##// END OF EJS Templates
rhodecode-enterprise-docker
RSS
configs: added per-version configs for docker setup
super-admin -
Show More
Show file before | Show file after | Hide comments
This diff has been collapsed as it changes many lines, (807 lines changed) Show them Hide them
@@ -0,0 +1,807 b''
1
2 ; ##########################################
3 ; RHODECODE ENTERPRISE EDITION CONFIGURATION
4 ; ##########################################
5
6 [DEFAULT]
7 ; Debug flag sets all loggers to debug, and enables request tracking
8 debug = false
9
10 ; ########################################################################
11 ; EMAIL CONFIGURATION
12 ; These settings will be used by the RhodeCode mailing system
13 ; ########################################################################
14
15 ; prefix all emails subjects with given prefix, helps filtering out emails
16 email_prefix = [RhodeCode]
17
18 ; email FROM address all mails will be sent
19 #app_email_from = rhodecode-noreply@localhost
20
21 #smtp_server = mail.server.com
22 #smtp_username =
23 #smtp_password =
24 #smtp_port =
25 #smtp_use_tls = false
26 #smtp_use_ssl = true
27
28 [server:main]
29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
30 ; Host port for gunicorn are controlled by gunicorn_conf.py
31 host = 0.0.0.0
32 port = 10020
33
34
35 ; ###########################
36 ; GUNICORN APPLICATION SERVER
37 ; ###########################
38
39 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
40
41 ; Module to use, this setting shouldn't be changed
42 use = egg:gunicorn#main
43
44 ; Sets the number of process workers. More workers means more concurrent connections
45 ; RhodeCode can handle at the same time. Each additional worker also it increases
46 ; memory usage as each has it's own set of caches.
47 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
48 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
49 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
50 ; when using more than 1 worker.
51 workers = 2
52
53 ; Gunicorn access log level
54 loglevel = info
55
56 ; Process name visible in process list
57 proc_name = rhodecode
58
59 ; Type of worker class, one of `sync`, `gevent`
60 ; Recommended type is `gevent`
61 worker_class = gevent
62
63 ; The maximum number of simultaneous clients per worker. Valid only for gevent
64 worker_connections = 10
65
66 ; Max number of requests that worker will handle before being gracefully restarted.
67 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
68 max_requests = 1000
69 max_requests_jitter = 30
70
71 ; Amount of time a worker can spend with handling a request before it
72 ; gets killed and restarted. By default set to 21600 (6hrs)
73 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
74 timeout = 21600
75
76 ; The maximum size of HTTP request line in bytes.
77 ; 0 for unlimited
78 limit_request_line = 0
79
80 ; Limit the number of HTTP headers fields in a request.
81 ; By default this value is 100 and can't be larger than 32768.
82 limit_request_fields = 32768
83
84 ; Limit the allowed size of an HTTP request header field.
85 ; Value is a positive number or 0.
86 ; Setting it to 0 will allow unlimited header field sizes.
87 limit_request_field_size = 0
88
89 ; Timeout for graceful workers restart.
90 ; After receiving a restart signal, workers have this much time to finish
91 ; serving requests. Workers still alive after the timeout (starting from the
92 ; receipt of the restart signal) are force killed.
93 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
94 graceful_timeout = 3600
95
96 # The number of seconds to wait for requests on a Keep-Alive connection.
97 # Generally set in the 1-5 seconds range.
98 keepalive = 2
99
100 ; Maximum memory usage that each worker can use before it will receive a
101 ; graceful restart signal 0 = memory monitoring is disabled
102 ; Examples: 268435456 (256MB), 536870912 (512MB)
103 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
104 memory_max_usage = 0
105
106 ; How often in seconds to check for memory usage for each gunicorn worker
107 memory_usage_check_interval = 60
108
109 ; Threshold value for which we don't recycle worker if GarbageCollection
110 ; frees up enough resources. Before each restart we try to run GC on worker
111 ; in case we get enough free memory after that, restart will not happen.
112 memory_usage_recovery_threshold = 0.8
113
114
115 ; Prefix middleware for RhodeCode.
116 ; recommended when using proxy setup.
117 ; allows to set RhodeCode under a prefix in server.
118 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
119 ; And set your prefix like: `prefix = /custom_prefix`
120 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
121 ; to make your cookies only work on prefix url
122 [filter:proxy-prefix]
123 use = egg:PasteDeploy#prefix
124 prefix = /
125
126 [app:main]
127 ; The %(here)s variable will be replaced with the absolute path of parent directory
128 ; of this file
129 ; In addition ENVIRONMENT variables usage is possible, e.g
130 ; sqlalchemy.db1.url = {ENV_RC_DB_URL}
131
132 use = egg:rhodecode-enterprise-ee
133
134 ; enable proxy prefix middleware, defined above
135 #filter-with = proxy-prefix
136
137 ; encryption key used to encrypt social plugin tokens,
138 ; remote_urls with credentials etc, if not set it defaults to
139 ; `beaker.session.secret`
140 #rhodecode.encrypted_values.secret =
141
142 ; decryption strict mode (enabled by default). It controls if decryption raises
143 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
144 #rhodecode.encrypted_values.strict = false
145
146 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
147 ; fernet is safer, and we strongly recommend switching to it.
148 ; Due to backward compatibility aes is used as default.
149 #rhodecode.encrypted_values.algorithm = fernet
150
151 ; Return gzipped responses from RhodeCode (static files/application)
152 gzip_responses = false
153
154 ; Auto-generate javascript routes file on startup
155 generate_js_files = false
156
157 ; System global default language.
158 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
159 lang = en
160
161 ; Perform a full repository scan and import on each server start.
162 ; Settings this to true could lead to very long startup time.
163 startup.import_repos = false
164
165 ; Uncomment and set this path to use archive download cache.
166 ; Once enabled, generated archives will be cached at this location
167 ; and served from the cache during subsequent requests for the same archive of
168 ; the repository.
169 #archive_cache_dir = /tmp/tarballcache
170
171 ; URL at which the application is running. This is used for Bootstrapping
172 ; requests in context when no web request is available. Used in ishell, or
173 ; SSH calls. Set this for events to receive proper url for SSH calls.
174 app.base_url = http://rhodecode.local
175
176 ; Unique application ID. Should be a random unique string for security.
177 app_instance_uuid = rc-production
178
179 ; Cut off limit for large diffs (size in bytes). If overall diff size on
180 ; commit, or pull request exceeds this limit this diff will be displayed
181 ; partially. E.g 512000 == 512Kb
182 cut_off_limit_diff = 512000
183
184 ; Cut off limit for large files inside diffs (size in bytes). Each individual
185 ; file inside diff which exceeds this limit will be displayed partially.
186 ; E.g 128000 == 128Kb
187 cut_off_limit_file = 128000
188
189 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
190 vcs_full_cache = true
191
192 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
193 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
194 force_https = false
195
196 ; use Strict-Transport-Security headers
197 use_htsts = false
198
199 ; Set to true if your repos are exposed using the dumb protocol
200 git_update_server_info = false
201
202 ; RSS/ATOM feed options
203 rss_cut_off_limit = 256000
204 rss_items_per_page = 10
205 rss_include_diff = false
206
207 ; gist URL alias, used to create nicer urls for gist. This should be an
208 ; url that does rewrites to _admin/gists/{gistid}.
209 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
210 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
211 gist_alias_url =
212
213 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
214 ; used for access.
215 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
216 ; came from the the logged in user who own this authentication token.
217 ; Additionally @TOKEN syntax can be used to bound the view to specific
218 ; authentication token. Such view would be only accessible when used together
219 ; with this authentication token
220 ; list of all views can be found under `/_admin/permissions/auth_token_access`
221 ; The list should be "," separated and on a single line.
222 ; Most common views to enable:
223
224 # RepoCommitsView:repo_commit_download
225 # RepoCommitsView:repo_commit_patch
226 # RepoCommitsView:repo_commit_raw
227 # RepoCommitsView:repo_commit_raw@TOKEN
228 # RepoFilesView:repo_files_diff
229 # RepoFilesView:repo_archivefile
230 # RepoFilesView:repo_file_raw
231 # GistView:*
232 api_access_controllers_whitelist =
233
234 ; Default encoding used to convert from and to unicode
235 ; can be also a comma separated list of encoding in case of mixed encodings
236 default_encoding = UTF-8
237
238 ; instance-id prefix
239 ; a prefix key for this instance used for cache invalidation when running
240 ; multiple instances of RhodeCode, make sure it's globally unique for
241 ; all running RhodeCode instances. Leave empty if you don't use it
242 instance_id =
243
244 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
245 ; of an authentication plugin also if it is disabled by it's settings.
246 ; This could be useful if you are unable to log in to the system due to broken
247 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
248 ; module to log in again and fix the settings.
249 ; Available builtin plugin IDs (hash is part of the ID):
250 ; egg:rhodecode-enterprise-ce#rhodecode
251 ; egg:rhodecode-enterprise-ce#pam
252 ; egg:rhodecode-enterprise-ce#ldap
253 ; egg:rhodecode-enterprise-ce#jasig_cas
254 ; egg:rhodecode-enterprise-ce#headers
255 ; egg:rhodecode-enterprise-ce#crowd
256
257 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
258
259 ; Flag to control loading of legacy plugins in py:/path format
260 auth_plugin.import_legacy_plugins = true
261
262 ; alternative return HTTP header for failed authentication. Default HTTP
263 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
264 ; handling that causing a series of failed authentication calls.
265 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
266 ; This will be served instead of default 401 on bad authentication
267 auth_ret_code =
268
269 ; use special detection method when serving auth_ret_code, instead of serving
270 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
271 ; and then serve auth_ret_code to clients
272 auth_ret_code_detection = false
273
274 ; locking return code. When repository is locked return this HTTP code. 2XX
275 ; codes don't break the transactions while 4XX codes do
276 lock_ret_code = 423
277
278 ; allows to change the repository location in settings page
279 allow_repo_location_change = true
280
281 ; allows to setup custom hooks in settings page
282 allow_custom_hooks_settings = true
283
284 ; Generated license token required for EE edition license.
285 ; New generated token value can be found in Admin > settings > license page.
286 license_token =
287
288 ; This flag hides sensitive information on the license page such as token, and license data
289 license.hide_license_info = false
290
291 ; supervisor connection uri, for managing supervisor and logs.
292 supervisor.uri =
293
294 ; supervisord group name/id we only want this RC instance to handle
295 supervisor.group_id = prod
296
297 ; Display extended labs settings
298 labs_settings_active = true
299
300 ; Custom exception store path, defaults to TMPDIR
301 ; This is used to store exception from RhodeCode in shared directory
302 #exception_tracker.store_path =
303
304 ; Send email with exception details when it happens
305 #exception_tracker.send_email = false
306
307 ; Comma separated list of recipients for exception emails,
308 ; e.g admin@rhodecode.com,devops@rhodecode.com
309 ; Can be left empty, then emails will be sent to ALL super-admins
310 #exception_tracker.send_email_recipients =
311
312 ; optional prefix to Add to email Subject
313 #exception_tracker.email_prefix = [RHODECODE ERROR]
314
315 ; File store configuration. This is used to store and serve uploaded files
316 file_store.enabled = true
317
318 ; Storage backend, available options are: local
319 file_store.backend = local
320
321 ; path to store the uploaded binaries
322 file_store.storage_path = %(here)s/data/file_store
323
324
325 ; #############
326 ; CELERY CONFIG
327 ; #############
328
329 ; manually run celery: /path/to/celery worker -E --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
330
331 use_celery = false
332
333 ; connection url to the message broker (default redis)
334 celery.broker_url = redis://localhost:6379/8
335
336 ; rabbitmq example
337 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
338
339 ; maximum tasks to execute before worker restart
340 celery.max_tasks_per_child = 100
341
342 ; tasks will never be sent to the queue, but executed locally instead.
343 celery.task_always_eager = false
344
345 ; #############
346 ; DOGPILE CACHE
347 ; #############
348
349 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
350 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
351 cache_dir = %(here)s/data
352
353 ; *********************************************
354 ; `sql_cache_short` cache for heavy SQL queries
355 ; Only supported backend is `memory_lru`
356 ; *********************************************
357 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
358 rc_cache.sql_cache_short.expiration_time = 30
359
360
361 ; *****************************************************
362 ; `cache_repo_longterm` cache for repo object instances
363 ; Only supported backend is `memory_lru`
364 ; *****************************************************
365 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
366 ; by default we use 30 Days, cache is still invalidated on push
367 rc_cache.cache_repo_longterm.expiration_time = 2592000
368 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
369 rc_cache.cache_repo_longterm.max_size = 10000
370
371
372 ; *************************************************
373 ; `cache_perms` cache for permission tree, auth TTL
374 ; *************************************************
375 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
376 rc_cache.cache_perms.expiration_time = 300
377 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
378 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms.db
379
380 ; alternative `cache_perms` redis backend with distributed lock
381 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
382 #rc_cache.cache_perms.expiration_time = 300
383
384 ; redis_expiration_time needs to be greater then expiration_time
385 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
386
387 #rc_cache.cache_perms.arguments.host = localhost
388 #rc_cache.cache_perms.arguments.port = 6379
389 #rc_cache.cache_perms.arguments.db = 0
390 #rc_cache.cache_perms.arguments.socket_timeout = 30
391 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
392 #rc_cache.cache_perms.arguments.distributed_lock = true
393
394
395 ; ***************************************************
396 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
397 ; ***************************************************
398 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
399 rc_cache.cache_repo.expiration_time = 2592000
400 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
401 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo.db
402
403 ; alternative `cache_repo` redis backend with distributed lock
404 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
405 #rc_cache.cache_repo.expiration_time = 2592000
406
407 ; redis_expiration_time needs to be greater then expiration_time
408 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
409
410 #rc_cache.cache_repo.arguments.host = localhost
411 #rc_cache.cache_repo.arguments.port = 6379
412 #rc_cache.cache_repo.arguments.db = 1
413 #rc_cache.cache_repo.arguments.socket_timeout = 30
414 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
415 #rc_cache.cache_repo.arguments.distributed_lock = true
416
417
418 ; ##############
419 ; BEAKER SESSION
420 ; ##############
421
422 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
423 ; types are file, ext:redis, ext:database, ext:memcached, and memory (default if not specified).
424 ; Fastest ones are Redis and ext:database
425 beaker.session.type = file
426 beaker.session.data_dir = %(here)s/data/sessions
427
428 ; Redis based sessions
429 #beaker.session.type = ext:redis
430 #beaker.session.url = redis://127.0.0.1:6379/2
431
432 ; DB based session, fast, and allows easy management over logged in users
433 #beaker.session.type = ext:database
434 #beaker.session.table_name = db_session
435 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
436 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
437 #beaker.session.sa.pool_recycle = 3600
438 #beaker.session.sa.echo = false
439
440 beaker.session.key = rhodecode
441 beaker.session.secret = production-rc-uytcxaz
442 beaker.session.lock_dir = %(here)s/data/sessions/lock
443
444 ; Secure encrypted cookie. Requires AES and AES python libraries
445 ; you must disable beaker.session.secret to use this
446 #beaker.session.encrypt_key = key_for_encryption
447 #beaker.session.validate_key = validation_key
448
449 ; Sets session as invalid (also logging out user) if it haven not been
450 ; accessed for given amount of time in seconds
451 beaker.session.timeout = 2592000
452 beaker.session.httponly = true
453
454 ; Path to use for the cookie. Set to prefix if you use prefix middleware
455 #beaker.session.cookie_path = /custom_prefix
456
457 ; Set https secure cookie
458 beaker.session.secure = false
459
460 ; default cookie expiration time in seconds, set to `true` to set expire
461 ; at browser close
462 #beaker.session.cookie_expires = 3600
463
464 ; #############################
465 ; SEARCH INDEXING CONFIGURATION
466 ; #############################
467
468 ; Full text search indexer is available in rhodecode-tools under
469 ; `rhodecode-tools index` command
470
471 ; WHOOSH Backend, doesn't require additional services to run
472 ; it works good with few dozen repos
473 search.module = rhodecode.lib.index.whoosh
474 search.location = %(here)s/data/index
475
476 ; ElasticSearch (EE edition only). Requires Elastic Search cluster
477 ; to be installed, and running. Recommended for large amount of repositories
478 #search.module = rc_elasticsearch
479 #search.location = http://localhost:9200
480 ; specify Elastic Search version, 6 for latest or 2 for legacy
481 #search.es_version = 6
482
483 ; ####################
484 ; CHANNELSTREAM CONFIG
485 ; ####################
486
487 ; channelstream enables persistent connections and live notification
488 ; in the system. It's also used by the chat system
489
490 channelstream.enabled = false
491
492 ; server address for channelstream server on the backend
493 channelstream.server = 127.0.0.1:9800
494
495 ; location of the channelstream server from outside world
496 ; use ws:// for http or wss:// for https. This address needs to be handled
497 ; by external HTTP server such as Nginx or Apache
498 ; see Nginx/Apache configuration examples in our docs
499 channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
500 channelstream.secret = secret
501 channelstream.history.location = %(here)s/channelstream_history
502
503 ; Internal application path that Javascript uses to connect into.
504 ; If you use proxy-prefix the prefix should be added before /_channelstream
505 channelstream.proxy_path = /_channelstream
506
507 ; Live chat for commits/pull requests. Requires CHANNELSTREAM to be enabled
508 ; and configured. (EE edition only)
509 chat.enabled = false
510
511
512 ; ##############################
513 ; MAIN RHODECODE DATABASE CONFIG
514 ; ##############################
515
516 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
517 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
518 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
519 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
520 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
521
522 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
523
524 ; see sqlalchemy docs for other advanced settings
525 ; print the sql statements to output
526 sqlalchemy.db1.echo = false
527
528 ; recycle the connections after this amount of seconds
529 sqlalchemy.db1.pool_recycle = 3600
530 sqlalchemy.db1.convert_unicode = true
531
532 ; the number of connections to keep open inside the connection pool.
533 ; 0 indicates no limit
534 #sqlalchemy.db1.pool_size = 5
535
536 ; The number of connections to allow in connection pool "overflow", that is
537 ; connections that can be opened above and beyond the pool_size setting,
538 ; which defaults to five.
539 #sqlalchemy.db1.max_overflow = 10
540
541 ; Connection check ping, used to detect broken database connections
542 ; could be enabled to better handle cases if MySQL has gone away errors
543 #sqlalchemy.db1.ping_connection = true
544
545 ; ##########
546 ; VCS CONFIG
547 ; ##########
548 vcs.server.enable = true
549 vcs.server = localhost:9900
550
551 ; Web server connectivity protocol, responsible for web based VCS operations
552 ; Available protocols are:
553 ; `http` - use http-rpc backend (default)
554 vcs.server.protocol = http
555
556 ; Push/Pull operations protocol, available options are:
557 ; `http` - use http-rpc backend (default)
558 vcs.scm_app_implementation = http
559
560 ; Push/Pull operations hooks protocol, available options are:
561 ; `http` - use http-rpc backend (default)
562 vcs.hooks.protocol = http
563
564 ; Host on which this instance is listening for hooks. If vcsserver is in other location
565 ; this should be adjusted.
566 vcs.hooks.host = 127.0.0.1
567
568 ; Start VCSServer with this instance as a subprocess, useful for development
569 vcs.start_server = false
570
571 ; List of enabled VCS backends, available options are:
572 ; `hg` - mercurial
573 ; `git` - git
574 ; `svn` - subversion
575 vcs.backends = hg, git, svn
576
577 ; Wait this number of seconds before killing connection to the vcsserver
578 vcs.connection_timeout = 3600
579
580 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
581 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
582 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
583 #vcs.svn.compatible_version = 1.8
584
585
586 ; ####################################################
587 ; Subversion proxy support (mod_dav_svn)
588 ; Maps RhodeCode repo groups into SVN paths for Apache
589 ; ####################################################
590
591 ; Enable or disable the config file generation.
592 svn.proxy.generate_config = false
593
594 ; Generate config file with `SVNListParentPath` set to `On`.
595 svn.proxy.list_parent_path = true
596
597 ; Set location and file name of generated config file.
598 svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
599
600 ; alternative mod_dav config template. This needs to be a valid mako template
601 ; Example template can be found in the source code:
602 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
603 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
604
605 ; Used as a prefix to the `Location` block in the generated config file.
606 ; In most cases it should be set to `/`.
607 svn.proxy.location_root = /
608
609 ; Command to reload the mod dav svn configuration on change.
610 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
611 ; Make sure user who runs RhodeCode process is allowed to reload Apache
612 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
613
614 ; If the timeout expires before the reload command finishes, the command will
615 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
616 #svn.proxy.reload_timeout = 10
617
618 ; ####################
619 ; SSH Support Settings
620 ; ####################
621
622 ; Defines if a custom authorized_keys file should be created and written on
623 ; any change user ssh keys. Setting this to false also disables possibility
624 ; of adding SSH keys by users from web interface. Super admins can still
625 ; manage SSH Keys.
626 ssh.generate_authorized_keyfile = false
627
628 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
629 # ssh.authorized_keys_ssh_opts =
630
631 ; Path to the authorized_keys file where the generate entries are placed.
632 ; It is possible to have multiple key files specified in `sshd_config` e.g.
633 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
634 ssh.authorized_keys_file_path = ~/.ssh/authorized_keys_rhodecode
635
636 ; Command to execute the SSH wrapper. The binary is available in the
637 ; RhodeCode installation directory.
638 ; e.g ~/.rccontrol/community-1/profile/bin/rc-ssh-wrapper
639 ssh.wrapper_cmd = ~/.rccontrol/community-1/rc-ssh-wrapper
640
641 ; Allow shell when executing the ssh-wrapper command
642 ssh.wrapper_cmd_allow_shell = false
643
644 ; Enables logging, and detailed output send back to the client during SSH
645 ; operations. Useful for debugging, shouldn't be used in production.
646 ssh.enable_debug_logging = false
647
648 ; Paths to binary executable, by default they are the names, but we can
649 ; override them if we want to use a custom one
650 ssh.executable.hg = ~/.rccontrol/vcsserver-1/profile/bin/hg
651 ssh.executable.git = ~/.rccontrol/vcsserver-1/profile/bin/git
652 ssh.executable.svn = ~/.rccontrol/vcsserver-1/profile/bin/svnserve
653
654 ; Enables SSH key generator web interface. Disabling this still allows users
655 ; to add their own keys.
656 ssh.enable_ui_key_generator = true
657
658
659 ; #################
660 ; APPENLIGHT CONFIG
661 ; #################
662
663 ; Appenlight is tailored to work with RhodeCode, see
664 ; http://appenlight.rhodecode.com for details how to obtain an account
665
666 ; Appenlight integration enabled
667 appenlight = false
668
669 appenlight.server_url = https://api.appenlight.com
670 appenlight.api_key = YOUR_API_KEY
671 #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
672
673 ; used for JS client
674 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
675
676 ; TWEAK AMOUNT OF INFO SENT HERE
677
678 ; enables 404 error logging (default False)
679 appenlight.report_404 = false
680
681 ; time in seconds after request is considered being slow (default 1)
682 appenlight.slow_request_time = 1
683
684 ; record slow requests in application
685 ; (needs to be enabled for slow datastore recording and time tracking)
686 appenlight.slow_requests = true
687
688 ; enable hooking to application loggers
689 appenlight.logging = true
690
691 ; minimum log level for log capture
692 appenlight.logging.level = WARNING
693
694 ; send logs only from erroneous/slow requests
695 ; (saves API quota for intensive logging)
696 appenlight.logging_on_error = false
697
698 ; list of additional keywords that should be grabbed from environ object
699 ; can be string with comma separated list of words in lowercase
700 ; (by default client will always send following info:
701 ; 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
702 ; start with HTTP* this list be extended with additional keywords here
703 appenlight.environ_keys_whitelist =
704
705 ; list of keywords that should be blanked from request object
706 ; can be string with comma separated list of words in lowercase
707 ; (by default client will always blank keys that contain following words
708 ; 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
709 ; this list be extended with additional keywords set here
710 appenlight.request_keys_blacklist =
711
712 ; list of namespaces that should be ignores when gathering log entries
713 ; can be string with comma separated list of namespaces
714 ; (by default the client ignores own entries: appenlight_client.client)
715 appenlight.log_namespace_blacklist =
716
717 ; Dummy marker to add new entries after.
718 ; Add any custom entries below. Please don't remove this marker.
719 custom.conf = 1
720
721
722 ; #####################
723 ; LOGGING CONFIGURATION
724 ; #####################
725 [loggers]
726 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
727
728 [handlers]
729 keys = console, console_sql
730
731 [formatters]
732 keys = generic, color_formatter, color_formatter_sql
733
734 ; #######
735 ; LOGGERS
736 ; #######
737 [logger_root]
738 level = NOTSET
739 handlers = console
740
741 [logger_sqlalchemy]
742 level = INFO
743 handlers = console_sql
744 qualname = sqlalchemy.engine
745 propagate = 0
746
747 [logger_beaker]
748 level = DEBUG
749 handlers =
750 qualname = beaker.container
751 propagate = 1
752
753 [logger_rhodecode]
754 level = DEBUG
755 handlers =
756 qualname = rhodecode
757 propagate = 1
758
759 [logger_ssh_wrapper]
760 level = DEBUG
761 handlers =
762 qualname = ssh_wrapper
763 propagate = 1
764
765 [logger_celery]
766 level = DEBUG
767 handlers =
768 qualname = celery
769
770
771 ; ########
772 ; HANDLERS
773 ; ########
774
775 [handler_console]
776 class = StreamHandler
777 args = (sys.stderr, )
778 level = INFO
779 formatter = generic
780
781 [handler_console_sql]
782 ; "level = DEBUG" logs SQL queries and results.
783 ; "level = INFO" logs SQL queries.
784 ; "level = WARN" logs neither. (Recommended for production systems.)
785 class = StreamHandler
786 args = (sys.stderr, )
787 level = WARN
788 formatter = generic
789
790 ; ##########
791 ; FORMATTERS
792 ; ##########
793
794 [formatter_generic]
795 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
796 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
797 datefmt = %Y-%m-%d %H:%M:%S
798
799 [formatter_color_formatter]
800 class = rhodecode.lib.logging_formatter.ColorFormatter
801 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
802 datefmt = %Y-%m-%d %H:%M:%S
803
804 [formatter_color_formatter_sql]
805 class = rhodecode.lib.logging_formatter.ColorFormatterSql
806 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
807 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
@@ -0,0 +1,212 b''
1
2 ; #################################
3 ; RHODECODE VCSSERVER CONFIGURATION
4 ; #################################
5
6 [server:main]
7 ; COMMON HOST/IP CONFIG
8 host = 0.0.0.0
9 port = 10010
10
11
12 ; ###########################
13 ; GUNICORN APPLICATION SERVER
14 ; ###########################
15
16 ; run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini
17
18 ; Module to use, this setting shouldn't be changed
19 use = egg:gunicorn#main
20
21 ; Sets the number of process workers. More workers means more concurrent connections
22 ; RhodeCode can handle at the same time. Each additional worker also it increases
23 ; memory usage as each has it's own set of caches.
24 ; Recommended value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers, but no more
25 ; than 8-10 unless for really big deployments .e.g 700-1000 users.
26 ; `instance_id = *` must be set in the [app:main] section below (which is the default)
27 ; when using more than 1 worker.
28 workers = 2
29
30 ; Gunicorn access log level
31 loglevel = info
32
33 ; Process name visible in process list
34 proc_name = rhodecode_vcsserver
35
36 ; Type of worker class, one of `sync`, `gevent`
37 ; currently `sync` is the only option allowed.
38 worker_class = sync
39
40 ; The maximum number of simultaneous clients. Valid only for gevent
41 worker_connections = 10
42
43 ; Max number of requests that worker will handle before being gracefully restarted.
44 ; Prevents memory leaks, jitter adds variability so not all workers are restarted at once.
45 max_requests = 1000
46 max_requests_jitter = 30
47
48 ; Amount of time a worker can spend with handling a request before it
49 ; gets killed and restarted. By default set to 21600 (6hrs)
50 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
51 timeout = 21600
52
53 ; The maximum size of HTTP request line in bytes.
54 ; 0 for unlimited
55 limit_request_line = 0
56
57 ; Limit the number of HTTP headers fields in a request.
58 ; By default this value is 100 and can't be larger than 32768.
59 limit_request_fields = 32768
60
61 ; Limit the allowed size of an HTTP request header field.
62 ; Value is a positive number or 0.
63 ; Setting it to 0 will allow unlimited header field sizes.
64 limit_request_field_size = 0
65
66 ; Timeout for graceful workers restart.
67 ; After receiving a restart signal, workers have this much time to finish
68 ; serving requests. Workers still alive after the timeout (starting from the
69 ; receipt of the restart signal) are force killed.
70 ; Examples: 1800 (30min), 3600 (1hr), 7200 (2hr), 43200 (12h)
71 graceful_timeout = 3600
72
73 # The number of seconds to wait for requests on a Keep-Alive connection.
74 # Generally set in the 1-5 seconds range.
75 keepalive = 2
76
77 ; Maximum memory usage that each worker can use before it will receive a
78 ; graceful restart signal 0 = memory monitoring is disabled
79 ; Examples: 268435456 (256MB), 536870912 (512MB)
80 ; 1073741824 (1GB), 2147483648 (2GB), 4294967296 (4GB)
81 memory_max_usage = 0
82
83 ; How often in seconds to check for memory usage for each gunicorn worker
84 memory_usage_check_interval = 60
85
86 ; Threshold value for which we don't recycle worker if GarbageCollection
87 ; frees up enough resources. Before each restart we try to run GC on worker
88 ; in case we get enough free memory after that, restart will not happen.
89 memory_usage_recovery_threshold = 0.8
90
91
92 [app:main]
93 ; The %(here)s variable will be replaced with the absolute path of parent directory
94 ; of this file
95 use = egg:rhodecode-vcsserver
96
97 ; Pyramid default locales, we need this to be set
98 pyramid.default_locale_name = en
99
100 ; default locale used by VCS systems
101 locale = en_US.UTF-8
102
103 ; path to binaries for vcsserver, it should be set by the installer
104 ; at installation time, e.g /home/user/vcsserver-1/profile/bin
105 ; it can also be a path to nix-build output in case of development
106 core.binary_dir = ""
107
108 ; Custom exception store path, defaults to TMPDIR
109 ; This is used to store exception from RhodeCode in shared directory
110 #exception_tracker.store_path =
111
112 ; #############
113 ; DOGPILE CACHE
114 ; #############
115
116 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
117 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
118 cache_dir = %(here)s/data
119
120 ; ***************************************
121 ; `repo_object` cache, default file based
122 ; ***************************************
123
124 ; `repo_object` cache settings for vcs methods for repositories
125 rc_cache.repo_object.backend = dogpile.cache.rc.file_namespace
126
127 ; cache auto-expires after N seconds
128 ; Examples: 86400 (1Day), 604800 (7Days), 1209600 (14Days), 2592000 (30days), 7776000 (90Days)
129 rc_cache.repo_object.expiration_time = 2592000
130
131 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
132 #rc_cache.repo_object.arguments.filename = /tmp/vcsserver_cache.db
133
134 ; ***********************************************************
135 ; `repo_object` cache with redis backend
136 ; recommended for larger instance, and for better performance
137 ; ***********************************************************
138
139 ; `repo_object` cache settings for vcs methods for repositories
140 rc_cache.repo_object.backend = dogpile.cache.rc.redis_msgpack
141
142 ; cache auto-expires after N seconds
143 ; Examples: 86400 (1Day), 604800 (7Days), 1209600 (14Days), 2592000 (30days), 7776000 (90Days)
144 rc_cache.repo_object.expiration_time = 2592000
145
146 ; redis_expiration_time needs to be greater then expiration_time
147 rc_cache.repo_object.arguments.redis_expiration_time = 3592000
148
149 rc_cache.repo_object.arguments.host = redis
150 rc_cache.repo_object.arguments.port = 6379
151 rc_cache.repo_object.arguments.db = 5
152 rc_cache.repo_object.arguments.socket_timeout = 30
153 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
154 #rc_cache.repo_object.arguments.distributed_lock = true
155
156 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
157 #rc_cache.repo_object.arguments.lock_auto_renewal = true
158
159 ; Statsd client config, this is used to send metrics to statsd
160 ; We recommend setting statsd_exported and scrape them using Promethues
161 statsd.enabled = true
162 statsd.statsd_host = statsd-exporter
163 statsd.statsd_port = 9125
164 #statsd.statsd_prefix =
165 #statsd.statsd_ipv6 = false
166
167 ; #####################
168 ; LOGGING CONFIGURATION
169 ; #####################
170
171 [loggers]
172 keys = root, vcsserver
173
174 [handlers]
175 keys = console
176
177 [formatters]
178 keys = generic
179
180 ; #######
181 ; LOGGERS
182 ; #######
183 [logger_root]
184 level = NOTSET
185 handlers = console
186
187 [logger_vcsserver]
188 level = DEBUG
189 handlers =
190 qualname = vcsserver
191 propagate = 1
192
193
194 ; ########
195 ; HANDLERS
196 ; ########
197
198 [handler_console]
199 class = StreamHandler
200 args = (sys.stderr, )
201 level = INFO
202 ; To enable JSON formatted logs replace 'generic' with 'json'
203 ; This allows sending properly formatted logs to grafana loki or elasticsearch
204 formatter = json
205
206 ; ##########
207 ; FORMATTERS
208 ; ##########
209
210 [formatter_generic]
211 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
212 datefmt = %Y-%m-%d %H:%M:%S
Show file before | Show file after | Hide comments
This diff has been collapsed as it changes many lines, (769 lines changed) Show them Hide them
@@ -0,0 +1,769 b''
1
2 ; ##########################################
3 ; RHODECODE ENTERPRISE EDITION CONFIGURATION
4 ; ##########################################
5
6 [DEFAULT]
7 ; Debug flag sets all loggers to debug, and enables request tracking
8 debug = false
9
10 ; ########################################################################
11 ; EMAIL CONFIGURATION
12 ; These settings will be used by the RhodeCode mailing system
13 ; ########################################################################
14
15 ; prefix all emails subjects with given prefix, helps filtering out emails
16 email_prefix = [RhodeCode]
17
18 ; email FROM address all mails will be sent
19 #app_email_from = rhodecode-noreply@localhost
20
21 #smtp_server = mail.server.com
22 #smtp_username =
23 #smtp_password =
24 #smtp_port =
25 #smtp_use_tls = false
26 #smtp_use_ssl = true
27
28 [server:main]
29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
30 ; Host port for gunicorn are controlled by gunicorn_conf.py
31 host = 0.0.0.0
32 port = 10020
33
34
35 ; ###########################
36 ; GUNICORN APPLICATION SERVER
37 ; ###########################
38
39 ; run with gunicorn --paste rhodecode.ini --config gunicorn_conf.py
40
41 ; Module to use, this setting shouldn't be changed
42 use = egg:gunicorn#main
43
44 ; Prefix middleware for RhodeCode.
45 ; recommended when using proxy setup.
46 ; allows to set RhodeCode under a prefix in server.
47 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
48 ; And set your prefix like: `prefix = /custom_prefix`
49 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
50 ; to make your cookies only work on prefix url
51 [filter:proxy-prefix]
52 use = egg:PasteDeploy#prefix
53 prefix = /
54
55 [app:main]
56 ; The %(here)s variable will be replaced with the absolute path of parent directory
57 ; of this file
58 ; Each option in the app:main can be override by an environmental variable
59 ;
60 ;To override an option:
61 ;
62 ;RC_<KeyName>
63 ;Everything should be uppercase, . and - should be replaced by _.
64 ;For example, if you have these configuration settings:
65 ;rc_cache.repo_object.backend = foo
66 ;can be overridden by
67 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
68
69 use = egg:rhodecode-enterprise-ee
70
71 ; enable proxy prefix middleware, defined above
72 #filter-with = proxy-prefix
73
74 ; encryption key used to encrypt social plugin tokens,
75 ; remote_urls with credentials etc, if not set it defaults to
76 ; `beaker.session.secret`
77 #rhodecode.encrypted_values.secret =
78
79 ; decryption strict mode (enabled by default). It controls if decryption raises
80 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
81 #rhodecode.encrypted_values.strict = false
82
83 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
84 ; fernet is safer, and we strongly recommend switching to it.
85 ; Due to backward compatibility aes is used as default.
86 #rhodecode.encrypted_values.algorithm = fernet
87
88 ; Return gzipped responses from RhodeCode (static files/application)
89 gzip_responses = false
90
91 ; Auto-generate javascript routes file on startup
92 generate_js_files = false
93
94 ; System global default language.
95 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
96 lang = en
97
98 ; Perform a full repository scan and import on each server start.
99 ; Settings this to true could lead to very long startup time.
100 startup.import_repos = false
101
102 ; URL at which the application is running. This is used for Bootstrapping
103 ; requests in context when no web request is available. Used in ishell, or
104 ; SSH calls. Set this for events to receive proper url for SSH calls.
105 app.base_url = http://rhodecode.local
106
107 ; Unique application ID. Should be a random unique string for security.
108 app_instance_uuid = rc-production
109
110 ; Cut off limit for large diffs (size in bytes). If overall diff size on
111 ; commit, or pull request exceeds this limit this diff will be displayed
112 ; partially. E.g 512000 == 512Kb
113 cut_off_limit_diff = 512000
114
115 ; Cut off limit for large files inside diffs (size in bytes). Each individual
116 ; file inside diff which exceeds this limit will be displayed partially.
117 ; E.g 128000 == 128Kb
118 cut_off_limit_file = 128000
119
120 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
121 vcs_full_cache = true
122
123 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
124 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
125 force_https = false
126
127 ; use Strict-Transport-Security headers
128 use_htsts = false
129
130 ; Set to true if your repos are exposed using the dumb protocol
131 git_update_server_info = false
132
133 ; RSS/ATOM feed options
134 rss_cut_off_limit = 256000
135 rss_items_per_page = 10
136 rss_include_diff = false
137
138 ; gist URL alias, used to create nicer urls for gist. This should be an
139 ; url that does rewrites to _admin/gists/{gistid}.
140 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
141 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
142 gist_alias_url =
143
144 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
145 ; used for access.
146 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
147 ; came from the the logged in user who own this authentication token.
148 ; Additionally @TOKEN syntax can be used to bound the view to specific
149 ; authentication token. Such view would be only accessible when used together
150 ; with this authentication token
151 ; list of all views can be found under `/_admin/permissions/auth_token_access`
152 ; The list should be "," separated and on a single line.
153 ; Most common views to enable:
154
155 # RepoCommitsView:repo_commit_download
156 # RepoCommitsView:repo_commit_patch
157 # RepoCommitsView:repo_commit_raw
158 # RepoCommitsView:repo_commit_raw@TOKEN
159 # RepoFilesView:repo_files_diff
160 # RepoFilesView:repo_archivefile
161 # RepoFilesView:repo_file_raw
162 # GistView:*
163 api_access_controllers_whitelist =
164
165 ; Default encoding used to convert from and to unicode
166 ; can be also a comma separated list of encoding in case of mixed encodings
167 default_encoding = UTF-8
168
169 ; instance-id prefix
170 ; a prefix key for this instance used for cache invalidation when running
171 ; multiple instances of RhodeCode, make sure it's globally unique for
172 ; all running RhodeCode instances. Leave empty if you don't use it
173 instance_id =
174
175 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
176 ; of an authentication plugin also if it is disabled by it's settings.
177 ; This could be useful if you are unable to log in to the system due to broken
178 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
179 ; module to log in again and fix the settings.
180 ; Available builtin plugin IDs (hash is part of the ID):
181 ; egg:rhodecode-enterprise-ce#rhodecode
182 ; egg:rhodecode-enterprise-ce#pam
183 ; egg:rhodecode-enterprise-ce#ldap
184 ; egg:rhodecode-enterprise-ce#jasig_cas
185 ; egg:rhodecode-enterprise-ce#headers
186 ; egg:rhodecode-enterprise-ce#crowd
187
188 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
189
190 ; Flag to control loading of legacy plugins in py:/path format
191 auth_plugin.import_legacy_plugins = true
192
193 ; alternative return HTTP header for failed authentication. Default HTTP
194 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
195 ; handling that causing a series of failed authentication calls.
196 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
197 ; This will be served instead of default 401 on bad authentication
198 auth_ret_code =
199
200 ; use special detection method when serving auth_ret_code, instead of serving
201 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
202 ; and then serve auth_ret_code to clients
203 auth_ret_code_detection = false
204
205 ; locking return code. When repository is locked return this HTTP code. 2XX
206 ; codes don't break the transactions while 4XX codes do
207 lock_ret_code = 423
208
209 ; allows to change the repository location in settings page
210 allow_repo_location_change = true
211
212 ; allows to setup custom hooks in settings page
213 allow_custom_hooks_settings = true
214
215 ; Generated license token required for EE edition license.
216 ; New generated token value can be found in Admin > settings > license page.
217 license_token =
218
219 ; This flag hides sensitive information on the license page such as token, and license data
220 license.hide_license_info = false
221
222 ; supervisor connection uri, for managing supervisor and logs.
223 supervisor.uri =
224
225 ; supervisord group name/id we only want this RC instance to handle
226 supervisor.group_id = prod
227
228 ; Display extended labs settings
229 labs_settings_active = true
230
231 ; Custom exception store path, defaults to TMPDIR
232 ; This is used to store exception from RhodeCode in shared directory
233 #exception_tracker.store_path =
234
235 ; Send email with exception details when it happens
236 #exception_tracker.send_email = true
237
238 ; Comma separated list of recipients for exception emails,
239 ; e.g admin@rhodecode.com,devops@rhodecode.com
240 ; Can be left empty, then emails will be sent to ALL super-admins
241 #exception_tracker.send_email_recipients =
242
243 ; optional prefix to Add to email Subject
244 exception_tracker.email_prefix = [RHODECODE ERROR]
245
246 ; File store configuration. This is used to store and serve uploaded files
247 file_store.enabled = true
248
249 ; Storage backend, available options are: local
250 file_store.backend = local
251
252 ; path to store the uploaded binaries
253 file_store.storage_path = /var/opt/rhodecode_data/file_store
254
255 ; Uncomment and set this path to control settings for archive download cache.
256 ; Generated repo archives will be cached at this location
257 ; and served from the cache during subsequent requests for the same archive of
258 ; the repository. This path is important to be shared across filesystems and with
259 ; RhodeCode and vcsserver
260
261 ; Default is $cache_dir/archive_cache if not set
262 archive_cache.store_dir = /var/opt/rhodecode_data/tarballcache
263
264 ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb
265 archive_cache.cache_size_gb = 40
266
267 ; By default cache uses sharding technique, this specifies how many shards are there
268 archive_cache.cache_shards = 4
269
270 ; #############
271 ; CELERY CONFIG
272 ; #############
273
274 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
275
276 use_celery = true
277
278 ; path to store schedule database
279 #celerybeat-schedule.path =
280
281 ; connection url to the message broker (default redis)
282 celery.broker_url = redis://redis:6379/8
283
284 ; results backend to get results for (default redis)
285 celery.result_backend = redis://redis:6379/8
286
287 ; rabbitmq example
288 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
289
290 ; maximum tasks to execute before worker restart
291 celery.max_tasks_per_child = 20
292
293 ; tasks will never be sent to the queue, but executed locally instead.
294 celery.task_always_eager = false
295
296 ; #############
297 ; DOGPILE CACHE
298 ; #############
299
300 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
301 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
302 cache_dir = /var/opt/rhodecode_data
303
304 ; *********************************************
305 ; `sql_cache_short` cache for heavy SQL queries
306 ; Only supported backend is `memory_lru`
307 ; *********************************************
308 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
309 rc_cache.sql_cache_short.expiration_time = 30
310
311
312 ; *****************************************************
313 ; `cache_repo_longterm` cache for repo object instances
314 ; Only supported backend is `memory_lru`
315 ; *****************************************************
316 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
317 ; by default we use 30 Days, cache is still invalidated on push
318 rc_cache.cache_repo_longterm.expiration_time = 2592000
319 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
320 rc_cache.cache_repo_longterm.max_size = 10000
321
322
323 ; *********************************************
324 ; `cache_general` cache for general purpose use
325 ; for simplicity use rc.file_namespace backend,
326 ; for performance and scale use rc.redis
327 ; *********************************************
328 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
329 rc_cache.cache_general.expiration_time = 43200
330 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
331 #rc_cache.cache_general.arguments.filename = /tmp/cache_general_db
332
333 ; alternative `cache_general` redis backend with distributed lock
334 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
335 #rc_cache.cache_general.expiration_time = 300
336
337 ; redis_expiration_time needs to be greater then expiration_time
338 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
339
340 #rc_cache.cache_general.arguments.host = localhost
341 #rc_cache.cache_general.arguments.port = 6379
342 #rc_cache.cache_general.arguments.db = 0
343 #rc_cache.cache_general.arguments.socket_timeout = 30
344 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
345 #rc_cache.cache_general.arguments.distributed_lock = true
346
347 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
348 #rc_cache.cache_general.arguments.lock_auto_renewal = true
349
350 ; *************************************************
351 ; `cache_perms` cache for permission tree, auth TTL
352 ; for simplicity use rc.file_namespace backend,
353 ; for performance and scale use rc.redis
354 ; *************************************************
355 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
356 rc_cache.cache_perms.expiration_time = 3600
357 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
358 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms_db
359
360 ; alternative `cache_perms` redis backend with distributed lock
361 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
362 #rc_cache.cache_perms.expiration_time = 300
363
364 ; redis_expiration_time needs to be greater then expiration_time
365 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
366
367 #rc_cache.cache_perms.arguments.host = localhost
368 #rc_cache.cache_perms.arguments.port = 6379
369 #rc_cache.cache_perms.arguments.db = 0
370 #rc_cache.cache_perms.arguments.socket_timeout = 30
371 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
372 #rc_cache.cache_perms.arguments.distributed_lock = true
373
374 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
375 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
376
377 ; ***************************************************
378 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
379 ; for simplicity use rc.file_namespace backend,
380 ; for performance and scale use rc.redis
381 ; ***************************************************
382 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
383 rc_cache.cache_repo.expiration_time = 2592000
384 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
385 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo_db
386
387 ; alternative `cache_repo` redis backend with distributed lock
388 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
389 #rc_cache.cache_repo.expiration_time = 2592000
390
391 ; redis_expiration_time needs to be greater then expiration_time
392 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
393
394 #rc_cache.cache_repo.arguments.host = localhost
395 #rc_cache.cache_repo.arguments.port = 6379
396 #rc_cache.cache_repo.arguments.db = 1
397 #rc_cache.cache_repo.arguments.socket_timeout = 30
398 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
399 #rc_cache.cache_repo.arguments.distributed_lock = true
400
401 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
402 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
403
404 ; ##############
405 ; BEAKER SESSION
406 ; ##############
407
408 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
409 ; types are file, ext:redis, ext:database, ext:memcached
410 ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session
411 #beaker.session.type = file
412 #beaker.session.data_dir = %(here)s/data/sessions
413
414 ; Redis based sessions
415 beaker.session.type = ext:redis
416 beaker.session.url = redis://redis:6379/2
417
418 ; DB based session, fast, and allows easy management over logged in users
419 #beaker.session.type = ext:database
420 #beaker.session.table_name = db_session
421 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
422 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
423 #beaker.session.sa.pool_recycle = 3600
424 #beaker.session.sa.echo = false
425
426 beaker.session.key = rhodecode
427 beaker.session.secret = production-rc-uytcxaz
428 beaker.session.lock_dir = /data_ramdisk/lock
429
430 ; Secure encrypted cookie. Requires AES and AES python libraries
431 ; you must disable beaker.session.secret to use this
432 #beaker.session.encrypt_key = key_for_encryption
433 #beaker.session.validate_key = validation_key
434
435 ; Sets session as invalid (also logging out user) if it haven not been
436 ; accessed for given amount of time in seconds
437 beaker.session.timeout = 2592000
438 beaker.session.httponly = true
439
440 ; Path to use for the cookie. Set to prefix if you use prefix middleware
441 #beaker.session.cookie_path = /custom_prefix
442
443 ; Set https secure cookie
444 beaker.session.secure = false
445
446 ; default cookie expiration time in seconds, set to `true` to set expire
447 ; at browser close
448 #beaker.session.cookie_expires = 3600
449
450 ; #############################
451 ; SEARCH INDEXING CONFIGURATION
452 ; #############################
453
454 ; Full text search indexer is available in rhodecode-tools under
455 ; `rhodecode-tools index` command
456
457 ; WHOOSH Backend, doesn't require additional services to run
458 ; it works good with few dozen repos
459 search.module = rhodecode.lib.index.whoosh
460 search.location = /var/opt/rhodecode_data/index
461
462 ; ElasticSearch (EE edition only). Requires Elastic Search cluster
463 ; to be installed, and running. Recommended for large amount of repositories
464 #search.module = rc_elasticsearch
465 #search.location = http://elasticsearch:9200
466 ; specify Elastic Search version, 6 for latest or 2 for legacy
467 #search.es_version = 6
468
469 ; ####################
470 ; CHANNELSTREAM CONFIG
471 ; ####################
472
473 ; channelstream enables persistent connections and live notification
474 ; in the system. It's also used by the chat system
475
476 channelstream.enabled = true
477
478 ; server address for channelstream server on the backend
479 channelstream.server = channelstream:9800
480
481 ; location of the channelstream server from outside world
482 ; use ws:// for http or wss:// for https. This address needs to be handled
483 ; by external HTTP server such as Nginx or Apache
484 ; see Nginx/Apache configuration examples in our docs
485 channelstream.ws_url = ws://localhost:8888/_channelstream
486 channelstream.secret = ENV_GENERATED
487 channelstream.history.location = /var/opt/rhodecode_data/channelstream_history
488
489 ; Internal application path that Javascript uses to connect into.
490 ; If you use proxy-prefix the prefix should be added before /_channelstream
491 channelstream.proxy_path = /_channelstream
492
493 ; Live chat for commits/pull requests. Requires CHANNELSTREAM to be enabled
494 ; and configured. (EE edition only)
495 chat.enabled = true
496
497
498 ; ##############################
499 ; MAIN RHODECODE DATABASE CONFIG
500 ; ##############################
501
502 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
503 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
504 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
505 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
506 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
507
508 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
509
510 ; see sqlalchemy docs for other advanced settings
511 ; print the sql statements to output
512 sqlalchemy.db1.echo = false
513
514 ; recycle the connections after this amount of seconds
515 sqlalchemy.db1.pool_recycle = 3600
516 sqlalchemy.db1.convert_unicode = true
517
518 ; the number of connections to keep open inside the connection pool.
519 ; 0 indicates no limit
520 ; the general calculus with gevent is:
521 ; if your system allows 500 concurrent greenlets (max_connections) that all do database access,
522 ; then increase pool size + max overflow so that they add up to 500.
523 #sqlalchemy.db1.pool_size = 5
524
525 ; The number of connections to allow in connection pool "overflow", that is
526 ; connections that can be opened above and beyond the pool_size setting,
527 ; which defaults to five.
528 #sqlalchemy.db1.max_overflow = 10
529
530 ; Connection check ping, used to detect broken database connections
531 ; could be enabled to better handle cases if MySQL has gone away errors
532 #sqlalchemy.db1.ping_connection = true
533
534 ; ##########
535 ; VCS CONFIG
536 ; ##########
537 vcs.server.enable = true
538 vcs.server = vcsserver:10010
539
540 ; Web server connectivity protocol, responsible for web based VCS operations
541 ; Available protocols are:
542 ; `http` - use http-rpc backend (default)
543 vcs.server.protocol = http
544
545 ; Push/Pull operations protocol, available options are:
546 ; `http` - use http-rpc backend (default)
547 vcs.scm_app_implementation = http
548
549 ; Push/Pull operations hooks protocol, available options are:
550 ; `http` - use http-rpc backend (default)
551 vcs.hooks.protocol = http
552
553 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
554 ; accessible via network.
555 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
556 vcs.hooks.host = *
557
558 ; Start VCSServer with this instance as a subprocess, useful for development
559 vcs.start_server = false
560
561 ; List of enabled VCS backends, available options are:
562 ; `hg` - mercurial
563 ; `git` - git
564 ; `svn` - subversion
565 vcs.backends = hg, git, svn
566
567 ; Wait this number of seconds before killing connection to the vcsserver
568 vcs.connection_timeout = 3600
569
570 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
571 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
572 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
573 #vcs.svn.compatible_version = 1.8
574
575 ; Cache flag to cache vcsserver remote calls locally
576 ; It uses cache_region `cache_repo`
577 vcs.methods.cache = true
578
579 ; ####################################################
580 ; Subversion proxy support (mod_dav_svn)
581 ; Maps RhodeCode repo groups into SVN paths for Apache
582 ; ####################################################
583
584 ; Enable or disable the config file generation.
585 svn.proxy.generate_config = true
586
587 ; Generate config file with `SVNListParentPath` set to `On`.
588 svn.proxy.list_parent_path = true
589
590 ; Set location and file name of generated config file.
591 svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf
592
593 ; alternative mod_dav config template. This needs to be a valid mako template
594 ; Example template can be found in the source code:
595 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
596 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
597
598 ; Used as a prefix to the `Location` block in the generated config file.
599 ; In most cases it should be set to `/`.
600 svn.proxy.location_root = /
601
602 ; Command to reload the mod dav svn configuration on change.
603 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
604 ; Make sure user who runs RhodeCode process is allowed to reload Apache
605 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
606
607 ; If the timeout expires before the reload command finishes, the command will
608 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
609 #svn.proxy.reload_timeout = 10
610
611 ; ####################
612 ; SSH Support Settings
613 ; ####################
614
615 ; Defines if a custom authorized_keys file should be created and written on
616 ; any change user ssh keys. Setting this to false also disables possibility
617 ; of adding SSH keys by users from web interface. Super admins can still
618 ; manage SSH Keys.
619 ssh.generate_authorized_keyfile = true
620
621 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
622 # ssh.authorized_keys_ssh_opts =
623
624 ; Path to the authorized_keys file where the generate entries are placed.
625 ; It is possible to have multiple key files specified in `sshd_config` e.g.
626 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
627 ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode
628
629 ; Command to execute the SSH wrapper. The binary is available in the
630 ; RhodeCode installation directory.
631 ; e.g /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
632 ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
633
634 ; Allow shell when executing the ssh-wrapper command
635 ssh.wrapper_cmd_allow_shell = false
636
637 ; Enables logging, and detailed output send back to the client during SSH
638 ; operations. Useful for debugging, shouldn't be used in production.
639 ssh.enable_debug_logging = false
640
641 ; Paths to binary executable, by default they are the names, but we can
642 ; override them if we want to use a custom one
643 ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg
644 ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git
645 ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve
646
647 ; Enables SSH key generator web interface. Disabling this still allows users
648 ; to add their own keys.
649 ssh.enable_ui_key_generator = true
650
651 ; Statsd client config, this is used to send metrics to statsd
652 ; We recommend setting statsd_exported and scrape them using Prometheus
653 statsd.enabled = true
654 statsd.statsd_host = statsd-exporter
655 statsd.statsd_port = 9125
656 #statsd.statsd_prefix =
657 #statsd.statsd_ipv6 = false
658
659 ; configure logging automatically at server startup set to false
660 ; to use the below custom logging config.
661 ; RC_LOGGING_FORMATTER
662 ; RC_LOGGING_LEVEL
663 ; env variables can control the settings for logging in case of autoconfigure
664
665 #logging.autoconfigure = true
666
667 ; specify your own custom logging config file to configure logging
668 #logging.logging_conf_file = /path/to/custom_logging.ini
669
670 ; Dummy marker to add new entries after.
671 ; Add any custom entries below. Please don't remove this marker.
672 custom.conf = 1
673
674
675 ; #####################
676 ; LOGGING CONFIGURATION
677 ; #####################
678
679 [loggers]
680 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
681
682 [handlers]
683 keys = console, console_sql
684
685 [formatters]
686 keys = generic, json, color_formatter, color_formatter_sql
687
688 ; #######
689 ; LOGGERS
690 ; #######
691 [logger_root]
692 level = NOTSET
693 handlers = console
694
695 [logger_sqlalchemy]
696 level = INFO
697 handlers = console_sql
698 qualname = sqlalchemy.engine
699 propagate = 0
700
701 [logger_beaker]
702 level = DEBUG
703 handlers =
704 qualname = beaker.container
705 propagate = 1
706
707 [logger_rhodecode]
708 level = DEBUG
709 handlers =
710 qualname = rhodecode
711 propagate = 1
712
713 [logger_ssh_wrapper]
714 level = DEBUG
715 handlers =
716 qualname = ssh_wrapper
717 propagate = 1
718
719 [logger_celery]
720 level = DEBUG
721 handlers =
722 qualname = celery
723
724
725 ; ########
726 ; HANDLERS
727 ; ########
728
729 [handler_console]
730 class = StreamHandler
731 args = (sys.stderr, )
732 level = INFO
733 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
734 ; This allows sending properly formatted logs to grafana loki or elasticsearch
735 formatter = json
736
737 [handler_console_sql]
738 ; "level = DEBUG" logs SQL queries and results.
739 ; "level = INFO" logs SQL queries.
740 ; "level = WARN" logs neither. (Recommended for production systems.)
741 class = StreamHandler
742 args = (sys.stderr, )
743 level = WARN
744 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
745 ; This allows sending properly formatted logs to grafana loki or elasticsearch
746 formatter = json
747
748 ; ##########
749 ; FORMATTERS
750 ; ##########
751
752 [formatter_generic]
753 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
754 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
755 datefmt = %Y-%m-%d %H:%M:%S
756
757 [formatter_color_formatter]
758 class = rhodecode.lib.logging_formatter.ColorFormatter
759 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
760 datefmt = %Y-%m-%d %H:%M:%S
761
762 [formatter_color_formatter_sql]
763 class = rhodecode.lib.logging_formatter.ColorFormatterSql
764 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
765 datefmt = %Y-%m-%d %H:%M:%S
766
767 [formatter_json]
768 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
769 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
Show file before | Show file after | Hide comments
@@ -0,0 +1,166 b''
1
2 ; #################################
3 ; RHODECODE VCSSERVER CONFIGURATION
4 ; #################################
5
6 [server:main]
7 ; COMMON HOST/IP CONFIG
8 host = 0.0.0.0
9 port = 10010
10
11
12 ; ###########################
13 ; GUNICORN APPLICATION SERVER
14 ; ###########################
15
16 ; run with gunicorn --paste rhodecode.ini
17
18 ; Module to use, this setting shouldn't be changed
19 use = egg:gunicorn#main
20
21 [app:main]
22 ; The %(here)s variable will be replaced with the absolute path of parent directory
23 ; of this file
24 ; Each option in the app:main can be override by an environmental variable
25 ;
26 ;To override an option:
27 ;
28 ;RC_<KeyName>
29 ;Everything should be uppercase, . and - should be replaced by _.
30 ;For example, if you have these configuration settings:
31 ;rc_cache.repo_object.backend = foo
32 ;can be overridden by
33 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
34
35 use = egg:rhodecode-vcsserver
36
37 ; Pyramid default locales, we need this to be set
38 #pyramid.default_locale_name = en
39
40 ; default locale used by VCS systems
41 #locale = en_US.UTF-8
42
43 ; path to binaries for vcsserver, it should be set by the installer
44 ; at installation time, e.g /home/user/.rccontrol/vcsserver-1/profile/bin
45 ; it can also be a path to nix-build output in case of development
46 core.binary_dir = /usr/local/bin/rhodecode_bin/vcs_bin
47
48 ; Custom exception store path, defaults to TMPDIR
49 ; This is used to store exception from RhodeCode in shared directory
50 #exception_tracker.store_path =
51
52 ; #############
53 ; DOGPILE CACHE
54 ; #############
55
56 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
57 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
58 cache_dir = /var/opt/rhodecode_data
59
60 ; ***************************************
61 ; `repo_object` cache, default file based
62 ; ***************************************
63
64 ; `repo_object` cache settings for vcs methods for repositories
65 #rc_cache.repo_object.backend = dogpile.cache.rc.file_namespace
66
67 ; cache auto-expires after N seconds
68 ; Examples: 86400 (1Day), 604800 (7Days), 1209600 (14Days), 2592000 (30days), 7776000 (90Days)
69 #rc_cache.repo_object.expiration_time = 2592000
70
71 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
72 #rc_cache.repo_object.arguments.filename = /tmp/vcsserver_cache_repo_object.db
73
74 ; ***********************************************************
75 ; `repo_object` cache with redis backend
76 ; recommended for larger instance, and for better performance
77 ; ***********************************************************
78
79 ; `repo_object` cache settings for vcs methods for repositories
80 rc_cache.repo_object.backend = dogpile.cache.rc.redis_msgpack
81
82 ; cache auto-expires after N seconds
83 ; Examples: 86400 (1Day), 604800 (7Days), 1209600 (14Days), 2592000 (30days), 7776000 (90Days)
84 rc_cache.repo_object.expiration_time = 2592000
85
86 ; redis_expiration_time needs to be greater then expiration_time
87 rc_cache.repo_object.arguments.redis_expiration_time = 3592000
88
89 rc_cache.repo_object.arguments.host = redis
90 rc_cache.repo_object.arguments.port = 6379
91 rc_cache.repo_object.arguments.db = 5
92 rc_cache.repo_object.arguments.socket_timeout = 30
93 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
94 #rc_cache.repo_object.arguments.distributed_lock = true
95
96 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
97 #rc_cache.repo_object.arguments.lock_auto_renewal = true
98
99 ; Statsd client config, this is used to send metrics to statsd
100 ; We recommend setting statsd_exported and scrape them using Promethues
101 statsd.enabled = true
102 statsd.statsd_host = statsd-exporter
103 statsd.statsd_port = 9125
104 #statsd.statsd_prefix =
105 #statsd.statsd_ipv6 = false
106
107 ; configure logging automatically at server startup set to false
108 ; to use the below custom logging config.
109 ; RC_LOGGING_FORMATTER
110 ; RC_LOGGING_LEVEL
111 ; env variables can control the settings for logging in case of autoconfigure
112
113 #logging.autoconfigure = true
114
115 ; specify your own custom logging config file to configure logging
116 #logging.logging_conf_file = /path/to/custom_logging.ini
117
118 ; #####################
119 ; LOGGING CONFIGURATION
120 ; #####################
121
122 [loggers]
123 keys = root, vcsserver
124
125 [handlers]
126 keys = console
127
128 [formatters]
129 keys = generic, json
130
131 ; #######
132 ; LOGGERS
133 ; #######
134 [logger_root]
135 level = NOTSET
136 handlers = console
137
138 [logger_vcsserver]
139 level = INFO
140 handlers =
141 qualname = vcsserver
142 propagate = 1
143
144 ; ########
145 ; HANDLERS
146 ; ########
147
148 [handler_console]
149 class = StreamHandler
150 args = (sys.stderr, )
151 level = INFO
152 ; To enable JSON formatted logs replace 'generic' with 'json'
153 ; This allows sending properly formatted logs to grafana loki or elasticsearch
154 formatter = json
155
156 ; ##########
157 ; FORMATTERS
158 ; ##########
159
160 [formatter_generic]
161 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
162 datefmt = %Y-%m-%d %H:%M:%S
163
164 [formatter_json]
165 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
166 class = vcsserver.lib._vendor.jsonlogger.JsonFormatter
Show file before | Show file after | Hide comments
This diff has been collapsed as it changes many lines, (781 lines changed) Show them Hide them
@@ -0,0 +1,781 b''
1
2 ; ##########################################
3 ; RHODECODE ENTERPRISE EDITION CONFIGURATION
4 ; ##########################################
5
6 [DEFAULT]
7 ; Debug flag sets all loggers to debug, and enables request tracking
8 debug = false
9
10 ; ########################################################################
11 ; EMAIL CONFIGURATION
12 ; These settings will be used by the RhodeCode mailing system
13 ; ########################################################################
14
15 ; prefix all emails subjects with given prefix, helps filtering out emails
16 email_prefix = [RhodeCode]
17
18 ; email FROM address all mails will be sent
19 #app_email_from = rhodecode-noreply@localhost
20
21 #smtp_server = mail.server.com
22 #smtp_username =
23 #smtp_password =
24 #smtp_port =
25 #smtp_use_tls = false
26 #smtp_use_ssl = true
27
28 [server:main]
29 ; COMMON HOST/IP CONFIG, This applies mostly to develop setup,
30 ; Host port for gunicorn are controlled by gunicorn_conf.py
31 host = 0.0.0.0
32 port = 10020
33
34
35 ; ###########################
36 ; GUNICORN APPLICATION SERVER
37 ; ###########################
38
39 ; run with gunicorn --paste rhodecode.ini --config gunicorn_conf.py
40
41 ; Module to use, this setting shouldn't be changed
42 use = egg:gunicorn#main
43
44 ; Prefix middleware for RhodeCode.
45 ; recommended when using proxy setup.
46 ; allows to set RhodeCode under a prefix in server.
47 ; eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
48 ; And set your prefix like: `prefix = /custom_prefix`
49 ; be sure to also set beaker.session.cookie_path = /custom_prefix if you need
50 ; to make your cookies only work on prefix url
51 [filter:proxy-prefix]
52 use = egg:PasteDeploy#prefix
53 prefix = /
54
55 [app:main]
56 ; The %(here)s variable will be replaced with the absolute path of parent directory
57 ; of this file
58 ; Each option in the app:main can be override by an environmental variable
59 ;
60 ;To override an option:
61 ;
62 ;RC_<KeyName>
63 ;Everything should be uppercase, . and - should be replaced by _.
64 ;For example, if you have these configuration settings:
65 ;rc_cache.repo_object.backend = foo
66 ;can be overridden by
67 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
68
69 use = egg:rhodecode-enterprise-ee
70
71 ; enable proxy prefix middleware, defined above
72 #filter-with = proxy-prefix
73
74 ; encryption key used to encrypt social plugin tokens,
75 ; remote_urls with credentials etc, if not set it defaults to
76 ; `beaker.session.secret`
77 #rhodecode.encrypted_values.secret =
78
79 ; decryption strict mode (enabled by default). It controls if decryption raises
80 ; `SignatureVerificationError` in case of wrong key, or damaged encryption data.
81 #rhodecode.encrypted_values.strict = false
82
83 ; Pick algorithm for encryption. Either fernet (more secure) or aes (default)
84 ; fernet is safer, and we strongly recommend switching to it.
85 ; Due to backward compatibility aes is used as default.
86 #rhodecode.encrypted_values.algorithm = fernet
87
88 ; Return gzipped responses from RhodeCode (static files/application)
89 gzip_responses = false
90
91 ; Auto-generate javascript routes file on startup
92 generate_js_files = false
93
94 ; System global default language.
95 ; All available languages: en (default), be, de, es, fr, it, ja, pl, pt, ru, zh
96 lang = en
97
98 ; Perform a full repository scan and import on each server start.
99 ; Settings this to true could lead to very long startup time.
100 startup.import_repos = false
101
102 ; URL at which the application is running. This is used for Bootstrapping
103 ; requests in context when no web request is available. Used in ishell, or
104 ; SSH calls. Set this for events to receive proper url for SSH calls.
105 app.base_url = http://rhodecode.local
106
107 ; Host at which the Service API is running.
108 app.service_api.host = http://rhodecode:10020
109
110 ; Secret for Service API authentication.
111 app.service_api.token =
112
113 ; Unique application ID. Should be a random unique string for security.
114 app_instance_uuid = rc-production
115
116 ; Cut off limit for large diffs (size in bytes). If overall diff size on
117 ; commit, or pull request exceeds this limit this diff will be displayed
118 ; partially. E.g 512000 == 512Kb
119 cut_off_limit_diff = 512000
120
121 ; Cut off limit for large files inside diffs (size in bytes). Each individual
122 ; file inside diff which exceeds this limit will be displayed partially.
123 ; E.g 128000 == 128Kb
124 cut_off_limit_file = 128000
125
126 ; Use cached version of vcs repositories everywhere. Recommended to be `true`
127 vcs_full_cache = true
128
129 ; Force https in RhodeCode, fixes https redirects, assumes it's always https.
130 ; Normally this is controlled by proper flags sent from http server such as Nginx or Apache
131 force_https = false
132
133 ; use Strict-Transport-Security headers
134 use_htsts = false
135
136 ; Set to true if your repos are exposed using the dumb protocol
137 git_update_server_info = false
138
139 ; RSS/ATOM feed options
140 rss_cut_off_limit = 256000
141 rss_items_per_page = 10
142 rss_include_diff = false
143
144 ; gist URL alias, used to create nicer urls for gist. This should be an
145 ; url that does rewrites to _admin/gists/{gistid}.
146 ; example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
147 ; RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
148 gist_alias_url =
149
150 ; List of views (using glob pattern syntax) that AUTH TOKENS could be
151 ; used for access.
152 ; Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
153 ; came from the the logged in user who own this authentication token.
154 ; Additionally @TOKEN syntax can be used to bound the view to specific
155 ; authentication token. Such view would be only accessible when used together
156 ; with this authentication token
157 ; list of all views can be found under `/_admin/permissions/auth_token_access`
158 ; The list should be "," separated and on a single line.
159 ; Most common views to enable:
160
161 # RepoCommitsView:repo_commit_download
162 # RepoCommitsView:repo_commit_patch
163 # RepoCommitsView:repo_commit_raw
164 # RepoCommitsView:repo_commit_raw@TOKEN
165 # RepoFilesView:repo_files_diff
166 # RepoFilesView:repo_archivefile
167 # RepoFilesView:repo_file_raw
168 # GistView:*
169 api_access_controllers_whitelist =
170
171 ; Default encoding used to convert from and to unicode
172 ; can be also a comma separated list of encoding in case of mixed encodings
173 default_encoding = UTF-8
174
175 ; instance-id prefix
176 ; a prefix key for this instance used for cache invalidation when running
177 ; multiple instances of RhodeCode, make sure it's globally unique for
178 ; all running RhodeCode instances. Leave empty if you don't use it
179 instance_id =
180
181 ; Fallback authentication plugin. Set this to a plugin ID to force the usage
182 ; of an authentication plugin also if it is disabled by it's settings.
183 ; This could be useful if you are unable to log in to the system due to broken
184 ; authentication settings. Then you can enable e.g. the internal RhodeCode auth
185 ; module to log in again and fix the settings.
186 ; Available builtin plugin IDs (hash is part of the ID):
187 ; egg:rhodecode-enterprise-ce#rhodecode
188 ; egg:rhodecode-enterprise-ce#pam
189 ; egg:rhodecode-enterprise-ce#ldap
190 ; egg:rhodecode-enterprise-ce#jasig_cas
191 ; egg:rhodecode-enterprise-ce#headers
192 ; egg:rhodecode-enterprise-ce#crowd
193
194 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
195
196 ; Flag to control loading of legacy plugins in py:/path format
197 auth_plugin.import_legacy_plugins = true
198
199 ; alternative return HTTP header for failed authentication. Default HTTP
200 ; response is 401 HTTPUnauthorized. Currently HG clients have troubles with
201 ; handling that causing a series of failed authentication calls.
202 ; Set this variable to 403 to return HTTPForbidden, or any other HTTP code
203 ; This will be served instead of default 401 on bad authentication
204 auth_ret_code =
205
206 ; use special detection method when serving auth_ret_code, instead of serving
207 ; ret_code directly, use 401 initially (Which triggers credentials prompt)
208 ; and then serve auth_ret_code to clients
209 auth_ret_code_detection = false
210
211 ; locking return code. When repository is locked return this HTTP code. 2XX
212 ; codes don't break the transactions while 4XX codes do
213 lock_ret_code = 423
214
215 ; allows to change the repository location in settings page
216 allow_repo_location_change = true
217
218 ; allows to setup custom hooks in settings page
219 allow_custom_hooks_settings = true
220
221 ; Generated license token required for EE edition license.
222 ; New generated token value can be found in Admin > settings > license page.
223 license_token =
224
225 ; This flag hides sensitive information on the license page such as token, and license data
226 license.hide_license_info = false
227
228 ; supervisor connection uri, for managing supervisor and logs.
229 supervisor.uri =
230
231 ; supervisord group name/id we only want this RC instance to handle
232 supervisor.group_id = prod
233
234 ; Display extended labs settings
235 labs_settings_active = true
236
237 ; Custom exception store path, defaults to TMPDIR
238 ; This is used to store exception from RhodeCode in shared directory
239 #exception_tracker.store_path =
240
241 ; Send email with exception details when it happens
242 #exception_tracker.send_email = true
243
244 ; Comma separated list of recipients for exception emails,
245 ; e.g admin@rhodecode.com,devops@rhodecode.com
246 ; Can be left empty, then emails will be sent to ALL super-admins
247 #exception_tracker.send_email_recipients =
248
249 ; optional prefix to Add to email Subject
250 exception_tracker.email_prefix = [RHODECODE ERROR]
251
252 ; File store configuration. This is used to store and serve uploaded files
253 file_store.enabled = true
254
255 ; Storage backend, available options are: local
256 file_store.backend = local
257
258 ; path to store the uploaded binaries
259 file_store.storage_path = /var/opt/rhodecode_data/file_store
260
261 ; Uncomment and set this path to control settings for archive download cache.
262 ; Generated repo archives will be cached at this location
263 ; and served from the cache during subsequent requests for the same archive of
264 ; the repository. This path is important to be shared across filesystems and with
265 ; RhodeCode and vcsserver
266
267 ; Default is $cache_dir/archive_cache if not set
268 archive_cache.store_dir = /var/opt/rhodecode_data/tarballcache
269
270 ; The limit in GB sets how much data we cache before recycling last used, defaults to 10 gb
271 archive_cache.cache_size_gb = 40
272
273 ; By default cache uses sharding technique, this specifies how many shards are there
274 archive_cache.cache_shards = 4
275
276 ; #############
277 ; CELERY CONFIG
278 ; #############
279
280 ; manually run celery: /path/to/celery worker --task-events --beat --app rhodecode.lib.celerylib.loader --scheduler rhodecode.lib.celerylib.scheduler.RcScheduler --loglevel DEBUG --ini /path/to/rhodecode.ini
281
282 use_celery = true
283
284 ; path to store schedule database
285 #celerybeat-schedule.path =
286
287 ; connection url to the message broker (default redis)
288 celery.broker_url = redis://redis:6379/8
289
290 ; results backend to get results for (default redis)
291 celery.result_backend = redis://redis:6379/8
292
293 ; rabbitmq example
294 #celery.broker_url = amqp://rabbitmq:qweqwe@localhost:5672/rabbitmqhost
295
296 ; maximum tasks to execute before worker restart
297 celery.max_tasks_per_child = 20
298
299 ; tasks will never be sent to the queue, but executed locally instead.
300 celery.task_always_eager = false
301
302 ; #############
303 ; DOGPILE CACHE
304 ; #############
305
306 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
307 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
308 cache_dir = /var/opt/rhodecode_data
309
310 ; *********************************************
311 ; `sql_cache_short` cache for heavy SQL queries
312 ; Only supported backend is `memory_lru`
313 ; *********************************************
314 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
315 rc_cache.sql_cache_short.expiration_time = 30
316
317
318 ; *****************************************************
319 ; `cache_repo_longterm` cache for repo object instances
320 ; Only supported backend is `memory_lru`
321 ; *****************************************************
322 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
323 ; by default we use 30 Days, cache is still invalidated on push
324 rc_cache.cache_repo_longterm.expiration_time = 2592000
325 ; max items in LRU cache, set to smaller number to save memory, and expire last used caches
326 rc_cache.cache_repo_longterm.max_size = 10000
327
328
329 ; *********************************************
330 ; `cache_general` cache for general purpose use
331 ; for simplicity use rc.file_namespace backend,
332 ; for performance and scale use rc.redis
333 ; *********************************************
334 rc_cache.cache_general.backend = dogpile.cache.rc.file_namespace
335 rc_cache.cache_general.expiration_time = 43200
336 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
337 #rc_cache.cache_general.arguments.filename = /tmp/cache_general_db
338
339 ; alternative `cache_general` redis backend with distributed lock
340 #rc_cache.cache_general.backend = dogpile.cache.rc.redis
341 #rc_cache.cache_general.expiration_time = 300
342
343 ; redis_expiration_time needs to be greater then expiration_time
344 #rc_cache.cache_general.arguments.redis_expiration_time = 7200
345
346 #rc_cache.cache_general.arguments.host = localhost
347 #rc_cache.cache_general.arguments.port = 6379
348 #rc_cache.cache_general.arguments.db = 0
349 #rc_cache.cache_general.arguments.socket_timeout = 30
350 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
351 #rc_cache.cache_general.arguments.distributed_lock = true
352
353 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
354 #rc_cache.cache_general.arguments.lock_auto_renewal = true
355
356 ; *************************************************
357 ; `cache_perms` cache for permission tree, auth TTL
358 ; for simplicity use rc.file_namespace backend,
359 ; for performance and scale use rc.redis
360 ; *************************************************
361 rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
362 rc_cache.cache_perms.expiration_time = 3600
363 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
364 #rc_cache.cache_perms.arguments.filename = /tmp/cache_perms_db
365
366 ; alternative `cache_perms` redis backend with distributed lock
367 #rc_cache.cache_perms.backend = dogpile.cache.rc.redis
368 #rc_cache.cache_perms.expiration_time = 300
369
370 ; redis_expiration_time needs to be greater then expiration_time
371 #rc_cache.cache_perms.arguments.redis_expiration_time = 7200
372
373 #rc_cache.cache_perms.arguments.host = localhost
374 #rc_cache.cache_perms.arguments.port = 6379
375 #rc_cache.cache_perms.arguments.db = 0
376 #rc_cache.cache_perms.arguments.socket_timeout = 30
377 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
378 #rc_cache.cache_perms.arguments.distributed_lock = true
379
380 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
381 #rc_cache.cache_perms.arguments.lock_auto_renewal = true
382
383 ; ***************************************************
384 ; `cache_repo` cache for file tree, Readme, RSS FEEDS
385 ; for simplicity use rc.file_namespace backend,
386 ; for performance and scale use rc.redis
387 ; ***************************************************
388 rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
389 rc_cache.cache_repo.expiration_time = 2592000
390 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
391 #rc_cache.cache_repo.arguments.filename = /tmp/cache_repo_db
392
393 ; alternative `cache_repo` redis backend with distributed lock
394 #rc_cache.cache_repo.backend = dogpile.cache.rc.redis
395 #rc_cache.cache_repo.expiration_time = 2592000
396
397 ; redis_expiration_time needs to be greater then expiration_time
398 #rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
399
400 #rc_cache.cache_repo.arguments.host = localhost
401 #rc_cache.cache_repo.arguments.port = 6379
402 #rc_cache.cache_repo.arguments.db = 1
403 #rc_cache.cache_repo.arguments.socket_timeout = 30
404 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
405 #rc_cache.cache_repo.arguments.distributed_lock = true
406
407 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
408 #rc_cache.cache_repo.arguments.lock_auto_renewal = true
409
410 ; ##############
411 ; BEAKER SESSION
412 ; ##############
413
414 ; beaker.session.type is type of storage options for the logged users sessions. Current allowed
415 ; types are file, ext:redis, ext:database, ext:memcached
416 ; Fastest ones are ext:redis and ext:database, DO NOT use memory type for session
417 #beaker.session.type = file
418 #beaker.session.data_dir = %(here)s/data/sessions
419
420 ; Redis based sessions
421 beaker.session.type = ext:redis
422 beaker.session.url = redis://redis:6379/2
423
424 ; DB based session, fast, and allows easy management over logged in users
425 #beaker.session.type = ext:database
426 #beaker.session.table_name = db_session
427 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
428 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
429 #beaker.session.sa.pool_recycle = 3600
430 #beaker.session.sa.echo = false
431
432 beaker.session.key = rhodecode
433 beaker.session.secret = production-rc-uytcxaz
434 beaker.session.lock_dir = /data_ramdisk/lock
435
436 ; Secure encrypted cookie. Requires AES and AES python libraries
437 ; you must disable beaker.session.secret to use this
438 #beaker.session.encrypt_key = key_for_encryption
439 #beaker.session.validate_key = validation_key
440
441 ; Sets session as invalid (also logging out user) if it haven not been
442 ; accessed for given amount of time in seconds
443 beaker.session.timeout = 2592000
444 beaker.session.httponly = true
445
446 ; Path to use for the cookie. Set to prefix if you use prefix middleware
447 #beaker.session.cookie_path = /custom_prefix
448
449 ; Set https secure cookie
450 beaker.session.secure = false
451
452 ; default cookie expiration time in seconds, set to `true` to set expire
453 ; at browser close
454 #beaker.session.cookie_expires = 3600
455
456 ; #############################
457 ; SEARCH INDEXING CONFIGURATION
458 ; #############################
459
460 ; Full text search indexer is available in rhodecode-tools under
461 ; `rhodecode-tools index` command
462
463 ; WHOOSH Backend, doesn't require additional services to run
464 ; it works good with few dozen repos
465 search.module = rhodecode.lib.index.whoosh
466 search.location = /var/opt/rhodecode_data/index
467
468 ; ElasticSearch (EE edition only). Requires Elastic Search cluster
469 ; to be installed, and running. Recommended for large amount of repositories
470 #search.module = rc_elasticsearch
471 #search.location = http://elasticsearch:9200
472 ; specify Elastic Search version, 6 for latest or 2 for legacy
473 #search.es_version = 6
474
475 ; ####################
476 ; CHANNELSTREAM CONFIG
477 ; ####################
478
479 ; channelstream enables persistent connections and live notification
480 ; in the system. It's also used by the chat system
481
482 channelstream.enabled = true
483
484 ; server address for channelstream server on the backend
485 channelstream.server = channelstream:9800
486
487 ; location of the channelstream server from outside world
488 ; use ws:// for http or wss:// for https. This address needs to be handled
489 ; by external HTTP server such as Nginx or Apache
490 ; see Nginx/Apache configuration examples in our docs
491 channelstream.ws_url = ws://localhost:8888/_channelstream
492 channelstream.secret = ENV_GENERATED
493 channelstream.history.location = /var/opt/rhodecode_data/channelstream_history
494
495 ; Internal application path that Javascript uses to connect into.
496 ; If you use proxy-prefix the prefix should be added before /_channelstream
497 channelstream.proxy_path = /_channelstream
498
499 ; Live chat for commits/pull requests. Requires CHANNELSTREAM to be enabled
500 ; and configured. (EE edition only)
501 chat.enabled = true
502
503
504 ; ##############################
505 ; MAIN RHODECODE DATABASE CONFIG
506 ; ##############################
507
508 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
509 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
510 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode?charset=utf8
511 ; pymysql is an alternative driver for MySQL, use in case of problems with default one
512 #sqlalchemy.db1.url = mysql+pymysql://root:qweqwe@localhost/rhodecode
513
514 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
515
516 ; see sqlalchemy docs for other advanced settings
517 ; print the sql statements to output
518 sqlalchemy.db1.echo = false
519
520 ; recycle the connections after this amount of seconds
521 sqlalchemy.db1.pool_recycle = 3600
522 sqlalchemy.db1.convert_unicode = true
523
524 ; the number of connections to keep open inside the connection pool.
525 ; 0 indicates no limit
526 ; the general calculus with gevent is:
527 ; if your system allows 500 concurrent greenlets (max_connections) that all do database access,
528 ; then increase pool size + max overflow so that they add up to 500.
529 #sqlalchemy.db1.pool_size = 5
530
531 ; The number of connections to allow in connection pool "overflow", that is
532 ; connections that can be opened above and beyond the pool_size setting,
533 ; which defaults to five.
534 #sqlalchemy.db1.max_overflow = 10
535
536 ; Connection check ping, used to detect broken database connections
537 ; could be enabled to better handle cases if MySQL has gone away errors
538 #sqlalchemy.db1.ping_connection = true
539
540 ; ##########
541 ; VCS CONFIG
542 ; ##########
543 vcs.server.enable = true
544 vcs.server = vcsserver:10010
545
546 ; Web server connectivity protocol, responsible for web based VCS operations
547 ; Available protocols are:
548 ; `http` - use http-rpc backend (default)
549 vcs.server.protocol = http
550
551 ; Push/Pull operations protocol, available options are:
552 ; `http` - use http-rpc backend (default)
553 vcs.scm_app_implementation = http
554
555 ; Push/Pull operations hooks protocol, available options are:
556 ; `http` - use http-rpc backend (default)
557 vcs.hooks.protocol = http
558
559 ; Host on which this instance is listening for hooks. vcsserver will call this host to pull/push hooks so it should be
560 ; accessible via network.
561 ; Use vcs.hooks.host = "*" to bind to current hostname (for Docker)
562 vcs.hooks.host = *
563
564 ; Start VCSServer with this instance as a subprocess, useful for development
565 vcs.start_server = false
566
567 ; List of enabled VCS backends, available options are:
568 ; `hg` - mercurial
569 ; `git` - git
570 ; `svn` - subversion
571 vcs.backends = hg, git, svn
572
573 ; Wait this number of seconds before killing connection to the vcsserver
574 vcs.connection_timeout = 3600
575
576 ; Cache flag to cache vcsserver remote calls locally
577 ; It uses cache_region `cache_repo`
578 vcs.methods.cache = true
579
580 ; ####################################################
581 ; Subversion proxy support (mod_dav_svn)
582 ; Maps RhodeCode repo groups into SVN paths for Apache
583 ; ####################################################
584
585 ; Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
586 ; Set a numeric version for your current SVN e.g 1.8, or 1.12
587 ; Legacy available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible, pre-1.9-compatible
588 #vcs.svn.compatible_version = 1.8
589
590 ; Enable SVN proxy of requests over HTTP
591 vcs.svn.proxy.enabled = true
592
593 ; host to connect to running SVN subsystem
594 vcs.svn.proxy.host = http://svn:8090
595
596 ; Enable or disable the config file generation.
597 svn.proxy.generate_config = true
598
599 ; Generate config file with `SVNListParentPath` set to `On`.
600 svn.proxy.list_parent_path = true
601
602 ; Set location and file name of generated config file.
603 svn.proxy.config_file_path = /etc/rhodecode/conf/svn/mod_dav_svn.conf
604
605 ; alternative mod_dav config template. This needs to be a valid mako template
606 ; Example template can be found in the source code:
607 ; rhodecode/apps/svn_support/templates/mod-dav-svn.conf.mako
608 #svn.proxy.config_template = ~/.rccontrol/enterprise-1/custom_svn_conf.mako
609
610 ; Used as a prefix to the `Location` block in the generated config file.
611 ; In most cases it should be set to `/`.
612 svn.proxy.location_root = /
613
614 ; Command to reload the mod dav svn configuration on change.
615 ; Example: `/etc/init.d/apache2 reload` or /home/USER/apache_reload.sh
616 ; Make sure user who runs RhodeCode process is allowed to reload Apache
617 #svn.proxy.reload_cmd = /etc/init.d/apache2 reload
618
619 ; If the timeout expires before the reload command finishes, the command will
620 ; be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
621 #svn.proxy.reload_timeout = 10
622
623 ; ####################
624 ; SSH Support Settings
625 ; ####################
626
627 ; Defines if a custom authorized_keys file should be created and written on
628 ; any change user ssh keys. Setting this to false also disables possibility
629 ; of adding SSH keys by users from web interface. Super admins can still
630 ; manage SSH Keys.
631 ssh.generate_authorized_keyfile = true
632
633 ; Options for ssh, default is `no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding`
634 # ssh.authorized_keys_ssh_opts =
635
636 ; Path to the authorized_keys file where the generate entries are placed.
637 ; It is possible to have multiple key files specified in `sshd_config` e.g.
638 ; AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_rhodecode
639 ssh.authorized_keys_file_path = /etc/rhodecode/conf/ssh/authorized_keys_rhodecode
640
641 ; Command to execute the SSH wrapper. The binary is available in the
642 ; RhodeCode installation directory.
643 ; e.g /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
644 ssh.wrapper_cmd = /usr/local/bin/rhodecode_bin/bin/rc-ssh-wrapper
645
646 ; Allow shell when executing the ssh-wrapper command
647 ssh.wrapper_cmd_allow_shell = false
648
649 ; Enables logging, and detailed output send back to the client during SSH
650 ; operations. Useful for debugging, shouldn't be used in production.
651 ssh.enable_debug_logging = false
652
653 ; Paths to binary executable, by default they are the names, but we can
654 ; override them if we want to use a custom one
655 ssh.executable.hg = /usr/local/bin/rhodecode_bin/vcs_bin/hg
656 ssh.executable.git = /usr/local/bin/rhodecode_bin/vcs_bin/git
657 ssh.executable.svn = /usr/local/bin/rhodecode_bin/vcs_bin/svnserve
658
659 ; Enables SSH key generator web interface. Disabling this still allows users
660 ; to add their own keys.
661 ssh.enable_ui_key_generator = true
662
663 ; Statsd client config, this is used to send metrics to statsd
664 ; We recommend setting statsd_exported and scrape them using Prometheus
665 statsd.enabled = true
666 statsd.statsd_host = statsd-exporter
667 statsd.statsd_port = 9125
668 #statsd.statsd_prefix =
669 #statsd.statsd_ipv6 = false
670
671 ; configure logging automatically at server startup set to false
672 ; to use the below custom logging config.
673 ; RC_LOGGING_FORMATTER
674 ; RC_LOGGING_LEVEL
675 ; env variables can control the settings for logging in case of autoconfigure
676
677 #logging.autoconfigure = true
678
679 ; specify your own custom logging config file to configure logging
680 #logging.logging_conf_file = /path/to/custom_logging.ini
681
682 ; Dummy marker to add new entries after.
683 ; Add any custom entries below. Please don't remove this marker.
684 custom.conf = 1
685
686
687 ; #####################
688 ; LOGGING CONFIGURATION
689 ; #####################
690
691 [loggers]
692 keys = root, sqlalchemy, beaker, celery, rhodecode, ssh_wrapper
693
694 [handlers]
695 keys = console, console_sql
696
697 [formatters]
698 keys = generic, json, color_formatter, color_formatter_sql
699
700 ; #######
701 ; LOGGERS
702 ; #######
703 [logger_root]
704 level = NOTSET
705 handlers = console
706
707 [logger_sqlalchemy]
708 level = INFO
709 handlers = console_sql
710 qualname = sqlalchemy.engine
711 propagate = 0
712
713 [logger_beaker]
714 level = DEBUG
715 handlers =
716 qualname = beaker.container
717 propagate = 1
718
719 [logger_rhodecode]
720 level = DEBUG
721 handlers =
722 qualname = rhodecode
723 propagate = 1
724
725 [logger_ssh_wrapper]
726 level = DEBUG
727 handlers =
728 qualname = ssh_wrapper
729 propagate = 1
730
731 [logger_celery]
732 level = DEBUG
733 handlers =
734 qualname = celery
735
736
737 ; ########
738 ; HANDLERS
739 ; ########
740
741 [handler_console]
742 class = StreamHandler
743 args = (sys.stderr, )
744 level = INFO
745 ; To enable JSON formatted logs replace 'generic/color_formatter' with 'json'
746 ; This allows sending properly formatted logs to grafana loki or elasticsearch
747 formatter = json
748
749 [handler_console_sql]
750 ; "level = DEBUG" logs SQL queries and results.
751 ; "level = INFO" logs SQL queries.
752 ; "level = WARN" logs neither. (Recommended for production systems.)
753 class = StreamHandler
754 args = (sys.stderr, )
755 level = WARN
756 ; To enable JSON formatted logs replace 'generic/color_formatter_sql' with 'json'
757 ; This allows sending properly formatted logs to grafana loki or elasticsearch
758 formatter = json
759
760 ; ##########
761 ; FORMATTERS
762 ; ##########
763
764 [formatter_generic]
765 class = rhodecode.lib.logging_formatter.ExceptionAwareFormatter
766 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
767 datefmt = %Y-%m-%d %H:%M:%S
768
769 [formatter_color_formatter]
770 class = rhodecode.lib.logging_formatter.ColorFormatter
771 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
772 datefmt = %Y-%m-%d %H:%M:%S
773
774 [formatter_color_formatter_sql]
775 class = rhodecode.lib.logging_formatter.ColorFormatterSql
776 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
777 datefmt = %Y-%m-%d %H:%M:%S
778
779 [formatter_json]
780 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
781 class = rhodecode.lib._vendor.jsonlogger.JsonFormatter
Show file before | Show file after | Hide comments
@@ -0,0 +1,166 b''
1
2 ; #################################
3 ; RHODECODE VCSSERVER CONFIGURATION
4 ; #################################
5
6 [server:main]
7 ; COMMON HOST/IP CONFIG
8 host = 0.0.0.0
9 port = 10010
10
11
12 ; ###########################
13 ; GUNICORN APPLICATION SERVER
14 ; ###########################
15
16 ; run with gunicorn --paste rhodecode.ini
17
18 ; Module to use, this setting shouldn't be changed
19 use = egg:gunicorn#main
20
21 [app:main]
22 ; The %(here)s variable will be replaced with the absolute path of parent directory
23 ; of this file
24 ; Each option in the app:main can be override by an environmental variable
25 ;
26 ;To override an option:
27 ;
28 ;RC_<KeyName>
29 ;Everything should be uppercase, . and - should be replaced by _.
30 ;For example, if you have these configuration settings:
31 ;rc_cache.repo_object.backend = foo
32 ;can be overridden by
33 ;export RC_CACHE_REPO_OBJECT_BACKEND=foo
34
35 use = egg:rhodecode-vcsserver
36
37 ; Pyramid default locales, we need this to be set
38 #pyramid.default_locale_name = en
39
40 ; default locale used by VCS systems
41 #locale = en_US.UTF-8
42
43 ; path to binaries (hg,git,svn) for vcsserver, it should be set by the installer
44 ; at installation time, e.g /home/user/.rccontrol/vcsserver-1/profile/bin
45 ; or /usr/local/bin/rhodecode_bin/vcs_bin
46 core.binary_dir = /usr/local/bin/rhodecode_bin/vcs_bin
47
48 ; Custom exception store path, defaults to TMPDIR
49 ; This is used to store exception from RhodeCode in shared directory
50 #exception_tracker.store_path =
51
52 ; #############
53 ; DOGPILE CACHE
54 ; #############
55
56 ; Default cache dir for caches. Putting this into a ramdisk can boost performance.
57 ; eg. /tmpfs/data_ramdisk, however this directory might require large amount of space
58 cache_dir = /var/opt/rhodecode_data
59
60 ; ***************************************
61 ; `repo_object` cache, default file based
62 ; ***************************************
63
64 ; `repo_object` cache settings for vcs methods for repositories
65 #rc_cache.repo_object.backend = dogpile.cache.rc.file_namespace
66
67 ; cache auto-expires after N seconds
68 ; Examples: 86400 (1Day), 604800 (7Days), 1209600 (14Days), 2592000 (30days), 7776000 (90Days)
69 #rc_cache.repo_object.expiration_time = 2592000
70
71 ; file cache store path. Defaults to `cache_dir =` value or tempdir if both values are not set
72 #rc_cache.repo_object.arguments.filename = /tmp/vcsserver_cache_repo_object.db
73
74 ; ***********************************************************
75 ; `repo_object` cache with redis backend
76 ; recommended for larger instance, and for better performance
77 ; ***********************************************************
78
79 ; `repo_object` cache settings for vcs methods for repositories
80 rc_cache.repo_object.backend = dogpile.cache.rc.redis_msgpack
81
82 ; cache auto-expires after N seconds
83 ; Examples: 86400 (1Day), 604800 (7Days), 1209600 (14Days), 2592000 (30days), 7776000 (90Days)
84 rc_cache.repo_object.expiration_time = 2592000
85
86 ; redis_expiration_time needs to be greater then expiration_time
87 rc_cache.repo_object.arguments.redis_expiration_time = 3592000
88
89 rc_cache.repo_object.arguments.host = redis
90 rc_cache.repo_object.arguments.port = 6379
91 rc_cache.repo_object.arguments.db = 5
92 rc_cache.repo_object.arguments.socket_timeout = 30
93 ; more Redis options: https://dogpilecache.sqlalchemy.org/en/latest/api.html#redis-backends
94 #rc_cache.repo_object.arguments.distributed_lock = true
95
96 ; auto-renew lock to prevent stale locks, slower but safer. Use only if problems happen
97 #rc_cache.repo_object.arguments.lock_auto_renewal = true
98
99 ; Statsd client config, this is used to send metrics to statsd
100 ; We recommend setting statsd_exported and scrape them using Promethues
101 statsd.enabled = true
102 statsd.statsd_host = statsd-exporter
103 statsd.statsd_port = 9125
104 #statsd.statsd_prefix =
105 #statsd.statsd_ipv6 = false
106
107 ; configure logging automatically at server startup set to false
108 ; to use the below custom logging config.
109 ; RC_LOGGING_FORMATTER
110 ; RC_LOGGING_LEVEL
111 ; env variables can control the settings for logging in case of autoconfigure
112
113 #logging.autoconfigure = true
114
115 ; specify your own custom logging config file to configure logging
116 #logging.logging_conf_file = /path/to/custom_logging.ini
117
118 ; #####################
119 ; LOGGING CONFIGURATION
120 ; #####################
121
122 [loggers]
123 keys = root, vcsserver
124
125 [handlers]
126 keys = console
127
128 [formatters]
129 keys = generic, json
130
131 ; #######
132 ; LOGGERS
133 ; #######
134 [logger_root]
135 level = NOTSET
136 handlers = console
137
138 [logger_vcsserver]
139 level = INFO
140 handlers =
141 qualname = vcsserver
142 propagate = 1
143
144 ; ########
145 ; HANDLERS
146 ; ########
147
148 [handler_console]
149 class = StreamHandler
150 args = (sys.stderr, )
151 level = INFO
152 ; To enable JSON formatted logs replace 'generic' with 'json'
153 ; This allows sending properly formatted logs to grafana loki or elasticsearch
154 formatter = json
155
156 ; ##########
157 ; FORMATTERS
158 ; ##########
159
160 [formatter_generic]
161 format = %(asctime)s.%(msecs)03d [%(process)d] %(levelname)-5.5s [%(name)s] %(message)s
162 datefmt = %Y-%m-%d %H:%M:%S
163
164 [formatter_json]
165 format = %(timestamp)s %(levelname)s %(name)s %(message)s %(req_id)s
166 class = vcsserver.lib._vendor.jsonlogger.JsonFormatter
Show file before | Show file after | Hide comments
@@ -0,0 +1,1 b''
1 5.1 No newline at end of file
General Comments 0
You need to be logged in to leave comments. Login now