##// END OF EJS Templates
ini: cleanups + added generic cache definition
super-admin -
r4832:e9785162 default
parent child Browse files
Show More
@@ -1,890 +1,922 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 ; #########################################
4 4 ; RHODECODE COMMUNITY EDITION CONFIGURATION
5 5 ; #########################################
6 6
7 7 [DEFAULT]
8 8 ; Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = true
10 10
11 11 ; ########################################################################
12 12 ; EMAIL CONFIGURATION
13 13 ; These settings will be used by the RhodeCode mailing system
14 14 ; ########################################################################
15 15
16 16 ; prefix all emails subjects with given prefix, helps filtering out emails
17 17 #email_prefix = [RhodeCode]
18 18
19 19 ; email FROM address all mails will be sent
20 20 #app_email_from = rhodecode-noreply@localhost
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28
29 29 [server:main]
30 30 ; COMMON HOST/IP CONFIG
31 31 host = 127.0.0.1
32 32 port = 5000
33 33
34 34 ; ##################################################
35 35 ; WAITRESS WSGI SERVER - Recommended for Development
36 36 ; ##################################################
37 37
38 38 ; use server type
39 39 use = egg:waitress#main
40 40
41 41 ; number of worker threads
42 42 threads = 5
43 43
44 44 ; MAX BODY SIZE 100GB
45 45 max_request_body_size = 107374182400
46 46
47 47 ; Use poll instead of select, fixes file descriptors limits problems.
48 48 ; May not work on old windows systems.
49 49 asyncore_use_poll = true
50 50
51 51
52 52 ; ###########################
53 53 ; GUNICORN APPLICATION SERVER
54 54 ; ###########################
55 55
56 56 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
57 57
58 58 ; Module to use, this setting shouldn't be changed
59 59 #use = egg:gunicorn#main
60 60
61 61 ; Sets the number of process workers. More workers means more concurrent connections
62 62 ; RhodeCode can handle at the same time. Each additional worker also it increases
63 63 ; memory usage as each has it's own set of caches.
64 64 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
65 65 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
66 66 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
67 67 ; when using more than 1 worker.
68 68 #workers = 2
69 69
70 70 ; Gunicorn access log level
71 71 #loglevel = info
72 72
73 73 ; Process name visible in process list
74 74 #proc_name = rhodecode
75 75
76 76 ; Type of worker class, one of `sync`, `gevent`
77 77 ; Recommended type is `gevent`
78 78 #worker_class = gevent
79 79
80 80 ; The maximum number of simultaneous clients. Valid only for gevent
81 81 #worker_connections = 10
82 82
83 83 ; Max number of requests that worker will handle before being gracefully restarted.
84 84 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
85 85 #max_requests = 1000
86 86 #max_requests_jitter = 30
87 87
88 88 ; Amount of time a worker can spend with handling a request before it
89 89 ; gets killed and restarted. By default set to 21600 (6hrs)
90 90 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
91 91 #timeout = 21600
92 92
93 93 ; The maximum size of HTTP request line in bytes.
94 94 ; 0 for unlimited
95 95 #limit_request_line = 0
96 96
97 97 ; Limit the number of HTTP headers fields in a request.
98 98 ; By default this value is 100 and can't be larger than 32768.
99 99 #limit_request_fields = 32768
100 100
101 101 ; Limit the allowed size of an HTTP request header field.
102 102 ; Value is a positive number or 0.
103 103 ; Setting it to 0 will allow unlimited header field sizes.
104 104 #limit_request_field_size = 0
105 105
106 106 ; Timeout for graceful workers restart.
107 107 ; After receiving a restart signal, workers have this much time to finish
108 108 ; serving requests. Workers still alive after the timeout (starting from the
109 109 ; receipt of the restart signal) are force killed.
110 110 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
111 111 #graceful_timeout = 3600
112 112
113 113 # The number of seconds to wait for requests on a Keep-Alive connection.
114 114 # Generally set in the 1-5 seconds range.
115 115 #keepalive = 2
116 116
117 117 ; Maximum memory usage that each worker can use before it will receive a
118 118 ; graceful restart signal 0 = memory monitoring is disabled
119 119 ; Examples: 268435456 (256MB), 536870912 (512MB)
120 120 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
121 121 #memory_max_usage = 0
122 122
123 123 ; How often in seconds to check for memory usage for each gunicorn worker
124 124 #memory_usage_check_interval = 60
125 125
126 126 ; Threshold value for which we don't recycle worker if GarbageCollection
127 127 ; frees up enough resources. Before each restart we try to run GC on worker
128 128 ; in case we get enough free memory after that, restart will not happen.
129 129 #memory_usage_recovery_threshold = 0.8
130 130
131 131
132 132 ; Prefix middleware for RhodeCode.
133 133 ; recommended when using proxy setup.
134 134 ; allows to set RhodeCode under a prefix in server.
135 135 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
136 136 ; And set your prefix like: `prefix = /custom_prefix`
137 137 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
138 138 ; to make your cookies only work on prefix url
139 139 [filter:proxy-prefix]
140 140 use = egg:PasteDeploy#prefix
141 141 prefix = /
142 142
143 143 [app:main]
144 144 ; The %(here)s variable will be replaced with the absolute path of parent directory
145 145 ; of this file
146 146 ; Each option in the app:main can be override by an environmental variable
147 147 ;
148 148 ;To override an option:
149 149 ;
150 150 ;RC_<KeyName>
151 151 ;Everything should be uppercase, . and - should be replaced by _.
152 152 ;For example, if you have these configuration settings:
153 153 ;rc_cache.repo_object.backend = foo
154 154 ;can be overridden by
155 155 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
156 156
157 157 use = egg:rhodecode-enterprise-ce
158 158
159 159 ; enable proxy prefix middleware, defined above
160 160 #filter-with = proxy-prefix
161 161
162 162 ; #############
163 163 ; DEBUG OPTIONS
164 164 ; #############
165 165
166 166 pyramid.reload_templates = true
167 167
168 168 # During development the we want to have the debug toolbar enabled
169 169 pyramid.includes =
170 170 pyramid_debugtoolbar
171 171
172 172 debugtoolbar.hosts = 0.0.0.0/0
173 173 debugtoolbar.exclude_prefixes =
174 174 /css
175 175 /fonts
176 176 /images
177 177 /js
178 178
179 179 ## RHODECODE PLUGINS ##
180 180 rhodecode.includes =
181 181 rhodecode.api
182 182
183 183
184 184 # api prefix url
185 185 rhodecode.api.url = /_admin/api
186 186
187 187 ; enable debug style page
188 188 debug_style = true
189 189
190 190 ; #################
191 191 ; END DEBUG OPTIONS
192 192 ; #################
193 193
194 194 ; encryption key used to encrypt social plugin tokens,
195 195 ; remote_urls with credentials etc, if not set it defaults to
196 196 ; `beaker.session.secret`
197 197 #rhodecode.encrypted_values.secret =
198 198
199 199 ; decryption strict mode (enabled by default). It controls if decryption raises
200 200 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
201 201 #rhodecode.encrypted_values.strict = false
202 202
203 203 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
204 204 ; fernet is safer, and we strongly recommend switching to it.
205 205 ; Due to backward compatibility aes is used as default.
206 206 #rhodecode.encrypted_values.algorithm = fernet
207 207
208 208 ; Return gzipped responses from RhodeCode (static files/application)
209 209 gzip_responses = false
210 210
211 211 ; Auto-generate javascript routes file on startup
212 212 generate_js_files = false
213 213
214 214 ; System global default language.
215 215 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
216 216 lang = en
217 217
218 218 ; Perform a full repository scan and import on each server start.
219 219 ; Settings this to true could lead to very long startup time.
220 220 startup.import_repos = false
221 221
222 222 ; Uncomment and set this path to use archive download cache.
223 223 ; Once enabled, generated archives will be cached at this location
224 224 ; and served from the cache during subsequent requests for the same archive of
225 225 ; the repository.
226 226 #archive_cache_dir = /tmp/tarballcache
227 227
228 228 ; URL at which the application is running. This is used for Bootstrapping
229 229 ; requests in context when no web request is available. Used in ishell, or
230 230 ; SSH calls. Set this for events to receive proper url for SSH calls.
231 231 app.base_url = http://rhodecode.local
232 232
233 233 ; Unique application ID. Should be a random unique string for security.
234 234 app_instance_uuid = rc-production
235 235
236 236 ; Cut off limit for large diffs (size in bytes). If overall diff size on
237 237 ; commit, or pull request exceeds this limit this diff will be displayed
238 238 ; partially. E.g 512000 == 512Kb
239 239 cut_off_limit_diff = 512000
240 240
241 241 ; Cut off limit for large files inside diffs (size in bytes). Each individual
242 242 ; file inside diff which exceeds this limit will be displayed partially.
243 243 ; E.g 128000 == 128Kb
244 244 cut_off_limit_file = 128000
245 245
246 246 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
247 247 vcs_full_cache = true
248 248
249 249 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
250 250 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
251 251 force_https = false
252 252
253 253 ; use Strict-Transport-Security headers
254 254 use_htsts = false
255 255
256 256 ; Set to true if your repos are exposed using the dumb protocol
257 257 git_update_server_info = false
258 258
259 259 ; RSS/ATOM feed options
260 260 rss_cut_off_limit = 256000
261 261 rss_items_per_page = 10
262 262 rss_include_diff = false
263 263
264 264 ; gist URL alias, used to create nicer urls for gist. This should be an
265 265 ; url that does rewrites to _admin/gists/{gistid}.
266 266 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
267 267 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
268 268 gist_alias_url =
269 269
270 270 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
271 271 ; used for access.
272 272 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
273 273 ; came from the the logged in user who own this authentication token.
274 274 ; Additionally @TOKEN syntax can be used to bound the view to specific
275 275 ; authentication token. Such view would be only accessible when used together
276 276 ; with this authentication token
277 277 ; list of all views can be found under `/_admin/permissions/auth_token_access`
278 278 ; The list should be "," separated and on a single line.
279 279 ; Most common views to enable:
280 280
281 281 # RepoCommitsView:repo_commit_download
282 282 # RepoCommitsView:repo_commit_patch
283 283 # RepoCommitsView:repo_commit_raw
284 284 # RepoCommitsView:repo_commit_raw@TOKEN
285 285 # RepoFilesView:repo_files_diff
286 286 # RepoFilesView:repo_archivefile
287 287 # RepoFilesView:repo_file_raw
288 288 # GistView:*
289 289 api_access_controllers_whitelist =
290 290
291 291 ; Default encoding used to convert from and to unicode
292 292 ; can be also a comma separated list of encoding in case of mixed encodings
293 293 default_encoding = UTF-8
294 294
295 295 ; instance-id prefix
296 296 ; a prefix key for this instance used for cache invalidation when running
297 297 ; multiple instances of RhodeCode, make sure it's globally unique for
298 298 ; all running RhodeCode instances. Leave empty if you don't use it
299 299 instance_id =
300 300
301 301 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
302 302 ; of an authentication plugin also if it is disabled by it's settings.
303 303 ; This could be useful if you are unable to log in to the system due to broken
304 304 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
305 305 ; module to log in again and fix the settings.
306 306 ; Available builtin plugin IDs (hash is part of the ID):
307 307 ; egg:rhodecode-enterprise-ce#rhodecode
308 308 ; egg:rhodecode-enterprise-ce#pam
309 309 ; egg:rhodecode-enterprise-ce#ldap
310 310 ; egg:rhodecode-enterprise-ce#jasig_cas
311 311 ; egg:rhodecode-enterprise-ce#headers
312 312 ; egg:rhodecode-enterprise-ce#crowd
313 313
314 314 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
315 315
316 316 ; Flag to control loading of legacy plugins in py:/path format
317 317 auth_plugin.import_legacy_plugins = true
318 318
319 319 ; alternative return HTTP header for failed authentication. Default HTTP
320 320 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
321 321 ; handling that causing a series of failed authentication calls.
322 322 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
323 323 ; This will be served instead of default 401 on bad authentication
324 324 auth_ret_code =
325 325
326 326 ; use special detection method when serving auth_ret_code, instead of serving
327 327 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
328 328 ; and then serve auth_ret_code to clients
329 329 auth_ret_code_detection = false
330 330
331 331 ; locking return code. When repository is locked return this HTTP code. 2XX
332 332 ; codes don't break the transactions while 4XX codes do
333 333 lock_ret_code = 423
334 334
335 335 ; allows to change the repository location in settings page
336 336 allow_repo_location_change = true
337 337
338 338 ; allows to setup custom hooks in settings page
339 339 allow_custom_hooks_settings = true
340 340
341 341 ; Generated license token required for EE edition license.
342 342 ; New generated token value can be found in Admin > settings > license page.
343 343 license_token =
344 344
345 345 ; This flag hides sensitive information on the license page such as token, and license data
346 346 license.hide_license_info = false
347 347
348 348 ; supervisor connection uri, for managing supervisor and logs.
349 349 supervisor.uri =
350 350
351 351 ; supervisord group name/id we only want this RC instance to handle
352 352 supervisor.group_id = dev
353 353
354 354 ; Display extended labs settings
355 355 labs_settings_active = true
356 356
357 357 ; Custom exception store path, defaults to TMPDIR
358 358 ; This is used to store exception from RhodeCode in shared directory
359 359 #exception_tracker.store_path =
360 360
361 361 ; Send email with exception details when it happens
362 362 #exception_tracker.send_email = false
363 363
364 364 ; Comma separated list of recipients for exception emails,
365 365 ; e.g admin@rhodecode.com,devops@rhodecode.com
366 366 ; Can be left empty, then emails will be sent to ALL super-admins
367 367 #exception_tracker.send_email_recipients =
368 368
369 369 ; optional prefix to Add to email Subject
370 370 #exception_tracker.email_prefix = [RHODECODE ERROR]
371 371
372 372 ; File store configuration. This is used to store and serve uploaded files
373 373 file_store.enabled = true
374 374
375 375 ; Storage backend, available options are: local
376 376 file_store.backend = local
377 377
378 378 ; path to store the uploaded binaries
379 379 file_store.storage_path = %(here)s/data/file_store
380 380
381 381
382 382 ; #############
383 383 ; CELERY CONFIG
384 384 ; #############
385 385
386 386 ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
387 387
388 388 use_celery = false
389 389
390 390 ; path to store schedule database
391 391 #celerybeat-schedule.path =
392 392
393 393 ; connection url to the message broker (default redis)
394 394 celery.broker_url = redis://localhost:6379/8
395 395
396 396 ; rabbitmq example
397 397 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
398 398
399 399 ; maximum tasks to execute before worker restart
400 400 celery.max_tasks_per_child = 100
401 401
402 402 ; tasks will never be sent to the queue, but executed locally instead.
403 403 celery.task_always_eager = false
404 404
405 405 ; #############
406 406 ; DOGPILE CACHE
407 407 ; #############
408 408
409 409 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
410 410 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
411 411 cache_dir = %(here)s/data
412 412
413 413 ; *********************************************
414 414 ; `sql_cache_short` cache for heavy SQL queries
415 415 ; Only supported backend is `memory_lru`
416 416 ; *********************************************
417 417 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
418 418 rc_cache.sql_cache_short.expiration_time = 30
419 419
420 420
421 421 ; *****************************************************
422 422 ; `cache_repo_longterm` cache for repo object instances
423 423 ; Only supported backend is `memory_lru`
424 424 ; *****************************************************
425 425 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
426 426 ; by default we use 30 Days, cache is still invalidated on push
427 427 rc_cache.cache_repo_longterm.expiration_time = 2592000
428 428 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
429 429 rc_cache.cache_repo_longterm.max_size = 10000
430 430
431 431
432 ; *********************************************
433 ; `cache_general` cache for general purpose use
434 ; for simplicity use rc.file_namespace backend,
435 ; for performance and scale use rc.redis
436 ; *********************************************
437 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
438 rc_cache.cache_general.expiration_time = 43200
439 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
440 #rc_cache.cache_general.arguments.filename = /tmp/cache_general.db
441
442 ; alternative `cache_general` redis backend with distributed lock
443 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
444 #rc_cache.cache_general.expiration_time = 300
445
446 ; redis_expiration_time needs to be greater then expiration_time
447 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
448
449 #rc_cache.cache_general.arguments.host = localhost
450 #rc_cache.cache_general.arguments.port = 6379
451 #rc_cache.cache_general.arguments.db = 0
452 #rc_cache.cache_general.arguments.socket_timeout = 30
453 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
454 #rc_cache.cache_general.arguments.distributed_lock = true
455
456 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
457 #rc_cache.cache_general.arguments.lock_auto_renewal = true
458
432 459 ; *************************************************
433 460 ; `cache_perms` cache for permission tree, auth TTL
461 ; for simplicity use rc.file_namespace backend,
462 ; for performance and scale use rc.redis
434 463 ; *************************************************
435 464 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
436 rc_cache.cache_perms.expiration_time = 300
465 rc_cache.cache_perms.expiration_time = 3600
437 466 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
438 467 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
439 468
440 469 ; alternative `cache_perms` redis backend with distributed lock
441 470 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
442 471 #rc_cache.cache_perms.expiration_time = 300
443 472
444 473 ; redis_expiration_time needs to be greater then expiration_time
445 474 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
446 475
447 476 #rc_cache.cache_perms.arguments.host = localhost
448 477 #rc_cache.cache_perms.arguments.port = 6379
449 478 #rc_cache.cache_perms.arguments.db = 0
450 479 #rc_cache.cache_perms.arguments.socket_timeout = 30
451 480 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
452 481 #rc_cache.cache_perms.arguments.distributed_lock = true
453 482
454 483 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
455 484 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
456 485
457 486 ; ***************************************************
458 487 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
488 ; for simplicity use rc.file_namespace backend,
489 ; for performance and scale use rc.redis
459 490 ; ***************************************************
460 491 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
461 492 rc_cache.cache_repo.expiration_time = 2592000
462 493 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
463 494 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
464 495
465 496 ; alternative `cache_repo` redis backend with distributed lock
466 497 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
467 498 #rc_cache.cache_repo.expiration_time = 2592000
468 499
469 500 ; redis_expiration_time needs to be greater then expiration_time
470 501 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
471 502
472 503 #rc_cache.cache_repo.arguments.host = localhost
473 504 #rc_cache.cache_repo.arguments.port = 6379
474 505 #rc_cache.cache_repo.arguments.db = 1
475 506 #rc_cache.cache_repo.arguments.socket_timeout = 30
476 507 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
477 508 #rc_cache.cache_repo.arguments.distributed_lock = true
478 509
479 510 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
480 511 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
481 512
482 513 ; ##############
483 514 ; BEAKER SESSION
484 515 ; ##############
485 516
486 517 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
487 518 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
488 519 ; Fastest ones are Redis and ext:database
489 520 beaker.session.type = file
490 521 beaker.session.data_dir = %(here)s/data/sessions
491 522
492 523 ; Redis based sessions
493 524 #beaker.session.type = ext:redis
494 525 #beaker.session.url = redis://127.0.0.1:6379/2
495 526
496 527 ; DB based session, fast, and allows easy management over logged in users
497 528 #beaker.session.type = ext:database
498 529 #beaker.session.table_name = db_session
499 530 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
500 531 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
501 532 #beaker.session.sa.pool_recycle = 3600
502 533 #beaker.session.sa.echo = false
503 534
504 535 beaker.session.key = rhodecode
505 536 beaker.session.secret = develop-rc-uytcxaz
506 537 beaker.session.lock_dir = %(here)s/data/sessions/lock
507 538
508 539 ; Secure encrypted cookie. Requires AES and AES python libraries
509 540 ; you must disable beaker.session.secret to use this
510 541 #beaker.session.encrypt_key = key_for_encryption
511 542 #beaker.session.validate_key = validation_key
512 543
513 544 ; Sets session as invalid (also logging out user) if it haven not been
514 545 ; accessed for given amount of time in seconds
515 546 beaker.session.timeout = 2592000
516 547 beaker.session.httponly = true
517 548
518 549 ; Path to use for the cookie. Set to prefix if you use prefix middleware
519 550 #beaker.session.cookie_path = /custom_prefix
520 551
521 552 ; Set https secure cookie
522 553 beaker.session.secure = false
523 554
524 555 ; default cookie expiration time in seconds, set to `true` to set expire
525 556 ; at browser close
526 557 #beaker.session.cookie_expires = 3600
527 558
528 559 ; #############################
529 560 ; SEARCH INDEXING CONFIGURATION
530 561 ; #############################
531 562
532 563 ; Full text search indexer is available in rhodecode-tools under
533 564 ; `rhodecode-tools index` command
534 565
535 566 ; WHOOSH Backend, doesn't require additional services to run
536 567 ; it works good with few dozen repos
537 568 search.module = rhodecode.lib.index.whoosh
538 569 search.location = %(here)s/data/index
539 570
540 571 ; ####################
541 572 ; CHANNELSTREAM CONFIG
542 573 ; ####################
543 574
544 575 ; channelstream enables persistent connections and live notification
545 576 ; in the system. It's also used by the chat system
546 577
547 578 channelstream.enabled = false
548 579
549 580 ; server address for channelstream server on the backend
550 581 channelstream.server = 127.0.0.1:9800
551 582
552 583 ; location of the channelstream server from outside world
553 584 ; use ws:// for http or wss:// for https. This address needs to be handled
554 585 ; by external HTTP server such as Nginx or Apache
555 586 ; see Nginx/Apache configuration examples in our docs
556 587 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
557 588 channelstream.secret = secret
558 589 channelstream.history.location = %(here)s/channelstream_history
559 590
560 591 ; Internal application path that Javascript uses to connect into.
561 592 ; If you use proxy-prefix the prefix should be added before /_channelstream
562 593 channelstream.proxy_path = /_channelstream
563 594
564 595
565 596 ; ##############################
566 597 ; MAIN RHODECODE DATABASE CONFIG
567 598 ; ##############################
568 599
569 600 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
570 601 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
571 602 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
572 603 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
573 604 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
574 605
575 606 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
576 607
577 608 ; see sqlalchemy docs for other advanced settings
578 609 ; print the sql statements to output
579 610 sqlalchemy.db1.echo = false
580 611
581 612 ; recycle the connections after this amount of seconds
582 613 sqlalchemy.db1.pool_recycle = 3600
583 614 sqlalchemy.db1.convert_unicode = true
584 615
585 616 ; the number of connections to keep open inside the connection pool.
586 617 ; 0 indicates no limit
587 618 #sqlalchemy.db1.pool_size = 5
588 619
589 620 ; The number of connections to allow in connection pool "overflow", that is
590 621 ; connections that can be opened above and beyond the pool_size setting,
591 622 ; which defaults to five.
592 623 #sqlalchemy.db1.max_overflow = 10
593 624
594 625 ; Connection check ping, used to detect broken database connections
595 626 ; could be enabled to better handle cases if MySQL has gone away errors
596 627 #sqlalchemy.db1.ping_connection = true
597 628
598 629 ; ##########
599 630 ; VCS CONFIG
600 631 ; ##########
601 632 vcs.server.enable = true
602 633 vcs.server = localhost:9900
603 634
604 635 ; Web server connectivity protocol, responsible for web based VCS operations
605 636 ; Available protocols are:
606 637 ; `http` - use http-rpc backend (default)
607 638 vcs.server.protocol = http
608 639
609 640 ; Push/Pull operations protocol, available options are:
610 641 ; `http` - use http-rpc backend (default)
611 642 vcs.scm_app_implementation = http
612 643
613 644 ; Push/Pull operations hooks protocol, available options are:
614 645 ; `http` - use http-rpc backend (default)
615 646 vcs.hooks.protocol = http
616 647
617 648 ; Host on which this instance is listening for hooks. If vcsserver is in other location
618 649 ; this should be adjusted.
619 650 vcs.hooks.host = 127.0.0.1
620 651
621 652 ; Start VCSServer with this instance as a subprocess, useful for development
622 653 vcs.start_server = false
623 654
624 655 ; List of enabled VCS backends, available options are:
625 656 ; `hg` - mercurial
626 657 ; `git` - git
627 658 ; `svn` - subversion
628 659 vcs.backends = hg, git, svn
629 660
630 661 ; Wait this number of seconds before killing connection to the vcsserver
631 662 vcs.connection_timeout = 3600
632 663
633 664 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
634 665 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
635 666 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
636 667 #vcs.svn.compatible_version = 1.8
637 668
638 669 ; Cache flag to cache vcsserver remote calls locally
639 670 ; It uses cache_region `cache_repo`
640 671 vcs.methods.cache = true
641 672
642 673 ; ####################################################
643 674 ; Subversion proxy support (mod_dav_svn)
644 675 ; Maps RhodeCode repo groups into SVN paths for Apache
645 676 ; ####################################################
646 677
647 678 ; Enable or disable the config file generation.
648 679 svn.proxy.generate_config = false
649 680
650 681 ; Generate config file with `SVNListParentPath` set to `On`.
651 682 svn.proxy.list_parent_path = true
652 683
653 684 ; Set location and file name of generated config file.
654 685 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
655 686
656 687 ; alternative mod_dav config template. This needs to be a valid mako template
657 688 ; Example template can be found in the source code:
658 689 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
659 690 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
660 691
661 692 ; Used as a prefix to the `Location` block in the generated config file.
662 693 ; In most cases it should be set to `/`.
663 694 svn.proxy.location_root = /
664 695
665 696 ; Command to reload the mod dav svn configuration on change.
666 697 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
667 698 ; Make sure user who runs RhodeCode process is allowed to reload Apache
668 699 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
669 700
670 701 ; If the timeout expires before the reload command finishes, the command will
671 702 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
672 703 #svn.proxy.reload_timeout = 10
673 704
674 705 ; ####################
675 706 ; SSH Support Settings
676 707 ; ####################
677 708
678 709 ; Defines if a custom authorized_keys file should be created and written on
679 710 ; any change user ssh keys. Setting this to false also disables possibility
680 711 ; of adding SSH keys by users from web interface. Super admins can still
681 712 ; manage SSH Keys.
682 713 ssh.generate_authorized_keyfile = false
683 714
684 715 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
685 716 # ssh.authorized_keys_ssh_opts =
686 717
687 718 ; Path to the authorized_keys file where the generate entries are placed.
688 719 ; It is possible to have multiple key files specified in `sshd_config` e.g.
689 720 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
690 721 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
691 722
692 723 ; Command to execute the SSH wrapper. The binary is available in the
693 724 ; RhodeCode installation directory.
694 725 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
695 726 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
696 727
697 728 ; Allow shell when executing the ssh-wrapper command
698 729 ssh.wrapper_cmd_allow_shell = false
699 730
700 731 ; Enables logging, and detailed output send back to the client during SSH
701 732 ; operations. Useful for debugging, shouldn't be used in production.
702 733 ssh.enable_debug_logging = true
703 734
704 735 ; Paths to binary executable, by default they are the names, but we can
705 736 ; override them if we want to use a custom one
706 737 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
707 738 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
708 739 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
709 740
710 741 ; Enables SSH key generator web interface. Disabling this still allows users
711 742 ; to add their own keys.
712 743 ssh.enable_ui_key_generator = true
713 744
714 745
715 746 ; #################
716 747 ; APPENLIGHT CONFIG
717 748 ; #################
718 749
719 750 ; Appenlight is tailored to work with RhodeCode, see
720 751 ; http://appenlight.rhodecode.com for details how to obtain an account
721 752
722 753 ; Appenlight integration enabled
723 754 #appenlight = false
724 755
725 756 #appenlight.server_url = https://api.appenlight.com
726 757 #appenlight.api_key = YOUR_API_KEY
727 758 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
728 759
729 760 ; used for JS client
730 761 #appenlight.api_public_key = YOUR_API_PUBLIC_KEY
731 762
732 763 ; TWEAK AMOUNT OF INFO SENT HERE
733 764
734 765 ; enables 404 error logging (default False)
735 766 #appenlight.report_404 = false
736 767
737 768 ; time in seconds after request is considered being slow (default 1)
738 769 #appenlight.slow_request_time = 1
739 770
740 771 ; record slow requests in application
741 772 ; (needs to be enabled for slow datastore recording and time tracking)
742 773 #appenlight.slow_requests = true
743 774
744 775 ; enable hooking to application loggers
745 776 #appenlight.logging = true
746 777
747 778 ; minimum log level for log capture
748 779 #ppenlight.logging.level = WARNING
749 780
750 781 ; send logs only from erroneous/slow requests
751 782 ; (saves API quota for intensive logging)
752 783 #appenlight.logging_on_error = false
753 784
754 785 ; list of additional keywords that should be grabbed from environ object
755 786 ; can be string with comma separated list of words in lowercase
756 787 ; (by default client will always send following info:
757 788 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
758 789 ; start with HTTP* this list be extended with additional keywords here
759 790 #appenlight.environ_keys_whitelist =
760 791
761 792 ; list of keywords that should be blanked from request object
762 793 ; can be string with comma separated list of words in lowercase
763 794 ; (by default client will always blank keys that contain following words
764 795 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
765 796 ; this list be extended with additional keywords set here
766 797 #appenlight.request_keys_blacklist =
767 798
768 799 ; list of namespaces that should be ignores when gathering log entries
769 800 ; can be string with comma separated list of namespaces
770 801 ; (by default the client ignores own entries: appenlight_client.client)
771 802 #appenlight.log_namespace_blacklist =
772 803
773 804 ; Statsd client config, this is used to send metrics to statsd
774 805 ; We recommend setting statsd_exported and scrape them using Promethues
775 806 #statsd.enabled = false
776 807 #statsd.statsd_host = 0.0.0.0
777 808 #statsd.statsd_port = 8125
778 809 #statsd.statsd_prefix =
779 810 #statsd.statsd_ipv6 = false
780 811
781 812 ; configure logging automatically at server startup set to false
782 813 ; to use the below custom logging config.
783 814 ; RC_LOGGING_FORMATTER
784 815 ; RC_LOGGING_LEVEL
785 816 ; env variables can control the settings for logging in case of autoconfigure
786 817
787 818 #logging.autoconfigure = true
788 819
789 820 ; specify your own custom logging config file to configure logging
790 821 #logging.logging_conf_file = /path/to/custom_logging.ini
791 822
792 823 ; Dummy marker to add new entries after.
793 824 ; Add any custom entries below. Please don't remove this marker.
794 825 custom.conf = 1
795 826
796 827
797 828 ; #####################
798 829 ; LOGGING CONFIGURATION
799 830 ; #####################
800 831
801 832 [loggers]
802 833 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
803 834
804 835 [handlers]
805 836 keys = console, console_sql
806 837
807 838 [formatters]
808 839 keys = generic, json, color_formatter, color_formatter_sql
809 840
810 841 ; #######
811 842 ; LOGGERS
812 843 ; #######
813 844 [logger_root]
814 845 level = NOTSET
815 846 handlers = console
816 847
817 848 [logger_sqlalchemy]
818 849 level = INFO
819 850 handlers = console_sql
820 851 qualname = sqlalchemy.engine
821 852 propagate = 0
822 853
823 854 [logger_beaker]
824 855 level = DEBUG
825 856 handlers =
826 857 qualname = beaker.container
827 858 propagate = 1
828 859
829 860 [logger_rhodecode]
830 861 level = DEBUG
831 862 handlers =
832 863 qualname = rhodecode
833 864 propagate = 1
834 865
835 866 [logger_ssh_wrapper]
836 867 level = DEBUG
837 868 handlers =
838 869 qualname = ssh_wrapper
839 870 propagate = 1
840 871
841 872 [logger_celery]
842 873 level = DEBUG
843 874 handlers =
844 875 qualname = celery
845 876
846 877
847 878 ; ########
848 879 ; HANDLERS
849 880 ; ########
850 881
851 882 [handler_console]
852 883 class = StreamHandler
853 884 args = (sys.stderr, )
854 885 level = DEBUG
886 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
887 ; This allows sending properly formatted logs to grafana loki or elasticsearch
855 888 formatter = color_formatter
856 ; To enable JSON formatted logs replace generic with json
857 ; This allows sending properly formatted logs to grafana loki or elasticsearch
858 #formatter = json
859 889
860 890 [handler_console_sql]
861 891 ; "level = DEBUG" logs SQL queries and results.
862 892 ; "level = INFO" logs SQL queries.
863 893 ; "level = WARN" logs neither. (Recommended for production systems.)
864 894 class = StreamHandler
865 895 args = (sys.stderr, )
866 896 level = WARN
897 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
898 ; This allows sending properly formatted logs to grafana loki or elasticsearch
867 899 formatter = color_formatter_sql
868 900
869 901 ; ##########
870 902 ; FORMATTERS
871 903 ; ##########
872 904
873 905 [formatter_generic]
874 906 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
875 907 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
876 908 datefmt = %Y-%m-%d %H:%M:%S
877 909
878 910 [formatter_color_formatter]
879 911 class = rhodecode.lib.logging_formatter.ColorFormatter
880 912 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
881 913 datefmt = %Y-%m-%d %H:%M:%S
882 914
883 915 [formatter_color_formatter_sql]
884 916 class = rhodecode.lib.logging_formatter.ColorFormatterSql
885 917 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
886 918 datefmt = %Y-%m-%d %H:%M:%S
887 919
888 920 [formatter_json]
889 921 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
890 922 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
@@ -1,98 +1,95 b''
1 1 ; #####################
2 2 ; LOGGING CONFIGURATION
3 3 ; #####################
4
4 5 [loggers]
5 6 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
6 7
7 8 [handlers]
8 9 keys = console, console_sql
9 10
10 11 [formatters]
11 12 keys = generic, json, color_formatter, color_formatter_sql
12 13
13 14 ; #######
14 15 ; LOGGERS
15 16 ; #######
16 17 [logger_root]
17 18 level = NOTSET
18 19 handlers = console
19 20
20 21 [logger_sqlalchemy]
21 22 level = $RC_LOGGING_LEVEL
22 23 handlers = console_sql
23 24 qualname = sqlalchemy.engine
24 25 propagate = 0
25 26
26 27 [logger_beaker]
27 28 level = $RC_LOGGING_LEVEL
28 29 handlers =
29 30 qualname = beaker.container
30 31 propagate = 1
31 32
32 33 [logger_rhodecode]
33 34 level = $RC_LOGGING_LEVEL
34 35 handlers =
35 36 qualname = rhodecode
36 37 propagate = 1
37 38
38 39 [logger_ssh_wrapper]
39 40 level = $RC_LOGGING_LEVEL
40 41 handlers =
41 42 qualname = ssh_wrapper
42 43 propagate = 1
43 44
44 45 [logger_celery]
45 46 level = $RC_LOGGING_LEVEL
46 47 handlers =
47 48 qualname = celery
48 49
49 50
50 51 ; ########
51 52 ; HANDLERS
52 53 ; ########
53 54
54 55 [handler_console]
55 56 class = StreamHandler
56 57 args = (sys.stderr, )
57 58 level = $RC_LOGGING_LEVEL
58 ; To enable JSON formatted logs replace generic with json
59 ; To enable JSON formatted logs replace 'generic' with 'json'
59 60 ; This allows sending properly formatted logs to grafana loki or elasticsearch
60 #formatter = json
61 #formatter = generic
62 61 formatter = $RC_LOGGING_FORMATTER
63 62
64 63 [handler_console_sql]
65 64 ; "level = DEBUG" logs SQL queries and results.
66 65 ; "level = INFO" logs SQL queries.
67 66 ; "level = WARN" logs neither. (Recommended for production systems.)
68 67 class = StreamHandler
69 68 args = (sys.stderr, )
70 69 level = WARN
71 ; To enable JSON formatted logs replace generic with json
70 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
72 71 ; This allows sending properly formatted logs to grafana loki or elasticsearch
73 #formatter = json
74 #formatter = generic
75 72 formatter = $RC_LOGGING_FORMATTER
76 73
77 74 ; ##########
78 75 ; FORMATTERS
79 76 ; ##########
80 77
81 78 [formatter_generic]
82 79 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
83 80 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
84 81 datefmt = %Y-%m-%d %H:%M:%S
85 82
86 83 [formatter_color_formatter]
87 84 class = rhodecode.lib.logging_formatter.ColorFormatter
88 85 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
89 86 datefmt = %Y-%m-%d %H:%M:%S
90 87
91 88 [formatter_color_formatter_sql]
92 89 class = rhodecode.lib.logging_formatter.ColorFormatterSql
93 90 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
94 91 datefmt = %Y-%m-%d %H:%M:%S
95 92
96 93 [formatter_json]
97 format = %(message)s
98 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter No newline at end of file
94 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
95 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
@@ -1,841 +1,873 b''
1 1 ## -*- coding: utf-8 -*-
2 2
3 3 ; #########################################
4 4 ; RHODECODE COMMUNITY EDITION CONFIGURATION
5 5 ; #########################################
6 6
7 7 [DEFAULT]
8 8 ; Debug flag sets all loggers to debug, and enables request tracking
9 9 debug = false
10 10
11 11 ; ########################################################################
12 12 ; EMAIL CONFIGURATION
13 13 ; These settings will be used by the RhodeCode mailing system
14 14 ; ########################################################################
15 15
16 16 ; prefix all emails subjects with given prefix, helps filtering out emails
17 17 #email_prefix = [RhodeCode]
18 18
19 19 ; email FROM address all mails will be sent
20 20 #app_email_from = rhodecode-noreply@localhost
21 21
22 22 #smtp_server = mail.server.com
23 23 #smtp_username =
24 24 #smtp_password =
25 25 #smtp_port =
26 26 #smtp_use_tls = false
27 27 #smtp_use_ssl = true
28 28
29 29 [server:main]
30 30 ; COMMON HOST/IP CONFIG
31 31 host = 127.0.0.1
32 32 port = 5000
33 33
34 34
35 35 ; ###########################
36 36 ; GUNICORN APPLICATION SERVER
37 37 ; ###########################
38 38
39 39 ; run with gunicorn --paste rhodecode.ini
40 40
41 41 ; Module to use, this setting shouldn't be changed
42 42 use = egg:gunicorn#main
43 43
44 44 ; Sets the number of process workers. More workers means more concurrent connections
45 45 ; RhodeCode can handle at the same time. Each additional worker also it increases
46 46 ; memory usage as each has it's own set of caches.
47 47 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
48 48 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
49 49 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
50 50 ; when using more than 1 worker.
51 51 workers = 2
52 52
53 53 ; Gunicorn access log level
54 54 loglevel = info
55 55
56 56 ; Process name visible in process list
57 57 proc_name = rhodecode
58 58
59 59 ; Type of worker class, one of `sync`, `gevent`
60 60 ; Recommended type is `gevent`
61 61 worker_class = gevent
62 62
63 63 ; The maximum number of simultaneous clients per worker. Valid only for gevent
64 64 worker_connections = 10
65 65
66 66 ; Max number of requests that worker will handle before being gracefully restarted.
67 67 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
68 68 max_requests = 1000
69 69 max_requests_jitter = 30
70 70
71 71 ; Amount of time a worker can spend with handling a request before it
72 72 ; gets killed and restarted. By default set to 21600 (6hrs)
73 73 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
74 74 timeout = 21600
75 75
76 76 ; The maximum size of HTTP request line in bytes.
77 77 ; 0 for unlimited
78 78 limit_request_line = 0
79 79
80 80 ; Limit the number of HTTP headers fields in a request.
81 81 ; By default this value is 100 and can't be larger than 32768.
82 82 limit_request_fields = 32768
83 83
84 84 ; Limit the allowed size of an HTTP request header field.
85 85 ; Value is a positive number or 0.
86 86 ; Setting it to 0 will allow unlimited header field sizes.
87 87 limit_request_field_size = 0
88 88
89 89 ; Timeout for graceful workers restart.
90 90 ; After receiving a restart signal, workers have this much time to finish
91 91 ; serving requests. Workers still alive after the timeout (starting from the
92 92 ; receipt of the restart signal) are force killed.
93 93 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
94 94 graceful_timeout = 3600
95 95
96 96 # The number of seconds to wait for requests on a Keep-Alive connection.
97 97 # Generally set in the 1-5 seconds range.
98 98 keepalive = 2
99 99
100 100 ; Maximum memory usage that each worker can use before it will receive a
101 101 ; graceful restart signal 0 = memory monitoring is disabled
102 102 ; Examples: 268435456 (256MB), 536870912 (512MB)
103 103 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
104 104 memory_max_usage = 0
105 105
106 106 ; How often in seconds to check for memory usage for each gunicorn worker
107 107 memory_usage_check_interval = 60
108 108
109 109 ; Threshold value for which we don't recycle worker if GarbageCollection
110 110 ; frees up enough resources. Before each restart we try to run GC on worker
111 111 ; in case we get enough free memory after that, restart will not happen.
112 112 memory_usage_recovery_threshold = 0.8
113 113
114 114
115 115 ; Prefix middleware for RhodeCode.
116 116 ; recommended when using proxy setup.
117 117 ; allows to set RhodeCode under a prefix in server.
118 118 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
119 119 ; And set your prefix like: `prefix = /custom_prefix`
120 120 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
121 121 ; to make your cookies only work on prefix url
122 122 [filter:proxy-prefix]
123 123 use = egg:PasteDeploy#prefix
124 124 prefix = /
125 125
126 126 [app:main]
127 127 ; The %(here)s variable will be replaced with the absolute path of parent directory
128 128 ; of this file
129 129 ; Each option in the app:main can be override by an environmental variable
130 130 ;
131 131 ;To override an option:
132 132 ;
133 133 ;RC_<KeyName>
134 134 ;Everything should be uppercase, . and - should be replaced by _.
135 135 ;For example, if you have these configuration settings:
136 136 ;rc_cache.repo_object.backend = foo
137 137 ;can be overridden by
138 138 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
139 139
140 140 use = egg:rhodecode-enterprise-ce
141 141
142 142 ; enable proxy prefix middleware, defined above
143 143 #filter-with = proxy-prefix
144 144
145 145 ; encryption key used to encrypt social plugin tokens,
146 146 ; remote_urls with credentials etc, if not set it defaults to
147 147 ; `beaker.session.secret`
148 148 #rhodecode.encrypted_values.secret =
149 149
150 150 ; decryption strict mode (enabled by default). It controls if decryption raises
151 151 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
152 152 #rhodecode.encrypted_values.strict = false
153 153
154 154 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
155 155 ; fernet is safer, and we strongly recommend switching to it.
156 156 ; Due to backward compatibility aes is used as default.
157 157 #rhodecode.encrypted_values.algorithm = fernet
158 158
159 159 ; Return gzipped responses from RhodeCode (static files/application)
160 160 gzip_responses = false
161 161
162 162 ; Auto-generate javascript routes file on startup
163 163 generate_js_files = false
164 164
165 165 ; System global default language.
166 166 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
167 167 lang = en
168 168
169 169 ; Perform a full repository scan and import on each server start.
170 170 ; Settings this to true could lead to very long startup time.
171 171 startup.import_repos = false
172 172
173 173 ; Uncomment and set this path to use archive download cache.
174 174 ; Once enabled, generated archives will be cached at this location
175 175 ; and served from the cache during subsequent requests for the same archive of
176 176 ; the repository.
177 177 #archive_cache_dir = /tmp/tarballcache
178 178
179 179 ; URL at which the application is running. This is used for Bootstrapping
180 180 ; requests in context when no web request is available. Used in ishell, or
181 181 ; SSH calls. Set this for events to receive proper url for SSH calls.
182 182 app.base_url = http://rhodecode.local
183 183
184 184 ; Unique application ID. Should be a random unique string for security.
185 185 app_instance_uuid = rc-production
186 186
187 187 ; Cut off limit for large diffs (size in bytes). If overall diff size on
188 188 ; commit, or pull request exceeds this limit this diff will be displayed
189 189 ; partially. E.g 512000 == 512Kb
190 190 cut_off_limit_diff = 512000
191 191
192 192 ; Cut off limit for large files inside diffs (size in bytes). Each individual
193 193 ; file inside diff which exceeds this limit will be displayed partially.
194 194 ; E.g 128000 == 128Kb
195 195 cut_off_limit_file = 128000
196 196
197 197 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
198 198 vcs_full_cache = true
199 199
200 200 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
201 201 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
202 202 force_https = false
203 203
204 204 ; use Strict-Transport-Security headers
205 205 use_htsts = false
206 206
207 207 ; Set to true if your repos are exposed using the dumb protocol
208 208 git_update_server_info = false
209 209
210 210 ; RSS/ATOM feed options
211 211 rss_cut_off_limit = 256000
212 212 rss_items_per_page = 10
213 213 rss_include_diff = false
214 214
215 215 ; gist URL alias, used to create nicer urls for gist. This should be an
216 216 ; url that does rewrites to _admin/gists/{gistid}.
217 217 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
218 218 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
219 219 gist_alias_url =
220 220
221 221 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
222 222 ; used for access.
223 223 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
224 224 ; came from the the logged in user who own this authentication token.
225 225 ; Additionally @TOKEN syntax can be used to bound the view to specific
226 226 ; authentication token. Such view would be only accessible when used together
227 227 ; with this authentication token
228 228 ; list of all views can be found under `/_admin/permissions/auth_token_access`
229 229 ; The list should be "," separated and on a single line.
230 230 ; Most common views to enable:
231 231
232 232 # RepoCommitsView:repo_commit_download
233 233 # RepoCommitsView:repo_commit_patch
234 234 # RepoCommitsView:repo_commit_raw
235 235 # RepoCommitsView:repo_commit_raw@TOKEN
236 236 # RepoFilesView:repo_files_diff
237 237 # RepoFilesView:repo_archivefile
238 238 # RepoFilesView:repo_file_raw
239 239 # GistView:*
240 240 api_access_controllers_whitelist =
241 241
242 242 ; Default encoding used to convert from and to unicode
243 243 ; can be also a comma separated list of encoding in case of mixed encodings
244 244 default_encoding = UTF-8
245 245
246 246 ; instance-id prefix
247 247 ; a prefix key for this instance used for cache invalidation when running
248 248 ; multiple instances of RhodeCode, make sure it's globally unique for
249 249 ; all running RhodeCode instances. Leave empty if you don't use it
250 250 instance_id =
251 251
252 252 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
253 253 ; of an authentication plugin also if it is disabled by it's settings.
254 254 ; This could be useful if you are unable to log in to the system due to broken
255 255 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
256 256 ; module to log in again and fix the settings.
257 257 ; Available builtin plugin IDs (hash is part of the ID):
258 258 ; egg:rhodecode-enterprise-ce#rhodecode
259 259 ; egg:rhodecode-enterprise-ce#pam
260 260 ; egg:rhodecode-enterprise-ce#ldap
261 261 ; egg:rhodecode-enterprise-ce#jasig_cas
262 262 ; egg:rhodecode-enterprise-ce#headers
263 263 ; egg:rhodecode-enterprise-ce#crowd
264 264
265 265 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
266 266
267 267 ; Flag to control loading of legacy plugins in py:/path format
268 268 auth_plugin.import_legacy_plugins = true
269 269
270 270 ; alternative return HTTP header for failed authentication. Default HTTP
271 271 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
272 272 ; handling that causing a series of failed authentication calls.
273 273 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
274 274 ; This will be served instead of default 401 on bad authentication
275 275 auth_ret_code =
276 276
277 277 ; use special detection method when serving auth_ret_code, instead of serving
278 278 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
279 279 ; and then serve auth_ret_code to clients
280 280 auth_ret_code_detection = false
281 281
282 282 ; locking return code. When repository is locked return this HTTP code. 2XX
283 283 ; codes don't break the transactions while 4XX codes do
284 284 lock_ret_code = 423
285 285
286 286 ; allows to change the repository location in settings page
287 287 allow_repo_location_change = true
288 288
289 289 ; allows to setup custom hooks in settings page
290 290 allow_custom_hooks_settings = true
291 291
292 292 ; Generated license token required for EE edition license.
293 293 ; New generated token value can be found in Admin > settings > license page.
294 294 license_token =
295 295
296 296 ; This flag hides sensitive information on the license page such as token, and license data
297 297 license.hide_license_info = false
298 298
299 299 ; supervisor connection uri, for managing supervisor and logs.
300 300 supervisor.uri =
301 301
302 302 ; supervisord group name/id we only want this RC instance to handle
303 303 supervisor.group_id = prod
304 304
305 305 ; Display extended labs settings
306 306 labs_settings_active = true
307 307
308 308 ; Custom exception store path, defaults to TMPDIR
309 309 ; This is used to store exception from RhodeCode in shared directory
310 310 #exception_tracker.store_path =
311 311
312 312 ; Send email with exception details when it happens
313 313 #exception_tracker.send_email = false
314 314
315 315 ; Comma separated list of recipients for exception emails,
316 316 ; e.g admin@rhodecode.com,devops@rhodecode.com
317 317 ; Can be left empty, then emails will be sent to ALL super-admins
318 318 #exception_tracker.send_email_recipients =
319 319
320 320 ; optional prefix to Add to email Subject
321 321 #exception_tracker.email_prefix = [RHODECODE ERROR]
322 322
323 323 ; File store configuration. This is used to store and serve uploaded files
324 324 file_store.enabled = true
325 325
326 326 ; Storage backend, available options are: local
327 327 file_store.backend = local
328 328
329 329 ; path to store the uploaded binaries
330 330 file_store.storage_path = %(here)s/data/file_store
331 331
332 332
333 333 ; #############
334 334 ; CELERY CONFIG
335 335 ; #############
336 336
337 337 ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
338 338
339 339 use_celery = false
340 340
341 341 ; path to store schedule database
342 342 #celerybeat-schedule.path =
343 343
344 344 ; connection url to the message broker (default redis)
345 345 celery.broker_url = redis://localhost:6379/8
346 346
347 347 ; rabbitmq example
348 348 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
349 349
350 350 ; maximum tasks to execute before worker restart
351 351 celery.max_tasks_per_child = 100
352 352
353 353 ; tasks will never be sent to the queue, but executed locally instead.
354 354 celery.task_always_eager = false
355 355
356 356 ; #############
357 357 ; DOGPILE CACHE
358 358 ; #############
359 359
360 360 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
361 361 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
362 362 cache_dir = %(here)s/data
363 363
364 364 ; *********************************************
365 365 ; `sql_cache_short` cache for heavy SQL queries
366 366 ; Only supported backend is `memory_lru`
367 367 ; *********************************************
368 368 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
369 369 rc_cache.sql_cache_short.expiration_time = 30
370 370
371 371
372 372 ; *****************************************************
373 373 ; `cache_repo_longterm` cache for repo object instances
374 374 ; Only supported backend is `memory_lru`
375 375 ; *****************************************************
376 376 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
377 377 ; by default we use 30 Days, cache is still invalidated on push
378 378 rc_cache.cache_repo_longterm.expiration_time = 2592000
379 379 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
380 380 rc_cache.cache_repo_longterm.max_size = 10000
381 381
382 382
383 ; *********************************************
384 ; `cache_general` cache for general purpose use
385 ; for simplicity use rc.file_namespace backend,
386 ; for performance and scale use rc.redis
387 ; *********************************************
388 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
389 rc_cache.cache_general.expiration_time = 43200
390 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
391 #rc_cache.cache_general.arguments.filename = /tmp/cache_general.db
392
393 ; alternative `cache_general` redis backend with distributed lock
394 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
395 #rc_cache.cache_general.expiration_time = 300
396
397 ; redis_expiration_time needs to be greater then expiration_time
398 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
399
400 #rc_cache.cache_general.arguments.host = localhost
401 #rc_cache.cache_general.arguments.port = 6379
402 #rc_cache.cache_general.arguments.db = 0
403 #rc_cache.cache_general.arguments.socket_timeout = 30
404 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
405 #rc_cache.cache_general.arguments.distributed_lock = true
406
407 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
408 #rc_cache.cache_general.arguments.lock_auto_renewal = true
409
383 410 ; *************************************************
384 411 ; `cache_perms` cache for permission tree, auth TTL
412 ; for simplicity use rc.file_namespace backend,
413 ; for performance and scale use rc.redis
385 414 ; *************************************************
386 415 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
387 rc_cache.cache_perms.expiration_time = 300
416 rc_cache.cache_perms.expiration_time = 3600
388 417 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
389 418 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
390 419
391 420 ; alternative `cache_perms` redis backend with distributed lock
392 421 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
393 422 #rc_cache.cache_perms.expiration_time = 300
394 423
395 424 ; redis_expiration_time needs to be greater then expiration_time
396 425 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
397 426
398 427 #rc_cache.cache_perms.arguments.host = localhost
399 428 #rc_cache.cache_perms.arguments.port = 6379
400 429 #rc_cache.cache_perms.arguments.db = 0
401 430 #rc_cache.cache_perms.arguments.socket_timeout = 30
402 431 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
403 432 #rc_cache.cache_perms.arguments.distributed_lock = true
404 433
405 434 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
406 435 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
407 436
408 437 ; ***************************************************
409 438 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
439 ; for simplicity use rc.file_namespace backend,
440 ; for performance and scale use rc.redis
410 441 ; ***************************************************
411 442 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
412 443 rc_cache.cache_repo.expiration_time = 2592000
413 444 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
414 445 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
415 446
416 447 ; alternative `cache_repo` redis backend with distributed lock
417 448 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
418 449 #rc_cache.cache_repo.expiration_time = 2592000
419 450
420 451 ; redis_expiration_time needs to be greater then expiration_time
421 452 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
422 453
423 454 #rc_cache.cache_repo.arguments.host = localhost
424 455 #rc_cache.cache_repo.arguments.port = 6379
425 456 #rc_cache.cache_repo.arguments.db = 1
426 457 #rc_cache.cache_repo.arguments.socket_timeout = 30
427 458 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
428 459 #rc_cache.cache_repo.arguments.distributed_lock = true
429 460
430 461 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
431 462 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
432 463
433 464 ; ##############
434 465 ; BEAKER SESSION
435 466 ; ##############
436 467
437 468 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
438 469 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
439 470 ; Fastest ones are Redis and ext:database
440 471 beaker.session.type = file
441 472 beaker.session.data_dir = %(here)s/data/sessions
442 473
443 474 ; Redis based sessions
444 475 #beaker.session.type = ext:redis
445 476 #beaker.session.url = redis://127.0.0.1:6379/2
446 477
447 478 ; DB based session, fast, and allows easy management over logged in users
448 479 #beaker.session.type = ext:database
449 480 #beaker.session.table_name = db_session
450 481 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
451 482 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
452 483 #beaker.session.sa.pool_recycle = 3600
453 484 #beaker.session.sa.echo = false
454 485
455 486 beaker.session.key = rhodecode
456 487 beaker.session.secret = production-rc-uytcxaz
457 488 beaker.session.lock_dir = %(here)s/data/sessions/lock
458 489
459 490 ; Secure encrypted cookie. Requires AES and AES python libraries
460 491 ; you must disable beaker.session.secret to use this
461 492 #beaker.session.encrypt_key = key_for_encryption
462 493 #beaker.session.validate_key = validation_key
463 494
464 495 ; Sets session as invalid (also logging out user) if it haven not been
465 496 ; accessed for given amount of time in seconds
466 497 beaker.session.timeout = 2592000
467 498 beaker.session.httponly = true
468 499
469 500 ; Path to use for the cookie. Set to prefix if you use prefix middleware
470 501 #beaker.session.cookie_path = /custom_prefix
471 502
472 503 ; Set https secure cookie
473 504 beaker.session.secure = false
474 505
475 506 ; default cookie expiration time in seconds, set to `true` to set expire
476 507 ; at browser close
477 508 #beaker.session.cookie_expires = 3600
478 509
479 510 ; #############################
480 511 ; SEARCH INDEXING CONFIGURATION
481 512 ; #############################
482 513
483 514 ; Full text search indexer is available in rhodecode-tools under
484 515 ; `rhodecode-tools index` command
485 516
486 517 ; WHOOSH Backend, doesn't require additional services to run
487 518 ; it works good with few dozen repos
488 519 search.module = rhodecode.lib.index.whoosh
489 520 search.location = %(here)s/data/index
490 521
491 522 ; ####################
492 523 ; CHANNELSTREAM CONFIG
493 524 ; ####################
494 525
495 526 ; channelstream enables persistent connections and live notification
496 527 ; in the system. It's also used by the chat system
497 528
498 529 channelstream.enabled = false
499 530
500 531 ; server address for channelstream server on the backend
501 532 channelstream.server = 127.0.0.1:9800
502 533
503 534 ; location of the channelstream server from outside world
504 535 ; use ws:// for http or wss:// for https. This address needs to be handled
505 536 ; by external HTTP server such as Nginx or Apache
506 537 ; see Nginx/Apache configuration examples in our docs
507 538 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
508 539 channelstream.secret = secret
509 540 channelstream.history.location = %(here)s/channelstream_history
510 541
511 542 ; Internal application path that Javascript uses to connect into.
512 543 ; If you use proxy-prefix the prefix should be added before /_channelstream
513 544 channelstream.proxy_path = /_channelstream
514 545
515 546
516 547 ; ##############################
517 548 ; MAIN RHODECODE DATABASE CONFIG
518 549 ; ##############################
519 550
520 551 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
521 552 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
522 553 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
523 554 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
524 555 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
525 556
526 557 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
527 558
528 559 ; see sqlalchemy docs for other advanced settings
529 560 ; print the sql statements to output
530 561 sqlalchemy.db1.echo = false
531 562
532 563 ; recycle the connections after this amount of seconds
533 564 sqlalchemy.db1.pool_recycle = 3600
534 565 sqlalchemy.db1.convert_unicode = true
535 566
536 567 ; the number of connections to keep open inside the connection pool.
537 568 ; 0 indicates no limit
538 569 #sqlalchemy.db1.pool_size = 5
539 570
540 571 ; The number of connections to allow in connection pool "overflow", that is
541 572 ; connections that can be opened above and beyond the pool_size setting,
542 573 ; which defaults to five.
543 574 #sqlalchemy.db1.max_overflow = 10
544 575
545 576 ; Connection check ping, used to detect broken database connections
546 577 ; could be enabled to better handle cases if MySQL has gone away errors
547 578 #sqlalchemy.db1.ping_connection = true
548 579
549 580 ; ##########
550 581 ; VCS CONFIG
551 582 ; ##########
552 583 vcs.server.enable = true
553 584 vcs.server = localhost:9900
554 585
555 586 ; Web server connectivity protocol, responsible for web based VCS operations
556 587 ; Available protocols are:
557 588 ; `http` - use http-rpc backend (default)
558 589 vcs.server.protocol = http
559 590
560 591 ; Push/Pull operations protocol, available options are:
561 592 ; `http` - use http-rpc backend (default)
562 593 vcs.scm_app_implementation = http
563 594
564 595 ; Push/Pull operations hooks protocol, available options are:
565 596 ; `http` - use http-rpc backend (default)
566 597 vcs.hooks.protocol = http
567 598
568 599 ; Host on which this instance is listening for hooks. If vcsserver is in other location
569 600 ; this should be adjusted.
570 601 vcs.hooks.host = 127.0.0.1
571 602
572 603 ; Start VCSServer with this instance as a subprocess, useful for development
573 604 vcs.start_server = false
574 605
575 606 ; List of enabled VCS backends, available options are:
576 607 ; `hg` - mercurial
577 608 ; `git` - git
578 609 ; `svn` - subversion
579 610 vcs.backends = hg, git, svn
580 611
581 612 ; Wait this number of seconds before killing connection to the vcsserver
582 613 vcs.connection_timeout = 3600
583 614
584 615 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
585 616 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
586 617 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
587 618 #vcs.svn.compatible_version = 1.8
588 619
589 620 ; Cache flag to cache vcsserver remote calls locally
590 621 ; It uses cache_region `cache_repo`
591 622 vcs.methods.cache = true
592 623
593 624 ; ####################################################
594 625 ; Subversion proxy support (mod_dav_svn)
595 626 ; Maps RhodeCode repo groups into SVN paths for Apache
596 627 ; ####################################################
597 628
598 629 ; Enable or disable the config file generation.
599 630 svn.proxy.generate_config = false
600 631
601 632 ; Generate config file with `SVNListParentPath` set to `On`.
602 633 svn.proxy.list_parent_path = true
603 634
604 635 ; Set location and file name of generated config file.
605 636 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
606 637
607 638 ; alternative mod_dav config template. This needs to be a valid mako template
608 639 ; Example template can be found in the source code:
609 640 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
610 641 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
611 642
612 643 ; Used as a prefix to the `Location` block in the generated config file.
613 644 ; In most cases it should be set to `/`.
614 645 svn.proxy.location_root = /
615 646
616 647 ; Command to reload the mod dav svn configuration on change.
617 648 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
618 649 ; Make sure user who runs RhodeCode process is allowed to reload Apache
619 650 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
620 651
621 652 ; If the timeout expires before the reload command finishes, the command will
622 653 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
623 654 #svn.proxy.reload_timeout = 10
624 655
625 656 ; ####################
626 657 ; SSH Support Settings
627 658 ; ####################
628 659
629 660 ; Defines if a custom authorized_keys file should be created and written on
630 661 ; any change user ssh keys. Setting this to false also disables possibility
631 662 ; of adding SSH keys by users from web interface. Super admins can still
632 663 ; manage SSH Keys.
633 664 ssh.generate_authorized_keyfile = false
634 665
635 666 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
636 667 # ssh.authorized_keys_ssh_opts =
637 668
638 669 ; Path to the authorized_keys file where the generate entries are placed.
639 670 ; It is possible to have multiple key files specified in `sshd_config` e.g.
640 671 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
641 672 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
642 673
643 674 ; Command to execute the SSH wrapper. The binary is available in the
644 675 ; RhodeCode installation directory.
645 676 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
646 677 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
647 678
648 679 ; Allow shell when executing the ssh-wrapper command
649 680 ssh.wrapper_cmd_allow_shell = false
650 681
651 682 ; Enables logging, and detailed output send back to the client during SSH
652 683 ; operations. Useful for debugging, shouldn't be used in production.
653 684 ssh.enable_debug_logging = false
654 685
655 686 ; Paths to binary executable, by default they are the names, but we can
656 687 ; override them if we want to use a custom one
657 688 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
658 689 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
659 690 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
660 691
661 692 ; Enables SSH key generator web interface. Disabling this still allows users
662 693 ; to add their own keys.
663 694 ssh.enable_ui_key_generator = true
664 695
665 696
666 697 ; #################
667 698 ; APPENLIGHT CONFIG
668 699 ; #################
669 700
670 701 ; Appenlight is tailored to work with RhodeCode, see
671 702 ; http://appenlight.rhodecode.com for details how to obtain an account
672 703
673 704 ; Appenlight integration enabled
674 705 #appenlight = false
675 706
676 707 #appenlight.server_url = https://api.appenlight.com
677 708 #appenlight.api_key = YOUR_API_KEY
678 709 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
679 710
680 711 ; used for JS client
681 712 #appenlight.api_public_key = YOUR_API_PUBLIC_KEY
682 713
683 714 ; TWEAK AMOUNT OF INFO SENT HERE
684 715
685 716 ; enables 404 error logging (default False)
686 717 #appenlight.report_404 = false
687 718
688 719 ; time in seconds after request is considered being slow (default 1)
689 720 #appenlight.slow_request_time = 1
690 721
691 722 ; record slow requests in application
692 723 ; (needs to be enabled for slow datastore recording and time tracking)
693 724 #appenlight.slow_requests = true
694 725
695 726 ; enable hooking to application loggers
696 727 #appenlight.logging = true
697 728
698 729 ; minimum log level for log capture
699 730 #ppenlight.logging.level = WARNING
700 731
701 732 ; send logs only from erroneous/slow requests
702 733 ; (saves API quota for intensive logging)
703 734 #appenlight.logging_on_error = false
704 735
705 736 ; list of additional keywords that should be grabbed from environ object
706 737 ; can be string with comma separated list of words in lowercase
707 738 ; (by default client will always send following info:
708 739 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
709 740 ; start with HTTP* this list be extended with additional keywords here
710 741 #appenlight.environ_keys_whitelist =
711 742
712 743 ; list of keywords that should be blanked from request object
713 744 ; can be string with comma separated list of words in lowercase
714 745 ; (by default client will always blank keys that contain following words
715 746 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
716 747 ; this list be extended with additional keywords set here
717 748 #appenlight.request_keys_blacklist =
718 749
719 750 ; list of namespaces that should be ignores when gathering log entries
720 751 ; can be string with comma separated list of namespaces
721 752 ; (by default the client ignores own entries: appenlight_client.client)
722 753 #appenlight.log_namespace_blacklist =
723 754
724 755 ; Statsd client config, this is used to send metrics to statsd
725 756 ; We recommend setting statsd_exported and scrape them using Promethues
726 757 #statsd.enabled = false
727 758 #statsd.statsd_host = 0.0.0.0
728 759 #statsd.statsd_port = 8125
729 760 #statsd.statsd_prefix =
730 761 #statsd.statsd_ipv6 = false
731 762
732 763 ; configure logging automatically at server startup set to false
733 764 ; to use the below custom logging config.
734 765 ; RC_LOGGING_FORMATTER
735 766 ; RC_LOGGING_LEVEL
736 767 ; env variables can control the settings for logging in case of autoconfigure
737 768
738 769 #logging.autoconfigure = true
739 770
740 771 ; specify your own custom logging config file to configure logging
741 772 #logging.logging_conf_file = /path/to/custom_logging.ini
742 773
743 774 ; Dummy marker to add new entries after.
744 775 ; Add any custom entries below. Please don't remove this marker.
745 776 custom.conf = 1
746 777
747 778
748 779 ; #####################
749 780 ; LOGGING CONFIGURATION
750 781 ; #####################
751 782
752 783 [loggers]
753 784 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
754 785
755 786 [handlers]
756 787 keys = console, console_sql
757 788
758 789 [formatters]
759 790 keys = generic, json, color_formatter, color_formatter_sql
760 791
761 792 ; #######
762 793 ; LOGGERS
763 794 ; #######
764 795 [logger_root]
765 796 level = NOTSET
766 797 handlers = console
767 798
768 799 [logger_sqlalchemy]
769 800 level = INFO
770 801 handlers = console_sql
771 802 qualname = sqlalchemy.engine
772 803 propagate = 0
773 804
774 805 [logger_beaker]
775 806 level = DEBUG
776 807 handlers =
777 808 qualname = beaker.container
778 809 propagate = 1
779 810
780 811 [logger_rhodecode]
781 812 level = DEBUG
782 813 handlers =
783 814 qualname = rhodecode
784 815 propagate = 1
785 816
786 817 [logger_ssh_wrapper]
787 818 level = DEBUG
788 819 handlers =
789 820 qualname = ssh_wrapper
790 821 propagate = 1
791 822
792 823 [logger_celery]
793 824 level = DEBUG
794 825 handlers =
795 826 qualname = celery
796 827
797 828
798 829 ; ########
799 830 ; HANDLERS
800 831 ; ########
801 832
802 833 [handler_console]
803 834 class = StreamHandler
804 835 args = (sys.stderr, )
805 836 level = INFO
837 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
838 ; This allows sending properly formatted logs to grafana loki or elasticsearch
806 839 formatter = generic
807 ; To enable JSON formatted logs replace generic with json
808 ; This allows sending properly formatted logs to grafana loki or elasticsearch
809 #formatter = json
810 840
811 841 [handler_console_sql]
812 842 ; "level = DEBUG" logs SQL queries and results.
813 843 ; "level = INFO" logs SQL queries.
814 844 ; "level = WARN" logs neither. (Recommended for production systems.)
815 845 class = StreamHandler
816 846 args = (sys.stderr, )
817 847 level = WARN
848 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
849 ; This allows sending properly formatted logs to grafana loki or elasticsearch
818 850 formatter = generic
819 851
820 852 ; ##########
821 853 ; FORMATTERS
822 854 ; ##########
823 855
824 856 [formatter_generic]
825 857 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
826 858 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
827 859 datefmt = %Y-%m-%d %H:%M:%S
828 860
829 861 [formatter_color_formatter]
830 862 class = rhodecode.lib.logging_formatter.ColorFormatter
831 863 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
832 864 datefmt = %Y-%m-%d %H:%M:%S
833 865
834 866 [formatter_color_formatter_sql]
835 867 class = rhodecode.lib.logging_formatter.ColorFormatterSql
836 868 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
837 869 datefmt = %Y-%m-%d %H:%M:%S
838 870
839 871 [formatter_json]
840 872 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
841 873 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
General Comments 0
You need to be logged in to leave comments. Login now