##// END OF EJS Templates
ini: Add fallback authentication plugin setting as comment to INI files.
johbo -
r65:e0af06ce default
parent child Browse files
Show More
@@ -1,577 +1,592 b''
1 1 ################################################################################
2 2 ################################################################################
3 3 # RhodeCode Enterprise - configuration file #
4 4 # Built-in functions and variables #
5 5 # The %(here)s variable will be replaced with the parent directory of this file#
6 6 # #
7 7 ################################################################################
8 8
9 9 [DEFAULT]
10 10 debug = true
11 11 pdebug = false
12 12 ################################################################################
13 13 ## Uncomment and replace with the email address which should receive ##
14 14 ## any error reports after an application crash ##
15 15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 16 ################################################################################
17 17 #email_to = admin@localhost
18 18 #error_email_from = paste_error@localhost
19 19 #app_email_from = rhodecode-noreply@localhost
20 20 #error_message =
21 21 #email_prefix = [RhodeCode]
22 22
23 23 #smtp_server = mail.server.com
24 24 #smtp_username =
25 25 #smtp_password =
26 26 #smtp_port =
27 27 #smtp_use_tls = false
28 28 #smtp_use_ssl = true
29 29 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
30 30 #smtp_auth =
31 31
32 32 [server:main]
33 33 ## COMMON ##
34 34 host = 127.0.0.1
35 35 port = 5000
36 36
37 37 ##########################
38 38 ## WAITRESS WSGI SERVER ##
39 39 ##########################
40 40 use = egg:waitress#main
41 41 ## number of worker threads
42 42 threads = 5
43 43 ## MAX BODY SIZE 100GB
44 44 max_request_body_size = 107374182400
45 45 ## Use poll instead of select, fixes file descriptors limits problems.
46 46 ## May not work on old windows systems.
47 47 asyncore_use_poll = true
48 48
49 49
50 50 ##########################
51 51 ## GUNICORN WSGI SERVER ##
52 52 ##########################
53 53 ## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
54 54 #use = egg:gunicorn#main
55 55 ## Sets the number of process workers. You must set `instance_id = *`
56 56 ## when this option is set to more than one worker, recommended
57 57 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
58 58 ## The `instance_id = *` must be set in the [app:main] section below
59 59 #workers = 1
60 60 ## number of threads for each of the worker, must be set to 1 for gevent
61 61 ## generally recommened to be at 1
62 62 #threads = 1
63 63 ## process name
64 64 #proc_name = rhodecode
65 65 ## type of worker class, one of sync, gevent
66 66 ## recommended for bigger setup is using of of other than sync one
67 67 #worker_class = sync
68 68 ## The maximum number of simultaneous clients. Valid only for Gevent
69 69 #worker_connections = 10
70 70 ## max number of requests that worker will handle before being gracefully
71 71 ## restarted, could prevent memory leaks
72 72 #max_requests = 1000
73 73 #max_requests_jitter = 30
74 74 ## ammount of time a worker can spend with handling a request before it
75 75 ## gets killed and restarted. Set to 6hrs
76 76 #timeout = 21600
77 77
78 78
79 79 ## prefix middleware for RhodeCode, disables force_https flag.
80 80 ## allows to set RhodeCode under a prefix in server.
81 81 ## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
82 82 #[filter:proxy-prefix]
83 83 #use = egg:PasteDeploy#prefix
84 84 #prefix = /<your-prefix>
85 85
86 86 [app:main]
87 87 use = egg:rhodecode-enterprise-ce
88 88 ## enable proxy prefix middleware, defined below
89 89 #filter-with = proxy-prefix
90 90
91 91 # During development the we want to have the debug toolbar enabled
92 92 pyramid.includes =
93 93 pyramid_debugtoolbar
94 94 rhodecode.utils.debugtoolbar
95 95 rhodecode.lib.middleware.request_wrapper
96 96
97 97 pyramid.reload_templates = true
98 98
99 99 debugtoolbar.hosts = 0.0.0.0/0
100 100 debugtoolbar.exclude_prefixes =
101 101 /css
102 102 /fonts
103 103 /images
104 104 /js
105 105
106 106 ## RHODECODE PLUGINS ##
107 107 rhodecode.includes =
108 108 rhodecode.api
109 109
110 110
111 111 # api prefix url
112 112 rhodecode.api.url = /_admin/api
113 113
114 114
115 115 ## END RHODECODE PLUGINS ##
116 116
117 117 full_stack = true
118 118
119 119 ## Serve static files via RhodeCode, disable to serve them via HTTP server
120 120 static_files = true
121 121
122 122 ## Optional Languages
123 123 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
124 124 lang = en
125 125
126 126 ## perform a full repository scan on each server start, this should be
127 127 ## set to false after first startup, to allow faster server restarts.
128 128 startup.import_repos = false
129 129
130 130 ## Uncomment and set this path to use archive download cache.
131 131 ## Once enabled, generated archives will be cached at this location
132 132 ## and served from the cache during subsequent requests for the same archive of
133 133 ## the repository.
134 134 #archive_cache_dir = /tmp/tarballcache
135 135
136 136 ## change this to unique ID for security
137 137 app_instance_uuid = rc-production
138 138
139 139 ## cut off limit for large diffs (size in bytes)
140 140 cut_off_limit_diff = 1024000
141 141 cut_off_limit_file = 256000
142 142
143 143 ## use cache version of scm repo everywhere
144 144 vcs_full_cache = true
145 145
146 146 ## force https in RhodeCode, fixes https redirects, assumes it's always https
147 147 ## Normally this is controlled by proper http flags sent from http server
148 148 force_https = false
149 149
150 150 ## use Strict-Transport-Security headers
151 151 use_htsts = false
152 152
153 153 ## number of commits stats will parse on each iteration
154 154 commit_parse_limit = 25
155 155
156 156 ## git rev filter option, --all is the default filter, if you need to
157 157 ## hide all refs in changelog switch this to --branches --tags
158 158 git_rev_filter = --branches --tags
159 159
160 160 # Set to true if your repos are exposed using the dumb protocol
161 161 git_update_server_info = false
162 162
163 163 ## RSS/ATOM feed options
164 164 rss_cut_off_limit = 256000
165 165 rss_items_per_page = 10
166 166 rss_include_diff = false
167 167
168 168 ## gist URL alias, used to create nicer urls for gist. This should be an
169 169 ## url that does rewrites to _admin/gists/<gistid>.
170 170 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
171 171 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
172 172 gist_alias_url =
173 173
174 174 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
175 175 ## used for access.
176 176 ## Adding ?auth_token = <token> to the url authenticates this request as if it
177 177 ## came from the the logged in user who own this authentication token.
178 178 ##
179 179 ## Syntax is <ControllerClass>:<function_pattern>.
180 180 ## To enable access to raw_files put `FilesController:raw`.
181 181 ## To enable access to patches add `ChangesetController:changeset_patch`.
182 182 ## The list should be "," separated and on a single line.
183 183 ##
184 184 ## Recommended controllers to enable:
185 185 # ChangesetController:changeset_patch,
186 186 # ChangesetController:changeset_raw,
187 187 # FilesController:raw,
188 188 # FilesController:archivefile,
189 189 # GistsController:*,
190 190 api_access_controllers_whitelist =
191 191
192 192 ## default encoding used to convert from and to unicode
193 193 ## can be also a comma separated list of encoding in case of mixed encodings
194 194 default_encoding = UTF-8
195 195
196 196 ## instance-id prefix
197 197 ## a prefix key for this instance used for cache invalidation when running
198 198 ## multiple instances of rhodecode, make sure it's globally unique for
199 199 ## all running rhodecode instances. Leave empty if you don't use it
200 200 instance_id =
201 201
202 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
203 ## of an authentication plugin also if it is disabled by it's settings.
204 ## This could be useful if you are unable to log in to the system due to broken
205 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
206 ## module to log in again and fix the settings.
207 ##
208 ## Available builtin plugin IDs (hash is part of the ID):
209 ## egg:rhodecode-enterprise-ce#rhodecode
210 ## egg:rhodecode-enterprise-ce#pam
211 ## egg:rhodecode-enterprise-ce#ldap
212 ## egg:rhodecode-enterprise-ce#jasig_cas
213 ## egg:rhodecode-enterprise-ce#headers
214 ## egg:rhodecode-enterprise-ce#crowd
215 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
216
202 217 ## alternative return HTTP header for failed authentication. Default HTTP
203 218 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
204 219 ## handling that causing a series of failed authentication calls.
205 220 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
206 221 ## This will be served instead of default 401 on bad authnetication
207 222 auth_ret_code =
208 223
209 224 ## use special detection method when serving auth_ret_code, instead of serving
210 225 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
211 226 ## and then serve auth_ret_code to clients
212 227 auth_ret_code_detection = false
213 228
214 229 ## locking return code. When repository is locked return this HTTP code. 2XX
215 230 ## codes don't break the transactions while 4XX codes do
216 231 lock_ret_code = 423
217 232
218 233 ## allows to change the repository location in settings page
219 234 allow_repo_location_change = true
220 235
221 236 ## allows to setup custom hooks in settings page
222 237 allow_custom_hooks_settings = true
223 238
224 239 ## generated license token, goto license page in RhodeCode settings to obtain
225 240 ## new token
226 241 license_token =
227 242
228 243 ## supervisor connection uri, for managing supervisor and logs.
229 244 supervisor.uri =
230 245 ## supervisord group name/id we only want this RC instance to handle
231 246 supervisor.group_id = dev
232 247
233 248 ## Display extended labs settings
234 249 labs_settings_active = true
235 250
236 251 ####################################
237 252 ### CELERY CONFIG ####
238 253 ####################################
239 254 use_celery = false
240 255 broker.host = localhost
241 256 broker.vhost = rabbitmqhost
242 257 broker.port = 5672
243 258 broker.user = rabbitmq
244 259 broker.password = qweqwe
245 260
246 261 celery.imports = rhodecode.lib.celerylib.tasks
247 262
248 263 celery.result.backend = amqp
249 264 celery.result.dburi = amqp://
250 265 celery.result.serialier = json
251 266
252 267 #celery.send.task.error.emails = true
253 268 #celery.amqp.task.result.expires = 18000
254 269
255 270 celeryd.concurrency = 2
256 271 #celeryd.log.file = celeryd.log
257 272 celeryd.log.level = debug
258 273 celeryd.max.tasks.per.child = 1
259 274
260 275 ## tasks will never be sent to the queue, but executed locally instead.
261 276 celery.always.eager = false
262 277
263 278 ####################################
264 279 ### BEAKER CACHE ####
265 280 ####################################
266 281 # default cache dir for templates. Putting this into a ramdisk
267 282 ## can boost performance, eg. %(here)s/data_ramdisk
268 283 cache_dir = %(here)s/data
269 284
270 285 ## locking and default file storage for Beaker. Putting this into a ramdisk
271 286 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
272 287 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
273 288 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
274 289
275 290 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
276 291
277 292 beaker.cache.super_short_term.type = memory
278 293 beaker.cache.super_short_term.expire = 10
279 294 beaker.cache.super_short_term.key_length = 256
280 295
281 296 beaker.cache.short_term.type = memory
282 297 beaker.cache.short_term.expire = 60
283 298 beaker.cache.short_term.key_length = 256
284 299
285 300 beaker.cache.long_term.type = memory
286 301 beaker.cache.long_term.expire = 36000
287 302 beaker.cache.long_term.key_length = 256
288 303
289 304 beaker.cache.sql_cache_short.type = memory
290 305 beaker.cache.sql_cache_short.expire = 10
291 306 beaker.cache.sql_cache_short.key_length = 256
292 307
293 308 # default is memory cache, configure only if required
294 309 # using multi-node or multi-worker setup
295 310 #beaker.cache.auth_plugins.type = ext:database
296 311 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
297 312 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
298 313 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
299 314 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
300 315 #beaker.cache.auth_plugins.sa.pool_size = 10
301 316 #beaker.cache.auth_plugins.sa.max_overflow = 0
302 317
303 318 beaker.cache.repo_cache_long.type = memorylru_base
304 319 beaker.cache.repo_cache_long.max_items = 4096
305 320 beaker.cache.repo_cache_long.expire = 2592000
306 321
307 322 # default is memorylru_base cache, configure only if required
308 323 # using multi-node or multi-worker setup
309 324 #beaker.cache.repo_cache_long.type = ext:memcached
310 325 #beaker.cache.repo_cache_long.url = localhost:11211
311 326 #beaker.cache.repo_cache_long.expire = 1209600
312 327 #beaker.cache.repo_cache_long.key_length = 256
313 328
314 329 ####################################
315 330 ### BEAKER SESSION ####
316 331 ####################################
317 332
318 333 ## .session.type is type of storage options for the session, current allowed
319 334 ## types are file, ext:memcached, ext:database, and memory(default).
320 335 beaker.session.type = file
321 336 beaker.session.data_dir = %(here)s/data/sessions/data
322 337
323 338 ## db based session, fast, and allows easy management over logged in users ##
324 339 #beaker.session.type = ext:database
325 340 #beaker.session.table_name = db_session
326 341 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
327 342 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
328 343 #beaker.session.sa.pool_recycle = 3600
329 344 #beaker.session.sa.echo = false
330 345
331 346 beaker.session.key = rhodecode
332 347 beaker.session.secret = develop-rc-uytcxaz
333 348 beaker.session.lock_dir = %(here)s/data/sessions/lock
334 349
335 350 ## Secure encrypted cookie. Requires AES and AES python libraries
336 351 ## you must disable beaker.session.secret to use this
337 352 #beaker.session.encrypt_key = <key_for_encryption>
338 353 #beaker.session.validate_key = <validation_key>
339 354
340 355 ## sets session as invalid(also logging out user) if it haven not been
341 356 ## accessed for given amount of time in seconds
342 357 beaker.session.timeout = 2592000
343 358 beaker.session.httponly = true
344 359 #beaker.session.cookie_path = /<your-prefix>
345 360
346 361 ## uncomment for https secure cookie
347 362 beaker.session.secure = false
348 363
349 364 ## auto save the session to not to use .save()
350 365 beaker.session.auto = false
351 366
352 367 ## default cookie expiration time in seconds, set to `true` to set expire
353 368 ## at browser close
354 369 #beaker.session.cookie_expires = 3600
355 370
356 371 ###################################
357 372 ## SEARCH INDEXING CONFIGURATION ##
358 373 ###################################
359 374
360 375 search.module = rhodecode.lib.index.whoosh
361 376 search.location = %(here)s/data/index
362 377
363 378 ###################################
364 379 ## ERROR AND LOG HANDLING SYSTEM ##
365 380 ###################################
366 381
367 382 ## Appenlight is tailored to work with RhodeCode, see
368 383 ## http://appenlight.com for details how to obtain an account
369 384
370 385 ## appenlight integration enabled
371 386 appenlight = false
372 387
373 388 appenlight.server_url = https://api.appenlight.com
374 389 appenlight.api_key = YOUR_API_KEY
375 390 ;appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
376 391
377 392 # used for JS client
378 393 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
379 394
380 395 ## TWEAK AMOUNT OF INFO SENT HERE
381 396
382 397 ## enables 404 error logging (default False)
383 398 appenlight.report_404 = false
384 399
385 400 ## time in seconds after request is considered being slow (default 1)
386 401 appenlight.slow_request_time = 1
387 402
388 403 ## record slow requests in application
389 404 ## (needs to be enabled for slow datastore recording and time tracking)
390 405 appenlight.slow_requests = true
391 406
392 407 ## enable hooking to application loggers
393 408 appenlight.logging = true
394 409
395 410 ## minimum log level for log capture
396 411 appenlight.logging.level = WARNING
397 412
398 413 ## send logs only from erroneous/slow requests
399 414 ## (saves API quota for intensive logging)
400 415 appenlight.logging_on_error = false
401 416
402 417 ## list of additonal keywords that should be grabbed from environ object
403 418 ## can be string with comma separated list of words in lowercase
404 419 ## (by default client will always send following info:
405 420 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
406 421 ## start with HTTP* this list be extended with additional keywords here
407 422 appenlight.environ_keys_whitelist =
408 423
409 424 ## list of keywords that should be blanked from request object
410 425 ## can be string with comma separated list of words in lowercase
411 426 ## (by default client will always blank keys that contain following words
412 427 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
413 428 ## this list be extended with additional keywords set here
414 429 appenlight.request_keys_blacklist =
415 430
416 431 ## list of namespaces that should be ignores when gathering log entries
417 432 ## can be string with comma separated list of namespaces
418 433 ## (by default the client ignores own entries: appenlight_client.client)
419 434 appenlight.log_namespace_blacklist =
420 435
421 436
422 437 ################################################################################
423 438 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
424 439 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
425 440 ## execute malicious code after an exception is raised. ##
426 441 ################################################################################
427 442 #set debug = false
428 443
429 444
430 445 ##############
431 446 ## STYLING ##
432 447 ##############
433 448 debug_style = true
434 449
435 450 #########################################################
436 451 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
437 452 #########################################################
438 453 sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
439 454 #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
440 455 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
441 456
442 457 # see sqlalchemy docs for other advanced settings
443 458
444 459 ## print the sql statements to output
445 460 sqlalchemy.db1.echo = false
446 461 ## recycle the connections after this ammount of seconds
447 462 sqlalchemy.db1.pool_recycle = 3600
448 463 sqlalchemy.db1.convert_unicode = true
449 464
450 465 ## the number of connections to keep open inside the connection pool.
451 466 ## 0 indicates no limit
452 467 #sqlalchemy.db1.pool_size = 5
453 468
454 469 ## the number of connections to allow in connection pool "overflow", that is
455 470 ## connections that can be opened above and beyond the pool_size setting,
456 471 ## which defaults to five.
457 472 #sqlalchemy.db1.max_overflow = 10
458 473
459 474
460 475 ##################
461 476 ### VCS CONFIG ###
462 477 ##################
463 478 vcs.server.enable = true
464 479 vcs.server = localhost:9900
465 480 # Available protocols: pyro4, http
466 481 vcs.server.protocol = pyro4
467 482
468 483 # available impl:
469 484 # vcsserver.scm_app (EE only, for testing),
470 485 # rhodecode.lib.middleware.utils.scm_app_http
471 486 # pyro4
472 487 #vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
473 488
474 489 vcs.server.log_level = debug
475 490 vcs.start_server = true
476 491 vcs.backends = hg, git, svn
477 492 vcs.connection_timeout = 3600
478 493 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
479 494 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
480 495 #vcs.svn.compatible_version = pre-1.8-compatible
481 496
482 497 ################################
483 498 ### LOGGING CONFIGURATION ####
484 499 ################################
485 500 [loggers]
486 501 keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates, whoosh_indexer
487 502
488 503 [handlers]
489 504 keys = console, console_sql
490 505
491 506 [formatters]
492 507 keys = generic, color_formatter, color_formatter_sql
493 508
494 509 #############
495 510 ## LOGGERS ##
496 511 #############
497 512 [logger_root]
498 513 level = NOTSET
499 514 handlers = console
500 515
501 516 [logger_routes]
502 517 level = DEBUG
503 518 handlers =
504 519 qualname = routes.middleware
505 520 ## "level = DEBUG" logs the route matched and routing variables.
506 521 propagate = 1
507 522
508 523 [logger_beaker]
509 524 level = DEBUG
510 525 handlers =
511 526 qualname = beaker.container
512 527 propagate = 1
513 528
514 529 [logger_pyro4]
515 530 level = DEBUG
516 531 handlers =
517 532 qualname = Pyro4
518 533 propagate = 1
519 534
520 535 [logger_templates]
521 536 level = INFO
522 537 handlers =
523 538 qualname = pylons.templating
524 539 propagate = 1
525 540
526 541 [logger_rhodecode]
527 542 level = DEBUG
528 543 handlers =
529 544 qualname = rhodecode
530 545 propagate = 1
531 546
532 547 [logger_sqlalchemy]
533 548 level = INFO
534 549 handlers = console_sql
535 550 qualname = sqlalchemy.engine
536 551 propagate = 0
537 552
538 553 [logger_whoosh_indexer]
539 554 level = DEBUG
540 555 handlers =
541 556 qualname = whoosh_indexer
542 557 propagate = 1
543 558
544 559 ##############
545 560 ## HANDLERS ##
546 561 ##############
547 562
548 563 [handler_console]
549 564 class = StreamHandler
550 565 args = (sys.stderr,)
551 566 level = DEBUG
552 567 formatter = color_formatter
553 568
554 569 [handler_console_sql]
555 570 class = StreamHandler
556 571 args = (sys.stderr,)
557 572 level = DEBUG
558 573 formatter = color_formatter_sql
559 574
560 575 ################
561 576 ## FORMATTERS ##
562 577 ################
563 578
564 579 [formatter_generic]
565 580 class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter
566 581 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
567 582 datefmt = %Y-%m-%d %H:%M:%S
568 583
569 584 [formatter_color_formatter]
570 585 class = rhodecode.lib.logging_formatter.ColorFormatter
571 586 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
572 587 datefmt = %Y-%m-%d %H:%M:%S
573 588
574 589 [formatter_color_formatter_sql]
575 590 class = rhodecode.lib.logging_formatter.ColorFormatterSql
576 591 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
577 592 datefmt = %Y-%m-%d %H:%M:%S
@@ -1,551 +1,566 b''
1 1 ################################################################################
2 2 ################################################################################
3 3 # RhodeCode Enterprise - configuration file #
4 4 # Built-in functions and variables #
5 5 # The %(here)s variable will be replaced with the parent directory of this file#
6 6 # #
7 7 ################################################################################
8 8
9 9 [DEFAULT]
10 10 debug = true
11 11 pdebug = false
12 12 ################################################################################
13 13 ## Uncomment and replace with the email address which should receive ##
14 14 ## any error reports after an application crash ##
15 15 ## Additionally these settings will be used by the RhodeCode mailing system ##
16 16 ################################################################################
17 17 #email_to = admin@localhost
18 18 #error_email_from = paste_error@localhost
19 19 #app_email_from = rhodecode-noreply@localhost
20 20 #error_message =
21 21 #email_prefix = [RhodeCode]
22 22
23 23 #smtp_server = mail.server.com
24 24 #smtp_username =
25 25 #smtp_password =
26 26 #smtp_port =
27 27 #smtp_use_tls = false
28 28 #smtp_use_ssl = true
29 29 ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
30 30 #smtp_auth =
31 31
32 32 [server:main]
33 33 ## COMMON ##
34 34 host = 127.0.0.1
35 35 port = 5000
36 36
37 37 ##########################
38 38 ## WAITRESS WSGI SERVER ##
39 39 ##########################
40 40 use = egg:waitress#main
41 41 ## number of worker threads
42 42 threads = 5
43 43 ## MAX BODY SIZE 100GB
44 44 max_request_body_size = 107374182400
45 45 ## Use poll instead of select, fixes file descriptors limits problems.
46 46 ## May not work on old windows systems.
47 47 asyncore_use_poll = true
48 48
49 49
50 50 ##########################
51 51 ## GUNICORN WSGI SERVER ##
52 52 ##########################
53 53 ## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
54 54 #use = egg:gunicorn#main
55 55 ## Sets the number of process workers. You must set `instance_id = *`
56 56 ## when this option is set to more than one worker, recommended
57 57 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
58 58 ## The `instance_id = *` must be set in the [app:main] section below
59 59 #workers = 1
60 60 ## number of threads for each of the worker, must be set to 1 for gevent
61 61 ## generally recommened to be at 1
62 62 #threads = 1
63 63 ## process name
64 64 #proc_name = rhodecode
65 65 ## type of worker class, one of sync, gevent
66 66 ## recommended for bigger setup is using of of other than sync one
67 67 #worker_class = sync
68 68 ## The maximum number of simultaneous clients. Valid only for Gevent
69 69 #worker_connections = 10
70 70 ## max number of requests that worker will handle before being gracefully
71 71 ## restarted, could prevent memory leaks
72 72 #max_requests = 1000
73 73 #max_requests_jitter = 30
74 74 ## ammount of time a worker can spend with handling a request before it
75 75 ## gets killed and restarted. Set to 6hrs
76 76 #timeout = 21600
77 77
78 78
79 79 ## prefix middleware for RhodeCode, disables force_https flag.
80 80 ## allows to set RhodeCode under a prefix in server.
81 81 ## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
82 82 #[filter:proxy-prefix]
83 83 #use = egg:PasteDeploy#prefix
84 84 #prefix = /<your-prefix>
85 85
86 86 [app:main]
87 87 use = egg:rhodecode-enterprise-ce
88 88 ## enable proxy prefix middleware, defined below
89 89 #filter-with = proxy-prefix
90 90
91 91 full_stack = true
92 92
93 93 ## Serve static files via RhodeCode, disable to serve them via HTTP server
94 94 static_files = true
95 95
96 96 ## Optional Languages
97 97 ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
98 98 lang = en
99 99
100 100 ## perform a full repository scan on each server start, this should be
101 101 ## set to false after first startup, to allow faster server restarts.
102 102 startup.import_repos = false
103 103
104 104 ## Uncomment and set this path to use archive download cache.
105 105 ## Once enabled, generated archives will be cached at this location
106 106 ## and served from the cache during subsequent requests for the same archive of
107 107 ## the repository.
108 108 #archive_cache_dir = /tmp/tarballcache
109 109
110 110 ## change this to unique ID for security
111 111 app_instance_uuid = rc-production
112 112
113 113 ## cut off limit for large diffs (size in bytes)
114 114 cut_off_limit_diff = 1024000
115 115 cut_off_limit_file = 256000
116 116
117 117 ## use cache version of scm repo everywhere
118 118 vcs_full_cache = true
119 119
120 120 ## force https in RhodeCode, fixes https redirects, assumes it's always https
121 121 ## Normally this is controlled by proper http flags sent from http server
122 122 force_https = false
123 123
124 124 ## use Strict-Transport-Security headers
125 125 use_htsts = false
126 126
127 127 ## number of commits stats will parse on each iteration
128 128 commit_parse_limit = 25
129 129
130 130 ## git rev filter option, --all is the default filter, if you need to
131 131 ## hide all refs in changelog switch this to --branches --tags
132 132 git_rev_filter = --branches --tags
133 133
134 134 # Set to true if your repos are exposed using the dumb protocol
135 135 git_update_server_info = false
136 136
137 137 ## RSS/ATOM feed options
138 138 rss_cut_off_limit = 256000
139 139 rss_items_per_page = 10
140 140 rss_include_diff = false
141 141
142 142 ## gist URL alias, used to create nicer urls for gist. This should be an
143 143 ## url that does rewrites to _admin/gists/<gistid>.
144 144 ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
145 145 ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
146 146 gist_alias_url =
147 147
148 148 ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
149 149 ## used for access.
150 150 ## Adding ?auth_token = <token> to the url authenticates this request as if it
151 151 ## came from the the logged in user who own this authentication token.
152 152 ##
153 153 ## Syntax is <ControllerClass>:<function_pattern>.
154 154 ## To enable access to raw_files put `FilesController:raw`.
155 155 ## To enable access to patches add `ChangesetController:changeset_patch`.
156 156 ## The list should be "," separated and on a single line.
157 157 ##
158 158 ## Recommended controllers to enable:
159 159 # ChangesetController:changeset_patch,
160 160 # ChangesetController:changeset_raw,
161 161 # FilesController:raw,
162 162 # FilesController:archivefile,
163 163 # GistsController:*,
164 164 api_access_controllers_whitelist =
165 165
166 166 ## default encoding used to convert from and to unicode
167 167 ## can be also a comma separated list of encoding in case of mixed encodings
168 168 default_encoding = UTF-8
169 169
170 170 ## instance-id prefix
171 171 ## a prefix key for this instance used for cache invalidation when running
172 172 ## multiple instances of rhodecode, make sure it's globally unique for
173 173 ## all running rhodecode instances. Leave empty if you don't use it
174 174 instance_id =
175 175
176 ## Fallback authentication plugin. Set this to a plugin ID to force the usage
177 ## of an authentication plugin also if it is disabled by it's settings.
178 ## This could be useful if you are unable to log in to the system due to broken
179 ## authentication settings. Then you can enable e.g. the internal rhodecode auth
180 ## module to log in again and fix the settings.
181 ##
182 ## Available builtin plugin IDs (hash is part of the ID):
183 ## egg:rhodecode-enterprise-ce#rhodecode
184 ## egg:rhodecode-enterprise-ce#pam
185 ## egg:rhodecode-enterprise-ce#ldap
186 ## egg:rhodecode-enterprise-ce#jasig_cas
187 ## egg:rhodecode-enterprise-ce#headers
188 ## egg:rhodecode-enterprise-ce#crowd
189 #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
190
176 191 ## alternative return HTTP header for failed authentication. Default HTTP
177 192 ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
178 193 ## handling that causing a series of failed authentication calls.
179 194 ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
180 195 ## This will be served instead of default 401 on bad authnetication
181 196 auth_ret_code =
182 197
183 198 ## use special detection method when serving auth_ret_code, instead of serving
184 199 ## ret_code directly, use 401 initially (Which triggers credentials prompt)
185 200 ## and then serve auth_ret_code to clients
186 201 auth_ret_code_detection = false
187 202
188 203 ## locking return code. When repository is locked return this HTTP code. 2XX
189 204 ## codes don't break the transactions while 4XX codes do
190 205 lock_ret_code = 423
191 206
192 207 ## allows to change the repository location in settings page
193 208 allow_repo_location_change = true
194 209
195 210 ## allows to setup custom hooks in settings page
196 211 allow_custom_hooks_settings = true
197 212
198 213 ## generated license token, goto license page in RhodeCode settings to obtain
199 214 ## new token
200 215 license_token =
201 216
202 217 ## supervisor connection uri, for managing supervisor and logs.
203 218 supervisor.uri =
204 219 ## supervisord group name/id we only want this RC instance to handle
205 220 supervisor.group_id = prod
206 221
207 222 ## Display extended labs settings
208 223 labs_settings_active = true
209 224
210 225 ####################################
211 226 ### CELERY CONFIG ####
212 227 ####################################
213 228 use_celery = false
214 229 broker.host = localhost
215 230 broker.vhost = rabbitmqhost
216 231 broker.port = 5672
217 232 broker.user = rabbitmq
218 233 broker.password = qweqwe
219 234
220 235 celery.imports = rhodecode.lib.celerylib.tasks
221 236
222 237 celery.result.backend = amqp
223 238 celery.result.dburi = amqp://
224 239 celery.result.serialier = json
225 240
226 241 #celery.send.task.error.emails = true
227 242 #celery.amqp.task.result.expires = 18000
228 243
229 244 celeryd.concurrency = 2
230 245 #celeryd.log.file = celeryd.log
231 246 celeryd.log.level = debug
232 247 celeryd.max.tasks.per.child = 1
233 248
234 249 ## tasks will never be sent to the queue, but executed locally instead.
235 250 celery.always.eager = false
236 251
237 252 ####################################
238 253 ### BEAKER CACHE ####
239 254 ####################################
240 255 # default cache dir for templates. Putting this into a ramdisk
241 256 ## can boost performance, eg. %(here)s/data_ramdisk
242 257 cache_dir = %(here)s/data
243 258
244 259 ## locking and default file storage for Beaker. Putting this into a ramdisk
245 260 ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
246 261 beaker.cache.data_dir = %(here)s/data/cache/beaker_data
247 262 beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
248 263
249 264 beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
250 265
251 266 beaker.cache.super_short_term.type = memory
252 267 beaker.cache.super_short_term.expire = 10
253 268 beaker.cache.super_short_term.key_length = 256
254 269
255 270 beaker.cache.short_term.type = memory
256 271 beaker.cache.short_term.expire = 60
257 272 beaker.cache.short_term.key_length = 256
258 273
259 274 beaker.cache.long_term.type = memory
260 275 beaker.cache.long_term.expire = 36000
261 276 beaker.cache.long_term.key_length = 256
262 277
263 278 beaker.cache.sql_cache_short.type = memory
264 279 beaker.cache.sql_cache_short.expire = 10
265 280 beaker.cache.sql_cache_short.key_length = 256
266 281
267 282 # default is memory cache, configure only if required
268 283 # using multi-node or multi-worker setup
269 284 #beaker.cache.auth_plugins.type = ext:database
270 285 #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
271 286 #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
272 287 #beaker.cache.auth_plugins.url = mysql://root:secret@127.0.0.1/rhodecode
273 288 #beaker.cache.auth_plugins.sa.pool_recycle = 3600
274 289 #beaker.cache.auth_plugins.sa.pool_size = 10
275 290 #beaker.cache.auth_plugins.sa.max_overflow = 0
276 291
277 292 beaker.cache.repo_cache_long.type = memorylru_base
278 293 beaker.cache.repo_cache_long.max_items = 4096
279 294 beaker.cache.repo_cache_long.expire = 2592000
280 295
281 296 # default is memorylru_base cache, configure only if required
282 297 # using multi-node or multi-worker setup
283 298 #beaker.cache.repo_cache_long.type = ext:memcached
284 299 #beaker.cache.repo_cache_long.url = localhost:11211
285 300 #beaker.cache.repo_cache_long.expire = 1209600
286 301 #beaker.cache.repo_cache_long.key_length = 256
287 302
288 303 ####################################
289 304 ### BEAKER SESSION ####
290 305 ####################################
291 306
292 307 ## .session.type is type of storage options for the session, current allowed
293 308 ## types are file, ext:memcached, ext:database, and memory(default).
294 309 beaker.session.type = file
295 310 beaker.session.data_dir = %(here)s/data/sessions/data
296 311
297 312 ## db based session, fast, and allows easy management over logged in users ##
298 313 #beaker.session.type = ext:database
299 314 #beaker.session.table_name = db_session
300 315 #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
301 316 #beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
302 317 #beaker.session.sa.pool_recycle = 3600
303 318 #beaker.session.sa.echo = false
304 319
305 320 beaker.session.key = rhodecode
306 321 beaker.session.secret = production-rc-uytcxaz
307 322 #beaker.session.lock_dir = %(here)s/data/sessions/lock
308 323
309 324 ## Secure encrypted cookie. Requires AES and AES python libraries
310 325 ## you must disable beaker.session.secret to use this
311 326 #beaker.session.encrypt_key = <key_for_encryption>
312 327 #beaker.session.validate_key = <validation_key>
313 328
314 329 ## sets session as invalid(also logging out user) if it haven not been
315 330 ## accessed for given amount of time in seconds
316 331 beaker.session.timeout = 2592000
317 332 beaker.session.httponly = true
318 333 #beaker.session.cookie_path = /<your-prefix>
319 334
320 335 ## uncomment for https secure cookie
321 336 beaker.session.secure = false
322 337
323 338 ## auto save the session to not to use .save()
324 339 beaker.session.auto = false
325 340
326 341 ## default cookie expiration time in seconds, set to `true` to set expire
327 342 ## at browser close
328 343 #beaker.session.cookie_expires = 3600
329 344
330 345 ###################################
331 346 ## SEARCH INDEXING CONFIGURATION ##
332 347 ###################################
333 348
334 349 search.module = rhodecode.lib.index.whoosh
335 350 search.location = %(here)s/data/index
336 351
337 352 ###################################
338 353 ## ERROR AND LOG HANDLING SYSTEM ##
339 354 ###################################
340 355
341 356 ## Appenlight is tailored to work with RhodeCode, see
342 357 ## http://appenlight.com for details how to obtain an account
343 358
344 359 ## appenlight integration enabled
345 360 appenlight = false
346 361
347 362 appenlight.server_url = https://api.appenlight.com
348 363 appenlight.api_key = YOUR_API_KEY
349 364 ;appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
350 365
351 366 # used for JS client
352 367 appenlight.api_public_key = YOUR_API_PUBLIC_KEY
353 368
354 369 ## TWEAK AMOUNT OF INFO SENT HERE
355 370
356 371 ## enables 404 error logging (default False)
357 372 appenlight.report_404 = false
358 373
359 374 ## time in seconds after request is considered being slow (default 1)
360 375 appenlight.slow_request_time = 1
361 376
362 377 ## record slow requests in application
363 378 ## (needs to be enabled for slow datastore recording and time tracking)
364 379 appenlight.slow_requests = true
365 380
366 381 ## enable hooking to application loggers
367 382 appenlight.logging = true
368 383
369 384 ## minimum log level for log capture
370 385 appenlight.logging.level = WARNING
371 386
372 387 ## send logs only from erroneous/slow requests
373 388 ## (saves API quota for intensive logging)
374 389 appenlight.logging_on_error = false
375 390
376 391 ## list of additonal keywords that should be grabbed from environ object
377 392 ## can be string with comma separated list of words in lowercase
378 393 ## (by default client will always send following info:
379 394 ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
380 395 ## start with HTTP* this list be extended with additional keywords here
381 396 appenlight.environ_keys_whitelist =
382 397
383 398 ## list of keywords that should be blanked from request object
384 399 ## can be string with comma separated list of words in lowercase
385 400 ## (by default client will always blank keys that contain following words
386 401 ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
387 402 ## this list be extended with additional keywords set here
388 403 appenlight.request_keys_blacklist =
389 404
390 405 ## list of namespaces that should be ignores when gathering log entries
391 406 ## can be string with comma separated list of namespaces
392 407 ## (by default the client ignores own entries: appenlight_client.client)
393 408 appenlight.log_namespace_blacklist =
394 409
395 410
396 411 ################################################################################
397 412 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
398 413 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
399 414 ## execute malicious code after an exception is raised. ##
400 415 ################################################################################
401 416 set debug = false
402 417
403 418
404 419 ##############
405 420 ## STYLING ##
406 421 ##############
407 422 debug_style = false
408 423
409 424 #########################################################
410 425 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
411 426 #########################################################
412 427 #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
413 428 sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
414 429 #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
415 430
416 431 # see sqlalchemy docs for other advanced settings
417 432
418 433 ## print the sql statements to output
419 434 sqlalchemy.db1.echo = false
420 435 ## recycle the connections after this ammount of seconds
421 436 sqlalchemy.db1.pool_recycle = 3600
422 437 sqlalchemy.db1.convert_unicode = true
423 438
424 439 ## the number of connections to keep open inside the connection pool.
425 440 ## 0 indicates no limit
426 441 #sqlalchemy.db1.pool_size = 5
427 442
428 443 ## the number of connections to allow in connection pool "overflow", that is
429 444 ## connections that can be opened above and beyond the pool_size setting,
430 445 ## which defaults to five.
431 446 #sqlalchemy.db1.max_overflow = 10
432 447
433 448
434 449 ##################
435 450 ### VCS CONFIG ###
436 451 ##################
437 452 vcs.server.enable = true
438 453 vcs.server = localhost:9900
439 454 # Available protocols: pyro4, http
440 455 vcs.server.protocol = pyro4
441 456
442 457 # available impl:
443 458 # vcsserver.scm_app (EE only, for testing),
444 459 # rhodecode.lib.middleware.utils.scm_app_http
445 460 # pyro4
446 461 #vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
447 462
448 463 vcs.server.log_level = info
449 464 vcs.start_server = false
450 465 vcs.backends = hg, git, svn
451 466 vcs.connection_timeout = 3600
452 467 ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
453 468 ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
454 469 #vcs.svn.compatible_version = pre-1.8-compatible
455 470
456 471 ################################
457 472 ### LOGGING CONFIGURATION ####
458 473 ################################
459 474 [loggers]
460 475 keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates, whoosh_indexer
461 476
462 477 [handlers]
463 478 keys = console, console_sql
464 479
465 480 [formatters]
466 481 keys = generic, color_formatter, color_formatter_sql
467 482
468 483 #############
469 484 ## LOGGERS ##
470 485 #############
471 486 [logger_root]
472 487 level = NOTSET
473 488 handlers = console
474 489
475 490 [logger_routes]
476 491 level = DEBUG
477 492 handlers =
478 493 qualname = routes.middleware
479 494 ## "level = DEBUG" logs the route matched and routing variables.
480 495 propagate = 1
481 496
482 497 [logger_beaker]
483 498 level = DEBUG
484 499 handlers =
485 500 qualname = beaker.container
486 501 propagate = 1
487 502
488 503 [logger_pyro4]
489 504 level = DEBUG
490 505 handlers =
491 506 qualname = Pyro4
492 507 propagate = 1
493 508
494 509 [logger_templates]
495 510 level = INFO
496 511 handlers =
497 512 qualname = pylons.templating
498 513 propagate = 1
499 514
500 515 [logger_rhodecode]
501 516 level = DEBUG
502 517 handlers =
503 518 qualname = rhodecode
504 519 propagate = 1
505 520
506 521 [logger_sqlalchemy]
507 522 level = INFO
508 523 handlers = console_sql
509 524 qualname = sqlalchemy.engine
510 525 propagate = 0
511 526
512 527 [logger_whoosh_indexer]
513 528 level = DEBUG
514 529 handlers =
515 530 qualname = whoosh_indexer
516 531 propagate = 1
517 532
518 533 ##############
519 534 ## HANDLERS ##
520 535 ##############
521 536
522 537 [handler_console]
523 538 class = StreamHandler
524 539 args = (sys.stderr,)
525 540 level = INFO
526 541 formatter = generic
527 542
528 543 [handler_console_sql]
529 544 class = StreamHandler
530 545 args = (sys.stderr,)
531 546 level = WARN
532 547 formatter = generic
533 548
534 549 ################
535 550 ## FORMATTERS ##
536 551 ################
537 552
538 553 [formatter_generic]
539 554 class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter
540 555 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
541 556 datefmt = %Y-%m-%d %H:%M:%S
542 557
543 558 [formatter_color_formatter]
544 559 class = rhodecode.lib.logging_formatter.ColorFormatter
545 560 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
546 561 datefmt = %Y-%m-%d %H:%M:%S
547 562
548 563 [formatter_color_formatter_sql]
549 564 class = rhodecode.lib.logging_formatter.ColorFormatterSql
550 565 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
551 566 datefmt = %Y-%m-%d %H:%M:%S
General Comments 0
You need to be logged in to leave comments. Login now