production.ini
587 lines
| 19.7 KiB
| text/x-ini
|
IniLexer
/ configs / production.ini
r1 | ################################################################################ | |||
################################################################################ | ||||
# RhodeCode Enterprise - configuration file # | ||||
# Built-in functions and variables # | ||||
# The %(here)s variable will be replaced with the parent directory of this file# | ||||
# # | ||||
################################################################################ | ||||
[DEFAULT] | ||||
debug = true | ||||
################################################################################ | ||||
## Uncomment and replace with the email address which should receive ## | ||||
## any error reports after an application crash ## | ||||
## Additionally these settings will be used by the RhodeCode mailing system ## | ||||
################################################################################ | ||||
#email_to = admin@localhost | ||||
#error_email_from = paste_error@localhost | ||||
#app_email_from = rhodecode-noreply@localhost | ||||
#error_message = | ||||
#email_prefix = [RhodeCode] | ||||
#smtp_server = mail.server.com | ||||
#smtp_username = | ||||
#smtp_password = | ||||
#smtp_port = | ||||
#smtp_use_tls = false | ||||
#smtp_use_ssl = true | ||||
## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.) | ||||
#smtp_auth = | ||||
[server:main] | ||||
## COMMON ## | ||||
host = 127.0.0.1 | ||||
port = 5000 | ||||
r122 | ################################## | |||
## WAITRESS WSGI SERVER ## | ||||
## Recommended for Development ## | ||||
################################## | ||||
#use = egg:waitress#main | ||||
r1 | ## number of worker threads | |||
r123 | #threads = 5 | |||
r1 | ## MAX BODY SIZE 100GB | |||
r122 | #max_request_body_size = 107374182400 | |||
r1 | ## Use poll instead of select, fixes file descriptors limits problems. | |||
## May not work on old windows systems. | ||||
r122 | #asyncore_use_poll = true | |||
r1 | ||||
########################## | ||||
## GUNICORN WSGI SERVER ## | ||||
########################## | ||||
## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini> | ||||
r122 | use = egg:gunicorn#main | |||
r1 | ## Sets the number of process workers. You must set `instance_id = *` | |||
## when this option is set to more than one worker, recommended | ||||
## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers | ||||
## The `instance_id = *` must be set in the [app:main] section below | ||||
r122 | workers = 2 | |||
r1 | ## number of threads for each of the worker, must be set to 1 for gevent | |||
## generally recommened to be at 1 | ||||
#threads = 1 | ||||
## process name | ||||
r122 | proc_name = rhodecode | |||
r1 | ## type of worker class, one of sync, gevent | |||
## recommended for bigger setup is using of of other than sync one | ||||
r122 | worker_class = sync | |||
r11 | ## The maximum number of simultaneous clients. Valid only for Gevent | |||
#worker_connections = 10 | ||||
r1 | ## max number of requests that worker will handle before being gracefully | |||
## restarted, could prevent memory leaks | ||||
r122 | max_requests = 1000 | |||
max_requests_jitter = 30 | ||||
r125 | ## amount of time a worker can spend with handling a request before it | |||
r1 | ## gets killed and restarted. Set to 6hrs | |||
r122 | timeout = 21600 | |||
r1 | ||||
## prefix middleware for RhodeCode, disables force_https flag. | ||||
## allows to set RhodeCode under a prefix in server. | ||||
## eg https://server.com/<prefix>. Enable `filter-with =` option below as well. | ||||
#[filter:proxy-prefix] | ||||
#use = egg:PasteDeploy#prefix | ||||
#prefix = /<your-prefix> | ||||
[app:main] | ||||
use = egg:rhodecode-enterprise-ce | ||||
## enable proxy prefix middleware, defined below | ||||
#filter-with = proxy-prefix | ||||
r269 | ## encryption key used to encrypt social plugin tokens, | |||
## remote_urls with credentials etc, if not set it defaults to | ||||
## `beaker.session.secret` | ||||
#rhodecode.encrypted_values.secret = | ||||
r281 | ## decryption strict mode (enabled by default). It controls if decryption raises | |||
## `SignatureVerificationError` in case of wrong key, or damaged encryption data. | ||||
#rhodecode.encrypted_values.strict = false | ||||
r1 | full_stack = true | |||
## Serve static files via RhodeCode, disable to serve them via HTTP server | ||||
static_files = true | ||||
r269 | # autogenerate javascript routes file on startup | |||
generate_js_files = false | ||||
r1 | ## Optional Languages | |||
## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh | ||||
lang = en | ||||
## perform a full repository scan on each server start, this should be | ||||
## set to false after first startup, to allow faster server restarts. | ||||
startup.import_repos = false | ||||
## Uncomment and set this path to use archive download cache. | ||||
## Once enabled, generated archives will be cached at this location | ||||
## and served from the cache during subsequent requests for the same archive of | ||||
## the repository. | ||||
#archive_cache_dir = /tmp/tarballcache | ||||
## change this to unique ID for security | ||||
app_instance_uuid = rc-production | ||||
## cut off limit for large diffs (size in bytes) | ||||
cut_off_limit_diff = 1024000 | ||||
cut_off_limit_file = 256000 | ||||
## use cache version of scm repo everywhere | ||||
vcs_full_cache = true | ||||
## force https in RhodeCode, fixes https redirects, assumes it's always https | ||||
## Normally this is controlled by proper http flags sent from http server | ||||
force_https = false | ||||
## use Strict-Transport-Security headers | ||||
use_htsts = false | ||||
## number of commits stats will parse on each iteration | ||||
commit_parse_limit = 25 | ||||
## git rev filter option, --all is the default filter, if you need to | ||||
## hide all refs in changelog switch this to --branches --tags | ||||
git_rev_filter = --branches --tags | ||||
# Set to true if your repos are exposed using the dumb protocol | ||||
git_update_server_info = false | ||||
## RSS/ATOM feed options | ||||
rss_cut_off_limit = 256000 | ||||
rss_items_per_page = 10 | ||||
rss_include_diff = false | ||||
## gist URL alias, used to create nicer urls for gist. This should be an | ||||
## url that does rewrites to _admin/gists/<gistid>. | ||||
## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal | ||||
## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid> | ||||
gist_alias_url = | ||||
## List of controllers (using glob pattern syntax) that AUTH TOKENS could be | ||||
## used for access. | ||||
## Adding ?auth_token = <token> to the url authenticates this request as if it | ||||
## came from the the logged in user who own this authentication token. | ||||
## | ||||
## Syntax is <ControllerClass>:<function_pattern>. | ||||
## To enable access to raw_files put `FilesController:raw`. | ||||
## To enable access to patches add `ChangesetController:changeset_patch`. | ||||
## The list should be "," separated and on a single line. | ||||
## | ||||
## Recommended controllers to enable: | ||||
# ChangesetController:changeset_patch, | ||||
# ChangesetController:changeset_raw, | ||||
# FilesController:raw, | ||||
# FilesController:archivefile, | ||||
# GistsController:*, | ||||
api_access_controllers_whitelist = | ||||
## default encoding used to convert from and to unicode | ||||
## can be also a comma separated list of encoding in case of mixed encodings | ||||
default_encoding = UTF-8 | ||||
## instance-id prefix | ||||
## a prefix key for this instance used for cache invalidation when running | ||||
## multiple instances of rhodecode, make sure it's globally unique for | ||||
## all running rhodecode instances. Leave empty if you don't use it | ||||
instance_id = | ||||
r65 | ## Fallback authentication plugin. Set this to a plugin ID to force the usage | |||
## of an authentication plugin also if it is disabled by it's settings. | ||||
## This could be useful if you are unable to log in to the system due to broken | ||||
## authentication settings. Then you can enable e.g. the internal rhodecode auth | ||||
## module to log in again and fix the settings. | ||||
## | ||||
## Available builtin plugin IDs (hash is part of the ID): | ||||
## egg:rhodecode-enterprise-ce#rhodecode | ||||
## egg:rhodecode-enterprise-ce#pam | ||||
## egg:rhodecode-enterprise-ce#ldap | ||||
## egg:rhodecode-enterprise-ce#jasig_cas | ||||
## egg:rhodecode-enterprise-ce#headers | ||||
## egg:rhodecode-enterprise-ce#crowd | ||||
#rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode | ||||
r1 | ## alternative return HTTP header for failed authentication. Default HTTP | |||
## response is 401 HTTPUnauthorized. Currently HG clients have troubles with | ||||
## handling that causing a series of failed authentication calls. | ||||
## Set this variable to 403 to return HTTPForbidden, or any other HTTP code | ||||
## This will be served instead of default 401 on bad authnetication | ||||
auth_ret_code = | ||||
## use special detection method when serving auth_ret_code, instead of serving | ||||
## ret_code directly, use 401 initially (Which triggers credentials prompt) | ||||
## and then serve auth_ret_code to clients | ||||
auth_ret_code_detection = false | ||||
## locking return code. When repository is locked return this HTTP code. 2XX | ||||
## codes don't break the transactions while 4XX codes do | ||||
lock_ret_code = 423 | ||||
## allows to change the repository location in settings page | ||||
allow_repo_location_change = true | ||||
## allows to setup custom hooks in settings page | ||||
allow_custom_hooks_settings = true | ||||
## generated license token, goto license page in RhodeCode settings to obtain | ||||
## new token | ||||
license_token = | ||||
## supervisor connection uri, for managing supervisor and logs. | ||||
supervisor.uri = | ||||
## supervisord group name/id we only want this RC instance to handle | ||||
supervisor.group_id = prod | ||||
## Display extended labs settings | ||||
labs_settings_active = true | ||||
#################################### | ||||
### CELERY CONFIG #### | ||||
#################################### | ||||
use_celery = false | ||||
broker.host = localhost | ||||
broker.vhost = rabbitmqhost | ||||
broker.port = 5672 | ||||
broker.user = rabbitmq | ||||
broker.password = qweqwe | ||||
celery.imports = rhodecode.lib.celerylib.tasks | ||||
celery.result.backend = amqp | ||||
celery.result.dburi = amqp:// | ||||
celery.result.serialier = json | ||||
#celery.send.task.error.emails = true | ||||
#celery.amqp.task.result.expires = 18000 | ||||
celeryd.concurrency = 2 | ||||
#celeryd.log.file = celeryd.log | ||||
celeryd.log.level = debug | ||||
celeryd.max.tasks.per.child = 1 | ||||
## tasks will never be sent to the queue, but executed locally instead. | ||||
celery.always.eager = false | ||||
#################################### | ||||
### BEAKER CACHE #### | ||||
#################################### | ||||
# default cache dir for templates. Putting this into a ramdisk | ||||
## can boost performance, eg. %(here)s/data_ramdisk | ||||
cache_dir = %(here)s/data | ||||
## locking and default file storage for Beaker. Putting this into a ramdisk | ||||
## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data | ||||
beaker.cache.data_dir = %(here)s/data/cache/beaker_data | ||||
beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock | ||||
beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long | ||||
beaker.cache.super_short_term.type = memory | ||||
beaker.cache.super_short_term.expire = 10 | ||||
beaker.cache.super_short_term.key_length = 256 | ||||
beaker.cache.short_term.type = memory | ||||
beaker.cache.short_term.expire = 60 | ||||
beaker.cache.short_term.key_length = 256 | ||||
beaker.cache.long_term.type = memory | ||||
beaker.cache.long_term.expire = 36000 | ||||
beaker.cache.long_term.key_length = 256 | ||||
beaker.cache.sql_cache_short.type = memory | ||||
beaker.cache.sql_cache_short.expire = 10 | ||||
beaker.cache.sql_cache_short.key_length = 256 | ||||
# default is memory cache, configure only if required | ||||
# using multi-node or multi-worker setup | ||||
#beaker.cache.auth_plugins.type = ext:database | ||||
#beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock | ||||
#beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode | ||||
#beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode | ||||
#beaker.cache.auth_plugins.sa.pool_recycle = 3600 | ||||
#beaker.cache.auth_plugins.sa.pool_size = 10 | ||||
#beaker.cache.auth_plugins.sa.max_overflow = 0 | ||||
beaker.cache.repo_cache_long.type = memorylru_base | ||||
beaker.cache.repo_cache_long.max_items = 4096 | ||||
beaker.cache.repo_cache_long.expire = 2592000 | ||||
# default is memorylru_base cache, configure only if required | ||||
# using multi-node or multi-worker setup | ||||
#beaker.cache.repo_cache_long.type = ext:memcached | ||||
#beaker.cache.repo_cache_long.url = localhost:11211 | ||||
#beaker.cache.repo_cache_long.expire = 1209600 | ||||
#beaker.cache.repo_cache_long.key_length = 256 | ||||
#################################### | ||||
### BEAKER SESSION #### | ||||
#################################### | ||||
## .session.type is type of storage options for the session, current allowed | ||||
r122 | ## types are file, ext:memcached, ext:database, and memory (default). | |||
r14 | beaker.session.type = file | |||
beaker.session.data_dir = %(here)s/data/sessions/data | ||||
r1 | ||||
## db based session, fast, and allows easy management over logged in users ## | ||||
#beaker.session.type = ext:database | ||||
#beaker.session.table_name = db_session | ||||
#beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode | ||||
#beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode | ||||
#beaker.session.sa.pool_recycle = 3600 | ||||
#beaker.session.sa.echo = false | ||||
beaker.session.key = rhodecode | ||||
beaker.session.secret = production-rc-uytcxaz | ||||
r122 | beaker.session.lock_dir = %(here)s/data/sessions/lock | |||
r1 | ||||
## Secure encrypted cookie. Requires AES and AES python libraries | ||||
## you must disable beaker.session.secret to use this | ||||
#beaker.session.encrypt_key = <key_for_encryption> | ||||
#beaker.session.validate_key = <validation_key> | ||||
## sets session as invalid(also logging out user) if it haven not been | ||||
## accessed for given amount of time in seconds | ||||
beaker.session.timeout = 2592000 | ||||
beaker.session.httponly = true | ||||
#beaker.session.cookie_path = /<your-prefix> | ||||
## uncomment for https secure cookie | ||||
beaker.session.secure = false | ||||
## auto save the session to not to use .save() | ||||
beaker.session.auto = false | ||||
## default cookie expiration time in seconds, set to `true` to set expire | ||||
## at browser close | ||||
#beaker.session.cookie_expires = 3600 | ||||
################################### | ||||
## SEARCH INDEXING CONFIGURATION ## | ||||
################################### | ||||
r124 | ## Full text search indexer is available in rhodecode-tools under | |||
## `rhodecode-tools index` command | ||||
r1 | ||||
r124 | # WHOOSH Backend, doesn't require additional services to run | |||
# it works good with few dozen repos | ||||
r1 | search.module = rhodecode.lib.index.whoosh | |||
search.location = %(here)s/data/index | ||||
################################### | ||||
r124 | ## APPENLIGHT CONFIG ## | |||
r1 | ################################### | |||
## Appenlight is tailored to work with RhodeCode, see | ||||
## http://appenlight.com for details how to obtain an account | ||||
## appenlight integration enabled | ||||
appenlight = false | ||||
appenlight.server_url = https://api.appenlight.com | ||||
appenlight.api_key = YOUR_API_KEY | ||||
r122 | #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5 | |||
r1 | ||||
# used for JS client | ||||
appenlight.api_public_key = YOUR_API_PUBLIC_KEY | ||||
## TWEAK AMOUNT OF INFO SENT HERE | ||||
## enables 404 error logging (default False) | ||||
appenlight.report_404 = false | ||||
## time in seconds after request is considered being slow (default 1) | ||||
appenlight.slow_request_time = 1 | ||||
## record slow requests in application | ||||
## (needs to be enabled for slow datastore recording and time tracking) | ||||
appenlight.slow_requests = true | ||||
## enable hooking to application loggers | ||||
appenlight.logging = true | ||||
## minimum log level for log capture | ||||
appenlight.logging.level = WARNING | ||||
## send logs only from erroneous/slow requests | ||||
## (saves API quota for intensive logging) | ||||
appenlight.logging_on_error = false | ||||
## list of additonal keywords that should be grabbed from environ object | ||||
## can be string with comma separated list of words in lowercase | ||||
## (by default client will always send following info: | ||||
## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that | ||||
## start with HTTP* this list be extended with additional keywords here | ||||
appenlight.environ_keys_whitelist = | ||||
## list of keywords that should be blanked from request object | ||||
## can be string with comma separated list of words in lowercase | ||||
## (by default client will always blank keys that contain following words | ||||
## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf' | ||||
## this list be extended with additional keywords set here | ||||
appenlight.request_keys_blacklist = | ||||
## list of namespaces that should be ignores when gathering log entries | ||||
## can be string with comma separated list of namespaces | ||||
## (by default the client ignores own entries: appenlight_client.client) | ||||
appenlight.log_namespace_blacklist = | ||||
################################################################################ | ||||
## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ## | ||||
## Debug mode will enable the interactive debugging tool, allowing ANYONE to ## | ||||
## execute malicious code after an exception is raised. ## | ||||
################################################################################ | ||||
set debug = false | ||||
######################################################### | ||||
### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ### | ||||
######################################################### | ||||
#sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30 | ||||
sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode | ||||
#sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode | ||||
# see sqlalchemy docs for other advanced settings | ||||
## print the sql statements to output | ||||
sqlalchemy.db1.echo = false | ||||
## recycle the connections after this ammount of seconds | ||||
sqlalchemy.db1.pool_recycle = 3600 | ||||
sqlalchemy.db1.convert_unicode = true | ||||
## the number of connections to keep open inside the connection pool. | ||||
## 0 indicates no limit | ||||
#sqlalchemy.db1.pool_size = 5 | ||||
## the number of connections to allow in connection pool "overflow", that is | ||||
## connections that can be opened above and beyond the pool_size setting, | ||||
## which defaults to five. | ||||
#sqlalchemy.db1.max_overflow = 10 | ||||
################## | ||||
### VCS CONFIG ### | ||||
################## | ||||
vcs.server.enable = true | ||||
vcs.server = localhost:9900 | ||||
r14 | ||||
r113 | ## Web server connectivity protocol, responsible for web based VCS operatations | |||
## Available protocols are: | ||||
## `pyro4` - using pyro4 server | ||||
## `http` - using http-rpc backend | ||||
#vcs.server.protocol = http | ||||
## Push/Pull operations protocol, available options are: | ||||
## `pyro4` - using pyro4 server | ||||
## `rhodecode.lib.middleware.utils.scm_app_http` - Http based, recommended | ||||
## `vcsserver.scm_app` - internal app (EE only) | ||||
r14 | #vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http | |||
r113 | ## Push/Pull operations hooks protocol, available options are: | |||
## `pyro4` - using pyro4 server | ||||
## `http` - using http-rpc backend | ||||
#vcs.hooks.protocol = http | ||||
r139 | vcs.server.log_level = info | |||
r113 | ## Start VCSServer with this instance as a subprocess, usefull for development | |||
r1 | vcs.start_server = false | |||
vcs.backends = hg, git, svn | ||||
vcs.connection_timeout = 3600 | ||||
## Compatibility version when creating SVN repositories. Defaults to newest version when commented out. | ||||
## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible | ||||
#vcs.svn.compatible_version = pre-1.8-compatible | ||||
################################ | ||||
### LOGGING CONFIGURATION #### | ||||
################################ | ||||
[loggers] | ||||
keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates, whoosh_indexer | ||||
[handlers] | ||||
keys = console, console_sql | ||||
[formatters] | ||||
keys = generic, color_formatter, color_formatter_sql | ||||
############# | ||||
## LOGGERS ## | ||||
############# | ||||
[logger_root] | ||||
level = NOTSET | ||||
handlers = console | ||||
[logger_routes] | ||||
level = DEBUG | ||||
handlers = | ||||
qualname = routes.middleware | ||||
## "level = DEBUG" logs the route matched and routing variables. | ||||
propagate = 1 | ||||
[logger_beaker] | ||||
level = DEBUG | ||||
handlers = | ||||
qualname = beaker.container | ||||
propagate = 1 | ||||
[logger_pyro4] | ||||
level = DEBUG | ||||
handlers = | ||||
qualname = Pyro4 | ||||
propagate = 1 | ||||
[logger_templates] | ||||
level = INFO | ||||
handlers = | ||||
qualname = pylons.templating | ||||
propagate = 1 | ||||
[logger_rhodecode] | ||||
level = DEBUG | ||||
handlers = | ||||
qualname = rhodecode | ||||
propagate = 1 | ||||
[logger_sqlalchemy] | ||||
level = INFO | ||||
handlers = console_sql | ||||
qualname = sqlalchemy.engine | ||||
propagate = 0 | ||||
[logger_whoosh_indexer] | ||||
level = DEBUG | ||||
handlers = | ||||
qualname = whoosh_indexer | ||||
propagate = 1 | ||||
############## | ||||
## HANDLERS ## | ||||
############## | ||||
[handler_console] | ||||
class = StreamHandler | ||||
args = (sys.stderr,) | ||||
level = INFO | ||||
formatter = generic | ||||
[handler_console_sql] | ||||
class = StreamHandler | ||||
args = (sys.stderr,) | ||||
level = WARN | ||||
formatter = generic | ||||
################ | ||||
## FORMATTERS ## | ||||
################ | ||||
[formatter_generic] | ||||
class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter | ||||
format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s | ||||
datefmt = %Y-%m-%d %H:%M:%S | ||||
[formatter_color_formatter] | ||||
class = rhodecode.lib.logging_formatter.ColorFormatter | ||||
format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s | ||||
datefmt = %Y-%m-%d %H:%M:%S | ||||
[formatter_color_formatter_sql] | ||||
class = rhodecode.lib.logging_formatter.ColorFormatterSql | ||||
format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s | ||||
datefmt = %Y-%m-%d %H:%M:%S | ||||