_setting('statsd.enabled', False, parser='bool')
100 100 settings_maker.make_setting('statsd.statsd_host', 'statsd-exporter', parser='string')
101 101 settings_maker.make_setting('statsd.statsd_port', 9125, parser='int')
102 102 settings_maker.make_setting('statsd.statsd_prefix', '')
103 103 settings_maker.make_setting('statsd.statsd_ipv6', False, parser='bool')
104 104
105 105 settings_maker.make_setting('vcs.svn.compatible_version', '')
106 106 settings_maker.make_setting('vcs.svn.proxy.enabled', True, parser='bool')
107 107 settings_maker.make_setting('vcs.svn.proxy.host', 'http://svn:8090', parser='string')
108 108 settings_maker.make_setting('vcs.hooks.protocol', 'http')
109 109 settings_maker.make_setting('vcs.hooks.host', '*')
110 110 settings_maker.make_setting('vcs.scm_app_implementation', 'http')
111 111 settings_maker.make_setting('vcs.server', '')
112 112 settings_maker.make_setting('vcs.server.protocol', 'http')
113 113 settings_maker.make_setting('vcs.server.enable', 'true', parser='bool')
114 114 settings_maker.make_setting('vcs.hooks.direct_calls', 'false', parser='bool')
115 115 settings_maker.make_setting('vcs.start_server', 'false', parser='bool')
116 116 settings_maker.make_setting('vcs.backends', 'hg, git, svn', parser='list')
117 117 settings_maker.make_setting('vcs.connection_timeout', 3600, parser='int')
118 118
119 119 settings_maker.make_setting('vcs.methods.cache', True, parser='bool')
120 120
121 121 # repo_store path
122 122 settings_maker.make_setting('repo_store.path', '/var/opt/rhodecode_repo_store')
123 123 # Support legacy values of vcs.scm_app_implementation. Legacy
124 124 # configurations may use 'rhodecode.lib.middleware.utils.scm_app_http', or
125 125 # disabled since 4.13 'vcsserver.scm_app' which is now mapped to 'http'.
126 126 scm_app_impl = settings['vcs.scm_app_implementation']
127 127 if scm_app_impl in ['rhodecode.lib.middleware.utils.scm_app_http', 'vcsserver.scm_app']:
128 128 settings['vcs.scm_app_implementation'] = 'http'
129 129
130 130 settings_maker.make_setting('appenlight', False, parser='bool')
131 131
132 132 temp_store = tempfile.gettempdir()
133 133 tmp_cache_dir = jn(temp_store, 'rc_cache')
134 134
135 135 # save default, cache dir, and use it for all backends later.
136 136 default_cache_dir = settings_maker.make_setting(
137 137 'cache_dir',
138 138 default=tmp_cache_dir, default_when_empty=True,
139 139 parser='dir:ensured')
140 140
141 141 # exception store cache
142 142 settings_maker.make_setting(
143 143 'exception_tracker.store_path',
144 144 default=jn(default_cache_dir, 'exc_store'), default_when_empty=True,
145 145 parser='dir:ensured'
146 146 )
147 147
148 148 settings_maker.make_setting(
149 149 'celerybeat-schedule.path',
150 150 default=jn(default_cache_dir, 'celerybeat_schedule', 'celerybeat-schedule.db'), default_when_empty=True,
151 151 parser='file:ensured'
152 152 )
153 153
154 154 settings_maker.make_setting('exception_tracker.send_email', False, parser='bool')
155 155 settings_maker.make_setting('exception_tracker.email_prefix', '[RHODECODE ERROR]', default_when_empty=True)
156 156
157 157 # sessions, ensure file since no-value is memory
158 158 settings_maker.make_setting('beaker.session.type', 'file')
159 159 settings_maker.make_setting('beaker.session.data_dir', jn(default_cache_dir, 'session_data'))
160 160
161 161 # cache_general
162 162 settings_maker.make_setting('rc_cache.cache_general.backend', 'dogpile.cache.rc.file_namespace')
163 163 settings_maker.make_setting('rc_cache.cache_general.expiration_time', 60 * 60 * 12, parser='int')
164 164 settings_maker.make_setting('rc_cache.cache_general.arguments.filename', jn(default_cache_dir, 'rhodecode_cache_general.db'))
165 165
166 166 # cache_perms
167 167 settings_maker.make_setting('rc_cache.cache_perms.backend', 'dogpile.cache.rc.file_namespace')
168 168 settings_maker.make_setting('rc_cache.cache_perms.expiration_time', 60 * 60, parser='int')
169 169 settings_maker.make_setting('rc_cache.cache_perms.arguments.filename', jn(default_cache_dir, 'rhodecode_cache_perms_db'))
170 170
171 171 # cache_repo
172 172 settings_maker.make_setting('rc_cache.cache_repo.backend', 'dogpile.cache.rc.file_namespace')
173 173 settings_maker.make_setting('rc_cache.cache_repo.expiration_time', 60 * 60 * 24 * 30, parser='int')
174 174 settings_maker.make_setting('rc_cache.cache_repo.arguments.filename', jn(default_cache_dir, 'rhodecode_cache_repo_db'))
175 175
176 176 # cache_license
177 177 settings_maker.make_setting('rc_cache.cache_license.backend', 'dogpile.cache.rc.file_namespace')
178 178 settings_maker.make_setting('rc_cache.cache_license.expiration_time', 60 * 5, parser='int')
179 179 settings_maker.make_setting('rc_cache.cache_license.arguments.filename', jn(default_cache_dir, 'rhodecode_cache_license_db'))
180 180
181 181 # cache_repo_longterm memory, 96H
182 182 settings_maker.make_setting('rc_cache.cache_repo_longterm.backend', 'dogpile.cache.rc.memory_lru')
183 183 settings_maker.make_setting('rc_cache.cache_repo_longterm.expiration_time', 345600, parser='int')
184 184 settings_maker.make_setting('rc_cache.cache_repo_longterm.max_size', 10000, parser='int')
185 185
186 186 # sql_cache_short
187 187 settings_maker.make_setting('rc_cache.sql_cache_short.backend', 'dogpile.cache.rc.memory_lru')
188 188 settings_maker.make_setting('rc_cache.sql_cache_short.expiration_time', 30, parser='int')
189 189 settings_maker.make_setting('rc_cache.sql_cache_short.max_size', 10000, parser='int')
190 190
191 191 # archive_cache
192 192 settings_maker.make_setting('archive_cache.locking.url', 'redis://redis:6379/1')
193 193 settings_maker.make_setting('archive_cache.backend.type', 'filesystem')
194 194
195 195 settings_maker.make_setting('archive_cache.filesystem.store_dir', jn(default_cache_dir, 'archive_cache'), default_when_empty=True,)
196 196 settings_maker.make_setting('archive_cache.filesystem.cache_shards', 8, parser='int')
197 197 settings_maker.make_setting('archive_cache.filesystem.cache_size_gb', 10, parser='float')
198 198 settings_maker.make_setting('archive_cache.filesystem.eviction_policy', 'least-recently-stored')
199 199
200 200 settings_maker.make_setting('archive_cache.filesystem.retry', False, parser='bool')
201 201 settings_maker.make_setting('archive_cache.filesystem.retry_backoff', 1, parser='int')
202 202 settings_maker.make_setting('archive_cache.filesystem.retry_attempts', 10, parser='int')
203 203
204 204 settings_maker.make_setting('archive_cache.objectstore.url', jn(default_cache_dir, 'archive_cache'), default_when_empty=True,)
205 205 settings_maker.make_setting('archive_cache.objectstore.key', '')
206 206 settings_maker.make_setting('archive_cache.objectstore.secret', '')
207 settings_maker.make_setting('archive_cache.objectstore.region', 'eu-central-1')
207 208 settings_maker.make_setting('archive_cache.objectstore.bucket', 'rhodecode-archive-cache', default_when_empty=True,)
208 209 settings_maker.make_setting('archive_cache.objectstore.bucket_shards', 8, parser='int')
209 210
210 211 settings_maker.make_setting('archive_cache.objectstore.cache_size_gb', 10, parser='float')
211 212 settings_maker.make_setting('archive_cache.objectstore.eviction_policy', 'least-recently-stored')
212 213
213 214 settings_maker.make_setting('archive_cache.objectstore.retry', False, parser='bool')
214 215 settings_maker.make_setting('archive_cache.objectstore.retry_backoff', 1, parser='int')
215 216 settings_maker.make_setting('archive_cache.objectstore.retry_attempts', 10, parser='int')
216 217
217 218 settings_maker.env_expand()
218 219
219 220 # configure instance id
220 221 config_utils.set_instance_id(settings)
221 222
222 223 return settings
Show file before | Show file after | Hide comments
@@ -1,170 +1,171 b''
1 1 # Copyright (C) 2015-2024 RhodeCode GmbH
2 2 #
3 3 # This program is free software: you can redistribute it and/or modify
4 4 # it under the terms of the GNU Affero General Public License, version 3
5 5 # (only), as published by the Free Software Foundation.
6 6 #
7 7 # This program is distributed in the hope that it will be useful,
8 8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 10 # GNU General Public License for more details.
11 11 #
12 12 # You should have received a copy of the GNU Affero General Public License
13 13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 14 #
15 15 # This program is dual-licensed. If you wish to learn more about the
16 16 # RhodeCode Enterprise Edition, including its added features, Support services,
17 17 # and proprietary license terms, please see https://rhodecode.com/licenses/
18 18
19 19 import codecs
20 20 import hashlib
21 21 import logging
22 22 import os
23 23 import typing
24 24
25 25 import fsspec
26 26
27 27 from .base import BaseCache, BaseShard
28 28 from ..utils import ShardFileReader, NOT_GIVEN
29 29 from ...type_utils import str2bool
30 30
31 31 log = logging.getLogger(__name__)
32 32
33 33
34 34 class S3Shard(BaseShard):
35 35
36 36 def __init__(self, index, bucket, bucket_folder, fs, **settings):
37 37 self._index: int = index
38 38 self._bucket_folder: str = bucket_folder
39 39 self.storage_type: str = 'bucket'
40 40 self._bucket_main: str = bucket
41 41
42 42 self.fs = fs
43 43
44 44 @property
45 45 def bucket(self) -> str:
46 46 """Cache bucket final path."""
47 47 return os.path.join(self._bucket_main, self._bucket_folder)
48 48
49 49 def _get_keyfile(self, archive_key) -> tuple[str, str]:
50 50 key_file: str = f'{archive_key}-{self.key_suffix}'
51 51 return key_file, os.path.join(self.bucket, key_file)
52 52
53 53 def _get_writer(self, path, mode):
54 54 return self.fs.open(path, 'wb')
55 55
56 56 def _write_file(self, full_path, iterator, mode):
57 57
58 58 # ensure folder in bucket exists
59 59 destination = self.bucket
60 60 if not self.fs.exists(destination):
61 61 self.fs.mkdir(destination, s3_additional_kwargs={})
62 62
63 63 writer = self._get_writer(full_path, mode)
64 64
65 65 digest = hashlib.sha256()
66 66 with writer:
67 67 size = 0
68 68 for chunk in iterator:
69 69 size += len(chunk)
70 70 digest.update(chunk)
71 71 writer.write(chunk)
72 72
73 73 sha256 = digest.hexdigest()
74 74 log.debug('written new archive cache under %s, sha256: %s', full_path, sha256)
75 75 return size, sha256
76 76
77 77 def store(self, key, value_reader, metadata: dict | None = None):
78 78 return self._store(key, value_reader, metadata, mode='wb')
79 79
80 80 def fetch(self, key, retry=NOT_GIVEN,
81 81 retry_attempts=NOT_GIVEN, retry_backoff=1,
82 82 presigned_url_expires: int = 0) -> tuple[ShardFileReader, dict]:
83 83 return self._fetch(key, retry, retry_attempts, retry_backoff, presigned_url_expires=presigned_url_expires)
84 84
85 85 def remove(self, key):
86 86 return self._remove(key)
87 87
88 88 def random_filename(self):
89 89 """Return filename and full-path tuple for file storage.
90 90
91 91 Filename will be a randomly generated 28 character hexadecimal string
92 92 with ".archive_cache" suffixed. Two levels of sub-directories will be used to
93 93 reduce the size of directories. On older filesystems, lookups in
94 94 directories with many files may be slow.
95 95 """
96 96
97 97 hex_name = codecs.encode(os.urandom(16), 'hex').decode('utf-8')
98 98
99 99 archive_name = hex_name[4:] + '.archive_cache'
100 100 filename = f"{hex_name[:2]}-{hex_name[2:4]}-{archive_name}"
101 101
102 102 full_path = os.path.join(self.bucket, filename)
103 103 return archive_name, full_path
104 104
105 105 def __repr__(self):
106 106 return f'{self.__class__.__name__}(index={self._index}, bucket={self.bucket})'
107 107
108 108
109 109 class ObjectStoreCache(BaseCache):
110 110 shard_name: str = 'shard-{:03d}'
111 111 shard_cls = S3Shard
112 112
113 113 def __init__(self, locking_url, **settings):
114 114 """
115 115 Initialize objectstore cache instance.
116 116
117 117 :param str locking_url: redis url for a lock
118 118 :param settings: settings dict
119 119
120 120 """
121 121 self._locking_url = locking_url
122 122 self._config = settings
123 123
124 124 objectstore_url = self.get_conf('archive_cache.objectstore.url')
125 125 self._storage_path = objectstore_url # common path for all from BaseCache
126 126
127 127 self._shard_count = int(self.get_conf('archive_cache.objectstore.bucket_shards', pop=True))
128 128 if self._shard_count < 1:
129 129 raise ValueError('cache_shards must be 1 or more')
130 130
131 131 self._bucket = settings.pop('archive_cache.objectstore.bucket')
132 132 if not self._bucket:
133 133 raise ValueError('archive_cache.objectstore.bucket needs to have a value')
134 134
135 135 self._eviction_policy = self.get_conf('archive_cache.objectstore.eviction_policy', pop=True)
136 136 self._cache_size_limit = self.gb_to_bytes(int(self.get_conf('archive_cache.objectstore.cache_size_gb')))
137 137
138 138 self.retry = str2bool(self.get_conf('archive_cache.objectstore.retry', pop=True))
139 139 self.retry_attempts = int(self.get_conf('archive_cache.objectstore.retry_attempts', pop=True))
140 140 self.retry_backoff = int(self.get_conf('archive_cache.objectstore.retry_backoff', pop=True))
141 141
142 142 endpoint_url = settings.pop('archive_cache.objectstore.url')
143 143 key = settings.pop('archive_cache.objectstore.key')
144 144 secret = settings.pop('archive_cache.objectstore.secret')
145 region = settings.pop('archive_cache.objectstore.region')
145 146
146 147 log.debug('Initializing %s archival cache instance', self)
147 148
148 fs = fsspec.filesystem('s3', anon=False, endpoint_url=endpoint_url, key=key, secret=secret)
149 fs = fsspec.filesystem('s3', anon=False, endpoint_url=endpoint_url, key=key, secret=secret, region=region)
149 150
150 151 # init main bucket
151 152 if not fs.exists(self._bucket):
152 153 fs.mkdir(self._bucket)
153 154
154 155 self._shards = tuple(
155 156 self.shard_cls(
156 157 index=num,
157 158 bucket=self._bucket,
158 159 bucket_folder=self.shard_name.format(num),
159 160 fs=fs,
160 161 **settings,
161 162 )
162 163 for num in range(self._shard_count)
163 164 )
164 165 self._hash = self._shards[0].hash
165 166
166 167 def _get_size(self, shard, archive_path):
167 168 return shard.fs.info(archive_path)['size']
168 169
169 170 def set_presigned_url_expiry(self, val: int) -> None:
170 171 self.presigned_url_expires = val
Show file before | Show file after | Hide comments
@@ -1,831 +1,834 b''
1 1
2 2 ; #########################################
3 3 ; RHODECODE COMMUNITY EDITION CONFIGURATION
4 4 ; #########################################
5 5
6 6 [DEFAULT]
7 7 ; Debug flag sets all loggers to debug, and enables request tracking
8 8 debug = true
9 9
10 10 ; ########################################################################
11 11 ; EMAIL CONFIGURATION
12 12 ; These settings will be used by the RhodeCode mailing system
13 13 ; ########################################################################
14 14
15 15 ; prefix all emails subjects with given prefix, helps filtering out emails
16 16 #email_prefix = [RhodeCode]
17 17
18 18 ; email FROM address all mails will be sent
19 19 #app_email_from = rhodecode-noreply@localhost
20 20
21 21 #smtp_server = mail.server.com
22 22 #smtp_username =
23 23 #smtp_password =
24 24 #smtp_port =
25 25 #smtp_use_tls = false
26 26 #smtp_use_ssl = true
27 27
28 28 [server:main]
29 29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
30 30 ; Host port for gunicorn are controlled by gunicorn_conf.py
31 31 host = 127.0.0.1
32 32 port = 10020
33 33
34 34
35 35 ; ###########################
36 36 ; GUNICORN APPLICATION SERVER
37 37 ; ###########################
38 38
39 39 ; run with gunicorn --paste rhodecode.ini --config gunicorn_conf.py
40 40
41 41 ; Module to use, this setting shouldn't be changed
42 42 use = egg:gunicorn#main
43 43
44 44 ; Prefix middleware for RhodeCode.
45 45 ; recommended when using proxy setup.
46 46 ; allows to set RhodeCode under a prefix in server.
47 47 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
48 48 ; And set your prefix like: `prefix = /custom_prefix`
49 49 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
50 50 ; to make your cookies only work on prefix url
51 51 [filter:proxy-prefix]
52 52 use = egg:PasteDeploy#prefix
53 53 prefix = /
54 54
55 55 [app:main]
56 56 ; The %(here)s variable will be replaced with the absolute path of parent directory
57 57 ; of this file
58 58 ; Each option in the app:main can be override by an environmental variable
59 59 ;
60 60 ;To override an option:
61 61 ;
62 62 ;RC_<KeyName>
63 63 ;Everything should be uppercase, . and - should be replaced by _.
64 64 ;For example, if you have these configuration settings:
65 65 ;rc_cache.repo_object.backend = foo
66 66 ;can be overridden by
67 67 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
68 68
69 69 use = egg:rhodecode-enterprise-ce
70 70
71 71 ; enable proxy prefix middleware, defined above
72 72 #filter-with = proxy-prefix
73 73
74 74 ; encryption key used to encrypt social plugin tokens,
75 75 ; remote_urls with credentials etc, if not set it defaults to
76 76 ; `beaker.session.secret`
77 77 #rhodecode.encrypted_values.secret =
78 78
79 79 ; decryption strict mode (enabled by default). It controls if decryption raises
80 80 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
81 81 #rhodecode.encrypted_values.strict = false
82 82
83 83 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
84 84 ; fernet is safer, and we strongly recommend switching to it.
85 85 ; Due to backward compatibility aes is used as default.
86 86 #rhodecode.encrypted_values.algorithm = fernet
87 87
88 88 ; Return gzipped responses from RhodeCode (static files/application)
89 89 gzip_responses = false
90 90
91 91 ; Auto-generate javascript routes file on startup
92 92 generate_js_files = false
93 93
94 94 ; System global default language.
95 95 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
96 96 lang = en
97 97
98 98 ; Perform a full repository scan and import on each server start.
99 99 ; Settings this to true could lead to very long startup time.
100 100 startup.import_repos = true
101 101
102 102 ; URL at which the application is running. This is used for Bootstrapping
103 103 ; requests in context when no web request is available. Used in ishell, or
104 104 ; SSH calls. Set this for events to receive proper url for SSH calls.
105 105 app.base_url = http://rhodecode.local
106 106
107 107 ; Host at which the Service API is running.
108 108 app.service_api.host = http://rhodecode.local:10020
109 109
110 110 ; Secret for Service API authentication.
111 111 app.service_api.token =
112 112
113 113 ; Unique application ID. Should be a random unique string for security.
114 114 app_instance_uuid = rc-production
115 115
116 116 ; Cut off limit for large diffs (size in bytes). If overall diff size on
117 117 ; commit, or pull request exceeds this limit this diff will be displayed
118 118 ; partially. E.g 512000 == 512Kb
119 119 cut_off_limit_diff = 1024000
120 120
121 121 ; Cut off limit for large files inside diffs (size in bytes). Each individual
122 122 ; file inside diff which exceeds this limit will be displayed partially.
123 123 ; E.g 128000 == 128Kb
124 124 cut_off_limit_file = 256000
125 125
126 126 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
127 127 vcs_full_cache = false
128 128
129 129 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
130 130 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
131 131 force_https = false
132 132
133 133 ; use Strict-Transport-Security headers
134 134 use_htsts = false
135 135
136 136 ; Set to true if your repos are exposed using the dumb protocol
137 137 git_update_server_info = false
138 138
139 139 ; RSS/ATOM feed options
140 140 rss_cut_off_limit = 256000
141 141 rss_items_per_page = 10
142 142 rss_include_diff = false
143 143
144 144 ; gist URL alias, used to create nicer urls for gist. This should be an
145 145 ; url that does rewrites to _admin/gists/{gistid}.
146 146 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
147 147 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
148 148 gist_alias_url =
149 149
150 150 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
151 151 ; used for access.
152 152 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
153 153 ; came from the the logged in user who own this authentication token.
154 154 ; Additionally @TOKEN syntax can be used to bound the view to specific
155 155 ; authentication token. Such view would be only accessible when used together
156 156 ; with this authentication token
157 157 ; list of all views can be found under `/_admin/permissions/auth_token_access`
158 158 ; The list should be "," separated and on a single line.
159 159 ; Most common views to enable:
160 160
161 161 # RepoCommitsView:repo_commit_download
162 162 # RepoCommitsView:repo_commit_patch
163 163 # RepoCommitsView:repo_commit_raw
164 164 # RepoCommitsView:repo_commit_raw@TOKEN
165 165 # RepoFilesView:repo_files_diff
166 166 # RepoFilesView:repo_archivefile
167 167 # RepoFilesView:repo_file_raw
168 168 # GistView:*
169 169 api_access_controllers_whitelist =
170 170
171 171 ; Default encoding used to convert from and to unicode
172 172 ; can be also a comma separated list of encoding in case of mixed encodings
173 173 default_encoding = UTF-8
174 174
175 175 ; instance-id prefix
176 176 ; a prefix key for this instance used for cache invalidation when running
177 177 ; multiple instances of RhodeCode, make sure it's globally unique for
178 178 ; all running RhodeCode instances. Leave empty if you don't use it
179 179 instance_id =
180 180
181 181 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
182 182 ; of an authentication plugin also if it is disabled by it's settings.
183 183 ; This could be useful if you are unable to log in to the system due to broken
184 184 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
185 185 ; module to log in again and fix the settings.
186 186 ; Available builtin plugin IDs (hash is part of the ID):
187 187 ; egg:rhodecode-enterprise-ce#rhodecode
188 188 ; egg:rhodecode-enterprise-ce#pam
189 189 ; egg:rhodecode-enterprise-ce#ldap
190 190 ; egg:rhodecode-enterprise-ce#jasig_cas
191 191 ; egg:rhodecode-enterprise-ce#headers
192 192 ; egg:rhodecode-enterprise-ce#crowd
193 193
194 194 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
195 195
196 196 ; Flag to control loading of legacy plugins in py:/path format
197 197 auth_plugin.import_legacy_plugins = true
198 198
199 199 ; alternative return HTTP header for failed authentication. Default HTTP
200 200 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
201 201 ; handling that causing a series of failed authentication calls.
202 202 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
203 203 ; This will be served instead of default 401 on bad authentication
204 204 auth_ret_code =
205 205
206 206 ; use special detection method when serving auth_ret_code, instead of serving
207 207 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
208 208 ; and then serve auth_ret_code to clients
209 209 auth_ret_code_detection = false
210 210
211 211 ; locking return code. When repository is locked return this HTTP code. 2XX
212 212 ; codes don't break the transactions while 4XX codes do
213 213 lock_ret_code = 423
214 214
215 215 ; Filesystem location were repositories should be stored
216 216 repo_store.path = /var/opt/rhodecode_repo_store
217 217
218 218 ; allows to setup custom hooks in settings page
219 219 allow_custom_hooks_settings = true
220 220
221 221 ; Generated license token required for EE edition license.
222 222 ; New generated token value can be found in Admin > settings > license page.
223 223 license_token = abra-cada-bra1-rce3
224 224
225 225 ; This flag hides sensitive information on the license page such as token, and license data
226 226 license.hide_license_info = false
227 227
228 228 ; supervisor connection uri, for managing supervisor and logs.
229 229 supervisor.uri =
230 230
231 231 ; supervisord group name/id we only want this RC instance to handle
232 232 supervisor.group_id = dev
233 233
234 234 ; Display extended labs settings
235 235 labs_settings_active = true
236 236
237 237 ; Custom exception store path, defaults to TMPDIR
238 238 ; This is used to store exception from RhodeCode in shared directory
239 239 #exception_tracker.store_path =
240 240
241 241 ; Send email with exception details when it happens
242 242 #exception_tracker.send_email = false
243 243
244 244 ; Comma separated list of recipients for exception emails,
245 245 ; e.g admin@rhodecode.com,devops@rhodecode.com
246 246 ; Can be left empty, then emails will be sent to ALL super-admins
247 247 #exception_tracker.send_email_recipients =
248 248
249 249 ; optional prefix to Add to email Subject
250 250 #exception_tracker.email_prefix = [RHODECODE ERROR]
251 251
252 252 ; File store configuration. This is used to store and serve uploaded files
253 253 file_store.enabled = true
254 254
255 255 ; Storage backend, available options are: local
256 256 file_store.backend = local
257 257
258 258 ; path to store the uploaded binaries and artifacts
259 259 file_store.storage_path = /var/opt/rhodecode_data/file_store
260 260
261 261
262 262 ; Redis url to acquire/check generation of archives locks
263 263 archive_cache.locking.url = redis://redis:6379/1
264 264
265 265 ; Storage backend, only 'filesystem' and 'objectstore' are available now
266 266 archive_cache.backend.type = filesystem
267 267
268 268 ; url for s3 compatible storage that allows to upload artifacts
269 269 ; e.g http://minio:9000
270 270 archive_cache.objectstore.url = http://s3-minio:9000
271 271
272 272 ; key for s3 auth
273 273 archive_cache.objectstore.key = key
274 274
275 275 ; secret for s3 auth
276 276 archive_cache.objectstore.secret = secret
277 277
278 ;region for s3 storage
279 archive_cache.objectstore.region = eu-central-1
280
278 281 ; number of sharded buckets to create to distribute archives across
279 282 ; default is 8 shards
280 283 archive_cache.objectstore.bucket_shards = 8
281 284
282 285 ; a top-level bucket to put all other shards in
283 286 ; objects will be stored in rhodecode-archive-cache/shard-N based on the bucket_shards number
284 287 archive_cache.objectstore.bucket = rhodecode-archive-cache
285 288
286 289 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
287 290 archive_cache.objectstore.retry = false
288 291
289 292 ; number of seconds to wait for next try using retry
290 293 archive_cache.objectstore.retry_backoff = 1
291 294
292 295 ; how many tries do do a retry fetch from this backend
293 296 archive_cache.objectstore.retry_attempts = 10
294 297
295 298 ; Default is $cache_dir/archive_cache if not set
296 299 ; Generated repo archives will be cached at this location
297 300 ; and served from the cache during subsequent requests for the same archive of
298 301 ; the repository. This path is important to be shared across filesystems and with
299 302 ; RhodeCode and vcsserver
300 303 archive_cache.filesystem.store_dir = %(here)s/rc-tests/archive_cache
301 304
302 305 ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb
303 306 archive_cache.filesystem.cache_size_gb = 2
304 307
305 308 ; Eviction policy used to clear out after cache_size_gb limit is reached
306 309 archive_cache.filesystem.eviction_policy = least-recently-stored
307 310
308 311 ; By default cache uses sharding technique, this specifies how many shards are there
309 312 ; default is 8 shards
310 313 archive_cache.filesystem.cache_shards = 8
311 314
312 315 ; if true, this cache will try to retry with retry_attempts=N times waiting retry_backoff time
313 316 archive_cache.filesystem.retry = false
314 317
315 318 ; number of seconds to wait for next try using retry
316 319 archive_cache.filesystem.retry_backoff = 1
317 320
318 321 ; how many tries do do a retry fetch from this backend
319 322 archive_cache.filesystem.retry_attempts = 10
320 323
321 324
322 325 ; #############
323 326 ; CELERY CONFIG
324 327 ; #############
325 328
326 329 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
327 330
328 331 use_celery = false
329 332
330 333 ; path to store schedule database
331 334 #celerybeat-schedule.path =
332 335
333 336 ; connection url to the message broker (default redis)
334 337 celery.broker_url = redis://redis:6379/8
335 338
336 339 ; results backend to get results for (default redis)
337 340 celery.result_backend = redis://redis:6379/8
338 341
339 342 ; rabbitmq example
340 343 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
341 344
342 345 ; maximum tasks to execute before worker restart
343 346 celery.max_tasks_per_child = 20
344 347
345 348 ; tasks will never be sent to the queue, but executed locally instead.
346 349 celery.task_always_eager = true
347 350 celery.task_store_eager_result = true
348 351
349 352 ; #############
350 353 ; DOGPILE CACHE
351 354 ; #############
352 355
353 356 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
354 357 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
355 358 cache_dir = %(here)s/rc-test-data
356 359
357 360 ; *********************************************
358 361 ; `sql_cache_short` cache for heavy SQL queries
359 362 ; Only supported backend is `memory_lru`
360 363 ; *********************************************
361 364 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
362 365 rc_cache.sql_cache_short.expiration_time = 0
363 366
364 367
365 368 ; *****************************************************
366 369 ; `cache_repo_longterm` cache for repo object instances
367 370 ; Only supported backend is `memory_lru`
368 371 ; *****************************************************
369 372 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
370 373 ; by default we use 30 Days, cache is still invalidated on push
371 374 rc_cache.cache_repo_longterm.expiration_time = 2592000
372 375 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
373 376 rc_cache.cache_repo_longterm.max_size = 10000
374 377
375 378
376 379 ; *********************************************
377 380 ; `cache_general` cache for general purpose use
378 381 ; for simplicity use rc.file_namespace backend,
379 382 ; for performance and scale use rc.redis
380 383 ; *********************************************
381 384 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
382 385 rc_cache.cache_general.expiration_time = 43200
383 386 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
384 387 rc_cache.cache_general.arguments.filename = %(here)s/rc-tests/cache-backend/cache_general_db
385 388
386 389 ; alternative `cache_general` redis backend with distributed lock
387 390 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
388 391 #rc_cache.cache_general.expiration_time = 300
389 392
390 393 ; redis_expiration_time needs to be greater then expiration_time
391 394 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
392 395
393 396 #rc_cache.cache_general.arguments.host = localhost
394 397 #rc_cache.cache_general.arguments.port = 6379
395 398 #rc_cache.cache_general.arguments.db = 0
396 399 #rc_cache.cache_general.arguments.socket_timeout = 30
397 400 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
398 401 #rc_cache.cache_general.arguments.distributed_lock = true
399 402
400 403 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
401 404 #rc_cache.cache_general.arguments.lock_auto_renewal = true
402 405
403 406 ; *************************************************
404 407 ; `cache_perms` cache for permission tree, auth TTL
405 408 ; for simplicity use rc.file_namespace backend,
406 409 ; for performance and scale use rc.redis
407 410 ; *************************************************
408 411 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
409 412 rc_cache.cache_perms.expiration_time = 0
410 413 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
411 414 rc_cache.cache_perms.arguments.filename = %(here)s/rc-tests/cache-backend/cache_perms_db
412 415
413 416 ; alternative `cache_perms` redis backend with distributed lock
414 417 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
415 418 #rc_cache.cache_perms.expiration_time = 300
416 419
417 420 ; redis_expiration_time needs to be greater then expiration_time
418 421 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
419 422
420 423 #rc_cache.cache_perms.arguments.host = localhost
421 424 #rc_cache.cache_perms.arguments.port = 6379
422 425 #rc_cache.cache_perms.arguments.db = 0
423 426 #rc_cache.cache_perms.arguments.socket_timeout = 30
424 427 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
425 428 #rc_cache.cache_perms.arguments.distributed_lock = true
426 429
427 430 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
428 431 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
429 432
430 433 ; ***************************************************
431 434 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
432 435 ; for simplicity use rc.file_namespace backend,
433 436 ; for performance and scale use rc.redis
434 437 ; ***************************************************
435 438 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
436 439 rc_cache.cache_repo.expiration_time = 2592000
437 440 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
438 441 rc_cache.cache_repo.arguments.filename = %(here)s/rc-tests/cache-backend/cache_repo_db
439 442
440 443 ; alternative `cache_repo` redis backend with distributed lock
441 444 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
442 445 #rc_cache.cache_repo.expiration_time = 2592000
443 446
444 447 ; redis_expiration_time needs to be greater then expiration_time
445 448 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
446 449
447 450 #rc_cache.cache_repo.arguments.host = localhost
448 451 #rc_cache.cache_repo.arguments.port = 6379
449 452 #rc_cache.cache_repo.arguments.db = 1
450 453 #rc_cache.cache_repo.arguments.socket_timeout = 30
451 454 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
452 455 #rc_cache.cache_repo.arguments.distributed_lock = true
453 456
454 457 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
455 458 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
456 459
457 460 ; ##############
458 461 ; BEAKER SESSION
459 462 ; ##############
460 463
461 464 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
462 465 ; types are file, ext:redis, ext:database, ext:memcached
463 466 ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session
464 467 beaker.session.type = file
465 468 beaker.session.data_dir = %(here)s/rc-tests/data/sessions
466 469
467 470 ; Redis based sessions
468 471 #beaker.session.type = ext:redis
469 472 #beaker.session.url = redis://redis:6379/2
470 473
471 474 ; DB based session, fast, and allows easy management over logged in users
472 475 #beaker.session.type = ext:database
473 476 #beaker.session.table_name = db_session
474 477 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
475 478 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
476 479 #beaker.session.sa.pool_recycle = 3600
477 480 #beaker.session.sa.echo = false
478 481
479 482 beaker.session.key = rhodecode
480 483 beaker.session.secret = test-rc-uytcxaz
481 484 beaker.session.lock_dir = %(here)s/rc-tests/data/sessions/lock
482 485
483 486 ; Secure encrypted cookie. Requires AES and AES python libraries
484 487 ; you must disable beaker.session.secret to use this
485 488 #beaker.session.encrypt_key = key_for_encryption
486 489 #beaker.session.validate_key = validation_key
487 490
488 491 ; Sets session as invalid (also logging out user) if it haven not been
489 492 ; accessed for given amount of time in seconds
490 493 beaker.session.timeout = 2592000
491 494 beaker.session.httponly = true
492 495
493 496 ; Path to use for the cookie. Set to prefix if you use prefix middleware
494 497 #beaker.session.cookie_path = /custom_prefix
495 498
496 499 ; Set https secure cookie
497 500 beaker.session.secure = false
498 501
499 502 ; default cookie expiration time in seconds, set to `true` to set expire
500 503 ; at browser close
501 504 #beaker.session.cookie_expires = 3600
502 505
503 506 ; #############################
504 507 ; SEARCH INDEXING CONFIGURATION
505 508 ; #############################
506 509
507 510 ; Full text search indexer is available in rhodecode-tools under
508 511 ; `rhodecode-tools index` command
509 512
510 513 ; WHOOSH Backend, doesn't require additional services to run
511 514 ; it works good with few dozen repos
512 515 search.module = rhodecode.lib.index.whoosh
513 516 search.location = %(here)s/rc-tests/data/index
514 517
515 518 ; ####################
516 519 ; CHANNELSTREAM CONFIG
517 520 ; ####################
518 521
519 522 ; channelstream enables persistent connections and live notification
520 523 ; in the system. It's also used by the chat system
521 524
522 525 channelstream.enabled = false
523 526
524 527 ; server address for channelstream server on the backend
525 528 channelstream.server = channelstream:9800
526 529
527 530 ; location of the channelstream server from outside world
528 531 ; use ws:// for http or wss:// for https. This address needs to be handled
529 532 ; by external HTTP server such as Nginx or Apache
530 533 ; see Nginx/Apache configuration examples in our docs
531 534 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
532 535 channelstream.secret = ENV_GENERATED
533 536 channelstream.history.location = %(here)s/rc-tests/channelstream_history
534 537
535 538 ; Internal application path that Javascript uses to connect into.
536 539 ; If you use proxy-prefix the prefix should be added before /_channelstream
537 540 channelstream.proxy_path = /_channelstream
538 541
539 542
540 543 ; ##############################
541 544 ; MAIN RHODECODE DATABASE CONFIG
542 545 ; ##############################
543 546
544 547 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
545 548 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
546 549 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
547 550 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
548 551 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
549 552
550 553 sqlalchemy.db1.url = sqlite:///%(here)s/rc-tests/rhodecode_test.db?timeout=30
551 554
552 555 ; see sqlalchemy docs for other advanced settings
553 556 ; print the sql statements to output
554 557 sqlalchemy.db1.echo = false
555 558
556 559 ; recycle the connections after this amount of seconds
557 560 sqlalchemy.db1.pool_recycle = 3600
558 561
559 562 ; the number of connections to keep open inside the connection pool.
560 563 ; 0 indicates no limit
561 564 ; the general calculus with gevent is:
562 565 ; if your system allows 500 concurrent greenlets (max_connections) that all do database access,
563 566 ; then increase pool size + max overflow so that they add up to 500.
564 567 #sqlalchemy.db1.pool_size = 5
565 568
566 569 ; The number of connections to allow in connection pool "overflow", that is
567 570 ; connections that can be opened above and beyond the pool_size setting,
568 571 ; which defaults to five.
569 572 #sqlalchemy.db1.max_overflow = 10
570 573
571 574 ; Connection check ping, used to detect broken database connections
572 575 ; could be enabled to better handle cases if MySQL has gone away errors
573 576 #sqlalchemy.db1.ping_connection = true
574 577
575 578 ; ##########
576 579 ; VCS CONFIG
577 580 ; ##########
578 581 vcs.server.enable = true
579 582 vcs.server = vcsserver:10010
580 583
581 584 ; Web server connectivity protocol, responsible for web based VCS operations
582 585 ; Available protocols are:
583 586 ; `http` - use http-rpc backend (default)
584 587 vcs.server.protocol = http
585 588
586 589 ; Push/Pull operations protocol, available options are:
587 590 ; `http` - use http-rpc backend (default)
588 591 vcs.scm_app_implementation = http
589 592
590 593 ; Push/Pull operations hooks protocol, available options are:
591 594 ; `http` - use http-rpc backend (default)
592 595 ; `celery` - use celery based hooks
593 596 vcs.hooks.protocol = http
594 597
595 598 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
596 599 ; accessible via network.
597 600 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
598 601 vcs.hooks.host = *
599 602
600 603 ; Start VCSServer with this instance as a subprocess, useful for development
601 604 vcs.start_server = false
602 605
603 606 ; List of enabled VCS backends, available options are:
604 607 ; `hg` - mercurial
605 608 ; `git` - git
606 609 ; `svn` - subversion
607 610 vcs.backends = hg, git, svn
608 611
609 612 ; Wait this number of seconds before killing connection to the vcsserver
610 613 vcs.connection_timeout = 3600
611 614
612 615 ; Cache flag to cache vcsserver remote calls locally
613 616 ; It uses cache_region `cache_repo`
614 617 vcs.methods.cache = false
615 618
616 619 ; ####################################################
617 620 ; Subversion proxy support (mod_dav_svn)
618 621 ; Maps RhodeCode repo groups into SVN paths for Apache
619 622 ; ####################################################
620 623
621 624 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
622 625 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
623 626 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
624 627 #vcs.svn.compatible_version = 1.8
625 628
626 629 ; Enable SVN proxy of requests over HTTP
627 630 vcs.svn.proxy.enabled = true
628 631
629 632 ; host to connect to running SVN subsystem
630 633 vcs.svn.proxy.host = http://svn:8090
631 634
632 635 ; Enable or disable the config file generation.
633 636 svn.proxy.generate_config = false
634 637
635 638 ; Generate config file with `SVNListParentPath` set to `On`.
636 639 svn.proxy.list_parent_path = true
637 640
638 641 ; Set location and file name of generated config file.
639 642 svn.proxy.config_file_path = %(here)s/rc-tests/mod_dav_svn.conf
640 643
641 644 ; alternative mod_dav config template. This needs to be a valid mako template
642 645 ; Example template can be found in the source code:
643 646 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
644 647 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
645 648
646 649 ; Used as a prefix to the `Location` block in the generated config file.
647 650 ; In most cases it should be set to `/`.
648 651 svn.proxy.location_root = /
649 652
650 653 ; Command to reload the mod dav svn configuration on change.
651 654 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
652 655 ; Make sure user who runs RhodeCode process is allowed to reload Apache
653 656 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
654 657
655 658 ; If the timeout expires before the reload command finishes, the command will
656 659 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
657 660 #svn.proxy.reload_timeout = 10
658 661
659 662 ; ####################
660 663 ; SSH Support Settings
661 664 ; ####################
662 665
663 666 ; Defines if a custom authorized_keys file should be created and written on
664 667 ; any change user ssh keys. Setting this to false also disables possibility
665 668 ; of adding SSH keys by users from web interface. Super admins can still
666 669 ; manage SSH Keys.
667 670 ssh.generate_authorized_keyfile = true
668 671
669 672 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
670 673 # ssh.authorized_keys_ssh_opts =
671 674
672 675 ; Path to the authorized_keys file where the generate entries are placed.
673 676 ; It is possible to have multiple key files specified in `sshd_config` e.g.
674 677 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
675 678 ssh.authorized_keys_file_path = %(here)s/rc-tests/authorized_keys_rhodecode
676 679
677 680 ; Command to execute the SSH wrapper. The binary is available in the
678 681 ; RhodeCode installation directory.
679 682 ; legacy: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
680 683 ; new rewrite: /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper-v2
681 684 ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
682 685
683 686 ; Allow shell when executing the ssh-wrapper command
684 687 ssh.wrapper_cmd_allow_shell = false
685 688
686 689 ; Enables logging, and detailed output send back to the client during SSH
687 690 ; operations. Useful for debugging, shouldn't be used in production.
688 691 ssh.enable_debug_logging = true
689 692
690 693 ; Paths to binary executable, by default they are the names, but we can
691 694 ; override them if we want to use a custom one
692 695 ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg
693 696 ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git
694 697 ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve
695 698
696 699 ; Enables SSH key generator web interface. Disabling this still allows users
697 700 ; to add their own keys.
698 701 ssh.enable_ui_key_generator = true
699 702
700 703 ; Statsd client config, this is used to send metrics to statsd
701 704 ; We recommend setting statsd_exported and scrape them using Prometheus
702 705 #statsd.enabled = false
703 706 #statsd.statsd_host = 0.0.0.0
704 707 #statsd.statsd_port = 8125
705 708 #statsd.statsd_prefix =
706 709 #statsd.statsd_ipv6 = false
707 710
708 711 ; configure logging automatically at server startup set to false
709 712 ; to use the below custom logging config.
710 713 ; RC_LOGGING_FORMATTER
711 714 ; RC_LOGGING_LEVEL
712 715 ; env variables can control the settings for logging in case of autoconfigure
713 716
714 717 logging.autoconfigure = false
715 718
716 719 ; specify your own custom logging config file to configure logging
717 720 #logging.logging_conf_file = /path/to/custom_logging.ini
718 721
719 722 ; Dummy marker to add new entries after.
720 723 ; Add any custom entries below. Please don't remove this marker.
721 724 custom.conf = 1
722 725
723 726
724 727 ; #####################
725 728 ; LOGGING CONFIGURATION
726 729 ; #####################
727 730
728 731 [loggers]
729 732 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper, dogpile
730 733
731 734 [handlers]
732 735 keys = console, console_sql
733 736
734 737 [formatters]
735 738 keys = generic, json, color_formatter, color_formatter_sql
736 739
737 740 ; #######
738 741 ; LOGGERS
739 742 ; #######
740 743 [logger_root]
741 744 level = NOTSET
742 745 handlers = console
743 746
744 747 [logger_routes]
745 748 level = DEBUG
746 749 handlers =
747 750 qualname = routes.middleware
748 751 ## "level = DEBUG" logs the route matched and routing variables.
749 752 propagate = 1
750 753
751 754 [logger_sqlalchemy]
752 755 level = INFO
753 756 handlers = console_sql
754 757 qualname = sqlalchemy.engine
755 758 propagate = 0
756 759
757 760 [logger_beaker]
758 761 level = DEBUG
759 762 handlers =
760 763 qualname = beaker.container
761 764 propagate = 1
762 765
763 766 [logger_dogpile]
764 767 level = INFO
765 768 handlers = console
766 769 qualname = dogpile
767 770 propagate = 1
768 771
769 772 [logger_rhodecode]
770 773 level = DEBUG
771 774 handlers =
772 775 qualname = rhodecode
773 776 propagate = 1
774 777
775 778 [logger_ssh_wrapper]
776 779 level = DEBUG
777 780 handlers =
778 781 qualname = ssh_wrapper
779 782 propagate = 1
780 783
781 784 [logger_celery]
782 785 level = DEBUG
783 786 handlers =
784 787 qualname = celery
785 788
786 789
787 790 ; ########
788 791 ; HANDLERS
789 792 ; ########
790 793
791 794 [handler_console]
792 795 class = StreamHandler
793 796 args = (sys.stderr, )
794 797 level = DEBUG
795 798 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
796 799 ; This allows sending properly formatted logs to grafana loki or elasticsearch
797 800 formatter = generic
798 801
799 802 [handler_console_sql]
800 803 ; "level = DEBUG" logs SQL queries and results.
801 804 ; "level = INFO" logs SQL queries.
802 805 ; "level = WARN" logs neither. (Recommended for production systems.)
803 806 class = StreamHandler
804 807 args = (sys.stderr, )
805 808 level = WARN
806 809 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
807 810 ; This allows sending properly formatted logs to grafana loki or elasticsearch
808 811 formatter = generic
809 812
810 813 ; ##########
811 814 ; FORMATTERS
812 815 ; ##########
813 816
814 817 [formatter_generic]
815 818 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
816 819 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
817 820 datefmt = %Y-%m-%d %H:%M:%S
818 821
819 822 [formatter_color_formatter]
820 823 class = rhodecode.lib.logging_formatter.ColorFormatter
821 824 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
822 825 datefmt = %Y-%m-%d %H:%M:%S
823 826
824 827 [formatter_color_formatter_sql]
825 828 class = rhodecode.lib.logging_formatter.ColorFormatterSql
826 829 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
827 830 datefmt = %Y-%m-%d %H:%M:%S
828 831
829 832 [formatter_json]
830 833 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
831 834 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
General Comments 0
You need to be logged in to leave comments. Login now