##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
exception_store: rename .ini option for future
marcink -
r3024:eb235cbd stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,736 +1,724 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 5 ################################################################################
6 6
7 7 [DEFAULT]
8 8 debug = true
9 9
10 10 ################################################################################
11 11 ## EMAIL CONFIGURATION ##
12 12 ## Uncomment and replace with the email address which should receive ##
13 13 ## any error reports after an application crash ##
14 14 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 15 ################################################################################
16 16
17 17 ## prefix all emails subjects with given prefix, helps filtering out emails
18 18 #email_prefix = [RhodeCode]
19 19
20 20 ## email FROM address all mails will be sent
21 21 #app_email_from = rhodecode-noreply@localhost
22 22
23 ## Uncomment and replace with the address which should receive any error report
24 ## note: using appenlight for error handling doesn't need this to be uncommented
25 #email_to = admin@localhost
26
27 ## in case of Application errors, sent an error email form
28 #error_email_from = rhodecode_error@localhost
29
30 ## additional error message to be send in case of server crash
31 #error_message =
32
33
34 23 #smtp_server = mail.server.com
35 24 #smtp_username =
36 25 #smtp_password =
37 26 #smtp_port =
38 27 #smtp_use_tls = false
39 28 #smtp_use_ssl = true
40 29 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
41 30 #smtp_auth =
42 31
43 32 [server:main]
44 33 ## COMMON ##
45 34 host = 127.0.0.1
46 35 port = 5000
47 36
48 37 ###########################################################
49 38 ## WAITRESS WSGI SERVER - Recommended for Development ####
50 39 ###########################################################
51 40
52 41 use = egg:waitress#main
53 42 ## number of worker threads
54 43 threads = 5
55 44 ## MAX BODY SIZE 100GB
56 45 max_request_body_size = 107374182400
57 46 ## Use poll instead of select, fixes file descriptors limits problems.
58 47 ## May not work on old windows systems.
59 48 asyncore_use_poll = true
60 49
61 50
62 51 ##########################
63 52 ## GUNICORN WSGI SERVER ##
64 53 ##########################
65 54 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
66 55
67 56 #use = egg:gunicorn#main
68 57 ## Sets the number of process workers. More workers means more concurent connections
69 58 ## RhodeCode can handle at the same time. Each additional worker also it increases
70 59 ## memory usage as each has it's own set of caches.
71 60 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
72 61 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
73 62 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
74 63 ## when using more than 1 worker.
75 64 #workers = 2
76 65 ## process name visible in process list
77 66 #proc_name = rhodecode
78 67 ## type of worker class, one of sync, gevent
79 68 ## recommended for bigger setup is using of of other than sync one
80 69 #worker_class = gevent
81 70 ## The maximum number of simultaneous clients. Valid only for Gevent
82 71 #worker_connections = 10
83 72 ## max number of requests that worker will handle before being gracefully
84 73 ## restarted, could prevent memory leaks
85 74 #max_requests = 1000
86 75 #max_requests_jitter = 30
87 76 ## amount of time a worker can spend with handling a request before it
88 77 ## gets killed and restarted. Set to 6hrs
89 78 #timeout = 21600
90 79
91 80
92 81 ## prefix middleware for RhodeCode.
93 82 ## recommended when using proxy setup.
94 83 ## allows to set RhodeCode under a prefix in server.
95 84 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
96 85 ## And set your prefix like: `prefix = /custom_prefix`
97 86 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
98 87 ## to make your cookies only work on prefix url
99 88 [filter:proxy-prefix]
100 89 use = egg:PasteDeploy#prefix
101 90 prefix = /
102 91
103 92 [app:main]
104 93 ## The %(here)s variable will be replaced with the absolute path of parent directory
105 94 ## of this file
106 95 ## In addition ENVIRONMENT variables usage is possible, e.g
107 96 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
108 97
109 98 use = egg:rhodecode-enterprise-ce
110 99
111 100 ## enable proxy prefix middleware, defined above
112 101 #filter-with = proxy-prefix
113 102
114 103 # During development the we want to have the debug toolbar enabled
115 104 pyramid.includes =
116 105 pyramid_debugtoolbar
117 106 rhodecode.lib.middleware.request_wrapper
118 107
119 108 pyramid.reload_templates = true
120 109
121 110 debugtoolbar.hosts = 0.0.0.0/0
122 111 debugtoolbar.exclude_prefixes =
123 112 /css
124 113 /fonts
125 114 /images
126 115 /js
127 116
128 117 ## RHODECODE PLUGINS ##
129 118 rhodecode.includes =
130 119 rhodecode.api
131 120
132 121
133 122 # api prefix url
134 123 rhodecode.api.url = /_admin/api
135 124
136 125
137 126 ## END RHODECODE PLUGINS ##
138 127
139 128 ## encryption key used to encrypt social plugin tokens,
140 129 ## remote_urls with credentials etc, if not set it defaults to
141 130 ## `beaker.session.secret`
142 131 #rhodecode.encrypted_values.secret =
143 132
144 133 ## decryption strict mode (enabled by default). It controls if decryption raises
145 134 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
146 135 #rhodecode.encrypted_values.strict = false
147 136
148 137 ## return gzipped responses from Rhodecode (static files/application)
149 138 gzip_responses = false
150 139
151 140 ## autogenerate javascript routes file on startup
152 141 generate_js_files = false
153 142
154 143 ## System global default language.
155 144 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
156 145 lang = en
157 146
158 147 ## Perform a full repository scan and import on each server start.
159 148 ## Settings this to true could lead to very long startup time.
160 149 startup.import_repos = false
161 150
162 151 ## Uncomment and set this path to use archive download cache.
163 152 ## Once enabled, generated archives will be cached at this location
164 153 ## and served from the cache during subsequent requests for the same archive of
165 154 ## the repository.
166 155 #archive_cache_dir = /tmp/tarballcache
167 156
168 157 ## URL at which the application is running. This is used for bootstraping
169 158 ## requests in context when no web request is available. Used in ishell, or
170 159 ## SSH calls. Set this for events to receive proper url for SSH calls.
171 160 app.base_url = http://rhodecode.local
172 161
173 162 ## Unique application ID. Should be a random unique string for security.
174 163 app_instance_uuid = rc-production
175 164
176 165 ## Cut off limit for large diffs (size in bytes). If overall diff size on
177 166 ## commit, or pull request exceeds this limit this diff will be displayed
178 167 ## partially. E.g 512000 == 512Kb
179 168 cut_off_limit_diff = 512000
180 169
181 170 ## Cut off limit for large files inside diffs (size in bytes). Each individual
182 171 ## file inside diff which exceeds this limit will be displayed partially.
183 172 ## E.g 128000 == 128Kb
184 173 cut_off_limit_file = 128000
185 174
186 175 ## use cached version of vcs repositories everywhere. Recommended to be `true`
187 176 vcs_full_cache = true
188 177
189 178 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
190 179 ## Normally this is controlled by proper http flags sent from http server
191 180 force_https = false
192 181
193 182 ## use Strict-Transport-Security headers
194 183 use_htsts = false
195 184
196 185 ## git rev filter option, --all is the default filter, if you need to
197 186 ## hide all refs in changelog switch this to --branches --tags
198 187 git_rev_filter = --branches --tags
199 188
200 189 # Set to true if your repos are exposed using the dumb protocol
201 190 git_update_server_info = false
202 191
203 192 ## RSS/ATOM feed options
204 193 rss_cut_off_limit = 256000
205 194 rss_items_per_page = 10
206 195 rss_include_diff = false
207 196
208 197 ## gist URL alias, used to create nicer urls for gist. This should be an
209 198 ## url that does rewrites to _admin/gists/{gistid}.
210 199 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
211 200 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
212 201 gist_alias_url =
213 202
214 203 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
215 204 ## used for access.
216 205 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
217 206 ## came from the the logged in user who own this authentication token.
218 207 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
219 208 ## authentication token. Such view would be only accessible when used together
220 209 ## with this authentication token
221 210 ##
222 211 ## list of all views can be found under `/_admin/permissions/auth_token_access`
223 212 ## The list should be "," separated and on a single line.
224 213 ##
225 214 ## Most common views to enable:
226 215 # RepoCommitsView:repo_commit_download
227 216 # RepoCommitsView:repo_commit_patch
228 217 # RepoCommitsView:repo_commit_raw
229 218 # RepoCommitsView:repo_commit_raw@TOKEN
230 219 # RepoFilesView:repo_files_diff
231 220 # RepoFilesView:repo_archivefile
232 221 # RepoFilesView:repo_file_raw
233 222 # GistView:*
234 223 api_access_controllers_whitelist =
235 224
236 225 ## Default encoding used to convert from and to unicode
237 226 ## can be also a comma separated list of encoding in case of mixed encodings
238 227 default_encoding = UTF-8
239 228
240 229 ## instance-id prefix
241 230 ## a prefix key for this instance used for cache invalidation when running
242 231 ## multiple instances of rhodecode, make sure it's globally unique for
243 232 ## all running rhodecode instances. Leave empty if you don't use it
244 233 instance_id =
245 234
246 235 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
247 236 ## of an authentication plugin also if it is disabled by it's settings.
248 237 ## This could be useful if you are unable to log in to the system due to broken
249 238 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
250 239 ## module to log in again and fix the settings.
251 240 ##
252 241 ## Available builtin plugin IDs (hash is part of the ID):
253 242 ## egg:rhodecode-enterprise-ce#rhodecode
254 243 ## egg:rhodecode-enterprise-ce#pam
255 244 ## egg:rhodecode-enterprise-ce#ldap
256 245 ## egg:rhodecode-enterprise-ce#jasig_cas
257 246 ## egg:rhodecode-enterprise-ce#headers
258 247 ## egg:rhodecode-enterprise-ce#crowd
259 248 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
260 249
261 250 ## alternative return HTTP header for failed authentication. Default HTTP
262 251 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
263 252 ## handling that causing a series of failed authentication calls.
264 253 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
265 254 ## This will be served instead of default 401 on bad authnetication
266 255 auth_ret_code =
267 256
268 257 ## use special detection method when serving auth_ret_code, instead of serving
269 258 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
270 259 ## and then serve auth_ret_code to clients
271 260 auth_ret_code_detection = false
272 261
273 262 ## locking return code. When repository is locked return this HTTP code. 2XX
274 263 ## codes don't break the transactions while 4XX codes do
275 264 lock_ret_code = 423
276 265
277 266 ## allows to change the repository location in settings page
278 267 allow_repo_location_change = true
279 268
280 269 ## allows to setup custom hooks in settings page
281 270 allow_custom_hooks_settings = true
282 271
283 272 ## Generated license token required for EE edition license.
284 273 ## New generated token value can be found in Admin > settings > license page.
285 274 license_token =
286 275
287 276 ## supervisor connection uri, for managing supervisor and logs.
288 277 supervisor.uri =
289 278 ## supervisord group name/id we only want this RC instance to handle
290 279 supervisor.group_id = dev
291 280
292 281 ## Display extended labs settings
293 282 labs_settings_active = true
294 283
295 284 ## custom exception store path, defaults to TMPDIR
296 exception_store_path =
297
285 exception_tracker.store_path =
298 286
299 287 ####################################
300 288 ### CELERY CONFIG ####
301 289 ####################################
302 290 ## run: /path/to/celery worker \
303 291 ## -E --beat --app rhodecode.lib.celerylib.loader \
304 292 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
305 293 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
306 294
307 295 use_celery = false
308 296
309 297 ## connection url to the message broker (default rabbitmq)
310 298 celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
311 299
312 300 ## maximum tasks to execute before worker restart
313 301 celery.max_tasks_per_child = 100
314 302
315 303 ## tasks will never be sent to the queue, but executed locally instead.
316 304 celery.task_always_eager = false
317 305
318 306 #####################################
319 307 ### DOGPILE CACHE ####
320 308 #####################################
321 309 ## Default cache dir for caches. Putting this into a ramdisk
322 310 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
323 311 ## large amount of space
324 312 cache_dir = %(here)s/data
325 313
326 314 ## `cache_perms` cache settings for permission tree, auth TTL.
327 315 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
328 316 rc_cache.cache_perms.expiration_time = 300
329 317
330 318 ## alternative `cache_perms` redis backend with distributed lock
331 319 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
332 320 #rc_cache.cache_perms.expiration_time = 300
333 321 ## redis_expiration_time needs to be greater then expiration_time
334 322 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
335 323 #rc_cache.cache_perms.arguments.socket_timeout = 30
336 324 #rc_cache.cache_perms.arguments.host = localhost
337 325 #rc_cache.cache_perms.arguments.port = 6379
338 326 #rc_cache.cache_perms.arguments.db = 0
339 327 #rc_cache.cache_perms.arguments.distributed_lock = true
340 328
341 329 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
342 330 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
343 331 rc_cache.cache_repo.expiration_time = 2592000
344 332
345 333 ## alternative `cache_repo` redis backend with distributed lock
346 334 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
347 335 #rc_cache.cache_repo.expiration_time = 2592000
348 336 ## redis_expiration_time needs to be greater then expiration_time
349 337 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
350 338 #rc_cache.cache_repo.arguments.socket_timeout = 30
351 339 #rc_cache.cache_repo.arguments.host = localhost
352 340 #rc_cache.cache_repo.arguments.port = 6379
353 341 #rc_cache.cache_repo.arguments.db = 1
354 342 #rc_cache.cache_repo.arguments.distributed_lock = true
355 343
356 344 ## cache settings for SQL queries, this needs to use memory type backend
357 345 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
358 346 rc_cache.sql_cache_short.expiration_time = 30
359 347
360 348 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
361 349 ## type backend as the objects kept are not pickle serializable
362 350 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
363 351 ## by default we use 96H, this is using invalidation on push anyway
364 352 rc_cache.cache_repo_longterm.expiration_time = 345600
365 353 ## max items in LRU cache, reduce this number to save memory, and expire last used
366 354 ## cached objects
367 355 rc_cache.cache_repo_longterm.max_size = 10000
368 356
369 357
370 358 ####################################
371 359 ### BEAKER SESSION ####
372 360 ####################################
373 361
374 362 ## .session.type is type of storage options for the session, current allowed
375 363 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
376 364 beaker.session.type = file
377 365 beaker.session.data_dir = %(here)s/data/sessions
378 366
379 367 ## db based session, fast, and allows easy management over logged in users
380 368 #beaker.session.type = ext:database
381 369 #beaker.session.table_name = db_session
382 370 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
383 371 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
384 372 #beaker.session.sa.pool_recycle = 3600
385 373 #beaker.session.sa.echo = false
386 374
387 375 beaker.session.key = rhodecode
388 376 beaker.session.secret = develop-rc-uytcxaz
389 377 beaker.session.lock_dir = %(here)s/data/sessions/lock
390 378
391 379 ## Secure encrypted cookie. Requires AES and AES python libraries
392 380 ## you must disable beaker.session.secret to use this
393 381 #beaker.session.encrypt_key = key_for_encryption
394 382 #beaker.session.validate_key = validation_key
395 383
396 384 ## sets session as invalid(also logging out user) if it haven not been
397 385 ## accessed for given amount of time in seconds
398 386 beaker.session.timeout = 2592000
399 387 beaker.session.httponly = true
400 388 ## Path to use for the cookie. Set to prefix if you use prefix middleware
401 389 #beaker.session.cookie_path = /custom_prefix
402 390
403 391 ## uncomment for https secure cookie
404 392 beaker.session.secure = false
405 393
406 394 ## auto save the session to not to use .save()
407 395 beaker.session.auto = false
408 396
409 397 ## default cookie expiration time in seconds, set to `true` to set expire
410 398 ## at browser close
411 399 #beaker.session.cookie_expires = 3600
412 400
413 401 ###################################
414 402 ## SEARCH INDEXING CONFIGURATION ##
415 403 ###################################
416 404 ## Full text search indexer is available in rhodecode-tools under
417 405 ## `rhodecode-tools index` command
418 406
419 407 ## WHOOSH Backend, doesn't require additional services to run
420 408 ## it works good with few dozen repos
421 409 search.module = rhodecode.lib.index.whoosh
422 410 search.location = %(here)s/data/index
423 411
424 412 ########################################
425 413 ### CHANNELSTREAM CONFIG ####
426 414 ########################################
427 415 ## channelstream enables persistent connections and live notification
428 416 ## in the system. It's also used by the chat system
429 417 channelstream.enabled = false
430 418
431 419 ## server address for channelstream server on the backend
432 420 channelstream.server = 127.0.0.1:9800
433 421
434 422 ## location of the channelstream server from outside world
435 423 ## use ws:// for http or wss:// for https. This address needs to be handled
436 424 ## by external HTTP server such as Nginx or Apache
437 425 ## see nginx/apache configuration examples in our docs
438 426 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
439 427 channelstream.secret = secret
440 428 channelstream.history.location = %(here)s/channelstream_history
441 429
442 430 ## Internal application path that Javascript uses to connect into.
443 431 ## If you use proxy-prefix the prefix should be added before /_channelstream
444 432 channelstream.proxy_path = /_channelstream
445 433
446 434
447 435 ###################################
448 436 ## APPENLIGHT CONFIG ##
449 437 ###################################
450 438
451 439 ## Appenlight is tailored to work with RhodeCode, see
452 440 ## http://appenlight.com for details how to obtain an account
453 441
454 442 ## appenlight integration enabled
455 443 appenlight = false
456 444
457 445 appenlight.server_url = https://api.appenlight.com
458 446 appenlight.api_key = YOUR_API_KEY
459 447 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
460 448
461 449 # used for JS client
462 450 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
463 451
464 452 ## TWEAK AMOUNT OF INFO SENT HERE
465 453
466 454 ## enables 404 error logging (default False)
467 455 appenlight.report_404 = false
468 456
469 457 ## time in seconds after request is considered being slow (default 1)
470 458 appenlight.slow_request_time = 1
471 459
472 460 ## record slow requests in application
473 461 ## (needs to be enabled for slow datastore recording and time tracking)
474 462 appenlight.slow_requests = true
475 463
476 464 ## enable hooking to application loggers
477 465 appenlight.logging = true
478 466
479 467 ## minimum log level for log capture
480 468 appenlight.logging.level = WARNING
481 469
482 470 ## send logs only from erroneous/slow requests
483 471 ## (saves API quota for intensive logging)
484 472 appenlight.logging_on_error = false
485 473
486 474 ## list of additonal keywords that should be grabbed from environ object
487 475 ## can be string with comma separated list of words in lowercase
488 476 ## (by default client will always send following info:
489 477 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
490 478 ## start with HTTP* this list be extended with additional keywords here
491 479 appenlight.environ_keys_whitelist =
492 480
493 481 ## list of keywords that should be blanked from request object
494 482 ## can be string with comma separated list of words in lowercase
495 483 ## (by default client will always blank keys that contain following words
496 484 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
497 485 ## this list be extended with additional keywords set here
498 486 appenlight.request_keys_blacklist =
499 487
500 488 ## list of namespaces that should be ignores when gathering log entries
501 489 ## can be string with comma separated list of namespaces
502 490 ## (by default the client ignores own entries: appenlight_client.client)
503 491 appenlight.log_namespace_blacklist =
504 492
505 493
506 494 ################################################################################
507 495 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
508 496 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
509 497 ## execute malicious code after an exception is raised. ##
510 498 ################################################################################
511 499 #set debug = false
512 500
513 501 # enable debug style page
514 502 debug_style = true
515 503
516 504 ###########################################
517 505 ### MAIN RHODECODE DATABASE CONFIG ###
518 506 ###########################################
519 507 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
520 508 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
521 509 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
522 510 # pymysql is an alternative driver for MySQL, use in case of problems with default one
523 511 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
524 512
525 513 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
526 514
527 515 # see sqlalchemy docs for other advanced settings
528 516
529 517 ## print the sql statements to output
530 518 sqlalchemy.db1.echo = false
531 519 ## recycle the connections after this amount of seconds
532 520 sqlalchemy.db1.pool_recycle = 3600
533 521 sqlalchemy.db1.convert_unicode = true
534 522
535 523 ## the number of connections to keep open inside the connection pool.
536 524 ## 0 indicates no limit
537 525 #sqlalchemy.db1.pool_size = 5
538 526
539 527 ## the number of connections to allow in connection pool "overflow", that is
540 528 ## connections that can be opened above and beyond the pool_size setting,
541 529 ## which defaults to five.
542 530 #sqlalchemy.db1.max_overflow = 10
543 531
544 532 ## Connection check ping, used to detect broken database connections
545 533 ## could be enabled to better handle cases if MySQL has gone away errors
546 534 #sqlalchemy.db1.ping_connection = true
547 535
548 536 ##################
549 537 ### VCS CONFIG ###
550 538 ##################
551 539 vcs.server.enable = true
552 540 vcs.server = localhost:9900
553 541
554 542 ## Web server connectivity protocol, responsible for web based VCS operatations
555 543 ## Available protocols are:
556 544 ## `http` - use http-rpc backend (default)
557 545 vcs.server.protocol = http
558 546
559 547 ## Push/Pull operations protocol, available options are:
560 548 ## `http` - use http-rpc backend (default)
561 549 vcs.scm_app_implementation = http
562 550
563 551 ## Push/Pull operations hooks protocol, available options are:
564 552 ## `http` - use http-rpc backend (default)
565 553 vcs.hooks.protocol = http
566 554
567 555 ## Host on which this instance is listening for hooks. If vcsserver is in other location
568 556 ## this should be adjusted.
569 557 vcs.hooks.host = 127.0.0.1
570 558
571 559 vcs.server.log_level = debug
572 560 ## Start VCSServer with this instance as a subprocess, useful for development
573 561 vcs.start_server = false
574 562
575 563 ## List of enabled VCS backends, available options are:
576 564 ## `hg` - mercurial
577 565 ## `git` - git
578 566 ## `svn` - subversion
579 567 vcs.backends = hg, git, svn
580 568
581 569 vcs.connection_timeout = 3600
582 570 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
583 571 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
584 572 #vcs.svn.compatible_version = pre-1.8-compatible
585 573
586 574
587 575 ############################################################
588 576 ### Subversion proxy support (mod_dav_svn) ###
589 577 ### Maps RhodeCode repo groups into SVN paths for Apache ###
590 578 ############################################################
591 579 ## Enable or disable the config file generation.
592 580 svn.proxy.generate_config = false
593 581 ## Generate config file with `SVNListParentPath` set to `On`.
594 582 svn.proxy.list_parent_path = true
595 583 ## Set location and file name of generated config file.
596 584 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
597 585 ## alternative mod_dav config template. This needs to be a mako template
598 586 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
599 587 ## Used as a prefix to the `Location` block in the generated config file.
600 588 ## In most cases it should be set to `/`.
601 589 svn.proxy.location_root = /
602 590 ## Command to reload the mod dav svn configuration on change.
603 591 ## Example: `/etc/init.d/apache2 reload`
604 592 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
605 593 ## If the timeout expires before the reload command finishes, the command will
606 594 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
607 595 #svn.proxy.reload_timeout = 10
608 596
609 597 ############################################################
610 598 ### SSH Support Settings ###
611 599 ############################################################
612 600
613 601 ## Defines if a custom authorized_keys file should be created and written on
614 602 ## any change user ssh keys. Setting this to false also disables posibility
615 603 ## of adding SSH keys by users from web interface. Super admins can still
616 604 ## manage SSH Keys.
617 605 ssh.generate_authorized_keyfile = false
618 606
619 607 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
620 608 # ssh.authorized_keys_ssh_opts =
621 609
622 610 ## Path to the authrozied_keys file where the generate entries are placed.
623 611 ## It is possible to have multiple key files specified in `sshd_config` e.g.
624 612 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
625 613 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
626 614
627 615 ## Command to execute the SSH wrapper. The binary is available in the
628 616 ## rhodecode installation directory.
629 617 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
630 618 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
631 619
632 620 ## Allow shell when executing the ssh-wrapper command
633 621 ssh.wrapper_cmd_allow_shell = false
634 622
635 623 ## Enables logging, and detailed output send back to the client during SSH
636 624 ## operations. Usefull for debugging, shouldn't be used in production.
637 625 ssh.enable_debug_logging = true
638 626
639 627 ## Paths to binary executable, by default they are the names, but we can
640 628 ## override them if we want to use a custom one
641 629 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
642 630 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
643 631 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
644 632
645 633
646 634 ## Dummy marker to add new entries after.
647 635 ## Add any custom entries below. Please don't remove.
648 636 custom.conf = 1
649 637
650 638
651 639 ################################
652 640 ### LOGGING CONFIGURATION ####
653 641 ################################
654 642 [loggers]
655 643 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
656 644
657 645 [handlers]
658 646 keys = console, console_sql
659 647
660 648 [formatters]
661 649 keys = generic, color_formatter, color_formatter_sql
662 650
663 651 #############
664 652 ## LOGGERS ##
665 653 #############
666 654 [logger_root]
667 655 level = NOTSET
668 656 handlers = console
669 657
670 658 [logger_sqlalchemy]
671 659 level = INFO
672 660 handlers = console_sql
673 661 qualname = sqlalchemy.engine
674 662 propagate = 0
675 663
676 664 [logger_beaker]
677 665 level = DEBUG
678 666 handlers =
679 667 qualname = beaker.container
680 668 propagate = 1
681 669
682 670 [logger_rhodecode]
683 671 level = DEBUG
684 672 handlers =
685 673 qualname = rhodecode
686 674 propagate = 1
687 675
688 676 [logger_ssh_wrapper]
689 677 level = DEBUG
690 678 handlers =
691 679 qualname = ssh_wrapper
692 680 propagate = 1
693 681
694 682 [logger_celery]
695 683 level = DEBUG
696 684 handlers =
697 685 qualname = celery
698 686
699 687
700 688 ##############
701 689 ## HANDLERS ##
702 690 ##############
703 691
704 692 [handler_console]
705 693 class = StreamHandler
706 694 args = (sys.stderr, )
707 695 level = DEBUG
708 696 formatter = color_formatter
709 697
710 698 [handler_console_sql]
711 699 # "level = DEBUG" logs SQL queries and results.
712 700 # "level = INFO" logs SQL queries.
713 701 # "level = WARN" logs neither. (Recommended for production systems.)
714 702 class = StreamHandler
715 703 args = (sys.stderr, )
716 704 level = WARN
717 705 formatter = color_formatter_sql
718 706
719 707 ################
720 708 ## FORMATTERS ##
721 709 ################
722 710
723 711 [formatter_generic]
724 712 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
725 713 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
726 714 datefmt = %Y-%m-%d %H:%M:%S
727 715
728 716 [formatter_color_formatter]
729 717 class = rhodecode.lib.logging_formatter.ColorFormatter
730 718 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
731 719 datefmt = %Y-%m-%d %H:%M:%S
732 720
733 721 [formatter_color_formatter_sql]
734 722 class = rhodecode.lib.logging_formatter.ColorFormatterSql
735 723 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
736 724 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,708 +1,697 b''
1 1
2 2
3 3 ################################################################################
4 4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 5 ################################################################################
6 6
7 7 [DEFAULT]
8 8 debug = true
9 9
10 10 ################################################################################
11 11 ## EMAIL CONFIGURATION ##
12 12 ## Uncomment and replace with the email address which should receive ##
13 13 ## any error reports after an application crash ##
14 14 ## Additionally these settings will be used by the RhodeCode mailing system ##
15 15 ################################################################################
16 16
17 17 ## prefix all emails subjects with given prefix, helps filtering out emails
18 18 #email_prefix = [RhodeCode]
19 19
20 20 ## email FROM address all mails will be sent
21 21 #app_email_from = rhodecode-noreply@localhost
22 22
23 ## Uncomment and replace with the address which should receive any error report
24 ## note: using appenlight for error handling doesn't need this to be uncommented
25 #email_to = admin@localhost
26
27 ## in case of Application errors, sent an error email form
28 #error_email_from = rhodecode_error@localhost
29
30 ## additional error message to be send in case of server crash
31 #error_message =
32
33
34 23 #smtp_server = mail.server.com
35 24 #smtp_username =
36 25 #smtp_password =
37 26 #smtp_port =
38 27 #smtp_use_tls = false
39 28 #smtp_use_ssl = true
40 29 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
41 30 #smtp_auth =
42 31
43 32 [server:main]
44 33 ## COMMON ##
45 34 host = 127.0.0.1
46 35 port = 5000
47 36
48 37 ###########################################################
49 38 ## WAITRESS WSGI SERVER - Recommended for Development ####
50 39 ###########################################################
51 40
52 41 #use = egg:waitress#main
53 42 ## number of worker threads
54 43 #threads = 5
55 44 ## MAX BODY SIZE 100GB
56 45 #max_request_body_size = 107374182400
57 46 ## Use poll instead of select, fixes file descriptors limits problems.
58 47 ## May not work on old windows systems.
59 48 #asyncore_use_poll = true
60 49
61 50
62 51 ##########################
63 52 ## GUNICORN WSGI SERVER ##
64 53 ##########################
65 54 ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
66 55
67 56 use = egg:gunicorn#main
68 57 ## Sets the number of process workers. More workers means more concurent connections
69 58 ## RhodeCode can handle at the same time. Each additional worker also it increases
70 59 ## memory usage as each has it's own set of caches.
71 60 ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
72 61 ## than 8-10 unless for really big deployments .e.g 700-1000 users.
73 62 ## `instance_id = *` must be set in the [app:main] section below (which is the default)
74 63 ## when using more than 1 worker.
75 64 workers = 2
76 65 ## process name visible in process list
77 66 proc_name = rhodecode
78 67 ## type of worker class, one of sync, gevent
79 68 ## recommended for bigger setup is using of of other than sync one
80 69 worker_class = gevent
81 70 ## The maximum number of simultaneous clients. Valid only for Gevent
82 71 worker_connections = 10
83 72 ## max number of requests that worker will handle before being gracefully
84 73 ## restarted, could prevent memory leaks
85 74 max_requests = 1000
86 75 max_requests_jitter = 30
87 76 ## amount of time a worker can spend with handling a request before it
88 77 ## gets killed and restarted. Set to 6hrs
89 78 timeout = 21600
90 79
91 80
92 81 ## prefix middleware for RhodeCode.
93 82 ## recommended when using proxy setup.
94 83 ## allows to set RhodeCode under a prefix in server.
95 84 ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
96 85 ## And set your prefix like: `prefix = /custom_prefix`
97 86 ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
98 87 ## to make your cookies only work on prefix url
99 88 [filter:proxy-prefix]
100 89 use = egg:PasteDeploy#prefix
101 90 prefix = /
102 91
103 92 [app:main]
104 93 ## The %(here)s variable will be replaced with the absolute path of parent directory
105 94 ## of this file
106 95 ## In addition ENVIRONMENT variables usage is possible, e.g
107 96 ## sqlalchemy.db1.url = {ENV_RC_DB_URL}
108 97
109 98 use = egg:rhodecode-enterprise-ce
110 99
111 100 ## enable proxy prefix middleware, defined above
112 101 #filter-with = proxy-prefix
113 102
114 103 ## encryption key used to encrypt social plugin tokens,
115 104 ## remote_urls with credentials etc, if not set it defaults to
116 105 ## `beaker.session.secret`
117 106 #rhodecode.encrypted_values.secret =
118 107
119 108 ## decryption strict mode (enabled by default). It controls if decryption raises
120 109 ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
121 110 #rhodecode.encrypted_values.strict = false
122 111
123 112 ## return gzipped responses from Rhodecode (static files/application)
124 113 gzip_responses = false
125 114
126 115 ## autogenerate javascript routes file on startup
127 116 generate_js_files = false
128 117
129 118 ## System global default language.
130 119 ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
131 120 lang = en
132 121
133 122 ## Perform a full repository scan and import on each server start.
134 123 ## Settings this to true could lead to very long startup time.
135 124 startup.import_repos = false
136 125
137 126 ## Uncomment and set this path to use archive download cache.
138 127 ## Once enabled, generated archives will be cached at this location
139 128 ## and served from the cache during subsequent requests for the same archive of
140 129 ## the repository.
141 130 #archive_cache_dir = /tmp/tarballcache
142 131
143 132 ## URL at which the application is running. This is used for bootstraping
144 133 ## requests in context when no web request is available. Used in ishell, or
145 134 ## SSH calls. Set this for events to receive proper url for SSH calls.
146 135 app.base_url = http://rhodecode.local
147 136
148 137 ## Unique application ID. Should be a random unique string for security.
149 138 app_instance_uuid = rc-production
150 139
151 140 ## Cut off limit for large diffs (size in bytes). If overall diff size on
152 141 ## commit, or pull request exceeds this limit this diff will be displayed
153 142 ## partially. E.g 512000 == 512Kb
154 143 cut_off_limit_diff = 512000
155 144
156 145 ## Cut off limit for large files inside diffs (size in bytes). Each individual
157 146 ## file inside diff which exceeds this limit will be displayed partially.
158 147 ## E.g 128000 == 128Kb
159 148 cut_off_limit_file = 128000
160 149
161 150 ## use cached version of vcs repositories everywhere. Recommended to be `true`
162 151 vcs_full_cache = true
163 152
164 153 ## Force https in RhodeCode, fixes https redirects, assumes it's always https.
165 154 ## Normally this is controlled by proper http flags sent from http server
166 155 force_https = false
167 156
168 157 ## use Strict-Transport-Security headers
169 158 use_htsts = false
170 159
171 160 ## git rev filter option, --all is the default filter, if you need to
172 161 ## hide all refs in changelog switch this to --branches --tags
173 162 git_rev_filter = --branches --tags
174 163
175 164 # Set to true if your repos are exposed using the dumb protocol
176 165 git_update_server_info = false
177 166
178 167 ## RSS/ATOM feed options
179 168 rss_cut_off_limit = 256000
180 169 rss_items_per_page = 10
181 170 rss_include_diff = false
182 171
183 172 ## gist URL alias, used to create nicer urls for gist. This should be an
184 173 ## url that does rewrites to _admin/gists/{gistid}.
185 174 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
186 175 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
187 176 gist_alias_url =
188 177
189 178 ## List of views (using glob pattern syntax) that AUTH TOKENS could be
190 179 ## used for access.
191 180 ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
192 181 ## came from the the logged in user who own this authentication token.
193 182 ## Additionally @TOKEN syntaxt can be used to bound the view to specific
194 183 ## authentication token. Such view would be only accessible when used together
195 184 ## with this authentication token
196 185 ##
197 186 ## list of all views can be found under `/_admin/permissions/auth_token_access`
198 187 ## The list should be "," separated and on a single line.
199 188 ##
200 189 ## Most common views to enable:
201 190 # RepoCommitsView:repo_commit_download
202 191 # RepoCommitsView:repo_commit_patch
203 192 # RepoCommitsView:repo_commit_raw
204 193 # RepoCommitsView:repo_commit_raw@TOKEN
205 194 # RepoFilesView:repo_files_diff
206 195 # RepoFilesView:repo_archivefile
207 196 # RepoFilesView:repo_file_raw
208 197 # GistView:*
209 198 api_access_controllers_whitelist =
210 199
211 200 ## Default encoding used to convert from and to unicode
212 201 ## can be also a comma separated list of encoding in case of mixed encodings
213 202 default_encoding = UTF-8
214 203
215 204 ## instance-id prefix
216 205 ## a prefix key for this instance used for cache invalidation when running
217 206 ## multiple instances of rhodecode, make sure it's globally unique for
218 207 ## all running rhodecode instances. Leave empty if you don't use it
219 208 instance_id =
220 209
221 210 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
222 211 ## of an authentication plugin also if it is disabled by it's settings.
223 212 ## This could be useful if you are unable to log in to the system due to broken
224 213 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
225 214 ## module to log in again and fix the settings.
226 215 ##
227 216 ## Available builtin plugin IDs (hash is part of the ID):
228 217 ## egg:rhodecode-enterprise-ce#rhodecode
229 218 ## egg:rhodecode-enterprise-ce#pam
230 219 ## egg:rhodecode-enterprise-ce#ldap
231 220 ## egg:rhodecode-enterprise-ce#jasig_cas
232 221 ## egg:rhodecode-enterprise-ce#headers
233 222 ## egg:rhodecode-enterprise-ce#crowd
234 223 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
235 224
236 225 ## alternative return HTTP header for failed authentication. Default HTTP
237 226 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
238 227 ## handling that causing a series of failed authentication calls.
239 228 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
240 229 ## This will be served instead of default 401 on bad authnetication
241 230 auth_ret_code =
242 231
243 232 ## use special detection method when serving auth_ret_code, instead of serving
244 233 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
245 234 ## and then serve auth_ret_code to clients
246 235 auth_ret_code_detection = false
247 236
248 237 ## locking return code. When repository is locked return this HTTP code. 2XX
249 238 ## codes don't break the transactions while 4XX codes do
250 239 lock_ret_code = 423
251 240
252 241 ## allows to change the repository location in settings page
253 242 allow_repo_location_change = true
254 243
255 244 ## allows to setup custom hooks in settings page
256 245 allow_custom_hooks_settings = true
257 246
258 247 ## Generated license token required for EE edition license.
259 248 ## New generated token value can be found in Admin > settings > license page.
260 249 license_token =
261 250
262 251 ## supervisor connection uri, for managing supervisor and logs.
263 252 supervisor.uri =
264 253 ## supervisord group name/id we only want this RC instance to handle
265 254 supervisor.group_id = prod
266 255
267 256 ## Display extended labs settings
268 257 labs_settings_active = true
269 258
270 259 ## custom exception store path, defaults to TMPDIR
271 exception_store_path =
260 exception_tracker.store_path =
272 261
273 262
274 263 ####################################
275 264 ### CELERY CONFIG ####
276 265 ####################################
277 266 ## run: /path/to/celery worker \
278 267 ## -E --beat --app rhodecode.lib.celerylib.loader \
279 268 ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
280 269 ## --loglevel DEBUG --ini /path/to/rhodecode.ini
281 270
282 271 use_celery = false
283 272
284 273 ## connection url to the message broker (default rabbitmq)
285 274 celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
286 275
287 276 ## maximum tasks to execute before worker restart
288 277 celery.max_tasks_per_child = 100
289 278
290 279 ## tasks will never be sent to the queue, but executed locally instead.
291 280 celery.task_always_eager = false
292 281
293 282 #####################################
294 283 ### DOGPILE CACHE ####
295 284 #####################################
296 285 ## Default cache dir for caches. Putting this into a ramdisk
297 286 ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
298 287 ## large amount of space
299 288 cache_dir = %(here)s/data
300 289
301 290 ## `cache_perms` cache settings for permission tree, auth TTL.
302 291 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
303 292 rc_cache.cache_perms.expiration_time = 300
304 293
305 294 ## alternative `cache_perms` redis backend with distributed lock
306 295 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
307 296 #rc_cache.cache_perms.expiration_time = 300
308 297 ## redis_expiration_time needs to be greater then expiration_time
309 298 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
310 299 #rc_cache.cache_perms.arguments.socket_timeout = 30
311 300 #rc_cache.cache_perms.arguments.host = localhost
312 301 #rc_cache.cache_perms.arguments.port = 6379
313 302 #rc_cache.cache_perms.arguments.db = 0
314 303 #rc_cache.cache_perms.arguments.distributed_lock = true
315 304
316 305 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
317 306 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
318 307 rc_cache.cache_repo.expiration_time = 2592000
319 308
320 309 ## alternative `cache_repo` redis backend with distributed lock
321 310 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
322 311 #rc_cache.cache_repo.expiration_time = 2592000
323 312 ## redis_expiration_time needs to be greater then expiration_time
324 313 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
325 314 #rc_cache.cache_repo.arguments.socket_timeout = 30
326 315 #rc_cache.cache_repo.arguments.host = localhost
327 316 #rc_cache.cache_repo.arguments.port = 6379
328 317 #rc_cache.cache_repo.arguments.db = 1
329 318 #rc_cache.cache_repo.arguments.distributed_lock = true
330 319
331 320 ## cache settings for SQL queries, this needs to use memory type backend
332 321 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
333 322 rc_cache.sql_cache_short.expiration_time = 30
334 323
335 324 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
336 325 ## type backend as the objects kept are not pickle serializable
337 326 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
338 327 ## by default we use 96H, this is using invalidation on push anyway
339 328 rc_cache.cache_repo_longterm.expiration_time = 345600
340 329 ## max items in LRU cache, reduce this number to save memory, and expire last used
341 330 ## cached objects
342 331 rc_cache.cache_repo_longterm.max_size = 10000
343 332
344 333
345 334 ####################################
346 335 ### BEAKER SESSION ####
347 336 ####################################
348 337
349 338 ## .session.type is type of storage options for the session, current allowed
350 339 ## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
351 340 beaker.session.type = file
352 341 beaker.session.data_dir = %(here)s/data/sessions
353 342
354 343 ## db based session, fast, and allows easy management over logged in users
355 344 #beaker.session.type = ext:database
356 345 #beaker.session.table_name = db_session
357 346 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
358 347 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
359 348 #beaker.session.sa.pool_recycle = 3600
360 349 #beaker.session.sa.echo = false
361 350
362 351 beaker.session.key = rhodecode
363 352 beaker.session.secret = production-rc-uytcxaz
364 353 beaker.session.lock_dir = %(here)s/data/sessions/lock
365 354
366 355 ## Secure encrypted cookie. Requires AES and AES python libraries
367 356 ## you must disable beaker.session.secret to use this
368 357 #beaker.session.encrypt_key = key_for_encryption
369 358 #beaker.session.validate_key = validation_key
370 359
371 360 ## sets session as invalid(also logging out user) if it haven not been
372 361 ## accessed for given amount of time in seconds
373 362 beaker.session.timeout = 2592000
374 363 beaker.session.httponly = true
375 364 ## Path to use for the cookie. Set to prefix if you use prefix middleware
376 365 #beaker.session.cookie_path = /custom_prefix
377 366
378 367 ## uncomment for https secure cookie
379 368 beaker.session.secure = false
380 369
381 370 ## auto save the session to not to use .save()
382 371 beaker.session.auto = false
383 372
384 373 ## default cookie expiration time in seconds, set to `true` to set expire
385 374 ## at browser close
386 375 #beaker.session.cookie_expires = 3600
387 376
388 377 ###################################
389 378 ## SEARCH INDEXING CONFIGURATION ##
390 379 ###################################
391 380 ## Full text search indexer is available in rhodecode-tools under
392 381 ## `rhodecode-tools index` command
393 382
394 383 ## WHOOSH Backend, doesn't require additional services to run
395 384 ## it works good with few dozen repos
396 385 search.module = rhodecode.lib.index.whoosh
397 386 search.location = %(here)s/data/index
398 387
399 388 ########################################
400 389 ### CHANNELSTREAM CONFIG ####
401 390 ########################################
402 391 ## channelstream enables persistent connections and live notification
403 392 ## in the system. It's also used by the chat system
404 393 channelstream.enabled = false
405 394
406 395 ## server address for channelstream server on the backend
407 396 channelstream.server = 127.0.0.1:9800
408 397
409 398 ## location of the channelstream server from outside world
410 399 ## use ws:// for http or wss:// for https. This address needs to be handled
411 400 ## by external HTTP server such as Nginx or Apache
412 401 ## see nginx/apache configuration examples in our docs
413 402 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
414 403 channelstream.secret = secret
415 404 channelstream.history.location = %(here)s/channelstream_history
416 405
417 406 ## Internal application path that Javascript uses to connect into.
418 407 ## If you use proxy-prefix the prefix should be added before /_channelstream
419 408 channelstream.proxy_path = /_channelstream
420 409
421 410
422 411 ###################################
423 412 ## APPENLIGHT CONFIG ##
424 413 ###################################
425 414
426 415 ## Appenlight is tailored to work with RhodeCode, see
427 416 ## http://appenlight.com for details how to obtain an account
428 417
429 418 ## appenlight integration enabled
430 419 appenlight = false
431 420
432 421 appenlight.server_url = https://api.appenlight.com
433 422 appenlight.api_key = YOUR_API_KEY
434 423 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
435 424
436 425 # used for JS client
437 426 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
438 427
439 428 ## TWEAK AMOUNT OF INFO SENT HERE
440 429
441 430 ## enables 404 error logging (default False)
442 431 appenlight.report_404 = false
443 432
444 433 ## time in seconds after request is considered being slow (default 1)
445 434 appenlight.slow_request_time = 1
446 435
447 436 ## record slow requests in application
448 437 ## (needs to be enabled for slow datastore recording and time tracking)
449 438 appenlight.slow_requests = true
450 439
451 440 ## enable hooking to application loggers
452 441 appenlight.logging = true
453 442
454 443 ## minimum log level for log capture
455 444 appenlight.logging.level = WARNING
456 445
457 446 ## send logs only from erroneous/slow requests
458 447 ## (saves API quota for intensive logging)
459 448 appenlight.logging_on_error = false
460 449
461 450 ## list of additonal keywords that should be grabbed from environ object
462 451 ## can be string with comma separated list of words in lowercase
463 452 ## (by default client will always send following info:
464 453 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
465 454 ## start with HTTP* this list be extended with additional keywords here
466 455 appenlight.environ_keys_whitelist =
467 456
468 457 ## list of keywords that should be blanked from request object
469 458 ## can be string with comma separated list of words in lowercase
470 459 ## (by default client will always blank keys that contain following words
471 460 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
472 461 ## this list be extended with additional keywords set here
473 462 appenlight.request_keys_blacklist =
474 463
475 464 ## list of namespaces that should be ignores when gathering log entries
476 465 ## can be string with comma separated list of namespaces
477 466 ## (by default the client ignores own entries: appenlight_client.client)
478 467 appenlight.log_namespace_blacklist =
479 468
480 469
481 470 ################################################################################
482 471 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
483 472 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
484 473 ## execute malicious code after an exception is raised. ##
485 474 ################################################################################
486 475 set debug = false
487 476
488 477
489 478 ###########################################
490 479 ### MAIN RHODECODE DATABASE CONFIG ###
491 480 ###########################################
492 481 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
493 482 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
494 483 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
495 484 # pymysql is an alternative driver for MySQL, use in case of problems with default one
496 485 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
497 486
498 487 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
499 488
500 489 # see sqlalchemy docs for other advanced settings
501 490
502 491 ## print the sql statements to output
503 492 sqlalchemy.db1.echo = false
504 493 ## recycle the connections after this amount of seconds
505 494 sqlalchemy.db1.pool_recycle = 3600
506 495 sqlalchemy.db1.convert_unicode = true
507 496
508 497 ## the number of connections to keep open inside the connection pool.
509 498 ## 0 indicates no limit
510 499 #sqlalchemy.db1.pool_size = 5
511 500
512 501 ## the number of connections to allow in connection pool "overflow", that is
513 502 ## connections that can be opened above and beyond the pool_size setting,
514 503 ## which defaults to five.
515 504 #sqlalchemy.db1.max_overflow = 10
516 505
517 506 ## Connection check ping, used to detect broken database connections
518 507 ## could be enabled to better handle cases if MySQL has gone away errors
519 508 #sqlalchemy.db1.ping_connection = true
520 509
521 510 ##################
522 511 ### VCS CONFIG ###
523 512 ##################
524 513 vcs.server.enable = true
525 514 vcs.server = localhost:9900
526 515
527 516 ## Web server connectivity protocol, responsible for web based VCS operatations
528 517 ## Available protocols are:
529 518 ## `http` - use http-rpc backend (default)
530 519 vcs.server.protocol = http
531 520
532 521 ## Push/Pull operations protocol, available options are:
533 522 ## `http` - use http-rpc backend (default)
534 523 vcs.scm_app_implementation = http
535 524
536 525 ## Push/Pull operations hooks protocol, available options are:
537 526 ## `http` - use http-rpc backend (default)
538 527 vcs.hooks.protocol = http
539 528 ## Host on which this instance is listening for hooks. If vcsserver is in other location
540 529 ## this should be adjusted.
541 530 vcs.hooks.host = 127.0.0.1
542 531
543 532 vcs.server.log_level = info
544 533 ## Start VCSServer with this instance as a subprocess, useful for development
545 534 vcs.start_server = false
546 535
547 536 ## List of enabled VCS backends, available options are:
548 537 ## `hg` - mercurial
549 538 ## `git` - git
550 539 ## `svn` - subversion
551 540 vcs.backends = hg, git, svn
552 541
553 542 vcs.connection_timeout = 3600
554 543 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
555 544 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
556 545 #vcs.svn.compatible_version = pre-1.8-compatible
557 546
558 547
559 548 ############################################################
560 549 ### Subversion proxy support (mod_dav_svn) ###
561 550 ### Maps RhodeCode repo groups into SVN paths for Apache ###
562 551 ############################################################
563 552 ## Enable or disable the config file generation.
564 553 svn.proxy.generate_config = false
565 554 ## Generate config file with `SVNListParentPath` set to `On`.
566 555 svn.proxy.list_parent_path = true
567 556 ## Set location and file name of generated config file.
568 557 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
569 558 ## alternative mod_dav config template. This needs to be a mako template
570 559 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
571 560 ## Used as a prefix to the `Location` block in the generated config file.
572 561 ## In most cases it should be set to `/`.
573 562 svn.proxy.location_root = /
574 563 ## Command to reload the mod dav svn configuration on change.
575 564 ## Example: `/etc/init.d/apache2 reload`
576 565 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
577 566 ## If the timeout expires before the reload command finishes, the command will
578 567 ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
579 568 #svn.proxy.reload_timeout = 10
580 569
581 570 ############################################################
582 571 ### SSH Support Settings ###
583 572 ############################################################
584 573
585 574 ## Defines if a custom authorized_keys file should be created and written on
586 575 ## any change user ssh keys. Setting this to false also disables posibility
587 576 ## of adding SSH keys by users from web interface. Super admins can still
588 577 ## manage SSH Keys.
589 578 ssh.generate_authorized_keyfile = false
590 579
591 580 ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
592 581 # ssh.authorized_keys_ssh_opts =
593 582
594 583 ## Path to the authrozied_keys file where the generate entries are placed.
595 584 ## It is possible to have multiple key files specified in `sshd_config` e.g.
596 585 ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
597 586 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
598 587
599 588 ## Command to execute the SSH wrapper. The binary is available in the
600 589 ## rhodecode installation directory.
601 590 ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
602 591 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
603 592
604 593 ## Allow shell when executing the ssh-wrapper command
605 594 ssh.wrapper_cmd_allow_shell = false
606 595
607 596 ## Enables logging, and detailed output send back to the client during SSH
608 597 ## operations. Usefull for debugging, shouldn't be used in production.
609 598 ssh.enable_debug_logging = false
610 599
611 600 ## Paths to binary executable, by default they are the names, but we can
612 601 ## override them if we want to use a custom one
613 602 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
614 603 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
615 604 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
616 605
617 606
618 607 ## Dummy marker to add new entries after.
619 608 ## Add any custom entries below. Please don't remove.
620 609 custom.conf = 1
621 610
622 611
623 612 ################################
624 613 ### LOGGING CONFIGURATION ####
625 614 ################################
626 615 [loggers]
627 616 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
628 617
629 618 [handlers]
630 619 keys = console, console_sql
631 620
632 621 [formatters]
633 622 keys = generic, color_formatter, color_formatter_sql
634 623
635 624 #############
636 625 ## LOGGERS ##
637 626 #############
638 627 [logger_root]
639 628 level = NOTSET
640 629 handlers = console
641 630
642 631 [logger_sqlalchemy]
643 632 level = INFO
644 633 handlers = console_sql
645 634 qualname = sqlalchemy.engine
646 635 propagate = 0
647 636
648 637 [logger_beaker]
649 638 level = DEBUG
650 639 handlers =
651 640 qualname = beaker.container
652 641 propagate = 1
653 642
654 643 [logger_rhodecode]
655 644 level = DEBUG
656 645 handlers =
657 646 qualname = rhodecode
658 647 propagate = 1
659 648
660 649 [logger_ssh_wrapper]
661 650 level = DEBUG
662 651 handlers =
663 652 qualname = ssh_wrapper
664 653 propagate = 1
665 654
666 655 [logger_celery]
667 656 level = DEBUG
668 657 handlers =
669 658 qualname = celery
670 659
671 660
672 661 ##############
673 662 ## HANDLERS ##
674 663 ##############
675 664
676 665 [handler_console]
677 666 class = StreamHandler
678 667 args = (sys.stderr, )
679 668 level = INFO
680 669 formatter = generic
681 670
682 671 [handler_console_sql]
683 672 # "level = DEBUG" logs SQL queries and results.
684 673 # "level = INFO" logs SQL queries.
685 674 # "level = WARN" logs neither. (Recommended for production systems.)
686 675 class = StreamHandler
687 676 args = (sys.stderr, )
688 677 level = WARN
689 678 formatter = generic
690 679
691 680 ################
692 681 ## FORMATTERS ##
693 682 ################
694 683
695 684 [formatter_generic]
696 685 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
697 686 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
698 687 datefmt = %Y-%m-%d %H:%M:%S
699 688
700 689 [formatter_color_formatter]
701 690 class = rhodecode.lib.logging_formatter.ColorFormatter
702 691 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
703 692 datefmt = %Y-%m-%d %H:%M:%S
704 693
705 694 [formatter_color_formatter_sql]
706 695 class = rhodecode.lib.logging_formatter.ColorFormatterSql
707 696 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
708 697 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -1,582 +1,582 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import os
22 22 import sys
23 23 import logging
24 24 import collections
25 25 import tempfile
26 26
27 27 from paste.gzipper import make_gzip_middleware
28 28 import pyramid.events
29 29 from pyramid.wsgi import wsgiapp
30 30 from pyramid.authorization import ACLAuthorizationPolicy
31 31 from pyramid.config import Configurator
32 32 from pyramid.settings import asbool, aslist
33 33 from pyramid.httpexceptions import (
34 34 HTTPException, HTTPError, HTTPInternalServerError, HTTPFound, HTTPNotFound)
35 35 from pyramid.renderers import render_to_response
36 36
37 37 from rhodecode.model import meta
38 38 from rhodecode.config import patches
39 39 from rhodecode.config import utils as config_utils
40 40 from rhodecode.config.environment import load_pyramid_environment
41 41
42 42 import rhodecode.events
43 43 from rhodecode.lib.middleware.vcs import VCSMiddleware
44 44 from rhodecode.lib.request import Request
45 45 from rhodecode.lib.vcs import VCSCommunicationError
46 46 from rhodecode.lib.exceptions import VCSServerUnavailable
47 47 from rhodecode.lib.middleware.appenlight import wrap_in_appenlight_if_enabled
48 48 from rhodecode.lib.middleware.https_fixup import HttpsFixup
49 49 from rhodecode.lib.celerylib.loader import configure_celery
50 50 from rhodecode.lib.plugins.utils import register_rhodecode_plugin
51 51 from rhodecode.lib.utils2 import aslist as rhodecode_aslist, AttributeDict
52 52 from rhodecode.lib.exc_tracking import store_exception
53 53 from rhodecode.subscribers import (
54 54 scan_repositories_if_enabled, write_js_routes_if_enabled,
55 55 write_metadata_if_needed, inject_app_settings)
56 56
57 57
58 58 log = logging.getLogger(__name__)
59 59
60 60
61 61 def is_http_error(response):
62 62 # error which should have traceback
63 63 return response.status_code > 499
64 64
65 65
66 66 def make_pyramid_app(global_config, **settings):
67 67 """
68 68 Constructs the WSGI application based on Pyramid.
69 69
70 70 Specials:
71 71
72 72 * The application can also be integrated like a plugin via the call to
73 73 `includeme`. This is accompanied with the other utility functions which
74 74 are called. Changing this should be done with great care to not break
75 75 cases when these fragments are assembled from another place.
76 76
77 77 """
78 78
79 79 # Allows to use format style "{ENV_NAME}" placeholders in the configuration. It
80 80 # will be replaced by the value of the environment variable "NAME" in this case.
81 81 environ = {
82 82 'ENV_{}'.format(key): value for key, value in os.environ.items()}
83 83
84 84 global_config = _substitute_values(global_config, environ)
85 85 settings = _substitute_values(settings, environ)
86 86
87 87 sanitize_settings_and_apply_defaults(settings)
88 88
89 89 config = Configurator(settings=settings)
90 90
91 91 # Apply compatibility patches
92 92 patches.inspect_getargspec()
93 93
94 94 load_pyramid_environment(global_config, settings)
95 95
96 96 # Static file view comes first
97 97 includeme_first(config)
98 98
99 99 includeme(config)
100 100
101 101 pyramid_app = config.make_wsgi_app()
102 102 pyramid_app = wrap_app_in_wsgi_middlewares(pyramid_app, config)
103 103 pyramid_app.config = config
104 104
105 105 config.configure_celery(global_config['__file__'])
106 106 # creating the app uses a connection - return it after we are done
107 107 meta.Session.remove()
108 108
109 109 log.info('Pyramid app %s created and configured.', pyramid_app)
110 110 return pyramid_app
111 111
112 112
113 113 def not_found_view(request):
114 114 """
115 115 This creates the view which should be registered as not-found-view to
116 116 pyramid.
117 117 """
118 118
119 119 if not getattr(request, 'vcs_call', None):
120 120 # handle like regular case with our error_handler
121 121 return error_handler(HTTPNotFound(), request)
122 122
123 123 # handle not found view as a vcs call
124 124 settings = request.registry.settings
125 125 ae_client = getattr(request, 'ae_client', None)
126 126 vcs_app = VCSMiddleware(
127 127 HTTPNotFound(), request.registry, settings,
128 128 appenlight_client=ae_client)
129 129
130 130 return wsgiapp(vcs_app)(None, request)
131 131
132 132
133 133 def error_handler(exception, request):
134 134 import rhodecode
135 135 from rhodecode.lib import helpers
136 136
137 137 rhodecode_title = rhodecode.CONFIG.get('rhodecode_title') or 'RhodeCode'
138 138
139 139 base_response = HTTPInternalServerError()
140 140 # prefer original exception for the response since it may have headers set
141 141 if isinstance(exception, HTTPException):
142 142 base_response = exception
143 143 elif isinstance(exception, VCSCommunicationError):
144 144 base_response = VCSServerUnavailable()
145 145
146 146 if is_http_error(base_response):
147 147 log.exception(
148 148 'error occurred handling this request for path: %s', request.path)
149 149
150 150 error_explanation = base_response.explanation or str(base_response)
151 151 if base_response.status_code == 404:
152 152 error_explanation += " Or you don't have permission to access it."
153 153 c = AttributeDict()
154 154 c.error_message = base_response.status
155 155 c.error_explanation = error_explanation
156 156 c.visual = AttributeDict()
157 157
158 158 c.visual.rhodecode_support_url = (
159 159 request.registry.settings.get('rhodecode_support_url') or
160 160 request.route_url('rhodecode_support')
161 161 )
162 162 c.redirect_time = 0
163 163 c.rhodecode_name = rhodecode_title
164 164 if not c.rhodecode_name:
165 165 c.rhodecode_name = 'Rhodecode'
166 166
167 167 c.causes = []
168 168 if is_http_error(base_response):
169 169 c.causes.append('Server is overloaded.')
170 170 c.causes.append('Server database connection is lost.')
171 171 c.causes.append('Server expected unhandled error.')
172 172
173 173 if hasattr(base_response, 'causes'):
174 174 c.causes = base_response.causes
175 175
176 176 c.messages = helpers.flash.pop_messages(request=request)
177 177
178 178 exc_info = sys.exc_info()
179 179 c.exception_id = id(exc_info)
180 180 c.show_exception_id = isinstance(base_response, VCSServerUnavailable) \
181 181 or base_response.status_code > 499
182 182 c.exception_id_url = request.route_url(
183 183 'admin_settings_exception_tracker_show', exception_id=c.exception_id)
184 184
185 185 if c.show_exception_id:
186 186 store_exception(c.exception_id, exc_info)
187 187
188 188 response = render_to_response(
189 189 '/errors/error_document.mako', {'c': c, 'h': helpers}, request=request,
190 190 response=base_response)
191 191
192 192 return response
193 193
194 194
195 195 def includeme_first(config):
196 196 # redirect automatic browser favicon.ico requests to correct place
197 197 def favicon_redirect(context, request):
198 198 return HTTPFound(
199 199 request.static_path('rhodecode:public/images/favicon.ico'))
200 200
201 201 config.add_view(favicon_redirect, route_name='favicon')
202 202 config.add_route('favicon', '/favicon.ico')
203 203
204 204 def robots_redirect(context, request):
205 205 return HTTPFound(
206 206 request.static_path('rhodecode:public/robots.txt'))
207 207
208 208 config.add_view(robots_redirect, route_name='robots')
209 209 config.add_route('robots', '/robots.txt')
210 210
211 211 config.add_static_view(
212 212 '_static/deform', 'deform:static')
213 213 config.add_static_view(
214 214 '_static/rhodecode', path='rhodecode:public', cache_max_age=3600 * 24)
215 215
216 216
217 217 def includeme(config):
218 218 settings = config.registry.settings
219 219 config.set_request_factory(Request)
220 220
221 221 # plugin information
222 222 config.registry.rhodecode_plugins = collections.OrderedDict()
223 223
224 224 config.add_directive(
225 225 'register_rhodecode_plugin', register_rhodecode_plugin)
226 226
227 227 config.add_directive('configure_celery', configure_celery)
228 228
229 229 if asbool(settings.get('appenlight', 'false')):
230 230 config.include('appenlight_client.ext.pyramid_tween')
231 231
232 232 # Includes which are required. The application would fail without them.
233 233 config.include('pyramid_mako')
234 234 config.include('pyramid_beaker')
235 235 config.include('rhodecode.lib.rc_cache')
236 236
237 237 config.include('rhodecode.authentication')
238 238 config.include('rhodecode.integrations')
239 239
240 240 # apps
241 241 config.include('rhodecode.apps._base')
242 242 config.include('rhodecode.apps.ops')
243 243
244 244 config.include('rhodecode.apps.admin')
245 245 config.include('rhodecode.apps.channelstream')
246 246 config.include('rhodecode.apps.login')
247 247 config.include('rhodecode.apps.home')
248 248 config.include('rhodecode.apps.journal')
249 249 config.include('rhodecode.apps.repository')
250 250 config.include('rhodecode.apps.repo_group')
251 251 config.include('rhodecode.apps.user_group')
252 252 config.include('rhodecode.apps.search')
253 253 config.include('rhodecode.apps.user_profile')
254 254 config.include('rhodecode.apps.user_group_profile')
255 255 config.include('rhodecode.apps.my_account')
256 256 config.include('rhodecode.apps.svn_support')
257 257 config.include('rhodecode.apps.ssh_support')
258 258 config.include('rhodecode.apps.gist')
259 259
260 260 config.include('rhodecode.apps.debug_style')
261 261 config.include('rhodecode.tweens')
262 262 config.include('rhodecode.api')
263 263
264 264 config.add_route(
265 265 'rhodecode_support', 'https://rhodecode.com/help/', static=True)
266 266
267 267 config.add_translation_dirs('rhodecode:i18n/')
268 268 settings['default_locale_name'] = settings.get('lang', 'en')
269 269
270 270 # Add subscribers.
271 271 config.add_subscriber(inject_app_settings,
272 272 pyramid.events.ApplicationCreated)
273 273 config.add_subscriber(scan_repositories_if_enabled,
274 274 pyramid.events.ApplicationCreated)
275 275 config.add_subscriber(write_metadata_if_needed,
276 276 pyramid.events.ApplicationCreated)
277 277 config.add_subscriber(write_js_routes_if_enabled,
278 278 pyramid.events.ApplicationCreated)
279 279
280 280 # request custom methods
281 281 config.add_request_method(
282 282 'rhodecode.lib.partial_renderer.get_partial_renderer',
283 283 'get_partial_renderer')
284 284
285 285 # Set the authorization policy.
286 286 authz_policy = ACLAuthorizationPolicy()
287 287 config.set_authorization_policy(authz_policy)
288 288
289 289 # Set the default renderer for HTML templates to mako.
290 290 config.add_mako_renderer('.html')
291 291
292 292 config.add_renderer(
293 293 name='json_ext',
294 294 factory='rhodecode.lib.ext_json_renderer.pyramid_ext_json')
295 295
296 296 # include RhodeCode plugins
297 297 includes = aslist(settings.get('rhodecode.includes', []))
298 298 for inc in includes:
299 299 config.include(inc)
300 300
301 301 # custom not found view, if our pyramid app doesn't know how to handle
302 302 # the request pass it to potential VCS handling ap
303 303 config.add_notfound_view(not_found_view)
304 304 if not settings.get('debugtoolbar.enabled', False):
305 305 # disabled debugtoolbar handle all exceptions via the error_handlers
306 306 config.add_view(error_handler, context=Exception)
307 307
308 308 # all errors including 403/404/50X
309 309 config.add_view(error_handler, context=HTTPError)
310 310
311 311
312 312 def wrap_app_in_wsgi_middlewares(pyramid_app, config):
313 313 """
314 314 Apply outer WSGI middlewares around the application.
315 315 """
316 316 registry = config.registry
317 317 settings = registry.settings
318 318
319 319 # enable https redirects based on HTTP_X_URL_SCHEME set by proxy
320 320 pyramid_app = HttpsFixup(pyramid_app, settings)
321 321
322 322 pyramid_app, _ae_client = wrap_in_appenlight_if_enabled(
323 323 pyramid_app, settings)
324 324 registry.ae_client = _ae_client
325 325
326 326 if settings['gzip_responses']:
327 327 pyramid_app = make_gzip_middleware(
328 328 pyramid_app, settings, compress_level=1)
329 329
330 330 # this should be the outer most middleware in the wsgi stack since
331 331 # middleware like Routes make database calls
332 332 def pyramid_app_with_cleanup(environ, start_response):
333 333 try:
334 334 return pyramid_app(environ, start_response)
335 335 finally:
336 336 # Dispose current database session and rollback uncommitted
337 337 # transactions.
338 338 meta.Session.remove()
339 339
340 340 # In a single threaded mode server, on non sqlite db we should have
341 341 # '0 Current Checked out connections' at the end of a request,
342 342 # if not, then something, somewhere is leaving a connection open
343 343 pool = meta.Base.metadata.bind.engine.pool
344 344 log.debug('sa pool status: %s', pool.status())
345 345 log.debug('Request processing finalized')
346 346
347 347 return pyramid_app_with_cleanup
348 348
349 349
350 350 def sanitize_settings_and_apply_defaults(settings):
351 351 """
352 352 Applies settings defaults and does all type conversion.
353 353
354 354 We would move all settings parsing and preparation into this place, so that
355 355 we have only one place left which deals with this part. The remaining parts
356 356 of the application would start to rely fully on well prepared settings.
357 357
358 358 This piece would later be split up per topic to avoid a big fat monster
359 359 function.
360 360 """
361 361
362 362 settings.setdefault('rhodecode.edition', 'Community Edition')
363 363
364 364 if 'mako.default_filters' not in settings:
365 365 # set custom default filters if we don't have it defined
366 366 settings['mako.imports'] = 'from rhodecode.lib.base import h_filter'
367 367 settings['mako.default_filters'] = 'h_filter'
368 368
369 369 if 'mako.directories' not in settings:
370 370 mako_directories = settings.setdefault('mako.directories', [
371 371 # Base templates of the original application
372 372 'rhodecode:templates',
373 373 ])
374 374 log.debug(
375 375 "Using the following Mako template directories: %s",
376 376 mako_directories)
377 377
378 378 # Default includes, possible to change as a user
379 379 pyramid_includes = settings.setdefault('pyramid.includes', [
380 380 'rhodecode.lib.middleware.request_wrapper',
381 381 ])
382 382 log.debug(
383 383 "Using the following pyramid.includes: %s",
384 384 pyramid_includes)
385 385
386 386 # TODO: johbo: Re-think this, usually the call to config.include
387 387 # should allow to pass in a prefix.
388 388 settings.setdefault('rhodecode.api.url', '/_admin/api')
389 389
390 390 # Sanitize generic settings.
391 391 _list_setting(settings, 'default_encoding', 'UTF-8')
392 392 _bool_setting(settings, 'is_test', 'false')
393 393 _bool_setting(settings, 'gzip_responses', 'false')
394 394
395 395 # Call split out functions that sanitize settings for each topic.
396 396 _sanitize_appenlight_settings(settings)
397 397 _sanitize_vcs_settings(settings)
398 398 _sanitize_cache_settings(settings)
399 399
400 400 # configure instance id
401 401 config_utils.set_instance_id(settings)
402 402
403 403 return settings
404 404
405 405
406 406 def _sanitize_appenlight_settings(settings):
407 407 _bool_setting(settings, 'appenlight', 'false')
408 408
409 409
410 410 def _sanitize_vcs_settings(settings):
411 411 """
412 412 Applies settings defaults and does type conversion for all VCS related
413 413 settings.
414 414 """
415 415 _string_setting(settings, 'vcs.svn.compatible_version', '')
416 416 _string_setting(settings, 'git_rev_filter', '--all')
417 417 _string_setting(settings, 'vcs.hooks.protocol', 'http')
418 418 _string_setting(settings, 'vcs.hooks.host', '127.0.0.1')
419 419 _string_setting(settings, 'vcs.scm_app_implementation', 'http')
420 420 _string_setting(settings, 'vcs.server', '')
421 421 _string_setting(settings, 'vcs.server.log_level', 'debug')
422 422 _string_setting(settings, 'vcs.server.protocol', 'http')
423 423 _bool_setting(settings, 'startup.import_repos', 'false')
424 424 _bool_setting(settings, 'vcs.hooks.direct_calls', 'false')
425 425 _bool_setting(settings, 'vcs.server.enable', 'true')
426 426 _bool_setting(settings, 'vcs.start_server', 'false')
427 427 _list_setting(settings, 'vcs.backends', 'hg, git, svn')
428 428 _int_setting(settings, 'vcs.connection_timeout', 3600)
429 429
430 430 # Support legacy values of vcs.scm_app_implementation. Legacy
431 431 # configurations may use 'rhodecode.lib.middleware.utils.scm_app_http', or
432 432 # disabled since 4.13 'vcsserver.scm_app' which is now mapped to 'http'.
433 433 scm_app_impl = settings['vcs.scm_app_implementation']
434 434 if scm_app_impl in ['rhodecode.lib.middleware.utils.scm_app_http', 'vcsserver.scm_app']:
435 435 settings['vcs.scm_app_implementation'] = 'http'
436 436
437 437
438 438 def _sanitize_cache_settings(settings):
439 439
440 440 default_cache_dir = os.path.join(tempfile.gettempdir(), 'rc_cache')
441 441
442 442 # save default, cache dir, and use it for all backends later.
443 443 default_cache_dir = _string_setting(
444 444 settings,
445 445 'cache_dir',
446 446 default_cache_dir, lower=False, default_when_empty=True)
447 447
448 448 # ensure we have our dir created
449 449 if not os.path.isdir(default_cache_dir):
450 450 os.makedirs(default_cache_dir, mode=0755)
451 451
452 452 # exception store cache
453 453 _string_setting(
454 454 settings,
455 'exception_store_path',
455 'exception_tracker.store_path',
456 456 default_cache_dir, lower=False)
457 457
458 458 # cache_perms
459 459 _string_setting(
460 460 settings,
461 461 'rc_cache.cache_perms.backend',
462 462 'dogpile.cache.rc.file_namespace', lower=False)
463 463 _int_setting(
464 464 settings,
465 465 'rc_cache.cache_perms.expiration_time',
466 466 60)
467 467 _string_setting(
468 468 settings,
469 469 'rc_cache.cache_perms.arguments.filename',
470 470 os.path.join(default_cache_dir, 'rc_cache_1'), lower=False)
471 471
472 472 # cache_repo
473 473 _string_setting(
474 474 settings,
475 475 'rc_cache.cache_repo.backend',
476 476 'dogpile.cache.rc.file_namespace', lower=False)
477 477 _int_setting(
478 478 settings,
479 479 'rc_cache.cache_repo.expiration_time',
480 480 60)
481 481 _string_setting(
482 482 settings,
483 483 'rc_cache.cache_repo.arguments.filename',
484 484 os.path.join(default_cache_dir, 'rc_cache_2'), lower=False)
485 485
486 486 # cache_license
487 487 _string_setting(
488 488 settings,
489 489 'rc_cache.cache_license.backend',
490 490 'dogpile.cache.rc.file_namespace', lower=False)
491 491 _int_setting(
492 492 settings,
493 493 'rc_cache.cache_license.expiration_time',
494 494 5*60)
495 495 _string_setting(
496 496 settings,
497 497 'rc_cache.cache_license.arguments.filename',
498 498 os.path.join(default_cache_dir, 'rc_cache_3'), lower=False)
499 499
500 500 # cache_repo_longterm memory, 96H
501 501 _string_setting(
502 502 settings,
503 503 'rc_cache.cache_repo_longterm.backend',
504 504 'dogpile.cache.rc.memory_lru', lower=False)
505 505 _int_setting(
506 506 settings,
507 507 'rc_cache.cache_repo_longterm.expiration_time',
508 508 345600)
509 509 _int_setting(
510 510 settings,
511 511 'rc_cache.cache_repo_longterm.max_size',
512 512 10000)
513 513
514 514 # sql_cache_short
515 515 _string_setting(
516 516 settings,
517 517 'rc_cache.sql_cache_short.backend',
518 518 'dogpile.cache.rc.memory_lru', lower=False)
519 519 _int_setting(
520 520 settings,
521 521 'rc_cache.sql_cache_short.expiration_time',
522 522 30)
523 523 _int_setting(
524 524 settings,
525 525 'rc_cache.sql_cache_short.max_size',
526 526 10000)
527 527
528 528
529 529 def _int_setting(settings, name, default):
530 530 settings[name] = int(settings.get(name, default))
531 531 return settings[name]
532 532
533 533
534 534 def _bool_setting(settings, name, default):
535 535 input_val = settings.get(name, default)
536 536 if isinstance(input_val, unicode):
537 537 input_val = input_val.encode('utf8')
538 538 settings[name] = asbool(input_val)
539 539 return settings[name]
540 540
541 541
542 542 def _list_setting(settings, name, default):
543 543 raw_value = settings.get(name, default)
544 544
545 545 old_separator = ','
546 546 if old_separator in raw_value:
547 547 # If we get a comma separated list, pass it to our own function.
548 548 settings[name] = rhodecode_aslist(raw_value, sep=old_separator)
549 549 else:
550 550 # Otherwise we assume it uses pyramids space/newline separation.
551 551 settings[name] = aslist(raw_value)
552 552 return settings[name]
553 553
554 554
555 555 def _string_setting(settings, name, default, lower=True, default_when_empty=False):
556 556 value = settings.get(name, default)
557 557
558 558 if default_when_empty and not value:
559 559 # use default value when value is empty
560 560 value = default
561 561
562 562 if lower:
563 563 value = value.lower()
564 564 settings[name] = value
565 565 return settings[name]
566 566
567 567
568 568 def _substitute_values(mapping, substitutions):
569 569
570 570 try:
571 571 result = {
572 572 # Note: Cannot use regular replacements, since they would clash
573 573 # with the implementation of ConfigParser. Using "format" instead.
574 574 key: value.format(**substitutions)
575 575 for key, value in mapping.items()
576 576 }
577 577 except KeyError as e:
578 578 raise ValueError(
579 579 'Failed to substitute env variable: {}. '
580 580 'Make sure you have specified this env variable without ENV_ prefix'.format(e))
581 581
582 582 return result
Show file before | Show file after | Hide comments
@@ -1,151 +1,151 b''
1 1 # -*- coding: utf-8 -*-
2 2
3 3 # Copyright (C) 2010-2018 RhodeCode GmbH
4 4 #
5 5 # This program is free software: you can redistribute it and/or modify
6 6 # it under the terms of the GNU Affero General Public License, version 3
7 7 # (only), as published by the Free Software Foundation.
8 8 #
9 9 # This program is distributed in the hope that it will be useful,
10 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 12 # GNU General Public License for more details.
13 13 #
14 14 # You should have received a copy of the GNU Affero General Public License
15 15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 16 #
17 17 # This program is dual-licensed. If you wish to learn more about the
18 18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20 20
21 21 import os
22 22 import time
23 23 import datetime
24 24 import msgpack
25 25 import logging
26 26 import traceback
27 27 import tempfile
28 28
29 29
30 30 log = logging.getLogger(__name__)
31 31
32 32 # NOTE: Any changes should be synced with exc_tracking at vcsserver.lib.exc_tracking
33 33 global_prefix = 'rhodecode'
34 34 exc_store_dir_name = 'rc_exception_store_v1'
35 35
36 36
37 37 def exc_serialize(exc_id, tb, exc_type):
38 38
39 39 data = {
40 40 'version': 'v1',
41 41 'exc_id': exc_id,
42 42 'exc_utc_date': datetime.datetime.utcnow().isoformat(),
43 43 'exc_timestamp': repr(time.time()),
44 44 'exc_message': tb,
45 45 'exc_type': exc_type,
46 46 }
47 47 return msgpack.packb(data), data
48 48
49 49
50 50 def exc_unserialize(tb):
51 51 return msgpack.unpackb(tb)
52 52
53 53
54 54 def get_exc_store():
55 55 """
56 56 Get and create exception store if it's not existing
57 57 """
58 58 import rhodecode as app
59 59
60 exc_store_dir = app.CONFIG.get('exception_store_path', '') or tempfile.gettempdir()
60 exc_store_dir = app.CONFIG.get('exception_tracker.store_path', '') or tempfile.gettempdir()
61 61 _exc_store_path = os.path.join(exc_store_dir, exc_store_dir_name)
62 62
63 63 _exc_store_path = os.path.abspath(_exc_store_path)
64 64 if not os.path.isdir(_exc_store_path):
65 65 os.makedirs(_exc_store_path)
66 66 log.debug('Initializing exceptions store at %s', _exc_store_path)
67 67 return _exc_store_path
68 68
69 69
70 70 def _store_exception(exc_id, exc_info, prefix):
71 71 exc_type, exc_value, exc_traceback = exc_info
72 72 tb = ''.join(traceback.format_exception(
73 73 exc_type, exc_value, exc_traceback, None))
74 74
75 75 exc_type_name = exc_type.__name__
76 76 exc_store_path = get_exc_store()
77 77 exc_data, org_data = exc_serialize(exc_id, tb, exc_type_name)
78 78 exc_pref_id = '{}_{}_{}'.format(exc_id, prefix, org_data['exc_timestamp'])
79 79 if not os.path.isdir(exc_store_path):
80 80 os.makedirs(exc_store_path)
81 81 stored_exc_path = os.path.join(exc_store_path, exc_pref_id)
82 82 with open(stored_exc_path, 'wb') as f:
83 83 f.write(exc_data)
84 84 log.debug('Stored generated exception %s as: %s', exc_id, stored_exc_path)
85 85
86 86
87 87 def store_exception(exc_id, exc_info, prefix=global_prefix):
88 88 """
89 89 Example usage::
90 90
91 91 exc_info = sys.exc_info()
92 92 store_exception(id(exc_info), exc_info)
93 93 """
94 94
95 95 try:
96 96 _store_exception(exc_id=exc_id, exc_info=exc_info, prefix=prefix)
97 97 except Exception:
98 98 log.exception('Failed to store exception `%s` information', exc_id)
99 99 # there's no way this can fail, it will crash server badly if it does.
100 100 pass
101 101
102 102
103 103 def _find_exc_file(exc_id, prefix=global_prefix):
104 104 exc_store_path = get_exc_store()
105 105 if prefix:
106 106 exc_id = '{}_{}'.format(exc_id, prefix)
107 107 else:
108 108 # search without a prefix
109 109 exc_id = '{}'.format(exc_id)
110 110
111 111 # we need to search the store for such start pattern as above
112 112 for fname in os.listdir(exc_store_path):
113 113 if fname.startswith(exc_id):
114 114 exc_id = os.path.join(exc_store_path, fname)
115 115 break
116 116 continue
117 117 else:
118 118 exc_id = None
119 119
120 120 return exc_id
121 121
122 122
123 123 def _read_exception(exc_id, prefix):
124 124 exc_id_file_path = _find_exc_file(exc_id=exc_id, prefix=prefix)
125 125 if exc_id_file_path:
126 126 with open(exc_id_file_path, 'rb') as f:
127 127 return exc_unserialize(f.read())
128 128 else:
129 129 log.debug('Exception File `%s` not found', exc_id_file_path)
130 130 return None
131 131
132 132
133 133 def read_exception(exc_id, prefix=global_prefix):
134 134 try:
135 135 return _read_exception(exc_id=exc_id, prefix=prefix)
136 136 except Exception:
137 137 log.exception('Failed to read exception `%s` information', exc_id)
138 138 # there's no way this can fail, it will crash server badly if it does.
139 139 return None
140 140
141 141
142 142 def delete_exception(exc_id, prefix=global_prefix):
143 143 try:
144 144 exc_id_file_path = _find_exc_file(exc_id, prefix=prefix)
145 145 if exc_id_file_path:
146 146 os.remove(exc_id_file_path)
147 147
148 148 except Exception:
149 149 log.exception('Failed to remove exception `%s` information', exc_id)
150 150 # there's no way this can fail, it will crash server badly if it does.
151 151 pass
General Comments 0
You need to be logged in to leave comments. Login now