################################################################################ ## RHODECODE COMMUNITY EDITION CONFIGURATION ## ################################################################################ [DEFAULT] ## Debug flag sets all loggers to debug, and enables request tracking debug = false ################################################################################ ## EMAIL CONFIGURATION ## ## Uncomment and replace with the email address which should receive ## ## any error reports after an application crash ## ## Additionally these settings will be used by the RhodeCode mailing system ## ################################################################################ ## prefix all emails subjects with given prefix, helps filtering out emails #email_prefix = [RhodeCode] ## email FROM address all mails will be sent #app_email_from = rhodecode-noreply@localhost #smtp_server = mail.server.com #smtp_username = #smtp_password = #smtp_port = #smtp_use_tls = false #smtp_use_ssl = true [server:main] ## COMMON ## host = 127.0.0.1 port = 5000 ########################################################### ## WAITRESS WSGI SERVER - Recommended for Development #### ########################################################### #use = egg:waitress#main ## number of worker threads #threads = 5 ## MAX BODY SIZE 100GB #max_request_body_size = 107374182400 ## Use poll instead of select, fixes file descriptors limits problems. ## May not work on old windows systems. #asyncore_use_poll = true ########################## ## GUNICORN WSGI SERVER ## ########################## ## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini use = egg:gunicorn#main ## Sets the number of process workers. More workers means more concurrent connections ## RhodeCode can handle at the same time. Each additional worker also it increases ## memory usage as each has it's own set of caches. ## Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more ## than 8-10 unless for really big deployments .e.g 700-1000 users. ## `instance_id = *` must be set in the [app:main] section below (which is the default) ## when using more than 1 worker. workers = 2 ## process name visible in process list proc_name = rhodecode ## type of worker class, one of sync, gevent ## recommended for bigger setup is using of of other than sync one worker_class = gevent ## The maximum number of simultaneous clients. Valid only for Gevent worker_connections = 10 ## max number of requests that worker will handle before being gracefully ## restarted, could prevent memory leaks max_requests = 1000 max_requests_jitter = 30 ## amount of time a worker can spend with handling a request before it ## gets killed and restarted. Set to 6hrs timeout = 21600 ## prefix middleware for RhodeCode. ## recommended when using proxy setup. ## allows to set RhodeCode under a prefix in server. ## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well. ## And set your prefix like: `prefix = /custom_prefix` ## be sure to also set beaker.session.cookie_path = /custom_prefix if you need ## to make your cookies only work on prefix url [filter:proxy-prefix] use = egg:PasteDeploy#prefix prefix = / [app:main] ## The %(here)s variable will be replaced with the absolute path of parent directory ## of this file ## In addition ENVIRONMENT variables usage is possible, e.g ## sqlalchemy.db1.url = {ENV_RC_DB_URL} use = egg:rhodecode-enterprise-ce ## enable proxy prefix middleware, defined above #filter-with = proxy-prefix ## encryption key used to encrypt social plugin tokens, ## remote_urls with credentials etc, if not set it defaults to ## `beaker.session.secret` #rhodecode.encrypted_values.secret = ## decryption strict mode (enabled by default). It controls if decryption raises ## `SignatureVerificationError` in case of wrong key, or damaged encryption data. #rhodecode.encrypted_values.strict = false ## Pick algorithm for encryption. Either fernet (more secure) or aes (default) ## fernet is safer, and we strongly recommend switching to it. ## Due to backward compatibility aes is used as default. #rhodecode.encrypted_values.algorithm = fernet ## return gzipped responses from RhodeCode (static files/application) gzip_responses = false ## auto-generate javascript routes file on startup generate_js_files = false ## System global default language. ## All available languages: en(default), be, de, es, fr, it, ja, pl, pt, ru, zh lang = en ## Perform a full repository scan and import on each server start. ## Settings this to true could lead to very long startup time. startup.import_repos = false ## Uncomment and set this path to use archive download cache. ## Once enabled, generated archives will be cached at this location ## and served from the cache during subsequent requests for the same archive of ## the repository. #archive_cache_dir = /tmp/tarballcache ## URL at which the application is running. This is used for Bootstrapping ## requests in context when no web request is available. Used in ishell, or ## SSH calls. Set this for events to receive proper url for SSH calls. app.base_url = http://rhodecode.local ## Unique application ID. Should be a random unique string for security. app_instance_uuid = rc-production ## Cut off limit for large diffs (size in bytes). If overall diff size on ## commit, or pull request exceeds this limit this diff will be displayed ## partially. E.g 512000 == 512Kb cut_off_limit_diff = 512000 ## Cut off limit for large files inside diffs (size in bytes). Each individual ## file inside diff which exceeds this limit will be displayed partially. ## E.g 128000 == 128Kb cut_off_limit_file = 128000 ## use cached version of vcs repositories everywhere. Recommended to be `true` vcs_full_cache = true ## Force https in RhodeCode, fixes https redirects, assumes it's always https. ## Normally this is controlled by proper http flags sent from http server force_https = false ## use Strict-Transport-Security headers use_htsts = false ## git rev filter option, --all is the default filter, if you need to ## hide all refs in changelog switch this to --branches --tags git_rev_filter = --branches --tags # Set to true if your repos are exposed using the dumb protocol git_update_server_info = false ## RSS/ATOM feed options rss_cut_off_limit = 256000 rss_items_per_page = 10 rss_include_diff = false ## gist URL alias, used to create nicer urls for gist. This should be an ## url that does rewrites to _admin/gists/{gistid}. ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid} gist_alias_url = ## List of views (using glob pattern syntax) that AUTH TOKENS could be ## used for access. ## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it ## came from the the logged in user who own this authentication token. ## Additionally @TOKEN syntax can be used to bound the view to specific ## authentication token. Such view would be only accessible when used together ## with this authentication token ## ## list of all views can be found under `/_admin/permissions/auth_token_access` ## The list should be "," separated and on a single line. ## ## Most common views to enable: # RepoCommitsView:repo_commit_download # RepoCommitsView:repo_commit_patch # RepoCommitsView:repo_commit_raw # RepoCommitsView:repo_commit_raw@TOKEN # RepoFilesView:repo_files_diff # RepoFilesView:repo_archivefile # RepoFilesView:repo_file_raw # GistView:* api_access_controllers_whitelist = ## Default encoding used to convert from and to unicode ## can be also a comma separated list of encoding in case of mixed encodings default_encoding = UTF-8 ## instance-id prefix ## a prefix key for this instance used for cache invalidation when running ## multiple instances of RhodeCode, make sure it's globally unique for ## all running RhodeCode instances. Leave empty if you don't use it instance_id = ## Fallback authentication plugin. Set this to a plugin ID to force the usage ## of an authentication plugin also if it is disabled by it's settings. ## This could be useful if you are unable to log in to the system due to broken ## authentication settings. Then you can enable e.g. the internal RhodeCode auth ## module to log in again and fix the settings. ## ## Available builtin plugin IDs (hash is part of the ID): ## egg:rhodecode-enterprise-ce#rhodecode ## egg:rhodecode-enterprise-ce#pam ## egg:rhodecode-enterprise-ce#ldap ## egg:rhodecode-enterprise-ce#jasig_cas ## egg:rhodecode-enterprise-ce#headers ## egg:rhodecode-enterprise-ce#crowd #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode ## alternative return HTTP header for failed authentication. Default HTTP ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with ## handling that causing a series of failed authentication calls. ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code ## This will be served instead of default 401 on bad authentication auth_ret_code = ## use special detection method when serving auth_ret_code, instead of serving ## ret_code directly, use 401 initially (Which triggers credentials prompt) ## and then serve auth_ret_code to clients auth_ret_code_detection = false ## locking return code. When repository is locked return this HTTP code. 2XX ## codes don't break the transactions while 4XX codes do lock_ret_code = 423 ## allows to change the repository location in settings page allow_repo_location_change = true ## allows to setup custom hooks in settings page allow_custom_hooks_settings = true ## Generated license token required for EE edition license. ## New generated token value can be found in Admin > settings > license page. license_token = ## supervisor connection uri, for managing supervisor and logs. supervisor.uri = ## supervisord group name/id we only want this RC instance to handle supervisor.group_id = prod ## Display extended labs settings labs_settings_active = true ## Custom exception store path, defaults to TMPDIR ## This is used to store exception from RhodeCode in shared directory #exception_tracker.store_path = ## File store configuration. This is used to store and serve uploaded files file_store.enabled = true ## Storage backend, available options are: local file_store.backend = local ## path to store the uploaded binaries file_store.storage_path = %(here)s/data/file_store #################################### ### CELERY CONFIG #### #################################### ## run: /path/to/celery worker \ ## -E --beat --app rhodecode.lib.celerylib.loader \ ## --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler \ ## --loglevel DEBUG --ini /path/to/rhodecode.ini use_celery = false ## connection url to the message broker (default rabbitmq) celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost ## maximum tasks to execute before worker restart celery.max_tasks_per_child = 100 ## tasks will never be sent to the queue, but executed locally instead. celery.task_always_eager = false ##################################### ### DOGPILE CACHE #### ##################################### ## Default cache dir for caches. Putting this into a ramdisk ## can boost performance, eg. /tmpfs/data_ramdisk, however this directory might require ## large amount of space cache_dir = %(here)s/data ## `cache_perms` cache settings for permission tree, auth TTL. rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace rc_cache.cache_perms.expiration_time = 300 ## alternative `cache_perms` redis backend with distributed lock #rc_cache.cache_perms.backend = dogpile.cache.rc.redis #rc_cache.cache_perms.expiration_time = 300 ## redis_expiration_time needs to be greater then expiration_time #rc_cache.cache_perms.arguments.redis_expiration_time = 7200 #rc_cache.cache_perms.arguments.socket_timeout = 30 #rc_cache.cache_perms.arguments.host = localhost #rc_cache.cache_perms.arguments.port = 6379 #rc_cache.cache_perms.arguments.db = 0 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends #rc_cache.cache_perms.arguments.distributed_lock = true ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace rc_cache.cache_repo.expiration_time = 2592000 ## alternative `cache_repo` redis backend with distributed lock #rc_cache.cache_repo.backend = dogpile.cache.rc.redis #rc_cache.cache_repo.expiration_time = 2592000 ## redis_expiration_time needs to be greater then expiration_time #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400 #rc_cache.cache_repo.arguments.socket_timeout = 30 #rc_cache.cache_repo.arguments.host = localhost #rc_cache.cache_repo.arguments.port = 6379 #rc_cache.cache_repo.arguments.db = 1 ## more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends #rc_cache.cache_repo.arguments.distributed_lock = true ## cache settings for SQL queries, this needs to use memory type backend rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru rc_cache.sql_cache_short.expiration_time = 30 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory ## type backend as the objects kept are not pickle serializable rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru ## by default we use 96H, this is using invalidation on push anyway rc_cache.cache_repo_longterm.expiration_time = 345600 ## max items in LRU cache, reduce this number to save memory, and expire last used ## cached objects rc_cache.cache_repo_longterm.max_size = 10000 #################################### ### BEAKER SESSION #### #################################### ## .session.type is type of storage options for the session, current allowed ## types are file, ext:memcached, ext:redis, ext:database, and memory (default). beaker.session.type = file beaker.session.data_dir = %(here)s/data/sessions ## redis sessions #beaker.session.type = ext:redis #beaker.session.url = redis://127.0.0.1:6379/2 ## db based session, fast, and allows easy management over logged in users #beaker.session.type = ext:database #beaker.session.table_name = db_session #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode #beaker.session.sa.pool_recycle = 3600 #beaker.session.sa.echo = false beaker.session.key = rhodecode beaker.session.secret = production-rc-uytcxaz beaker.session.lock_dir = %(here)s/data/sessions/lock ## Secure encrypted cookie. Requires AES and AES python libraries ## you must disable beaker.session.secret to use this #beaker.session.encrypt_key = key_for_encryption #beaker.session.validate_key = validation_key ## sets session as invalid(also logging out user) if it haven not been ## accessed for given amount of time in seconds beaker.session.timeout = 2592000 beaker.session.httponly = true ## Path to use for the cookie. Set to prefix if you use prefix middleware #beaker.session.cookie_path = /custom_prefix ## uncomment for https secure cookie beaker.session.secure = false ## auto save the session to not to use .save() beaker.session.auto = false ## default cookie expiration time in seconds, set to `true` to set expire ## at browser close #beaker.session.cookie_expires = 3600 ################################### ## SEARCH INDEXING CONFIGURATION ## ################################### ## Full text search indexer is available in rhodecode-tools under ## `rhodecode-tools index` command ## WHOOSH Backend, doesn't require additional services to run ## it works good with few dozen repos search.module = rhodecode.lib.index.whoosh search.location = %(here)s/data/index ######################################## ### CHANNELSTREAM CONFIG #### ######################################## ## channelstream enables persistent connections and live notification ## in the system. It's also used by the chat system channelstream.enabled = false ## server address for channelstream server on the backend channelstream.server = 127.0.0.1:9800 ## location of the channelstream server from outside world ## use ws:// for http or wss:// for https. This address needs to be handled ## by external HTTP server such as Nginx or Apache ## see Nginx/Apache configuration examples in our docs channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream channelstream.secret = secret channelstream.history.location = %(here)s/channelstream_history ## Internal application path that Javascript uses to connect into. ## If you use proxy-prefix the prefix should be added before /_channelstream channelstream.proxy_path = /_channelstream ################################### ## APPENLIGHT CONFIG ## ################################### ## Appenlight is tailored to work with RhodeCode, see ## http://appenlight.com for details how to obtain an account ## Appenlight integration enabled appenlight = false appenlight.server_url = https://api.appenlight.com appenlight.api_key = YOUR_API_KEY #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5 ## used for JS client appenlight.api_public_key = YOUR_API_PUBLIC_KEY ## TWEAK AMOUNT OF INFO SENT HERE ## enables 404 error logging (default False) appenlight.report_404 = false ## time in seconds after request is considered being slow (default 1) appenlight.slow_request_time = 1 ## record slow requests in application ## (needs to be enabled for slow datastore recording and time tracking) appenlight.slow_requests = true ## enable hooking to application loggers appenlight.logging = true ## minimum log level for log capture appenlight.logging.level = WARNING ## send logs only from erroneous/slow requests ## (saves API quota for intensive logging) appenlight.logging_on_error = false ## list of additional keywords that should be grabbed from environ object ## can be string with comma separated list of words in lowercase ## (by default client will always send following info: ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that ## start with HTTP* this list be extended with additional keywords here appenlight.environ_keys_whitelist = ## list of keywords that should be blanked from request object ## can be string with comma separated list of words in lowercase ## (by default client will always blank keys that contain following words ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf' ## this list be extended with additional keywords set here appenlight.request_keys_blacklist = ## list of namespaces that should be ignores when gathering log entries ## can be string with comma separated list of namespaces ## (by default the client ignores own entries: appenlight_client.client) appenlight.log_namespace_blacklist = ########################################### ### MAIN RHODECODE DATABASE CONFIG ### ########################################### #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8 # pymysql is an alternative driver for MySQL, use in case of problems with default one #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode # see sqlalchemy docs for other advanced settings ## print the sql statements to output sqlalchemy.db1.echo = false ## recycle the connections after this amount of seconds sqlalchemy.db1.pool_recycle = 3600 sqlalchemy.db1.convert_unicode = true ## the number of connections to keep open inside the connection pool. ## 0 indicates no limit #sqlalchemy.db1.pool_size = 5 ## the number of connections to allow in connection pool "overflow", that is ## connections that can be opened above and beyond the pool_size setting, ## which defaults to five. #sqlalchemy.db1.max_overflow = 10 ## Connection check ping, used to detect broken database connections ## could be enabled to better handle cases if MySQL has gone away errors #sqlalchemy.db1.ping_connection = true ################## ### VCS CONFIG ### ################## vcs.server.enable = true vcs.server = localhost:9900 ## Web server connectivity protocol, responsible for web based VCS operations ## Available protocols are: ## `http` - use http-rpc backend (default) vcs.server.protocol = http ## Push/Pull operations protocol, available options are: ## `http` - use http-rpc backend (default) vcs.scm_app_implementation = http ## Push/Pull operations hooks protocol, available options are: ## `http` - use http-rpc backend (default) vcs.hooks.protocol = http ## Host on which this instance is listening for hooks. If vcsserver is in other location ## this should be adjusted. vcs.hooks.host = 127.0.0.1 vcs.server.log_level = info ## Start VCSServer with this instance as a subprocess, useful for development vcs.start_server = false ## List of enabled VCS backends, available options are: ## `hg` - mercurial ## `git` - git ## `svn` - subversion vcs.backends = hg, git, svn vcs.connection_timeout = 3600 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out. ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible #vcs.svn.compatible_version = pre-1.8-compatible ############################################################ ### Subversion proxy support (mod_dav_svn) ### ### Maps RhodeCode repo groups into SVN paths for Apache ### ############################################################ ## Enable or disable the config file generation. svn.proxy.generate_config = false ## Generate config file with `SVNListParentPath` set to `On`. svn.proxy.list_parent_path = true ## Set location and file name of generated config file. svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf ## alternative mod_dav config template. This needs to be a mako template #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako ## Used as a prefix to the `Location` block in the generated config file. ## In most cases it should be set to `/`. svn.proxy.location_root = / ## Command to reload the mod dav svn configuration on change. ## Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh ## Make sure user who runs RhodeCode process is allowed to reload Apache #svn.proxy.reload_cmd = /etc/init.d/apache2 reload ## If the timeout expires before the reload command finishes, the command will ## be killed. Setting it to zero means no timeout. Defaults to 10 seconds. #svn.proxy.reload_timeout = 10 ############################################################ ### SSH Support Settings ### ############################################################ ## Defines if a custom authorized_keys file should be created and written on ## any change user ssh keys. Setting this to false also disables possibility ## of adding SSH keys by users from web interface. Super admins can still ## manage SSH Keys. ssh.generate_authorized_keyfile = false ## Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding` # ssh.authorized_keys_ssh_opts = ## Path to the authorized_keys file where the generate entries are placed. ## It is possible to have multiple key files specified in `sshd_config` e.g. ## AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode ## Command to execute the SSH wrapper. The binary is available in the ## RhodeCode installation directory. ## e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper ## Allow shell when executing the ssh-wrapper command ssh.wrapper_cmd_allow_shell = false ## Enables logging, and detailed output send back to the client during SSH ## operations. Useful for debugging, shouldn't be used in production. ssh.enable_debug_logging = false ## Paths to binary executable, by default they are the names, but we can ## override them if we want to use a custom one ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve ## Enables SSH key generator web interface. Disabling this still allows users ## to add their own keys. ssh.enable_ui_key_generator = true ## Dummy marker to add new entries after. ## Add any custom entries below. Please don't remove. custom.conf = 1 ################################ ### LOGGING CONFIGURATION #### ################################ [loggers] keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper [handlers] keys = console, console_sql [formatters] keys = generic, color_formatter, color_formatter_sql ############# ## LOGGERS ## ############# [logger_root] level = NOTSET handlers = console [logger_sqlalchemy] level = INFO handlers = console_sql qualname = sqlalchemy.engine propagate = 0 [logger_beaker] level = DEBUG handlers = qualname = beaker.container propagate = 1 [logger_rhodecode] level = DEBUG handlers = qualname = rhodecode propagate = 1 [logger_ssh_wrapper] level = DEBUG handlers = qualname = ssh_wrapper propagate = 1 [logger_celery] level = DEBUG handlers = qualname = celery ############## ## HANDLERS ## ############## [handler_console] class = StreamHandler args = (sys.stderr, ) level = INFO formatter = generic [handler_console_sql] # "level = DEBUG" logs SQL queries and results. # "level = INFO" logs SQL queries. # "level = WARN" logs neither. (Recommended for production systems.) class = StreamHandler args = (sys.stderr, ) level = WARN formatter = generic ################ ## FORMATTERS ## ################ [formatter_generic] class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s datefmt = %Y-%m-%d %H:%M:%S [formatter_color_formatter] class = rhodecode.lib.logging_formatter.ColorFormatter format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s datefmt = %Y-%m-%d %H:%M:%S [formatter_color_formatter_sql] class = rhodecode.lib.logging_formatter.ColorFormatterSql format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s datefmt = %Y-%m-%d %H:%M:%S