##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
small naming fixes
super-admin -
r4884:dd641e56 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,874 +1,874 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 ; #########################################
4 4 ; RHODECODE COMMUNITY EDITION CONFIGURATION
5 5 ; #########################################
6 6
7 7 [DEFAULT]
8 8 ; Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = false
10 10
11 11 ; ########################################################################
12 12 ; EMAIL CONFIGURATION
13 13 ; These settings will be used by the RhodeCode mailing system
14 14 ; ########################################################################
15 15
16 16 ; prefix all emails subjects with given prefix, helps filtering out emails
17 17 #email_prefix = [RhodeCode]
18 18
19 19 ; email FROM address all mails will be sent
20 20 #app_email_from = rhodecode-noreply@localhost
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28
29 29 [server:main]
30 30 ; COMMON HOST/IP CONFIG
31 31 host = 127.0.0.1
32 32 port = 5000
33 33
34 34
35 35 ; ###########################
36 36 ; GUNICORN APPLICATION SERVER
37 37 ; ###########################
38 38
39 39 ; run with gunicorn --paste rhodecode.ini
40 40
41 41 ; Module to use, this setting shouldn't be changed
42 42 use = egg:gunicorn#main
43 43
44 44 ; Sets the number of process workers. More workers means more concurrent connections
45 45 ; RhodeCode can handle at the same time. Each additional worker also it increases
46 46 ; memory usage as each has it's own set of caches.
47 47 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
48 48 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
49 49 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
50 50 ; when using more than 1 worker.
51 51 workers = 2
52 52
53 53 ; Gunicorn access log level
54 54 loglevel = info
55 55
56 56 ; Process name visible in process list
57 57 proc_name = rhodecode
58 58
59 59 ; Type of worker class, one of `sync`, `gevent`
60 60 ; Recommended type is `gevent`
61 61 worker_class = gevent
62 62
63 63 ; The maximum number of simultaneous clients per worker. Valid only for gevent
64 64 worker_connections = 10
65 65
66 66 ; Max number of requests that worker will handle before being gracefully restarted.
67 67 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
68 68 max_requests = 1000
69 69 max_requests_jitter = 30
70 70
71 71 ; Amount of time a worker can spend with handling a request before it
72 72 ; gets killed and restarted. By default set to 21600 (6hrs)
73 73 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
74 74 timeout = 21600
75 75
76 76 ; The maximum size of HTTP request line in bytes.
77 77 ; 0 for unlimited
78 78 limit_request_line = 0
79 79
80 80 ; Limit the number of HTTP headers fields in a request.
81 81 ; By default this value is 100 and can't be larger than 32768.
82 82 limit_request_fields = 32768
83 83
84 84 ; Limit the allowed size of an HTTP request header field.
85 85 ; Value is a positive number or 0.
86 86 ; Setting it to 0 will allow unlimited header field sizes.
87 87 limit_request_field_size = 0
88 88
89 89 ; Timeout for graceful workers restart.
90 90 ; After receiving a restart signal, workers have this much time to finish
91 91 ; serving requests. Workers still alive after the timeout (starting from the
92 92 ; receipt of the restart signal) are force killed.
93 93 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
94 94 graceful_timeout = 3600
95 95
96 96 # The number of seconds to wait for requests on a Keep-Alive connection.
97 97 # Generally set in the 1-5 seconds range.
98 98 keepalive = 2
99 99
100 100 ; Maximum memory usage that each worker can use before it will receive a
101 101 ; graceful restart signal 0 = memory monitoring is disabled
102 102 ; Examples: 268435456 (256MB), 536870912 (512MB)
103 103 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
104 104 memory_max_usage = 0
105 105
106 106 ; How often in seconds to check for memory usage for each gunicorn worker
107 107 memory_usage_check_interval = 60
108 108
109 109 ; Threshold value for which we don't recycle worker if GarbageCollection
110 110 ; frees up enough resources. Before each restart we try to run GC on worker
111 111 ; in case we get enough free memory after that, restart will not happen.
112 112 memory_usage_recovery_threshold = 0.8
113 113
114 114
115 115 ; Prefix middleware for RhodeCode.
116 116 ; recommended when using proxy setup.
117 117 ; allows to set RhodeCode under a prefix in server.
118 118 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
119 119 ; And set your prefix like: `prefix = /custom_prefix`
120 120 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
121 121 ; to make your cookies only work on prefix url
122 122 [filter:proxy-prefix]
123 123 use = egg:PasteDeploy#prefix
124 124 prefix = /
125 125
126 126 [app:main]
127 127 ; The %(here)s variable will be replaced with the absolute path of parent directory
128 128 ; of this file
129 129 ; Each option in the app:main can be override by an environmental variable
130 130 ;
131 131 ;To override an option:
132 132 ;
133 133 ;RC_<KeyName>
134 134 ;Everything should be uppercase, . and - should be replaced by _.
135 135 ;For example, if you have these configuration settings:
136 136 ;rc_cache.repo_object.backend = foo
137 137 ;can be overridden by
138 138 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
139 139
140 140 use = egg:rhodecode-enterprise-ce
141 141
142 142 ; enable proxy prefix middleware, defined above
143 143 #filter-with = proxy-prefix
144 144
145 145 ; encryption key used to encrypt social plugin tokens,
146 146 ; remote_urls with credentials etc, if not set it defaults to
147 147 ; `beaker.session.secret`
148 148 #rhodecode.encrypted_values.secret =
149 149
150 150 ; decryption strict mode (enabled by default). It controls if decryption raises
151 151 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
152 152 #rhodecode.encrypted_values.strict = false
153 153
154 154 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
155 155 ; fernet is safer, and we strongly recommend switching to it.
156 156 ; Due to backward compatibility aes is used as default.
157 157 #rhodecode.encrypted_values.algorithm = fernet
158 158
159 159 ; Return gzipped responses from RhodeCode (static files/application)
160 160 gzip_responses = false
161 161
162 162 ; Auto-generate javascript routes file on startup
163 163 generate_js_files = false
164 164
165 165 ; System global default language.
166 166 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
167 167 lang = en
168 168
169 169 ; Perform a full repository scan and import on each server start.
170 170 ; Settings this to true could lead to very long startup time.
171 171 startup.import_repos = false
172 172
173 173 ; Uncomment and set this path to use archive download cache.
174 174 ; Once enabled, generated archives will be cached at this location
175 175 ; and served from the cache during subsequent requests for the same archive of
176 176 ; the repository.
177 177 #archive_cache_dir = /tmp/tarballcache
178 178
179 179 ; URL at which the application is running. This is used for Bootstrapping
180 180 ; requests in context when no web request is available. Used in ishell, or
181 181 ; SSH calls. Set this for events to receive proper url for SSH calls.
182 182 app.base_url = http://rhodecode.local
183 183
184 184 ; Unique application ID. Should be a random unique string for security.
185 185 app_instance_uuid = rc-production
186 186
187 187 ; Cut off limit for large diffs (size in bytes). If overall diff size on
188 188 ; commit, or pull request exceeds this limit this diff will be displayed
189 189 ; partially. E.g 512000 == 512Kb
190 190 cut_off_limit_diff = 512000
191 191
192 192 ; Cut off limit for large files inside diffs (size in bytes). Each individual
193 193 ; file inside diff which exceeds this limit will be displayed partially.
194 194 ; E.g 128000 == 128Kb
195 195 cut_off_limit_file = 128000
196 196
197 197 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
198 198 vcs_full_cache = true
199 199
200 200 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
201 201 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
202 202 force_https = false
203 203
204 204 ; use Strict-Transport-Security headers
205 205 use_htsts = false
206 206
207 207 ; Set to true if your repos are exposed using the dumb protocol
208 208 git_update_server_info = false
209 209
210 210 ; RSS/ATOM feed options
211 211 rss_cut_off_limit = 256000
212 212 rss_items_per_page = 10
213 213 rss_include_diff = false
214 214
215 215 ; gist URL alias, used to create nicer urls for gist. This should be an
216 216 ; url that does rewrites to _admin/gists/{gistid}.
217 217 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
218 218 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
219 219 gist_alias_url =
220 220
221 221 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
222 222 ; used for access.
223 223 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
224 224 ; came from the the logged in user who own this authentication token.
225 225 ; Additionally @TOKEN syntax can be used to bound the view to specific
226 226 ; authentication token. Such view would be only accessible when used together
227 227 ; with this authentication token
228 228 ; list of all views can be found under `/_admin/permissions/auth_token_access`
229 229 ; The list should be "," separated and on a single line.
230 230 ; Most common views to enable:
231 231
232 232 # RepoCommitsView:repo_commit_download
233 233 # RepoCommitsView:repo_commit_patch
234 234 # RepoCommitsView:repo_commit_raw
235 235 # RepoCommitsView:repo_commit_raw@TOKEN
236 236 # RepoFilesView:repo_files_diff
237 237 # RepoFilesView:repo_archivefile
238 238 # RepoFilesView:repo_file_raw
239 239 # GistView:*
240 240 api_access_controllers_whitelist =
241 241
242 242 ; Default encoding used to convert from and to unicode
243 243 ; can be also a comma separated list of encoding in case of mixed encodings
244 244 default_encoding = UTF-8
245 245
246 246 ; instance-id prefix
247 247 ; a prefix key for this instance used for cache invalidation when running
248 248 ; multiple instances of RhodeCode, make sure it's globally unique for
249 249 ; all running RhodeCode instances. Leave empty if you don't use it
250 250 instance_id =
251 251
252 252 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
253 253 ; of an authentication plugin also if it is disabled by it's settings.
254 254 ; This could be useful if you are unable to log in to the system due to broken
255 255 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
256 256 ; module to log in again and fix the settings.
257 257 ; Available builtin plugin IDs (hash is part of the ID):
258 258 ; egg:rhodecode-enterprise-ce#rhodecode
259 259 ; egg:rhodecode-enterprise-ce#pam
260 260 ; egg:rhodecode-enterprise-ce#ldap
261 261 ; egg:rhodecode-enterprise-ce#jasig_cas
262 262 ; egg:rhodecode-enterprise-ce#headers
263 263 ; egg:rhodecode-enterprise-ce#crowd
264 264
265 265 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
266 266
267 267 ; Flag to control loading of legacy plugins in py:/path format
268 268 auth_plugin.import_legacy_plugins = true
269 269
270 270 ; alternative return HTTP header for failed authentication. Default HTTP
271 271 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
272 272 ; handling that causing a series of failed authentication calls.
273 273 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
274 274 ; This will be served instead of default 401 on bad authentication
275 275 auth_ret_code =
276 276
277 277 ; use special detection method when serving auth_ret_code, instead of serving
278 278 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
279 279 ; and then serve auth_ret_code to clients
280 280 auth_ret_code_detection = false
281 281
282 282 ; locking return code. When repository is locked return this HTTP code. 2XX
283 283 ; codes don't break the transactions while 4XX codes do
284 284 lock_ret_code = 423
285 285
286 286 ; allows to change the repository location in settings page
287 287 allow_repo_location_change = true
288 288
289 289 ; allows to setup custom hooks in settings page
290 290 allow_custom_hooks_settings = true
291 291
292 292 ; Generated license token required for EE edition license.
293 293 ; New generated token value can be found in Admin > settings > license page.
294 294 license_token =
295 295
296 296 ; This flag hides sensitive information on the license page such as token, and license data
297 297 license.hide_license_info = false
298 298
299 299 ; supervisor connection uri, for managing supervisor and logs.
300 300 supervisor.uri =
301 301
302 302 ; supervisord group name/id we only want this RC instance to handle
303 303 supervisor.group_id = prod
304 304
305 305 ; Display extended labs settings
306 306 labs_settings_active = true
307 307
308 308 ; Custom exception store path, defaults to TMPDIR
309 309 ; This is used to store exception from RhodeCode in shared directory
310 310 #exception_tracker.store_path =
311 311
312 312 ; Send email with exception details when it happens
313 313 #exception_tracker.send_email = false
314 314
315 315 ; Comma separated list of recipients for exception emails,
316 316 ; e.g admin@rhodecode.com,devops@rhodecode.com
317 317 ; Can be left empty, then emails will be sent to ALL super-admins
318 318 #exception_tracker.send_email_recipients =
319 319
320 320 ; optional prefix to Add to email Subject
321 321 #exception_tracker.email_prefix = [RHODECODE ERROR]
322 322
323 323 ; File store configuration. This is used to store and serve uploaded files
324 324 file_store.enabled = true
325 325
326 326 ; Storage backend, available options are: local
327 327 file_store.backend = local
328 328
329 329 ; path to store the uploaded binaries
330 330 file_store.storage_path = %(here)s/data/file_store
331 331
332 332
333 333 ; #############
334 334 ; CELERY CONFIG
335 335 ; #############
336 336
337 337 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
338 338
339 339 use_celery = false
340 340
341 341 ; path to store schedule database
342 342 #celerybeat-schedule.path =
343 343
344 344 ; connection url to the message broker (default redis)
345 345 celery.broker_url = redis://localhost:6379/8
346 346
347 347 ; rabbitmq example
348 348 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
349 349
350 350 ; maximum tasks to execute before worker restart
351 351 celery.max_tasks_per_child = 100
352 352
353 353 ; tasks will never be sent to the queue, but executed locally instead.
354 354 celery.task_always_eager = false
355 355
356 356 ; #############
357 357 ; DOGPILE CACHE
358 358 ; #############
359 359
360 360 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
361 361 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
362 362 cache_dir = %(here)s/data
363 363
364 364 ; *********************************************
365 365 ; `sql_cache_short` cache for heavy SQL queries
366 366 ; Only supported backend is `memory_lru`
367 367 ; *********************************************
368 368 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
369 369 rc_cache.sql_cache_short.expiration_time = 30
370 370
371 371
372 372 ; *****************************************************
373 373 ; `cache_repo_longterm` cache for repo object instances
374 374 ; Only supported backend is `memory_lru`
375 375 ; *****************************************************
376 376 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
377 377 ; by default we use 30 Days, cache is still invalidated on push
378 378 rc_cache.cache_repo_longterm.expiration_time = 2592000
379 379 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
380 380 rc_cache.cache_repo_longterm.max_size = 10000
381 381
382 382
383 383 ; *********************************************
384 384 ; `cache_general` cache for general purpose use
385 385 ; for simplicity use rc.file_namespace backend,
386 386 ; for performance and scale use rc.redis
387 387 ; *********************************************
388 388 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
389 389 rc_cache.cache_general.expiration_time = 43200
390 390 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
391 391 #rc_cache.cache_general.arguments.filename = /tmp/cache_general.db
392 392
393 393 ; alternative `cache_general` redis backend with distributed lock
394 394 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
395 395 #rc_cache.cache_general.expiration_time = 300
396 396
397 397 ; redis_expiration_time needs to be greater then expiration_time
398 398 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
399 399
400 400 #rc_cache.cache_general.arguments.host = localhost
401 401 #rc_cache.cache_general.arguments.port = 6379
402 402 #rc_cache.cache_general.arguments.db = 0
403 403 #rc_cache.cache_general.arguments.socket_timeout = 30
404 404 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
405 405 #rc_cache.cache_general.arguments.distributed_lock = true
406 406
407 407 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
408 408 #rc_cache.cache_general.arguments.lock_auto_renewal = true
409 409
410 410 ; *************************************************
411 411 ; `cache_perms` cache for permission tree, auth TTL
412 412 ; for simplicity use rc.file_namespace backend,
413 413 ; for performance and scale use rc.redis
414 414 ; *************************************************
415 415 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
416 416 rc_cache.cache_perms.expiration_time = 3600
417 417 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
418 418 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
419 419
420 420 ; alternative `cache_perms` redis backend with distributed lock
421 421 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
422 422 #rc_cache.cache_perms.expiration_time = 300
423 423
424 424 ; redis_expiration_time needs to be greater then expiration_time
425 425 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
426 426
427 427 #rc_cache.cache_perms.arguments.host = localhost
428 428 #rc_cache.cache_perms.arguments.port = 6379
429 429 #rc_cache.cache_perms.arguments.db = 0
430 430 #rc_cache.cache_perms.arguments.socket_timeout = 30
431 431 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
432 432 #rc_cache.cache_perms.arguments.distributed_lock = true
433 433
434 434 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
435 435 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
436 436
437 437 ; ***************************************************
438 438 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
439 439 ; for simplicity use rc.file_namespace backend,
440 440 ; for performance and scale use rc.redis
441 441 ; ***************************************************
442 442 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
443 443 rc_cache.cache_repo.expiration_time = 2592000
444 444 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
445 445 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
446 446
447 447 ; alternative `cache_repo` redis backend with distributed lock
448 448 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
449 449 #rc_cache.cache_repo.expiration_time = 2592000
450 450
451 451 ; redis_expiration_time needs to be greater then expiration_time
452 452 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
453 453
454 454 #rc_cache.cache_repo.arguments.host = localhost
455 455 #rc_cache.cache_repo.arguments.port = 6379
456 456 #rc_cache.cache_repo.arguments.db = 1
457 457 #rc_cache.cache_repo.arguments.socket_timeout = 30
458 458 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
459 459 #rc_cache.cache_repo.arguments.distributed_lock = true
460 460
461 461 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
462 462 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
463 463
464 464 ; ##############
465 465 ; BEAKER SESSION
466 466 ; ##############
467 467
468 468 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
469 469 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
470 470 ; Fastest ones are Redis and ext:database
471 471 beaker.session.type = file
472 472 beaker.session.data_dir = %(here)s/data/sessions
473 473
474 474 ; Redis based sessions
475 475 #beaker.session.type = ext:redis
476 476 #beaker.session.url = redis://127.0.0.1:6379/2
477 477
478 478 ; DB based session, fast, and allows easy management over logged in users
479 479 #beaker.session.type = ext:database
480 480 #beaker.session.table_name = db_session
481 481 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
482 482 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
483 483 #beaker.session.sa.pool_recycle = 3600
484 484 #beaker.session.sa.echo = false
485 485
486 486 beaker.session.key = rhodecode
487 487 beaker.session.secret = production-rc-uytcxaz
488 488 beaker.session.lock_dir = %(here)s/data/sessions/lock
489 489
490 490 ; Secure encrypted cookie. Requires AES and AES python libraries
491 491 ; you must disable beaker.session.secret to use this
492 492 #beaker.session.encrypt_key = key_for_encryption
493 493 #beaker.session.validate_key = validation_key
494 494
495 495 ; Sets session as invalid (also logging out user) if it haven not been
496 496 ; accessed for given amount of time in seconds
497 497 beaker.session.timeout = 2592000
498 498 beaker.session.httponly = true
499 499
500 500 ; Path to use for the cookie. Set to prefix if you use prefix middleware
501 501 #beaker.session.cookie_path = /custom_prefix
502 502
503 503 ; Set https secure cookie
504 504 beaker.session.secure = false
505 505
506 506 ; default cookie expiration time in seconds, set to `true` to set expire
507 507 ; at browser close
508 508 #beaker.session.cookie_expires = 3600
509 509
510 510 ; #############################
511 511 ; SEARCH INDEXING CONFIGURATION
512 512 ; #############################
513 513
514 514 ; Full text search indexer is available in rhodecode-tools under
515 515 ; `rhodecode-tools index` command
516 516
517 517 ; WHOOSH Backend, doesn't require additional services to run
518 518 ; it works good with few dozen repos
519 519 search.module = rhodecode.lib.index.whoosh
520 520 search.location = %(here)s/data/index
521 521
522 522 ; ####################
523 523 ; CHANNELSTREAM CONFIG
524 524 ; ####################
525 525
526 526 ; channelstream enables persistent connections and live notification
527 527 ; in the system. It's also used by the chat system
528 528
529 529 channelstream.enabled = false
530 530
531 531 ; server address for channelstream server on the backend
532 532 channelstream.server = 127.0.0.1:9800
533 533
534 534 ; location of the channelstream server from outside world
535 535 ; use ws:// for http or wss:// for https. This address needs to be handled
536 536 ; by external HTTP server such as Nginx or Apache
537 537 ; see Nginx/Apache configuration examples in our docs
538 538 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
539 539 channelstream.secret = secret
540 540 channelstream.history.location = %(here)s/channelstream_history
541 541
542 542 ; Internal application path that Javascript uses to connect into.
543 543 ; If you use proxy-prefix the prefix should be added before /_channelstream
544 544 channelstream.proxy_path = /_channelstream
545 545
546 546
547 547 ; ##############################
548 548 ; MAIN RHODECODE DATABASE CONFIG
549 549 ; ##############################
550 550
551 551 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
552 552 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
553 553 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
554 554 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
555 555 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
556 556
557 557 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
558 558
559 559 ; see sqlalchemy docs for other advanced settings
560 560 ; print the sql statements to output
561 561 sqlalchemy.db1.echo = false
562 562
563 563 ; recycle the connections after this amount of seconds
564 564 sqlalchemy.db1.pool_recycle = 3600
565 565 sqlalchemy.db1.convert_unicode = true
566 566
567 567 ; the number of connections to keep open inside the connection pool.
568 568 ; 0 indicates no limit
569 569 #sqlalchemy.db1.pool_size = 5
570 570
571 571 ; The number of connections to allow in connection pool "overflow", that is
572 572 ; connections that can be opened above and beyond the pool_size setting,
573 573 ; which defaults to five.
574 574 #sqlalchemy.db1.max_overflow = 10
575 575
576 576 ; Connection check ping, used to detect broken database connections
577 577 ; could be enabled to better handle cases if MySQL has gone away errors
578 578 #sqlalchemy.db1.ping_connection = true
579 579
580 580 ; ##########
581 581 ; VCS CONFIG
582 582 ; ##########
583 583 vcs.server.enable = true
584 584 vcs.server = localhost:9900
585 585
586 586 ; Web server connectivity protocol, responsible for web based VCS operations
587 587 ; Available protocols are:
588 588 ; `http` - use http-rpc backend (default)
589 589 vcs.server.protocol = http
590 590
591 591 ; Push/Pull operations protocol, available options are:
592 592 ; `http` - use http-rpc backend (default)
593 593 vcs.scm_app_implementation = http
594 594
595 595 ; Push/Pull operations hooks protocol, available options are:
596 596 ; `http` - use http-rpc backend (default)
597 597 vcs.hooks.protocol = http
598 598
599 599 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
600 600 ; accessible via network.
601 601 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
602 602 vcs.hooks.host = *
603 603
604 604 ; Start VCSServer with this instance as a subprocess, useful for development
605 605 vcs.start_server = false
606 606
607 607 ; List of enabled VCS backends, available options are:
608 608 ; `hg` - mercurial
609 609 ; `git` - git
610 610 ; `svn` - subversion
611 611 vcs.backends = hg, git, svn
612 612
613 613 ; Wait this number of seconds before killing connection to the vcsserver
614 614 vcs.connection_timeout = 3600
615 615
616 616 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
617 617 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
618 618 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
619 619 #vcs.svn.compatible_version = 1.8
620 620
621 621 ; Cache flag to cache vcsserver remote calls locally
622 622 ; It uses cache_region `cache_repo`
623 623 vcs.methods.cache = true
624 624
625 625 ; ####################################################
626 626 ; Subversion proxy support (mod_dav_svn)
627 627 ; Maps RhodeCode repo groups into SVN paths for Apache
628 628 ; ####################################################
629 629
630 630 ; Enable or disable the config file generation.
631 631 svn.proxy.generate_config = false
632 632
633 633 ; Generate config file with `SVNListParentPath` set to `On`.
634 634 svn.proxy.list_parent_path = true
635 635
636 636 ; Set location and file name of generated config file.
637 637 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
638 638
639 639 ; alternative mod_dav config template. This needs to be a valid mako template
640 640 ; Example template can be found in the source code:
641 641 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
642 642 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
643 643
644 644 ; Used as a prefix to the `Location` block in the generated config file.
645 645 ; In most cases it should be set to `/`.
646 646 svn.proxy.location_root = /
647 647
648 648 ; Command to reload the mod dav svn configuration on change.
649 649 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
650 650 ; Make sure user who runs RhodeCode process is allowed to reload Apache
651 651 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
652 652
653 653 ; If the timeout expires before the reload command finishes, the command will
654 654 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
655 655 #svn.proxy.reload_timeout = 10
656 656
657 657 ; ####################
658 658 ; SSH Support Settings
659 659 ; ####################
660 660
661 661 ; Defines if a custom authorized_keys file should be created and written on
662 662 ; any change user ssh keys. Setting this to false also disables possibility
663 663 ; of adding SSH keys by users from web interface. Super admins can still
664 664 ; manage SSH Keys.
665 665 ssh.generate_authorized_keyfile = false
666 666
667 667 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
668 668 # ssh.authorized_keys_ssh_opts =
669 669
670 670 ; Path to the authorized_keys file where the generate entries are placed.
671 671 ; It is possible to have multiple key files specified in `sshd_config` e.g.
672 672 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
673 673 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
674 674
675 675 ; Command to execute the SSH wrapper. The binary is available in the
676 676 ; RhodeCode installation directory.
677 677 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
678 678 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
679 679
680 680 ; Allow shell when executing the ssh-wrapper command
681 681 ssh.wrapper_cmd_allow_shell = false
682 682
683 683 ; Enables logging, and detailed output send back to the client during SSH
684 684 ; operations. Useful for debugging, shouldn't be used in production.
685 685 ssh.enable_debug_logging = false
686 686
687 687 ; Paths to binary executable, by default they are the names, but we can
688 688 ; override them if we want to use a custom one
689 689 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
690 690 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
691 691 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
692 692
693 693 ; Enables SSH key generator web interface. Disabling this still allows users
694 694 ; to add their own keys.
695 695 ssh.enable_ui_key_generator = true
696 696
697 697
698 698 ; #################
699 699 ; APPENLIGHT CONFIG
700 700 ; #################
701 701
702 702 ; Appenlight is tailored to work with RhodeCode, see
703 703 ; http://appenlight.rhodecode.com for details how to obtain an account
704 704
705 705 ; Appenlight integration enabled
706 706 #appenlight = false
707 707
708 708 #appenlight.server_url = https://api.appenlight.com
709 709 #appenlight.api_key = YOUR_API_KEY
710 710 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
711 711
712 712 ; used for JS client
713 713 #appenlight.api_public_key = YOUR_API_PUBLIC_KEY
714 714
715 715 ; TWEAK AMOUNT OF INFO SENT HERE
716 716
717 717 ; enables 404 error logging (default False)
718 718 #appenlight.report_404 = false
719 719
720 720 ; time in seconds after request is considered being slow (default 1)
721 721 #appenlight.slow_request_time = 1
722 722
723 723 ; record slow requests in application
724 724 ; (needs to be enabled for slow datastore recording and time tracking)
725 725 #appenlight.slow_requests = true
726 726
727 727 ; enable hooking to application loggers
728 728 #appenlight.logging = true
729 729
730 730 ; minimum log level for log capture
731 731 #ppenlight.logging.level = WARNING
732 732
733 733 ; send logs only from erroneous/slow requests
734 734 ; (saves API quota for intensive logging)
735 735 #appenlight.logging_on_error = false
736 736
737 737 ; list of additional keywords that should be grabbed from environ object
738 738 ; can be string with comma separated list of words in lowercase
739 739 ; (by default client will always send following info:
740 740 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
741 741 ; start with HTTP* this list be extended with additional keywords here
742 742 #appenlight.environ_keys_whitelist =
743 743
744 744 ; list of keywords that should be blanked from request object
745 745 ; can be string with comma separated list of words in lowercase
746 746 ; (by default client will always blank keys that contain following words
747 747 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
748 748 ; this list be extended with additional keywords set here
749 749 #appenlight.request_keys_blacklist =
750 750
751 751 ; list of namespaces that should be ignores when gathering log entries
752 752 ; can be string with comma separated list of namespaces
753 753 ; (by default the client ignores own entries: appenlight_client.client)
754 754 #appenlight.log_namespace_blacklist =
755 755
756 756 ; Statsd client config, this is used to send metrics to statsd
757 ; We recommend setting statsd_exported and scrape them using Promethues
757 ; We recommend setting statsd_exported and scrape them using Prometheus
758 758 #statsd.enabled = false
759 759 #statsd.statsd_host = 0.0.0.0
760 760 #statsd.statsd_port = 8125
761 761 #statsd.statsd_prefix =
762 762 #statsd.statsd_ipv6 = false
763 763
764 764 ; configure logging automatically at server startup set to false
765 765 ; to use the below custom logging config.
766 766 ; RC_LOGGING_FORMATTER
767 767 ; RC_LOGGING_LEVEL
768 768 ; env variables can control the settings for logging in case of autoconfigure
769 769
770 770 #logging.autoconfigure = true
771 771
772 772 ; specify your own custom logging config file to configure logging
773 773 #logging.logging_conf_file = /path/to/custom_logging.ini
774 774
775 775 ; Dummy marker to add new entries after.
776 776 ; Add any custom entries below. Please don't remove this marker.
777 777 custom.conf = 1
778 778
779 779
780 780 ; #####################
781 781 ; LOGGING CONFIGURATION
782 782 ; #####################
783 783
784 784 [loggers]
785 785 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
786 786
787 787 [handlers]
788 788 keys = console, console_sql
789 789
790 790 [formatters]
791 791 keys = generic, json, color_formatter, color_formatter_sql
792 792
793 793 ; #######
794 794 ; LOGGERS
795 795 ; #######
796 796 [logger_root]
797 797 level = NOTSET
798 798 handlers = console
799 799
800 800 [logger_sqlalchemy]
801 801 level = INFO
802 802 handlers = console_sql
803 803 qualname = sqlalchemy.engine
804 804 propagate = 0
805 805
806 806 [logger_beaker]
807 807 level = DEBUG
808 808 handlers =
809 809 qualname = beaker.container
810 810 propagate = 1
811 811
812 812 [logger_rhodecode]
813 813 level = DEBUG
814 814 handlers =
815 815 qualname = rhodecode
816 816 propagate = 1
817 817
818 818 [logger_ssh_wrapper]
819 819 level = DEBUG
820 820 handlers =
821 821 qualname = ssh_wrapper
822 822 propagate = 1
823 823
824 824 [logger_celery]
825 825 level = DEBUG
826 826 handlers =
827 827 qualname = celery
828 828
829 829
830 830 ; ########
831 831 ; HANDLERS
832 832 ; ########
833 833
834 834 [handler_console]
835 835 class = StreamHandler
836 836 args = (sys.stderr, )
837 837 level = INFO
838 838 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
839 839 ; This allows sending properly formatted logs to grafana loki or elasticsearch
840 840 formatter = generic
841 841
842 842 [handler_console_sql]
843 843 ; "level = DEBUG" logs SQL queries and results.
844 844 ; "level = INFO" logs SQL queries.
845 845 ; "level = WARN" logs neither. (Recommended for production systems.)
846 846 class = StreamHandler
847 847 args = (sys.stderr, )
848 848 level = WARN
849 849 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
850 850 ; This allows sending properly formatted logs to grafana loki or elasticsearch
851 851 formatter = generic
852 852
853 853 ; ##########
854 854 ; FORMATTERS
855 855 ; ##########
856 856
857 857 [formatter_generic]
858 858 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
859 859 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
860 860 datefmt = %Y-%m-%d %H:%M:%S
861 861
862 862 [formatter_color_formatter]
863 863 class = rhodecode.lib.logging_formatter.ColorFormatter
864 864 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
865 865 datefmt = %Y-%m-%d %H:%M:%S
866 866
867 867 [formatter_color_formatter_sql]
868 868 class = rhodecode.lib.logging_formatter.ColorFormatterSql
869 869 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
870 870 datefmt = %Y-%m-%d %H:%M:%S
871 871
872 872 [formatter_json]
873 873 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
874 874 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
Show file before | Show file after | Hide comments
@@ -1,610 +1,610 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2020 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import os
22 22 import sys
23 23 import collections
24 24 import tempfile
25 25 import time
26 26 import logging.config
27 27
28 28 from paste.gzipper import make_gzip_middleware
29 29 import pyramid.events
30 30 from pyramid.wsgi import wsgiapp
31 31 from pyramid.authorization import ACLAuthorizationPolicy
32 32 from pyramid.config import Configurator
33 33 from pyramid.settings import asbool, aslist
34 34 from pyramid.httpexceptions import (
35 35 HTTPException, HTTPError, HTTPInternalServerError, HTTPFound, HTTPNotFound)
36 36 from pyramid.renderers import render_to_response
37 37
38 38 from rhodecode.model import meta
39 39 from rhodecode.config import patches
40 40 from rhodecode.config import utils as config_utils
41 41 from rhodecode.config.settings_maker import SettingsMaker
42 42 from rhodecode.config.environment import load_pyramid_environment
43 43
44 44 import rhodecode.events
45 45 from rhodecode.lib.middleware.vcs import VCSMiddleware
46 46 from rhodecode.lib.request import Request
47 47 from rhodecode.lib.vcs import VCSCommunicationError
48 48 from rhodecode.lib.exceptions import VCSServerUnavailable
49 49 from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled
50 50 from rhodecode.lib.middleware.https_fixup import HttpsFixup
51 51 from rhodecode.lib.plugins.utils import register_rhodecode_plugin
52 52 from rhodecode.lib.utils2 import AttributeDict
53 53 from rhodecode.lib.exc_tracking import store_exception
54 54 from rhodecode.subscribers import (
55 55 scan_repositories_if_enabled, write_js_routes_if_enabled,
56 56 write_metadata_if_needed, write_usage_data)
57 57 from rhodecode.lib.statsd_client import StatsdClient
58 58
59 59 log = logging.getLogger(__name__)
60 60
61 61
62 62 def is_http_error(response):
63 63 # error which should have traceback
64 64 return response.status_code > 499
65 65
66 66
67 67 def should_load_all():
68 68 """
69 69 Returns if all application components should be loaded. In some cases it's
70 70 desired to skip apps loading for faster shell script execution
71 71 """
72 72 ssh_cmd = os.environ.get('RC_CMD_SSH_WRAPPER')
73 73 if ssh_cmd:
74 74 return False
75 75
76 76 return True
77 77
78 78
79 79 def make_pyramid_app(global_config, **settings):
80 80 """
81 81 Constructs the WSGI application based on Pyramid.
82 82
83 83 Specials:
84 84
85 85 * The application can also be integrated like a plugin via the call to
86 86 `includeme`. This is accompanied with the other utility functions which
87 87 are called. Changing this should be done with great care to not break
88 88 cases when these fragments are assembled from another place.
89 89
90 90 """
91 91 start_time = time.time()
92 92 log.info('Pyramid app config starting')
93 93
94 94 sanitize_settings_and_apply_defaults(global_config, settings)
95 95
96 96 # init and bootstrap StatsdClient
97 97 StatsdClient.setup(settings)
98 98
99 99 config = Configurator(settings=settings)
100 100 # Init our statsd at very start
101 101 config.registry.statsd = StatsdClient.statsd
102 102
103 103 # Apply compatibility patches
104 104 patches.inspect_getargspec()
105 105
106 106 load_pyramid_environment(global_config, settings)
107 107
108 108 # Static file view comes first
109 109 includeme_first(config)
110 110
111 111 includeme(config)
112 112
113 113 pyramid_app = config.make_wsgi_app()
114 114 pyramid_app = wrap_app_in_wsgi_middlewares(pyramid_app, config)
115 115 pyramid_app.config = config
116 116
117 117 celery_settings = get_celery_config(settings)
118 118 config.configure_celery(celery_settings)
119 119
120 120 # creating the app uses a connection - return it after we are done
121 121 meta.Session.remove()
122 122
123 123 total_time = time.time() - start_time
124 124 log.info('Pyramid app `%s` created and configured in %.2fs',
125 125 getattr(pyramid_app, 'func_name', 'pyramid_app'), total_time)
126 126 return pyramid_app
127 127
128 128
129 129 def get_celery_config(settings):
130 130 """
131 131 Converts basic ini configuration into celery 4.X options
132 132 """
133 133
134 134 def key_converter(key_name):
135 135 pref = 'celery.'
136 136 if key_name.startswith(pref):
137 137 return key_name[len(pref):].replace('.', '_').lower()
138 138
139 139 def type_converter(parsed_key, value):
140 140 # cast to int
141 141 if value.isdigit():
142 142 return int(value)
143 143
144 144 # cast to bool
145 145 if value.lower() in ['true', 'false', 'True', 'False']:
146 146 return value.lower() == 'true'
147 147 return value
148 148
149 149 celery_config = {}
150 150 for k, v in settings.items():
151 151 pref = 'celery.'
152 152 if k.startswith(pref):
153 153 celery_config[key_converter(k)] = type_converter(key_converter(k), v)
154 154
155 155 # TODO:rethink if we want to support celerybeat based file config, probably NOT
156 156 # beat_config = {}
157 157 # for section in parser.sections():
158 158 # if section.startswith('celerybeat:'):
159 159 # name = section.split(':', 1)[1]
160 160 # beat_config[name] = get_beat_config(parser, section)
161 161
162 162 # final compose of settings
163 163 celery_settings = {}
164 164
165 165 if celery_config:
166 166 celery_settings.update(celery_config)
167 167 # if beat_config:
168 168 # celery_settings.update({'beat_schedule': beat_config})
169 169
170 170 return celery_settings
171 171
172 172
173 173 def not_found_view(request):
174 174 """
175 175 This creates the view which should be registered as not-found-view to
176 176 pyramid.
177 177 """
178 178
179 179 if not getattr(request, 'vcs_call', None):
180 180 # handle like regular case with our error_handler
181 181 return error_handler(HTTPNotFound(), request)
182 182
183 183 # handle not found view as a vcs call
184 184 settings = request.registry.settings
185 185 ae_client = getattr(request, 'ae_client', None)
186 186 vcs_app = VCSMiddleware(
187 187 HTTPNotFound(), request.registry, settings,
188 188 appenlight_client=ae_client)
189 189
190 190 return wsgiapp(vcs_app)(None, request)
191 191
192 192
193 193 def error_handler(exception, request):
194 194 import rhodecode
195 195 from rhodecode.lib import helpers
196 196 from rhodecode.lib.utils2 import str2bool
197 197
198 198 rhodecode_title = rhodecode.CONFIG.get('rhodecode_title') or 'RhodeCode'
199 199
200 200 base_response = HTTPInternalServerError()
201 201 # prefer original exception for the response since it may have headers set
202 202 if isinstance(exception, HTTPException):
203 203 base_response = exception
204 204 elif isinstance(exception, VCSCommunicationError):
205 205 base_response = VCSServerUnavailable()
206 206
207 207 if is_http_error(base_response):
208 208 log.exception(
209 209 'error occurred handling this request for path: %s', request.path)
210 210
211 211 error_explanation = base_response.explanation or str(base_response)
212 212 if base_response.status_code == 404:
213 213 error_explanation += " Optionally you don't have permission to access this page."
214 214 c = AttributeDict()
215 215 c.error_message = base_response.status
216 216 c.error_explanation = error_explanation
217 217 c.visual = AttributeDict()
218 218
219 219 c.visual.rhodecode_support_url = (
220 220 request.registry.settings.get('rhodecode_support_url') or
221 221 request.route_url('rhodecode_support')
222 222 )
223 223 c.redirect_time = 0
224 224 c.rhodecode_name = rhodecode_title
225 225 if not c.rhodecode_name:
226 226 c.rhodecode_name = 'Rhodecode'
227 227
228 228 c.causes = []
229 229 if is_http_error(base_response):
230 230 c.causes.append('Server is overloaded.')
231 231 c.causes.append('Server database connection is lost.')
232 232 c.causes.append('Server expected unhandled error.')
233 233
234 234 if hasattr(base_response, 'causes'):
235 235 c.causes = base_response.causes
236 236
237 237 c.messages = helpers.flash.pop_messages(request=request)
238 238
239 239 exc_info = sys.exc_info()
240 240 c.exception_id = id(exc_info)
241 241 c.show_exception_id = isinstance(base_response, VCSServerUnavailable) \
242 242 or base_response.status_code > 499
243 243 c.exception_id_url = request.route_url(
244 244 'admin_settings_exception_tracker_show', exception_id=c.exception_id)
245 245
246 246 if c.show_exception_id:
247 247 store_exception(c.exception_id, exc_info)
248 248 c.exception_debug = str2bool(rhodecode.CONFIG.get('debug'))
249 249 c.exception_config_ini = rhodecode.CONFIG.get('__file__')
250 250
251 251 response = render_to_response(
252 252 '/errors/error_document.mako', {'c': c, 'h': helpers}, request=request,
253 253 response=base_response)
254 254
255 255 statsd = request.registry.statsd
256 256 if statsd and base_response.status_code > 499:
257 257 exc_type = "{}.{}".format(exception.__class__.__module__, exception.__class__.__name__)
258 258 statsd.incr('rhodecode_exception_total',
259 259 tags=["exc_source:web",
260 260 "http_code:{}".format(base_response.status_code),
261 261 "type:{}".format(exc_type)])
262 262
263 263 return response
264 264
265 265
266 266 def includeme_first(config):
267 267 # redirect automatic browser favicon.ico requests to correct place
268 268 def favicon_redirect(context, request):
269 269 return HTTPFound(
270 270 request.static_path('rhodecode:public/images/favicon.ico'))
271 271
272 272 config.add_view(favicon_redirect, route_name='favicon')
273 273 config.add_route('favicon', '/favicon.ico')
274 274
275 275 def robots_redirect(context, request):
276 276 return HTTPFound(
277 277 request.static_path('rhodecode:public/robots.txt'))
278 278
279 279 config.add_view(robots_redirect, route_name='robots')
280 280 config.add_route('robots', '/robots.txt')
281 281
282 282 config.add_static_view(
283 283 '_static/deform', 'deform:static')
284 284 config.add_static_view(
285 285 '_static/rhodecode', path='rhodecode:public', cache_max_age=3600 * 24)
286 286
287 287
288 288 def includeme(config, auth_resources=None):
289 289 from rhodecode.lib.celerylib.loader import configure_celery
290 290 log.debug('Initializing main includeme from %s', os.path.basename(__file__))
291 291 settings = config.registry.settings
292 292 config.set_request_factory(Request)
293 293
294 294 # plugin information
295 295 config.registry.rhodecode_plugins = collections.OrderedDict()
296 296
297 297 config.add_directive(
298 298 'register_rhodecode_plugin', register_rhodecode_plugin)
299 299
300 300 config.add_directive('configure_celery', configure_celery)
301 301
302 302 if settings.get('appenlight', False):
303 303 config.include('appenlight_client.ext.pyramid_tween')
304 304
305 305 load_all = should_load_all()
306 306
307 307 # Includes which are required. The application would fail without them.
308 308 config.include('pyramid_mako')
309 309 config.include('rhodecode.lib.rc_beaker')
310 310 config.include('rhodecode.lib.rc_cache')
311 311 config.include('rhodecode.apps._base.navigation')
312 312 config.include('rhodecode.apps._base.subscribers')
313 313 config.include('rhodecode.tweens')
314 314 config.include('rhodecode.authentication')
315 315
316 316 if load_all:
317 317 ce_auth_resources = [
318 318 'rhodecode.authentication.plugins.auth_crowd',
319 319 'rhodecode.authentication.plugins.auth_headers',
320 320 'rhodecode.authentication.plugins.auth_jasig_cas',
321 321 'rhodecode.authentication.plugins.auth_ldap',
322 322 'rhodecode.authentication.plugins.auth_pam',
323 323 'rhodecode.authentication.plugins.auth_rhodecode',
324 324 'rhodecode.authentication.plugins.auth_token',
325 325 ]
326 326
327 327 # load CE authentication plugins
328 328
329 329 if auth_resources:
330 330 ce_auth_resources.extend(auth_resources)
331 331
332 332 for resource in ce_auth_resources:
333 333 config.include(resource)
334 334
335 335 # Auto discover authentication plugins and include their configuration.
336 336 if asbool(settings.get('auth_plugin.import_legacy_plugins', 'true')):
337 337 from rhodecode.authentication import discover_legacy_plugins
338 338 discover_legacy_plugins(config)
339 339
340 340 # apps
341 341 if load_all:
342 342 config.include('rhodecode.api')
343 343 config.include('rhodecode.apps._base')
344 344 config.include('rhodecode.apps.hovercards')
345 345 config.include('rhodecode.apps.ops')
346 346 config.include('rhodecode.apps.channelstream')
347 347 config.include('rhodecode.apps.file_store')
348 348 config.include('rhodecode.apps.admin')
349 349 config.include('rhodecode.apps.login')
350 350 config.include('rhodecode.apps.home')
351 351 config.include('rhodecode.apps.journal')
352 352
353 353 config.include('rhodecode.apps.repository')
354 354 config.include('rhodecode.apps.repo_group')
355 355 config.include('rhodecode.apps.user_group')
356 356 config.include('rhodecode.apps.search')
357 357 config.include('rhodecode.apps.user_profile')
358 358 config.include('rhodecode.apps.user_group_profile')
359 359 config.include('rhodecode.apps.my_account')
360 360 config.include('rhodecode.apps.gist')
361 361
362 362 config.include('rhodecode.apps.svn_support')
363 363 config.include('rhodecode.apps.ssh_support')
364 364 config.include('rhodecode.apps.debug_style')
365 365
366 366 if load_all:
367 367 config.include('rhodecode.integrations')
368 368
369 369 config.add_route('rhodecode_support', 'https://rhodecode.com/help/', static=True)
370 370 config.add_translation_dirs('rhodecode:i18n/')
371 371 settings['default_locale_name'] = settings.get('lang', 'en')
372 372
373 373 # Add subscribers.
374 374 if load_all:
375 375 config.add_subscriber(scan_repositories_if_enabled,
376 376 pyramid.events.ApplicationCreated)
377 377 config.add_subscriber(write_metadata_if_needed,
378 378 pyramid.events.ApplicationCreated)
379 379 config.add_subscriber(write_usage_data,
380 380 pyramid.events.ApplicationCreated)
381 381 config.add_subscriber(write_js_routes_if_enabled,
382 382 pyramid.events.ApplicationCreated)
383 383
384 384 # Set the authorization policy.
385 385 authz_policy = ACLAuthorizationPolicy()
386 386 config.set_authorization_policy(authz_policy)
387 387
388 388 # Set the default renderer for HTML templates to mako.
389 389 config.add_mako_renderer('.html')
390 390
391 391 config.add_renderer(
392 392 name='json_ext',
393 393 factory='rhodecode.lib.ext_json_renderer.pyramid_ext_json')
394 394
395 395 config.add_renderer(
396 396 name='string_html',
397 397 factory='rhodecode.lib.string_renderer.html')
398 398
399 399 # include RhodeCode plugins
400 400 includes = aslist(settings.get('rhodecode.includes', []))
401 401 for inc in includes:
402 402 config.include(inc)
403 403
404 404 # custom not found view, if our pyramid app doesn't know how to handle
405 405 # the request pass it to potential VCS handling ap
406 406 config.add_notfound_view(not_found_view)
407 407 if not settings.get('debugtoolbar.enabled', False):
408 408 # disabled debugtoolbar handle all exceptions via the error_handlers
409 409 config.add_view(error_handler, context=Exception)
410 410
411 411 # all errors including 403/404/50X
412 412 config.add_view(error_handler, context=HTTPError)
413 413
414 414
415 415 def wrap_app_in_wsgi_middlewares(pyramid_app, config):
416 416 """
417 417 Apply outer WSGI middlewares around the application.
418 418 """
419 419 registry = config.registry
420 420 settings = registry.settings
421 421
422 422 # enable https redirects based on HTTP_X_URL_SCHEME set by proxy
423 423 pyramid_app = HttpsFixup(pyramid_app, settings)
424 424
425 425 pyramid_app, _ae_client = wrap_in_appenlight_if_enabled(
426 426 pyramid_app, settings)
427 427 registry.ae_client = _ae_client
428 428
429 429 if settings['gzip_responses']:
430 430 pyramid_app = make_gzip_middleware(
431 431 pyramid_app, settings, compress_level=1)
432 432
433 433 # this should be the outer most middleware in the wsgi stack since
434 434 # middleware like Routes make database calls
435 435 def pyramid_app_with_cleanup(environ, start_response):
436 436 try:
437 437 return pyramid_app(environ, start_response)
438 438 finally:
439 439 # Dispose current database session and rollback uncommitted
440 440 # transactions.
441 441 meta.Session.remove()
442 442
443 443 # In a single threaded mode server, on non sqlite db we should have
444 444 # '0 Current Checked out connections' at the end of a request,
445 445 # if not, then something, somewhere is leaving a connection open
446 446 pool = meta.Base.metadata.bind.engine.pool
447 447 log.debug('sa pool status: %s', pool.status())
448 448 log.debug('Request processing finalized')
449 449
450 450 return pyramid_app_with_cleanup
451 451
452 452
453 453 def sanitize_settings_and_apply_defaults(global_config, settings):
454 454 """
455 455 Applies settings defaults and does all type conversion.
456 456
457 457 We would move all settings parsing and preparation into this place, so that
458 458 we have only one place left which deals with this part. The remaining parts
459 459 of the application would start to rely fully on well prepared settings.
460 460
461 461 This piece would later be split up per topic to avoid a big fat monster
462 462 function.
463 463 """
464 464
465 465 global_settings_maker = SettingsMaker(global_config)
466 466 global_settings_maker.make_setting('debug', default=False, parser='bool')
467 467 debug_enabled = asbool(global_config.get('debug'))
468 468
469 469 settings_maker = SettingsMaker(settings)
470 470
471 471 settings_maker.make_setting(
472 472 'logging.autoconfigure',
473 473 default=False,
474 474 parser='bool')
475 475
476 476 logging_conf = os.path.join(os.path.dirname(global_config.get('__file__')), 'logging.ini')
477 477 settings_maker.enable_logging(logging_conf, level='INFO' if debug_enabled else 'DEBUG')
478 478
479 479 # Default includes, possible to change as a user
480 480 pyramid_includes = settings_maker.make_setting('pyramid.includes', [], parser='list:newline')
481 481 log.debug(
482 482 "Using the following pyramid.includes: %s",
483 483 pyramid_includes)
484 484
485 485 settings_maker.make_setting('rhodecode.edition', 'Community Edition')
486 486 settings_maker.make_setting('rhodecode.edition_id', 'CE')
487 487
488 488 if 'mako.default_filters' not in settings:
489 489 # set custom default filters if we don't have it defined
490 490 settings['mako.imports'] = 'from rhodecode.lib.base import h_filter'
491 491 settings['mako.default_filters'] = 'h_filter'
492 492
493 493 if 'mako.directories' not in settings:
494 494 mako_directories = settings.setdefault('mako.directories', [
495 495 # Base templates of the original application
496 496 'rhodecode:templates',
497 497 ])
498 498 log.debug(
499 499 "Using the following Mako template directories: %s",
500 500 mako_directories)
501 501
502 502 # NOTE(marcink): fix redis requirement for schema of connection since 3.X
503 503 if 'beaker.session.type' in settings and settings['beaker.session.type'] == 'ext:redis':
504 504 raw_url = settings['beaker.session.url']
505 505 if not raw_url.startswith(('redis://', 'rediss://', 'unix://')):
506 506 settings['beaker.session.url'] = 'redis://' + raw_url
507 507
508 508 settings_maker.make_setting('__file__', global_config.get('__file__'))
509 509
510 510 # TODO: johbo: Re-think this, usually the call to config.include
511 511 # should allow to pass in a prefix.
512 512 settings_maker.make_setting('rhodecode.api.url', '/_admin/api')
513 513
514 514 # Sanitize generic settings.
515 515 settings_maker.make_setting('default_encoding', 'UTF-8', parser='list')
516 516 settings_maker.make_setting('is_test', False, parser='bool')
517 517 settings_maker.make_setting('gzip_responses', False, parser='bool')
518 518
519 519 # statsd
520 520 settings_maker.make_setting('statsd.enabled', False, parser='bool')
521 521 settings_maker.make_setting('statsd.statsd_host', 'statsd-exporter', parser='string')
522 522 settings_maker.make_setting('statsd.statsd_port', 9125, parser='int')
523 523 settings_maker.make_setting('statsd.statsd_prefix', '')
524 524 settings_maker.make_setting('statsd.statsd_ipv6', False, parser='bool')
525 525
526 526 settings_maker.make_setting('vcs.svn.compatible_version', '')
527 527 settings_maker.make_setting('vcs.hooks.protocol', 'http')
528 528 settings_maker.make_setting('vcs.hooks.host', '127.0.0.1')
529 529 settings_maker.make_setting('vcs.scm_app_implementation', 'http')
530 530 settings_maker.make_setting('vcs.server', '')
531 531 settings_maker.make_setting('vcs.server.protocol', 'http')
532 532 settings_maker.make_setting('startup.import_repos', 'false', parser='bool')
533 533 settings_maker.make_setting('vcs.hooks.direct_calls', 'false', parser='bool')
534 534 settings_maker.make_setting('vcs.server.enable', 'true', parser='bool')
535 535 settings_maker.make_setting('vcs.start_server', 'false', parser='bool')
536 536 settings_maker.make_setting('vcs.backends', 'hg, git, svn', parser='list')
537 537 settings_maker.make_setting('vcs.connection_timeout', 3600, parser='int')
538 538
539 539 settings_maker.make_setting('vcs.methods.cache', True, parser='bool')
540 540
541 541 # Support legacy values of vcs.scm_app_implementation. Legacy
542 542 # configurations may use 'rhodecode.lib.middleware.utils.scm_app_http', or
543 543 # disabled since 4.13 'vcsserver.scm_app' which is now mapped to 'http'.
544 544 scm_app_impl = settings['vcs.scm_app_implementation']
545 545 if scm_app_impl in ['rhodecode.lib.middleware.utils.scm_app_http', 'vcsserver.scm_app']:
546 546 settings['vcs.scm_app_implementation'] = 'http'
547 547
548 548 settings_maker.make_setting('appenlight', False, parser='bool')
549 549
550 550 temp_store = tempfile.gettempdir()
551 default_cache_dir = os.path.join(temp_store, 'rc_cache')
551 tmp_cache_dir = os.path.join(temp_store, 'rc_cache')
552 552
553 553 # save default, cache dir, and use it for all backends later.
554 554 default_cache_dir = settings_maker.make_setting(
555 555 'cache_dir',
556 default=default_cache_dir, default_when_empty=True,
556 default=tmp_cache_dir, default_when_empty=True,
557 557 parser='dir:ensured')
558 558
559 559 # exception store cache
560 560 settings_maker.make_setting(
561 561 'exception_tracker.store_path',
562 562 default=os.path.join(default_cache_dir, 'exc_store'), default_when_empty=True,
563 563 parser='dir:ensured'
564 564 )
565 565
566 566 settings_maker.make_setting(
567 567 'celerybeat-schedule.path',
568 568 default=os.path.join(default_cache_dir, 'celerybeat_schedule', 'celerybeat-schedule.db'), default_when_empty=True,
569 569 parser='file:ensured'
570 570 )
571 571
572 572 settings_maker.make_setting('exception_tracker.send_email', False, parser='bool')
573 573 settings_maker.make_setting('exception_tracker.email_prefix', '[RHODECODE ERROR]', default_when_empty=True)
574 574
575 575 # cache_general
576 576 settings_maker.make_setting('rc_cache.cache_general.backend', 'dogpile.cache.rc.file_namespace')
577 577 settings_maker.make_setting('rc_cache.cache_general.expiration_time', 60 * 60 * 12, parser='int')
578 578 settings_maker.make_setting('rc_cache.cache_general.arguments.filename', os.path.join(default_cache_dir, 'rhodecode_cache_general.db'))
579 579
580 580 # cache_perms
581 581 settings_maker.make_setting('rc_cache.cache_perms.backend', 'dogpile.cache.rc.file_namespace')
582 582 settings_maker.make_setting('rc_cache.cache_perms.expiration_time', 60 * 60, parser='int')
583 583 settings_maker.make_setting('rc_cache.cache_perms.arguments.filename', os.path.join(default_cache_dir, 'rhodecode_cache_perms.db'))
584 584
585 585 # cache_repo
586 586 settings_maker.make_setting('rc_cache.cache_repo.backend', 'dogpile.cache.rc.file_namespace')
587 587 settings_maker.make_setting('rc_cache.cache_repo.expiration_time', 60 * 60 * 24 * 30, parser='int')
588 588 settings_maker.make_setting('rc_cache.cache_repo.arguments.filename', os.path.join(default_cache_dir, 'rhodecode_cache_repo.db'))
589 589
590 590 # cache_license
591 591 settings_maker.make_setting('rc_cache.cache_license.backend', 'dogpile.cache.rc.file_namespace')
592 592 settings_maker.make_setting('rc_cache.cache_license.expiration_time', 60 * 5, parser='int')
593 593 settings_maker.make_setting('rc_cache.cache_license.arguments.filename', os.path.join(default_cache_dir, 'rhodecode_cache_license.db'))
594 594
595 595 # cache_repo_longterm memory, 96H
596 596 settings_maker.make_setting('rc_cache.cache_repo_longterm.backend', 'dogpile.cache.rc.memory_lru')
597 597 settings_maker.make_setting('rc_cache.cache_repo_longterm.expiration_time', 345600, parser='int')
598 598 settings_maker.make_setting('rc_cache.cache_repo_longterm.max_size', 10000, parser='int')
599 599
600 600 # sql_cache_short
601 601 settings_maker.make_setting('rc_cache.sql_cache_short.backend', 'dogpile.cache.rc.memory_lru')
602 602 settings_maker.make_setting('rc_cache.sql_cache_short.expiration_time', 30, parser='int')
603 603 settings_maker.make_setting('rc_cache.sql_cache_short.max_size', 10000, parser='int')
604 604
605 605 settings_maker.env_expand()
606 606
607 607 # configure instance id
608 608 config_utils.set_instance_id(settings)
609 609
610 610 return settings
General Comments 0
You need to be logged in to leave comments. Login now