|
|
|
|
|
|
|
|
################################################################################
|
|
|
## RHODECODE COMMUNITY EDITION CONFIGURATION ##
|
|
|
################################################################################
|
|
|
|
|
|
[DEFAULT]
|
|
|
## Debug flag sets all loggers to debug, and enables request tracking
|
|
|
debug = false
|
|
|
|
|
|
################################################################################
|
|
|
## EMAIL CONFIGURATION ##
|
|
|
## Uncomment and replace with the email address which should receive ##
|
|
|
## any error reports after an application crash ##
|
|
|
## Additionally these settings will be used by the RhodeCode mailing system ##
|
|
|
################################################################################
|
|
|
|
|
|
## prefix all emails subjects with given prefix, helps filtering out emails
|
|
|
#email_prefix = [RhodeCode]
|
|
|
|
|
|
## email FROM address all mails will be sent
|
|
|
#app_email_from = rhodecode-noreply@localhost
|
|
|
|
|
|
#smtp_server = mail.server.com
|
|
|
#smtp_username =
|
|
|
#smtp_password =
|
|
|
#smtp_port =
|
|
|
#smtp_use_tls = false
|
|
|
#smtp_use_ssl = true
|
|
|
|
|
|
[server:main]
|
|
|
## COMMON ##
|
|
|
host = 127.0.0.1
|
|
|
port = 5000
|
|
|
|
|
|
###########################################################
|
|
|
## WAITRESS WSGI SERVER - Recommended for Development ####
|
|
|
###########################################################
|
|
|
|
|
|
#use = egg:waitress#main
|
|
|
## number of worker threads
|
|
|
#threads = 5
|
|
|
## MAX BODY SIZE 100GB
|
|
|
#max_request_body_size = 107374182400
|
|
|
## Use poll instead of select, fixes file descriptors limits problems.
|
|
|
## May not work on old windows systems.
|
|
|
#asyncore_use_poll = true
|
|
|
|
|
|
|
|
|
##########################
|
|
|
## GUNICORN WSGI SERVER ##
|
|
|
##########################
|
|
|
## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
|
|
|
|
|
|
use = egg:gunicorn#main
|
|
|
## Sets the number of process workers. More workers means more concurrent connections
|
|
|
## RhodeCode can handle at the same time. Each additional worker also it increases
|
|
|
## memory usage as each has it's own set of caches.
|
|
|
## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
|
|
|
## than 8-10 unless for really big deployments .e.g 700-1000 users.
|
|
|
## `instance_id = *` must be set in the [app:main] section below (which is the default)
|
|
|
## when using more than 1 worker.
|
|
|
workers = 2
|
|
|
|
|
|
## process name visible in process list
|
|
|
proc_name = rhodecode
|
|
|
|
|
|
## type of worker class, one of sync, gevent
|
|
|
## recommended for bigger setup is using of of other than sync one
|
|
|
worker_class = gevent
|
|
|
|
|
|
## The maximum number of simultaneous clients. Valid only for Gevent
|
|
|
worker_connections = 10
|
|
|
|
|
|
## max number of requests that worker will handle before being gracefully
|
|
|
## restarted, could prevent memory leaks
|
|
|
max_requests = 1000
|
|
|
max_requests_jitter = 30
|
|
|
|
|
|
## amount of time a worker can spend with handling a request before it
|
|
|
## gets killed and restarted. Set to 6hrs
|
|
|
timeout = 21600
|
|
|
|
|
|
## The maximum size of HTTP request line in bytes.
|
|
|
## 0 for unlimited
|
|
|
limit_request_line = 0
|
|
|
|
|
|
## Limit the number of HTTP headers fields in a request.
|
|
|
## By default this value is 100 and can't be larger than 32768.
|
|
|
limit_request_fields = 32768
|
|
|
|
|
|
## Limit the allowed size of an HTTP request header field.
|
|
|
## Value is a positive number or 0.
|
|
|
## Setting it to 0 will allow unlimited header field sizes.
|
|
|
limit_request_field_size = 0
|
|
|
|
|
|
## Timeout for graceful workers restart.
|
|
|
## After receiving a restart signal, workers have this much time to finish
|
|
|
## serving requests. Workers still alive after the timeout (starting from the
|
|
|
## receipt of the restart signal) are force killed.
|
|
|
graceful_timeout = 3600
|
|
|
|
|
|
# The number of seconds to wait for requests on a Keep-Alive connection.
|
|
|
# Generally set in the 1-5 seconds range.
|
|
|
keepalive = 2
|
|
|
|
|
|
## Maximum memory usage that each worker can use before it will receive a
|
|
|
## graceful restart signal, e.g 10MB = 10485760 (10 * 1024 * 1024)
|
|
|
# 0 = memory monitoring is disabled
|
|
|
memory_max_usage = 0
|
|
|
|
|
|
## How often in seconds to check for memory usage for each gunicorn worker
|
|
|
memory_usage_check_interval = 60
|
|
|
|
|
|
## Threshold value for which we don't recycle worker if GarbageCollection
|
|
|
## frees up enough resources. Before each restart we try to run GC on worker
|
|
|
## in case we get enough free memory after that, restart will not happen.
|
|
|
memory_usage_recovery_threshold = 0.8
|
|
|
|
|
|
## prefix middleware for RhodeCode.
|
|
|
## recommended when using proxy setup.
|
|
|
## allows to set RhodeCode under a prefix in server.
|
|
|
## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
|
|
|
## And set your prefix like: `prefix = /custom_prefix`
|
|
|
## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
|
|
|
## to make your cookies only work on prefix url
|
|
|
[filter:proxy-prefix]
|
|
|
use = egg:PasteDeploy#prefix
|
|
|
prefix = /
|
|
|
|
|
|
[app:main]
|
|
|
## The %(here)s variable will be replaced with the absolute path of parent directory
|
|
|
## of this file
|
|
|
## In addition ENVIRONMENT variables usage is possible, e.g
|
|
|
## sqlalchemy.db1.url = {ENV_RC_DB_URL}
|
|
|
|
|
|
use = egg:rhodecode-enterprise-ce
|
|
|
|
|
|
## enable proxy prefix middleware, defined above
|
|
|
#filter-with = proxy-prefix
|
|
|
|
|
|
## encryption key used to encrypt social plugin tokens,
|
|
|
## remote_urls with credentials etc, if not set it defaults to
|
|
|
## `beaker.session.secret`
|
|
|
#rhodecode.encrypted_values.secret =
|
|
|
|
|
|
## decryption strict mode (enabled by default). It controls if decryption raises
|
|
|
## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
|
|
|
#rhodecode.encrypted_values.strict = false
|
|
|
|
|
|
## Pick algorithm for encryption. Either fernet (more secure) or aes (default)
|
|
|
## fernet is safer, and we strongly recommend switching to it.
|
|
|
## Due to backward compatibility aes is used as default.
|
|
|
#rhodecode.encrypted_values.algorithm = fernet
|
|
|
|
|
|
## return gzipped responses from RhodeCode (static files/application)
|
|
|
gzip_responses = false
|
|
|
|
|
|
## auto-generate javascript routes file on startup
|
|
|
generate_js_files = false
|
|
|
|
|
|
## System global default language.
|
|
|
## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
|
|
|
lang = en
|
|
|
|
|
|
## Perform a full repository scan and import on each server start.
|
|
|
## Settings this to true could lead to very long startup time.
|
|
|
startup.import_repos = false
|
|
|
|
|
|
## Uncomment and set this path to use archive download cache.
|
|
|
## Once enabled, generated archives will be cached at this location
|
|
|
## and served from the cache during subsequent requests for the same archive of
|
|
|
## the repository.
|
|
|
#archive_cache_dir = /tmp/tarballcache
|
|
|
|
|
|
## URL at which the application is running. This is used for Bootstrapping
|
|
|
## requests in context when no web request is available. Used in ishell, or
|
|
|
## SSH calls. Set this for events to receive proper url for SSH calls.
|
|
|
app.base_url = http://rhodecode.local
|
|
|
|
|
|
## Unique application ID. Should be a random unique string for security.
|
|
|
app_instance_uuid = rc-production
|
|
|
|
|
|
## Cut off limit for large diffs (size in bytes). If overall diff size on
|
|
|
## commit, or pull request exceeds this limit this diff will be displayed
|
|
|
## partially. E.g 512000 == 512Kb
|
|
|
cut_off_limit_diff = 512000
|
|
|
|
|
|
## Cut off limit for large files inside diffs (size in bytes). Each individual
|
|
|
## file inside diff which exceeds this limit will be displayed partially.
|
|
|
## E.g 128000 == 128Kb
|
|
|
cut_off_limit_file = 128000
|
|
|
|
|
|
## use cached version of vcs repositories everywhere. Recommended to be `true`
|
|
|
vcs_full_cache = true
|
|
|
|
|
|
## Force https in RhodeCode, fixes https redirects, assumes it's always https.
|
|
|
## Normally this is controlled by proper http flags sent from http server
|
|
|
force_https = false
|
|
|
|
|
|
## use Strict-Transport-Security headers
|
|
|
use_htsts = false
|
|
|
|
|
|
# Set to true if your repos are exposed using the dumb protocol
|
|
|
git_update_server_info = false
|
|
|
|
|
|
## RSS/ATOM feed options
|
|
|
rss_cut_off_limit = 256000
|
|
|
rss_items_per_page = 10
|
|
|
rss_include_diff = false
|
|
|
|
|
|
## gist URL alias, used to create nicer urls for gist. This should be an
|
|
|
## url that does rewrites to _admin/gists/{gistid}.
|
|
|
## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
|
|
|
## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
|
|
|
gist_alias_url =
|
|
|
|
|
|
## List of views (using glob pattern syntax) that AUTH TOKENS could be
|
|
|
## used for access.
|
|
|
## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
|
|
|
## came from the the logged in user who own this authentication token.
|
|
|
## Additionally @TOKEN syntax can be used to bound the view to specific
|
|
|
## authentication token. Such view would be only accessible when used together
|
|
|
## with this authentication token
|
|
|
##
|
|
|
## list of all views can be found under `/_admin/permissions/auth_token_access`
|
|
|
## The list should be "," separated and on a single line.
|
|
|
##
|
|
|
## Most common views to enable:
|
|
|
# RepoCommitsView:repo_commit_download
|
|
|
# RepoCommitsView:repo_commit_patch
|
|
|
# RepoCommitsView:repo_commit_raw
|
|
|
# RepoCommitsView:repo_commit_raw@TOKEN
|
|
|
# RepoFilesView:repo_files_diff
|
|
|
# RepoFilesView:repo_archivefile
|
|
|
# RepoFilesView:repo_file_raw
|
|
|
# GistView:*
|
|
|
api_access_controllers_whitelist =
|
|
|
|
|
|
## Default encoding used to convert from and to unicode
|
|
|
## can be also a comma separated list of encoding in case of mixed encodings
|
|
|
default_encoding = UTF-8
|
|
|
|
|
|
## instance-id prefix
|
|
|
## a prefix key for this instance used for cache invalidation when running
|
|
|
## multiple instances of RhodeCode, make sure it's globally unique for
|
|
|
## all running RhodeCode instances. Leave empty if you don't use it
|
|
|
instance_id =
|
|
|
|
|
|
## Fallback authentication plugin. Set this to a plugin ID to force the usage
|
|
|
## of an authentication plugin also if it is disabled by it's settings.
|
|
|
## This could be useful if you are unable to log in to the system due to broken
|
|
|
## authentication settings. Then you can enable e.g. the internal RhodeCode auth
|
|
|
## module to log in again and fix the settings.
|
|
|
##
|
|
|
## Available builtin plugin IDs (hash is part of the ID):
|
|
|
## egg:rhodecode-enterprise-ce#rhodecode
|
|
|
## egg:rhodecode-enterprise-ce#pam
|
|
|
## egg:rhodecode-enterprise-ce#ldap
|
|
|
## egg:rhodecode-enterprise-ce#jasig_cas
|
|
|
## egg:rhodecode-enterprise-ce#headers
|
|
|
## egg:rhodecode-enterprise-ce#crowd
|
|
|
#rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
|
|
|
|
|
|
## alternative return HTTP header for failed authentication. Default HTTP
|
|
|
## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
|
|
|
## handling that causing a series of failed authentication calls.
|
|
|
## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
|
|
|
## This will be served instead of default 401 on bad authentication
|
|
|
auth_ret_code =
|
|
|
|
|
|
## use special detection method when serving auth_ret_code, instead of serving
|
|
|
## ret_code directly, use 401 initially (Which triggers credentials prompt)
|
|
|
## and then serve auth_ret_code to clients
|
|
|
auth_ret_code_detection = false
|
|
|
|
|
|
## locking return code. When repository is locked return this HTTP code. 2XX
|
|
|
## codes don't break the transactions while 4XX codes do
|
|
|
lock_ret_code = 423
|
|
|
|
|
|
## allows to change the repository location in settings page
|
|
|
allow_repo_location_change = true
|
|
|
|
|
|
## allows to setup custom hooks in settings page
|
|
|
allow_custom_hooks_settings = true
|
|
|
|
|
|
## Generated license token required for EE edition license.
|
|
|
## New generated token value can be found in Admin > settings > license page.
|
|
|
license_token =
|
|
|
|
|
|
## This flag would hide sensitive information on the license page
|
|
|
license.hide_license_info = false
|
|
|
|
|
|
## supervisor connection uri, for managing supervisor and logs.
|
|
|
supervisor.uri =
|
|
|
## supervisord group name/id we only want this RC instance to handle
|
|
|
supervisor.group_id = prod
|
|
|
|
|
|
## Display extended labs settings
|
|
|
labs_settings_active = true
|
|
|
|
|
|
## Custom exception store path, defaults to TMPDIR
|
|
|
## This is used to store exception from RhodeCode in shared directory
|
|
|
#exception_tracker.store_path =
|
|
|
|
|
|
## File store configuration. This is used to store and serve uploaded files
|
|
|
file_store.enabled = true
|
|
|
## Storage backend, available options are: local
|
|
|
file_store.backend = local
|
|
|
## path to store the uploaded binaries
|
|
|
file_store.storage_path = %(here)s/data/file_store
|
|
|
|
|
|
|
|
|
####################################
|
|
|
### CELERY CONFIG ####
|
|
|
####################################
|
|
|
## run: /path/to/celery worker \
|
|
|
## -E --beat --app rhodecode.lib.celerylib.loader \
|
|
|
## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \
|
|
|
## --loglevel DEBUG --ini /path/to/rhodecode.ini
|
|
|
|
|
|
use_celery = false
|
|
|
|
|
|
## connection url to the message broker (default redis)
|
|
|
celery.broker_url = redis://localhost:6379/8
|
|
|
|
|
|
## rabbitmq example
|
|
|
#celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
|
|
|
|
|
|
## maximum tasks to execute before worker restart
|
|
|
celery.max_tasks_per_child = 100
|
|
|
|
|
|
## tasks will never be sent to the queue, but executed locally instead.
|
|
|
celery.task_always_eager = false
|
|
|
|
|
|
#####################################
|
|
|
### DOGPILE CACHE ####
|
|
|
#####################################
|
|
|
## Default cache dir for caches. Putting this into a ramdisk
|
|
|
## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require
|
|
|
## large amount of space
|
|
|
cache_dir = %(here)s/data
|
|
|
|
|
|
## `cache_perms` cache settings for permission tree, auth TTL.
|
|
|
rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
|
|
|
rc_cache.cache_perms.expiration_time = 300
|
|
|
|
|
|
## alternative `cache_perms` redis backend with distributed lock
|
|
|
#rc_cache.cache_perms.backend = dogpile.cache.rc.redis
|
|
|
#rc_cache.cache_perms.expiration_time = 300
|
|
|
## redis_expiration_time needs to be greater then expiration_time
|
|
|
#rc_cache.cache_perms.arguments.redis_expiration_time = 7200
|
|
|
#rc_cache.cache_perms.arguments.socket_timeout = 30
|
|
|
#rc_cache.cache_perms.arguments.host = localhost
|
|
|
#rc_cache.cache_perms.arguments.port = 6379
|
|
|
#rc_cache.cache_perms.arguments.db = 0
|
|
|
## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
|
|
|
#rc_cache.cache_perms.arguments.distributed_lock = true
|
|
|
|
|
|
## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
|
|
|
rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
|
|
|
rc_cache.cache_repo.expiration_time = 2592000
|
|
|
|
|
|
## alternative `cache_repo` redis backend with distributed lock
|
|
|
#rc_cache.cache_repo.backend = dogpile.cache.rc.redis
|
|
|
#rc_cache.cache_repo.expiration_time = 2592000
|
|
|
## redis_expiration_time needs to be greater then expiration_time
|
|
|
#rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
|
|
|
#rc_cache.cache_repo.arguments.socket_timeout = 30
|
|
|
#rc_cache.cache_repo.arguments.host = localhost
|
|
|
#rc_cache.cache_repo.arguments.port = 6379
|
|
|
#rc_cache.cache_repo.arguments.db = 1
|
|
|
## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
|
|
|
#rc_cache.cache_repo.arguments.distributed_lock = true
|
|
|
|
|
|
## cache settings for SQL queries, this needs to use memory type backend
|
|
|
rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
|
|
|
rc_cache.sql_cache_short.expiration_time = 30
|
|
|
|
|
|
## `cache_repo_longterm` cache for repo object instances, this needs to use memory
|
|
|
## type backend as the objects kept are not pickle serializable
|
|
|
rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
|
|
|
## by default we use 96H, this is using invalidation on push anyway
|
|
|
rc_cache.cache_repo_longterm.expiration_time = 345600
|
|
|
## max items in LRU cache, reduce this number to save memory, and expire last used
|
|
|
## cached objects
|
|
|
rc_cache.cache_repo_longterm.max_size = 10000
|
|
|
|
|
|
|
|
|
####################################
|
|
|
### BEAKER SESSION ####
|
|
|
####################################
|
|
|
|
|
|
## .session.type is type of storage options for the session, current allowed
|
|
|
## types are file, ext:memcached, ext:redis, ext:database, and memory (default).
|
|
|
beaker.session.type = file
|
|
|
beaker.session.data_dir = %(here)s/data/sessions
|
|
|
|
|
|
## redis sessions
|
|
|
#beaker.session.type = ext:redis
|
|
|
#beaker.session.url = redis://127.0.0.1:6379/2
|
|
|
|
|
|
## db based session, fast, and allows easy management over logged in users
|
|
|
#beaker.session.type = ext:database
|
|
|
#beaker.session.table_name = db_session
|
|
|
#beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
|
|
|
#beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
|
|
|
#beaker.session.sa.pool_recycle = 3600
|
|
|
#beaker.session.sa.echo = false
|
|
|
|
|
|
beaker.session.key = rhodecode
|
|
|
beaker.session.secret = production-rc-uytcxaz
|
|
|
beaker.session.lock_dir = %(here)s/data/sessions/lock
|
|
|
|
|
|
## Secure encrypted cookie. Requires AES and AES python libraries
|
|
|
## you must disable beaker.session.secret to use this
|
|
|
#beaker.session.encrypt_key = key_for_encryption
|
|
|
#beaker.session.validate_key = validation_key
|
|
|
|
|
|
## sets session as invalid(also logging out user) if it haven not been
|
|
|
## accessed for given amount of time in seconds
|
|
|
beaker.session.timeout = 2592000
|
|
|
beaker.session.httponly = true
|
|
|
## Path to use for the cookie. Set to prefix if you use prefix middleware
|
|
|
#beaker.session.cookie_path = /custom_prefix
|
|
|
|
|
|
## uncomment for https secure cookie
|
|
|
beaker.session.secure = false
|
|
|
|
|
|
## auto save the session to not to use .save()
|
|
|
beaker.session.auto = false
|
|
|
|
|
|
## default cookie expiration time in seconds, set to `true` to set expire
|
|
|
## at browser close
|
|
|
#beaker.session.cookie_expires = 3600
|
|
|
|
|
|
###################################
|
|
|
## SEARCH INDEXING CONFIGURATION ##
|
|
|
###################################
|
|
|
## Full text search indexer is available in rhodecode-tools under
|
|
|
## `rhodecode-tools index` command
|
|
|
|
|
|
## WHOOSH Backend, doesn't require additional services to run
|
|
|
## it works good with few dozen repos
|
|
|
search.module = rhodecode.lib.index.whoosh
|
|
|
search.location = %(here)s/data/index
|
|
|
|
|
|
########################################
|
|
|
### CHANNELSTREAM CONFIG ####
|
|
|
########################################
|
|
|
## channelstream enables persistent connections and live notification
|
|
|
## in the system. It's also used by the chat system
|
|
|
|
|
|
channelstream.enabled = false
|
|
|
|
|
|
## server address for channelstream server on the backend
|
|
|
channelstream.server = 127.0.0.1:9800
|
|
|
|
|
|
## location of the channelstream server from outside world
|
|
|
## use ws:// for http or wss:// for https. This address needs to be handled
|
|
|
## by external HTTP server such as Nginx or Apache
|
|
|
## see Nginx/Apache configuration examples in our docs
|
|
|
channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
|
|
|
channelstream.secret = secret
|
|
|
channelstream.history.location = %(here)s/channelstream_history
|
|
|
|
|
|
## Internal application path that Javascript uses to connect into.
|
|
|
## If you use proxy-prefix the prefix should be added before /_channelstream
|
|
|
channelstream.proxy_path = /_channelstream
|
|
|
|
|
|
## Live chat for commits/pull requests. Requires CHANNELSTREAM to be enabled
|
|
|
## and configured. (EE edition only)
|
|
|
chat.enabled = true
|
|
|
|
|
|
|
|
|
###################################
|
|
|
## APPENLIGHT CONFIG ##
|
|
|
###################################
|
|
|
|
|
|
## Appenlight is tailored to work with RhodeCode, see
|
|
|
## http://appenlight.com for details how to obtain an account
|
|
|
|
|
|
## Appenlight integration enabled
|
|
|
appenlight = false
|
|
|
|
|
|
appenlight.server_url = https://api.appenlight.com
|
|
|
appenlight.api_key = YOUR_API_KEY
|
|
|
#appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
|
|
|
|
|
|
## used for JS client
|
|
|
appenlight.api_public_key = YOUR_API_PUBLIC_KEY
|
|
|
|
|
|
## TWEAK AMOUNT OF INFO SENT HERE
|
|
|
|
|
|
## enables 404 error logging (default False)
|
|
|
appenlight.report_404 = false
|
|
|
|
|
|
## time in seconds after request is considered being slow (default 1)
|
|
|
appenlight.slow_request_time = 1
|
|
|
|
|
|
## record slow requests in application
|
|
|
## (needs to be enabled for slow datastore recording and time tracking)
|
|
|
appenlight.slow_requests = true
|
|
|
|
|
|
## enable hooking to application loggers
|
|
|
appenlight.logging = true
|
|
|
|
|
|
## minimum log level for log capture
|
|
|
appenlight.logging.level = WARNING
|
|
|
|
|
|
## send logs only from erroneous/slow requests
|
|
|
## (saves API quota for intensive logging)
|
|
|
appenlight.logging_on_error = false
|
|
|
|
|
|
## list of additional keywords that should be grabbed from environ object
|
|
|
## can be string with comma separated list of words in lowercase
|
|
|
## (by default client will always send following info:
|
|
|
## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
|
|
|
## start with HTTP* this list be extended with additional keywords here
|
|
|
appenlight.environ_keys_whitelist =
|
|
|
|
|
|
## list of keywords that should be blanked from request object
|
|
|
## can be string with comma separated list of words in lowercase
|
|
|
## (by default client will always blank keys that contain following words
|
|
|
## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
|
|
|
## this list be extended with additional keywords set here
|
|
|
appenlight.request_keys_blacklist =
|
|
|
|
|
|
## list of namespaces that should be ignores when gathering log entries
|
|
|
## can be string with comma separated list of namespaces
|
|
|
## (by default the client ignores own entries: appenlight_client.client)
|
|
|
appenlight.log_namespace_blacklist =
|
|
|
|
|
|
|
|
|
###########################################
|
|
|
### MAIN RHODECODE DATABASE CONFIG ###
|
|
|
###########################################
|
|
|
#sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
|
|
|
#sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
|
|
|
#sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
|
|
|
# pymysql is an alternative driver for MySQL, use in case of problems with default one
|
|
|
#sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
|
|
|
|
|
|
sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
|
|
|
|
|
|
# see sqlalchemy docs for other advanced settings
|
|
|
|
|
|
## print the sql statements to output
|
|
|
sqlalchemy.db1.echo = false
|
|
|
## recycle the connections after this amount of seconds
|
|
|
sqlalchemy.db1.pool_recycle = 3600
|
|
|
|
|
|
## the number of connections to keep open inside the connection pool.
|
|
|
## 0 indicates no limit
|
|
|
#sqlalchemy.db1.pool_size = 5
|
|
|
|
|
|
## the number of connections to allow in connection pool "overflow", that is
|
|
|
## connections that can be opened above and beyond the pool_size setting,
|
|
|
## which defaults to five.
|
|
|
#sqlalchemy.db1.max_overflow = 10
|
|
|
|
|
|
## Connection check ping, used to detect broken database connections
|
|
|
## could be enabled to better handle cases if MySQL has gone away errors
|
|
|
#sqlalchemy.db1.ping_connection = true
|
|
|
|
|
|
##################
|
|
|
### VCS CONFIG ###
|
|
|
##################
|
|
|
vcs.server.enable = true
|
|
|
vcs.server = localhost:9900
|
|
|
|
|
|
## Web server connectivity protocol, responsible for web based VCS operations
|
|
|
## Available protocols are:
|
|
|
## `http` - use http-rpc backend (default)
|
|
|
vcs.server.protocol = http
|
|
|
|
|
|
## Push/Pull operations protocol, available options are:
|
|
|
## `http` - use http-rpc backend (default)
|
|
|
vcs.scm_app_implementation = http
|
|
|
|
|
|
## Push/Pull operations hooks protocol, available options are:
|
|
|
## `http` - use http-rpc backend (default)
|
|
|
vcs.hooks.protocol = http
|
|
|
|
|
|
## Host on which this instance is listening for hooks. If vcsserver is in other location
|
|
|
## this should be adjusted.
|
|
|
vcs.hooks.host = 127.0.0.1
|
|
|
|
|
|
vcs.server.log_level = info
|
|
|
## Start VCSServer with this instance as a subprocess, useful for development
|
|
|
vcs.start_server = false
|
|
|
|
|
|
## List of enabled VCS backends, available options are:
|
|
|
## `hg` - mercurial
|
|
|
## `git` - git
|
|
|
## `svn` - subversion
|
|
|
vcs.backends = hg, git, svn
|
|
|
|
|
|
vcs.connection_timeout = 3600
|
|
|
## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
|
|
|
## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
|
|
|
#vcs.svn.compatible_version = pre-1.8-compatible
|
|
|
|
|
|
|
|
|
############################################################
|
|
|
### Subversion proxy support (mod_dav_svn) ###
|
|
|
### Maps RhodeCode repo groups into SVN paths for Apache ###
|
|
|
############################################################
|
|
|
## Enable or disable the config file generation.
|
|
|
svn.proxy.generate_config = false
|
|
|
## Generate config file with `SVNListParentPath` set to `On`.
|
|
|
svn.proxy.list_parent_path = true
|
|
|
## Set location and file name of generated config file.
|
|
|
svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
|
|
|
## alternative mod_dav config template. This needs to be a mako template
|
|
|
#svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
|
|
|
## Used as a prefix to the `Location` block in the generated config file.
|
|
|
## In most cases it should be set to `/`.
|
|
|
svn.proxy.location_root = /
|
|
|
## Command to reload the mod dav svn configuration on change.
|
|
|
## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
|
|
|
## Make sure user who runs RhodeCode process is allowed to reload Apache
|
|
|
#svn.proxy.reload_cmd = /etc/init.d/apache2 reload
|
|
|
## If the timeout expires before the reload command finishes, the command will
|
|
|
## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
|
|
|
#svn.proxy.reload_timeout = 10
|
|
|
|
|
|
############################################################
|
|
|
### SSH Support Settings ###
|
|
|
############################################################
|
|
|
|
|
|
## Defines if a custom authorized_keys file should be created and written on
|
|
|
## any change user ssh keys. Setting this to false also disables possibility
|
|
|
## of adding SSH keys by users from web interface. Super admins can still
|
|
|
## manage SSH Keys.
|
|
|
ssh.generate_authorized_keyfile = false
|
|
|
|
|
|
## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
|
|
|
# ssh.authorized_keys_ssh_opts =
|
|
|
|
|
|
## Path to the authorized_keys file where the generate entries are placed.
|
|
|
## It is possible to have multiple key files specified in `sshd_config` e.g.
|
|
|
## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
|
|
|
ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
|
|
|
|
|
|
## Command to execute the SSH wrapper. The binary is available in the
|
|
|
## RhodeCode installation directory.
|
|
|
## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
|
|
|
ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
|
|
|
|
|
|
## Allow shell when executing the ssh-wrapper command
|
|
|
ssh.wrapper_cmd_allow_shell = false
|
|
|
|
|
|
## Enables logging, and detailed output send back to the client during SSH
|
|
|
## operations. Useful for debugging, shouldn't be used in production.
|
|
|
ssh.enable_debug_logging = false
|
|
|
|
|
|
## Paths to binary executable, by default they are the names, but we can
|
|
|
## override them if we want to use a custom one
|
|
|
ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
|
|
|
ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
|
|
|
ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
|
|
|
|
|
|
## Enables SSH key generator web interface. Disabling this still allows users
|
|
|
## to add their own keys.
|
|
|
ssh.enable_ui_key_generator = true
|
|
|
|
|
|
|
|
|
## Dummy marker to add new entries after.
|
|
|
## Add any custom entries below. Please don't remove.
|
|
|
custom.conf = 1
|
|
|
|
|
|
|
|
|
################################
|
|
|
### LOGGING CONFIGURATION ####
|
|
|
################################
|
|
|
[loggers]
|
|
|
keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
|
|
|
|
|
|
[handlers]
|
|
|
keys = console, console_sql
|
|
|
|
|
|
[formatters]
|
|
|
keys = generic, color_formatter, color_formatter_sql
|
|
|
|
|
|
#############
|
|
|
## LOGGERS ##
|
|
|
#############
|
|
|
[logger_root]
|
|
|
level = NOTSET
|
|
|
handlers = console
|
|
|
|
|
|
[logger_sqlalchemy]
|
|
|
level = INFO
|
|
|
handlers = console_sql
|
|
|
qualname = sqlalchemy.engine
|
|
|
propagate = 0
|
|
|
|
|
|
[logger_beaker]
|
|
|
level = DEBUG
|
|
|
handlers =
|
|
|
qualname = beaker.container
|
|
|
propagate = 1
|
|
|
|
|
|
[logger_rhodecode]
|
|
|
level = DEBUG
|
|
|
handlers =
|
|
|
qualname = rhodecode
|
|
|
propagate = 1
|
|
|
|
|
|
[logger_ssh_wrapper]
|
|
|
level = DEBUG
|
|
|
handlers =
|
|
|
qualname = ssh_wrapper
|
|
|
propagate = 1
|
|
|
|
|
|
[logger_celery]
|
|
|
level = DEBUG
|
|
|
handlers =
|
|
|
qualname = celery
|
|
|
|
|
|
|
|
|
##############
|
|
|
## HANDLERS ##
|
|
|
##############
|
|
|
|
|
|
[handler_console]
|
|
|
class = StreamHandler
|
|
|
args = (sys.stderr, )
|
|
|
level = INFO
|
|
|
formatter = generic
|
|
|
|
|
|
[handler_console_sql]
|
|
|
# "level = DEBUG" logs SQL queries and results.
|
|
|
# "level = INFO" logs SQL queries.
|
|
|
# "level = WARN" logs neither. (Recommended for production systems.)
|
|
|
class = StreamHandler
|
|
|
args = (sys.stderr, )
|
|
|
level = WARN
|
|
|
formatter = generic
|
|
|
|
|
|
################
|
|
|
## FORMATTERS ##
|
|
|
################
|
|
|
|
|
|
[formatter_generic]
|
|
|
class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
|
|
|
format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
|
|
|
datefmt = %Y-%m-%d %H:%M:%S
|
|
|
|
|
|
[formatter_color_formatter]
|
|
|
class = rhodecode.lib.logging_formatter.ColorFormatter
|
|
|
format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
|
|
|
datefmt = %Y-%m-%d %H:%M:%S
|
|
|
|
|
|
[formatter_color_formatter_sql]
|
|
|
class = rhodecode.lib.logging_formatter.ColorFormatterSql
|
|
|
format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
|
|
|
datefmt = %Y-%m-%d %H:%M:%S
|
|
|
|