##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

i18n: make sure 'en' in Accept-Language is recognized as having 100% coverage - i18n.lang is for source language...
Mads Kiilerich -
r8012:7c7d6b5c stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
1 NO CONTENT: new file 100644, binary diff hidden
Show file before | Show file after | Hide comments
@@ -1,515 +1,517 b''
1 1 ################################################################################
2 2 ################################################################################
3 3 # Kallithea - config file generated with kallithea-config #
4 4 # #
5 5 # The %(here)s variable will be replaced with the parent directory of this file#
6 6 ################################################################################
7 7 ################################################################################
8 8
9 9 [DEFAULT]
10 10
11 11 ################################################################################
12 12 ## Email settings ##
13 13 ## ##
14 14 ## Refer to the documentation ("Email settings") for more details. ##
15 15 ## ##
16 16 ## It is recommended to use a valid sender address that passes access ##
17 17 ## validation and spam filtering in mail servers. ##
18 18 ################################################################################
19 19
20 20 ## 'From' header for application emails. You can optionally add a name.
21 21 ## Default:
22 22 #app_email_from = Kallithea
23 23 ## Examples:
24 24 #app_email_from = Kallithea <kallithea-noreply@example.com>
25 25 #app_email_from = kallithea-noreply@example.com
26 26
27 27 ## Subject prefix for application emails.
28 28 ## A space between this prefix and the real subject is automatically added.
29 29 ## Default:
30 30 #email_prefix =
31 31 ## Example:
32 32 #email_prefix = [Kallithea]
33 33
34 34 ## Recipients for error emails and fallback recipients of application mails.
35 35 ## Multiple addresses can be specified, comma-separated.
36 36 ## Only addresses are allowed, do not add any name part.
37 37 ## Default:
38 38 #email_to =
39 39 ## Examples:
40 40 #email_to = admin@example.com
41 41 #email_to = admin@example.com,another_admin@example.com
42 42 email_to =
43 43
44 44 ## 'From' header for error emails. You can optionally add a name.
45 45 ## Default: (none)
46 46 ## Examples:
47 47 #error_email_from = Kallithea Errors <kallithea-noreply@example.com>
48 48 #error_email_from = kallithea_errors@example.com
49 49 error_email_from =
50 50
51 51 ## SMTP server settings
52 52 ## If specifying credentials, make sure to use secure connections.
53 53 ## Default: Send unencrypted unauthenticated mails to the specified smtp_server.
54 54 ## For "SSL", use smtp_use_ssl = true and smtp_port = 465.
55 55 ## For "STARTTLS", use smtp_use_tls = true and smtp_port = 587.
56 56 smtp_server =
57 57 #smtp_username =
58 58 #smtp_password =
59 59 smtp_port =
60 60 #smtp_use_ssl = false
61 61 #smtp_use_tls = false
62 62
63 63 ## Entry point for 'gearbox serve'
64 64 [server:main]
65 65 #host = 127.0.0.1
66 66 host = 0.0.0.0
67 67 port = 5000
68 68
69 69 ## WAITRESS ##
70 70 use = egg:waitress#main
71 71 ## number of worker threads
72 72 threads = 1
73 73 ## MAX BODY SIZE 100GB
74 74 max_request_body_size = 107374182400
75 75 ## use poll instead of select, fixes fd limits, may not work on old
76 76 ## windows systems.
77 77 #asyncore_use_poll = True
78 78
79 79 ## middleware for hosting the WSGI application under a URL prefix
80 80 #[filter:proxy-prefix]
81 81 #use = egg:PasteDeploy#prefix
82 82 #prefix = /<your-prefix>
83 83
84 84 [app:main]
85 85 use = egg:kallithea
86 86 ## enable proxy prefix middleware
87 87 #filter-with = proxy-prefix
88 88
89 89 full_stack = true
90 90 static_files = true
91 91
92 92 ## Internationalization (see setup documentation for details)
93 ## By default, the language requested by the browser is used if available.
94 #i18n.enabled = false
95 ## Fallback language, empty for English (valid values are the names of subdirectories in kallithea/i18n):
96 i18n.lang =
93 ## By default, the languages requested by the browser are used if available, with English as default.
94 ## Set i18n.enabled=false to disable automatic language choice.
95 #i18n.enabled = true
96 ## To Force a language, set i18n.enabled=false and specify the language in i18n.lang.
97 ## Valid values are the names of subdirectories in kallithea/i18n with a LC_MESSAGES/kallithea.mo
98 #i18n.lang = en
97 99
98 100 cache_dir = %(here)s/data
99 101 index_dir = %(here)s/data/index
100 102
101 103 ## uncomment and set this path to use archive download cache
102 104 archive_cache_dir = %(here)s/tarballcache
103 105
104 106 ## change this to unique ID for security
105 107 #app_instance_uuid = VERY-SECRET
106 108 app_instance_uuid = development-not-secret
107 109
108 110 ## cut off limit for large diffs (size in bytes)
109 111 cut_off_limit = 256000
110 112
111 113 ## force https in Kallithea, fixes https redirects, assumes it's always https
112 114 force_https = false
113 115
114 116 ## use Strict-Transport-Security headers
115 117 use_htsts = false
116 118
117 119 ## number of commits stats will parse on each iteration
118 120 commit_parse_limit = 25
119 121
120 122 ## Path to Python executable to be used for git hooks.
121 123 ## This value will be written inside the git hook scripts as the text
122 124 ## after '#!' (shebang). When empty or not defined, the value of
123 125 ## 'sys.executable' at the time of installation of the git hooks is
124 126 ## used, which is correct in many cases but for example not when using uwsgi.
125 127 ## If you change this setting, you should reinstall the Git hooks via
126 128 ## Admin > Settings > Remap and Rescan.
127 129 # git_hook_interpreter = /srv/kallithea/venv/bin/python2
128 130
129 131 ## path to git executable
130 132 git_path = git
131 133
132 134 ## git rev filter option, --all is the default filter, if you need to
133 135 ## hide all refs in changelog switch this to --branches --tags
134 136 #git_rev_filter = --branches --tags
135 137
136 138 ## RSS feed options
137 139 rss_cut_off_limit = 256000
138 140 rss_items_per_page = 10
139 141 rss_include_diff = false
140 142
141 143 ## options for showing and identifying changesets
142 144 show_sha_length = 12
143 145 show_revision_number = false
144 146
145 147 ## Canonical URL to use when creating full URLs in UI and texts.
146 148 ## Useful when the site is available under different names or protocols.
147 149 ## Defaults to what is provided in the WSGI environment.
148 150 #canonical_url = https://kallithea.example.com/repos
149 151
150 152 ## gist URL alias, used to create nicer urls for gist. This should be an
151 153 ## url that does rewrites to _admin/gists/<gistid>.
152 154 ## example: http://gist.example.com/{gistid}. Empty means use the internal
153 155 ## Kallithea url, ie. http[s]://kallithea.example.com/_admin/gists/<gistid>
154 156 gist_alias_url =
155 157
156 158 ## default encoding used to convert from and to unicode
157 159 ## can be also a comma separated list of encoding in case of mixed encodings
158 160 default_encoding = utf-8
159 161
160 162 ## Set Mercurial encoding, similar to setting HGENCODING before launching Kallithea
161 163 hgencoding = utf-8
162 164
163 165 ## issue tracker for Kallithea (leave blank to disable, absent for default)
164 166 #bugtracker = https://bitbucket.org/conservancy/kallithea/issues
165 167
166 168 ## issue tracking mapping for commit messages, comments, PR descriptions, ...
167 169 ## Refer to the documentation ("Integration with issue trackers") for more details.
168 170
169 171 ## regular expression to match issue references
170 172 ## This pattern may/should contain parenthesized groups, that can
171 173 ## be referred to in issue_server_link or issue_sub using Python backreferences
172 174 ## (e.g. \1, \2, ...). You can also create named groups with '(?P<groupname>)'.
173 175 ## To require mandatory whitespace before the issue pattern, use:
174 176 ## (?:^|(?<=\s)) before the actual pattern, and for mandatory whitespace
175 177 ## behind the issue pattern, use (?:$|(?=\s)) after the actual pattern.
176 178
177 179 issue_pat = #(\d+)
178 180
179 181 ## server url to the issue
180 182 ## This pattern may/should contain backreferences to parenthesized groups in issue_pat.
181 183 ## A backreference can be \1, \2, ... or \g<groupname> if you specified a named group
182 184 ## called 'groupname' in issue_pat.
183 185 ## The special token {repo} is replaced with the full repository name
184 186 ## including repository groups, while {repo_name} is replaced with just
185 187 ## the name of the repository.
186 188
187 189 issue_server_link = https://issues.example.com/{repo}/issue/\1
188 190
189 191 ## substitution pattern to use as the link text
190 192 ## If issue_sub is empty, the text matched by issue_pat is retained verbatim
191 193 ## for the link text. Otherwise, the link text is that of issue_sub, with any
192 194 ## backreferences to groups in issue_pat replaced.
193 195
194 196 issue_sub =
195 197
196 198 ## issue_pat, issue_server_link and issue_sub can have suffixes to specify
197 199 ## multiple patterns, to other issues server, wiki or others
198 200 ## below an example how to create a wiki pattern
199 201 # wiki-some-id -> https://wiki.example.com/some-id
200 202
201 203 #issue_pat_wiki = wiki-(\S+)
202 204 #issue_server_link_wiki = https://wiki.example.com/\1
203 205 #issue_sub_wiki = WIKI-\1
204 206
205 207 ## alternative return HTTP header for failed authentication. Default HTTP
206 208 ## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with
207 209 ## handling that. Set this variable to 403 to return HTTPForbidden
208 210 auth_ret_code =
209 211
210 212 ## allows to change the repository location in settings page
211 213 allow_repo_location_change = True
212 214
213 215 ## allows to setup custom hooks in settings page
214 216 allow_custom_hooks_settings = True
215 217
216 218 ## extra extensions for indexing, space separated and without the leading '.'.
217 219 # index.extensions =
218 220 # gemfile
219 221 # lock
220 222
221 223 ## extra filenames for indexing, space separated
222 224 # index.filenames =
223 225 # .dockerignore
224 226 # .editorconfig
225 227 # INSTALL
226 228 # CHANGELOG
227 229
228 230 ####################################
229 231 ### SSH CONFIG ####
230 232 ####################################
231 233
232 234 ## SSH is disabled by default, until an Administrator decides to enable it.
233 235 ssh_enabled = false
234 236
235 237 ## File where users' SSH keys will be stored *if* ssh_enabled is true.
236 238 #ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys
237 239
238 240 ## Path to be used in ssh_authorized_keys file to invoke kallithea-cli with ssh-serve.
239 241 #kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli
240 242
241 243 ## Locale to be used in the ssh-serve command.
242 244 ## This is needed because an SSH client may try to use its own locale
243 245 ## settings, which may not be available on the server.
244 246 ## See `locale -a` for valid values on this system.
245 247 #ssh_locale = C.UTF-8
246 248
247 249 ####################################
248 250 ### CELERY CONFIG ####
249 251 ####################################
250 252
251 253 use_celery = false
252 254
253 255 ## Example: connect to the virtual host 'rabbitmqhost' on localhost as rabbitmq:
254 256 broker.url = amqp://rabbitmq:qewqew@localhost:5672/rabbitmqhost
255 257
256 258 celery.imports = kallithea.lib.celerylib.tasks
257 259 celery.accept.content = pickle
258 260 celery.result.backend = amqp
259 261 celery.result.dburi = amqp://
260 262 celery.result.serialier = json
261 263
262 264 #celery.send.task.error.emails = true
263 265 #celery.amqp.task.result.expires = 18000
264 266
265 267 celeryd.concurrency = 2
266 268 celeryd.max.tasks.per.child = 1
267 269
268 270 ## If true, tasks will never be sent to the queue, but executed locally instead.
269 271 celery.always.eager = false
270 272
271 273 ####################################
272 274 ### BEAKER CACHE ####
273 275 ####################################
274 276
275 277 beaker.cache.data_dir = %(here)s/data/cache/data
276 278 beaker.cache.lock_dir = %(here)s/data/cache/lock
277 279
278 280 beaker.cache.regions = short_term,long_term,sql_cache_short
279 281
280 282 beaker.cache.short_term.type = memory
281 283 beaker.cache.short_term.expire = 60
282 284 beaker.cache.short_term.key_length = 256
283 285
284 286 beaker.cache.long_term.type = memory
285 287 beaker.cache.long_term.expire = 36000
286 288 beaker.cache.long_term.key_length = 256
287 289
288 290 beaker.cache.sql_cache_short.type = memory
289 291 beaker.cache.sql_cache_short.expire = 10
290 292 beaker.cache.sql_cache_short.key_length = 256
291 293
292 294 ####################################
293 295 ### BEAKER SESSION ####
294 296 ####################################
295 297
296 298 ## Name of session cookie. Should be unique for a given host and path, even when running
297 299 ## on different ports. Otherwise, cookie sessions will be shared and messed up.
298 300 session.key = kallithea
299 301 ## Sessions should always only be accessible by the browser, not directly by JavaScript.
300 302 session.httponly = true
301 303 ## Session lifetime. 2592000 seconds is 30 days.
302 304 session.timeout = 2592000
303 305
304 306 ## Server secret used with HMAC to ensure integrity of cookies.
305 307 #session.secret = VERY-SECRET
306 308 session.secret = development-not-secret
307 309 ## Further, encrypt the data with AES.
308 310 #session.encrypt_key = <key_for_encryption>
309 311 #session.validate_key = <validation_key>
310 312
311 313 ## Type of storage used for the session, current types are
312 314 ## dbm, file, memcached, database, and memory.
313 315
314 316 ## File system storage of session data. (default)
315 317 #session.type = file
316 318
317 319 ## Cookie only, store all session data inside the cookie. Requires secure secrets.
318 320 #session.type = cookie
319 321
320 322 ## Database storage of session data.
321 323 #session.type = ext:database
322 324 #session.sa.url = postgresql://postgres:qwe@localhost/kallithea
323 325 #session.table_name = db_session
324 326
325 327 ############################
326 328 ## ERROR HANDLING SYSTEMS ##
327 329 ############################
328 330
329 331 # Propagate email settings to ErrorReporter of TurboGears2
330 332 # You do not normally need to change these lines
331 333 get trace_errors.error_email = email_to
332 334 get trace_errors.smtp_server = smtp_server
333 335 get trace_errors.smtp_port = smtp_port
334 336 get trace_errors.from_address = error_email_from
335 337
336 338 ################################################################################
337 339 ## WARNING: *DEBUG MODE MUST BE OFF IN A PRODUCTION ENVIRONMENT* ##
338 340 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
339 341 ## execute malicious code after an exception is raised. ##
340 342 ################################################################################
341 343 #debug = false
342 344 debug = true
343 345
344 346 ##################################
345 347 ### LOGVIEW CONFIG ###
346 348 ##################################
347 349
348 350 logview.sqlalchemy = #faa
349 351 logview.pylons.templating = #bfb
350 352 logview.pylons.util = #eee
351 353
352 354 #########################################################
353 355 ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
354 356 #########################################################
355 357
356 358 # SQLITE [default]
357 359 sqlalchemy.url = sqlite:///%(here)s/kallithea.db?timeout=60
358 360
359 361 # see sqlalchemy docs for others
360 362
361 363 sqlalchemy.pool_recycle = 3600
362 364
363 365 ################################
364 366 ### ALEMBIC CONFIGURATION ####
365 367 ################################
366 368
367 369 [alembic]
368 370 script_location = kallithea:alembic
369 371
370 372 ################################
371 373 ### LOGGING CONFIGURATION ####
372 374 ################################
373 375
374 376 [loggers]
375 377 keys = root, routes, kallithea, sqlalchemy, tg, gearbox, beaker, templates, whoosh_indexer, werkzeug, backlash
376 378
377 379 [handlers]
378 380 keys = console, console_color, console_color_sql, null
379 381
380 382 [formatters]
381 383 keys = generic, color_formatter, color_formatter_sql
382 384
383 385 #############
384 386 ## LOGGERS ##
385 387 #############
386 388
387 389 [logger_root]
388 390 level = NOTSET
389 391 #handlers = console
390 392 handlers = console_color
391 393 # For coloring based on log level:
392 394 # handlers = console_color
393 395
394 396 [logger_routes]
395 397 #level = WARN
396 398 level = DEBUG
397 399 handlers =
398 400 qualname = routes.middleware
399 401 ## "level = DEBUG" logs the route matched and routing variables.
400 402
401 403 [logger_beaker]
402 404 #level = WARN
403 405 level = DEBUG
404 406 handlers =
405 407 qualname = beaker.container
406 408
407 409 [logger_templates]
408 410 #level = WARN
409 411 level = INFO
410 412 handlers =
411 413 qualname = pylons.templating
412 414
413 415 [logger_kallithea]
414 416 #level = WARN
415 417 level = DEBUG
416 418 handlers =
417 419 qualname = kallithea
418 420
419 421 [logger_tg]
420 422 #level = WARN
421 423 level = DEBUG
422 424 handlers =
423 425 qualname = tg
424 426
425 427 [logger_gearbox]
426 428 #level = WARN
427 429 level = DEBUG
428 430 handlers =
429 431 qualname = gearbox
430 432
431 433 [logger_sqlalchemy]
432 434 level = WARN
433 435 handlers =
434 436 qualname = sqlalchemy.engine
435 437 # For coloring based on log level and pretty printing of SQL:
436 438 # level = INFO
437 439 # handlers = console_color_sql
438 440 # propagate = 0
439 441
440 442 [logger_whoosh_indexer]
441 443 #level = WARN
442 444 level = DEBUG
443 445 handlers =
444 446 qualname = whoosh_indexer
445 447
446 448 [logger_werkzeug]
447 449 level = WARN
448 450 handlers =
449 451 qualname = werkzeug
450 452
451 453 [logger_backlash]
452 454 level = WARN
453 455 handlers =
454 456 qualname = backlash
455 457
456 458 ##############
457 459 ## HANDLERS ##
458 460 ##############
459 461
460 462 [handler_console]
461 463 class = StreamHandler
462 464 args = (sys.stderr,)
463 465 formatter = generic
464 466
465 467 [handler_console_color]
466 468 # ANSI color coding based on log level
467 469 class = StreamHandler
468 470 args = (sys.stderr,)
469 471 formatter = color_formatter
470 472
471 473 [handler_console_color_sql]
472 474 # ANSI color coding and pretty printing of SQL statements
473 475 class = StreamHandler
474 476 args = (sys.stderr,)
475 477 formatter = color_formatter_sql
476 478
477 479 [handler_null]
478 480 class = NullHandler
479 481 args = ()
480 482
481 483 ################
482 484 ## FORMATTERS ##
483 485 ################
484 486
485 487 [formatter_generic]
486 488 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
487 489 datefmt = %Y-%m-%d %H:%M:%S
488 490
489 491 [formatter_color_formatter]
490 492 class = kallithea.lib.colored_formatter.ColorFormatter
491 493 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
492 494 datefmt = %Y-%m-%d %H:%M:%S
493 495
494 496 [formatter_color_formatter_sql]
495 497 class = kallithea.lib.colored_formatter.ColorFormatterSql
496 498 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
497 499 datefmt = %Y-%m-%d %H:%M:%S
498 500
499 501 #################
500 502 ## SSH LOGGING ##
501 503 #################
502 504
503 505 # The default loggers use 'handler_console' that uses StreamHandler with
504 506 # destination 'sys.stderr'. In the context of the SSH server process, these log
505 507 # messages would be sent to the client, which is normally not what you want.
506 508 # By default, when running ssh-serve, just use NullHandler and disable logging
507 509 # completely. For other logging options, see:
508 510 # https://docs.python.org/2/library/logging.handlers.html
509 511
510 512 [ssh_serve:logger_root]
511 513 level = CRITICAL
512 514 handlers = null
513 515
514 516 # Note: If logging is configured with other handlers, they might need similar
515 517 # muting for ssh-serve too.
Show file before | Show file after | Hide comments
@@ -1,638 +1,637 b''
1 1 .. _setup:
2 2
3 3 =====
4 4 Setup
5 5 =====
6 6
7 7
8 8 Setting up Kallithea
9 9 --------------------
10 10
11 11 First, you will need to create a Kallithea configuration file. Run the
12 12 following command to do so::
13 13
14 14 kallithea-cli config-create my.ini
15 15
16 16 This will create the file ``my.ini`` in the current directory. This
17 17 configuration file contains the various settings for Kallithea, e.g.
18 18 proxy port, email settings, usage of static files, cache, Celery
19 19 settings, and logging. Extra settings can be specified like::
20 20
21 21 kallithea-cli config-create my.ini host=8.8.8.8 "[handler_console]" formatter=color_formatter
22 22
23 23 Next, you need to create the databases used by Kallithea. It is recommended to
24 24 use PostgreSQL or SQLite (default). If you choose a database other than the
25 25 default, ensure you properly adjust the database URL in your ``my.ini``
26 26 configuration file to use this other database. Kallithea currently supports
27 27 PostgreSQL, SQLite and MySQL databases. Create the database by running
28 28 the following command::
29 29
30 30 kallithea-cli db-create -c my.ini
31 31
32 32 This will prompt you for a "root" path. This "root" path is the location where
33 33 Kallithea will store all of its repositories on the current machine. After
34 34 entering this "root" path ``db-create`` will also prompt you for a username
35 35 and password for the initial admin account which ``db-create`` sets
36 36 up for you.
37 37
38 38 The ``db-create`` values can also be given on the command line.
39 39 Example::
40 40
41 41 kallithea-cli db-create -c my.ini --user=nn --password=secret --email=nn@example.com --repos=/srv/repos
42 42
43 43 The ``db-create`` command will create all needed tables and an
44 44 admin account. When choosing a root path you can either use a new
45 45 empty location, or a location which already contains existing
46 46 repositories. If you choose a location which contains existing
47 47 repositories Kallithea will add all of the repositories at the chosen
48 48 location to its database. (Note: make sure you specify the correct
49 49 path to the root).
50 50
51 51 .. note:: the given path for Mercurial_ repositories **must** be write
52 52 accessible for the application. It's very important since
53 53 the Kallithea web interface will work without write access,
54 54 but when trying to do a push it will fail with permission
55 55 denied errors unless it has write access.
56 56
57 57 Finally, prepare the front-end by running::
58 58
59 59 kallithea-cli front-end-build
60 60
61 61 You are now ready to use Kallithea. To run it simply execute::
62 62
63 63 gearbox serve -c my.ini
64 64
65 65 - This command runs the Kallithea server. The web app should be available at
66 66 http://127.0.0.1:5000. The IP address and port is configurable via the
67 67 configuration file created in the previous step.
68 68 - Log in to Kallithea using the admin account created when running ``db-create``.
69 69 - The default permissions on each repository is read, and the owner is admin.
70 70 Remember to update these if needed.
71 71 - In the admin panel you can toggle LDAP, anonymous, and permissions
72 72 settings, as well as edit more advanced options on users and
73 73 repositories.
74 74
75 75
76 76 Internationalization (i18n support)
77 77 -----------------------------------
78 78
79 79 The Kallithea web interface is automatically displayed in the user's preferred
80 80 language, as indicated by the browser. Thus, different users may see the
81 81 application in different languages. If the requested language is not available
82 82 (because the translation file for that language does not yet exist or is
83 incomplete), the language specified in setting ``i18n.lang`` in the Kallithea
84 configuration file is used as fallback. If no fallback language is explicitly
85 specified, English is used.
83 incomplete), English is used.
86 84
87 85 If you want to disable automatic language detection and instead configure a
88 86 fixed language regardless of user preference, set ``i18n.enabled = false`` and
89 set ``i18n.lang`` to the desired language (or leave empty for English).
87 specify another language by setting ``i18n.lang`` in the Kallithea
88 configuration file.
90 89
91 90
92 91 Using Kallithea with SSH
93 92 ------------------------
94 93
95 94 Kallithea supports repository access via SSH key based authentication.
96 95 This means:
97 96
98 97 - repository URLs like ``ssh://kallithea@example.com/name/of/repository``
99 98
100 99 - all network traffic for both read and write happens over the SSH protocol on
101 100 port 22, without using HTTP/HTTPS nor the Kallithea WSGI application
102 101
103 102 - encryption and authentication protocols are managed by the system's ``sshd``
104 103 process, with all users using the same Kallithea system user (e.g.
105 104 ``kallithea``) when connecting to the SSH server, but with users' public keys
106 105 in the Kallithea system user's `.ssh/authorized_keys` file granting each user
107 106 sandboxed access to the repositories.
108 107
109 108 - users and admins can manage SSH public keys in the web UI
110 109
111 110 - in their SSH client configuration, users can configure how the client should
112 111 control access to their SSH key - without passphrase, with passphrase, and
113 112 optionally with passphrase caching in the local shell session (``ssh-agent``).
114 113 This is standard SSH functionality, not something Kallithea provides or
115 114 interferes with.
116 115
117 116 - network communication between client and server happens in a bidirectional
118 117 stateful stream, and will in some cases be faster than HTTP/HTTPS with several
119 118 stateless round-trips.
120 119
121 120 .. note:: At this moment, repository access via SSH has been tested on Unix
122 121 only. Windows users that care about SSH are invited to test it and report
123 122 problems, ideally contributing patches that solve these problems.
124 123
125 124 Users and admins can upload SSH public keys (e.g. ``.ssh/id_rsa.pub``) through
126 125 the web interface. The server's ``.ssh/authorized_keys`` file is automatically
127 126 maintained with an entry for each SSH key. Each entry will tell ``sshd`` to run
128 127 ``kallithea-cli`` with the ``ssh-serve`` sub-command and the right Kallithea user ID
129 128 when encountering the corresponding SSH key.
130 129
131 130 To enable SSH repository access, Kallithea must be configured with the path to
132 131 the ``.ssh/authorized_keys`` file for the Kallithea user, and the path to the
133 132 ``kallithea-cli`` command. Put something like this in the ``.ini`` file::
134 133
135 134 ssh_enabled = true
136 135 ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys
137 136 kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli
138 137
139 138 The SSH service must be running, and the Kallithea user account must be active
140 139 (not necessarily with password access, but public key access must be enabled),
141 140 all file permissions must be set as sshd wants it, and ``authorized_keys`` must
142 141 be writeable by the Kallithea user.
143 142
144 143 .. note:: The ``authorized_keys`` file will be rewritten from scratch on
145 144 each update. If it already exists with other data, Kallithea will not
146 145 overwrite the existing ``authorized_keys``, and the server process will
147 146 instead throw an exception. The system administrator thus cannot ssh
148 147 directly to the Kallithea user but must use su/sudo from another account.
149 148
150 149 If ``/home/kallithea/.ssh/`` (the directory of the path specified in the
151 150 ``ssh_authorized_keys`` setting of the ``.ini`` file) does not exist as a
152 151 directory, Kallithea will attempt to create it. If that path exists but is
153 152 *not* a directory, or is not readable-writable-executable by the server
154 153 process, the server process will raise an exception each time it attempts to
155 154 write the ``authorized_keys`` file.
156 155
157 156 .. warning:: The handling of SSH access is steered directly by the command
158 157 specified in the ``authorized_keys`` file. There is no interaction with the
159 158 web UI. Once SSH access is correctly configured and enabled, it will work
160 159 regardless of whether the Kallithea web process is actually running. Hence,
161 160 if you want to perform repository or server maintenance and want to fully
162 161 disable all access to the repositories, disable SSH access by setting
163 162 ``ssh_enabled = false`` in the correct ``.ini`` file (i.e. the ``.ini`` file
164 163 specified in the ``authorized_keys`` file.)
165 164
166 165 The ``authorized_keys`` file can be updated manually with ``kallithea-cli
167 166 ssh-update-authorized-keys -c my.ini``. This command is not needed in normal
168 167 operation but is for example useful after changing SSH-related settings in the
169 168 ``.ini`` file or renaming that file. (The path to the ``.ini`` file is used in
170 169 the generated ``authorized_keys`` file).
171 170
172 171
173 172 Setting up Whoosh full text search
174 173 ----------------------------------
175 174
176 175 Kallithea provides full text search of repositories using `Whoosh`__.
177 176
178 177 .. __: https://whoosh.readthedocs.io/en/latest/
179 178
180 179 For an incremental index build, run::
181 180
182 181 kallithea-cli index-create -c my.ini
183 182
184 183 For a full index rebuild, run::
185 184
186 185 kallithea-cli index-create -c my.ini --full
187 186
188 187 The ``--repo-location`` option allows the location of the repositories to be overridden;
189 188 usually, the location is retrieved from the Kallithea database.
190 189
191 190 The ``--index-only`` option can be used to limit the indexed repositories to a comma-separated list::
192 191
193 192 kallithea-cli index-create -c my.ini --index-only=vcs,kallithea
194 193
195 194 To keep your index up-to-date it is necessary to do periodic index builds;
196 195 for this, it is recommended to use a crontab entry. Example::
197 196
198 197 0 3 * * * /path/to/virtualenv/bin/kallithea-cli index-create -c /path/to/kallithea/my.ini
199 198
200 199 When using incremental mode (the default), Whoosh will check the last
201 200 modification date of each file and add it to be reindexed if a newer file is
202 201 available. The indexing daemon checks for any removed files and removes them
203 202 from index.
204 203
205 204 If you want to rebuild the index from scratch, you can use the ``-f`` flag as above,
206 205 or in the admin panel you can check the "build from scratch" checkbox.
207 206
208 207
209 208 Integration with issue trackers
210 209 -------------------------------
211 210
212 211 Kallithea provides a simple integration with issue trackers. It's possible
213 212 to define a regular expression that will match an issue ID in commit messages,
214 213 and have that replaced with a URL to the issue.
215 214
216 215 This is achieved with following three variables in the ini file::
217 216
218 217 issue_pat = #(\d+)
219 218 issue_server_link = https://issues.example.com/{repo}/issue/\1
220 219 issue_sub =
221 220
222 221 ``issue_pat`` is the regular expression describing which strings in
223 222 commit messages will be treated as issue references. The expression can/should
224 223 have one or more parenthesized groups that can later be referred to in
225 224 ``issue_server_link`` and ``issue_sub`` (see below). If you prefer, named groups
226 225 can be used instead of simple parenthesized groups.
227 226
228 227 If the pattern should only match if it is preceded by whitespace, add the
229 228 following string before the actual pattern: ``(?:^|(?<=\s))``.
230 229 If the pattern should only match if it is followed by whitespace, add the
231 230 following string after the actual pattern: ``(?:$|(?=\s))``.
232 231 These expressions use lookbehind and lookahead assertions of the Python regular
233 232 expression module to avoid the whitespace to be part of the actual pattern,
234 233 otherwise the link text will also contain that whitespace.
235 234
236 235 Matched issue references are replaced with the link specified in
237 236 ``issue_server_link``, in which any backreferences are resolved. Backreferences
238 237 can be ``\1``, ``\2``, ... or for named groups ``\g<groupname>``.
239 238 The special token ``{repo}`` is replaced with the full repository path
240 239 (including repository groups), while token ``{repo_name}`` is replaced with the
241 240 repository name (without repository groups).
242 241
243 242 The link text is determined by ``issue_sub``, which can be a string containing
244 243 backreferences to the groups specified in ``issue_pat``. If ``issue_sub`` is
245 244 empty, then the text matched by ``issue_pat`` is used verbatim.
246 245
247 246 The example settings shown above match issues in the format ``#<number>``.
248 247 This will cause the text ``#300`` to be transformed into a link:
249 248
250 249 .. code-block:: html
251 250
252 251 <a href="https://issues.example.com/example_repo/issue/300">#300</a>
253 252
254 253 The following example transforms a text starting with either of 'pullrequest',
255 254 'pull request' or 'PR', followed by an optional space, then a pound character
256 255 (#) and one or more digits, into a link with the text 'PR #' followed by the
257 256 digits::
258 257
259 258 issue_pat = (pullrequest|pull request|PR) ?#(\d+)
260 259 issue_server_link = https://issues.example.com/\2
261 260 issue_sub = PR #\2
262 261
263 262 The following example demonstrates how to require whitespace before the issue
264 263 reference in order for it to be recognized, such that the text ``issue#123`` will
265 264 not cause a match, but ``issue #123`` will::
266 265
267 266 issue_pat = (?:^|(?<=\s))#(\d+)
268 267 issue_server_link = https://issues.example.com/\1
269 268 issue_sub =
270 269
271 270 If needed, more than one pattern can be specified by appending a unique suffix to
272 271 the variables. For example, also demonstrating the use of named groups::
273 272
274 273 issue_pat_wiki = wiki-(?P<pagename>\S+)
275 274 issue_server_link_wiki = https://wiki.example.com/\g<pagename>
276 275 issue_sub_wiki = WIKI-\g<pagename>
277 276
278 277 With these settings, wiki pages can be referenced as wiki-some-id, and every
279 278 such reference will be transformed into:
280 279
281 280 .. code-block:: html
282 281
283 282 <a href="https://wiki.example.com/some-id">WIKI-some-id</a>
284 283
285 284 Refer to the `Python regular expression documentation`_ for more details about
286 285 the supported syntax in ``issue_pat``, ``issue_server_link`` and ``issue_sub``.
287 286
288 287
289 288 Hook management
290 289 ---------------
291 290
292 291 Hooks can be managed in similar way to that used in ``.hgrc`` files.
293 292 To manage hooks, choose *Admin > Settings > Hooks*.
294 293
295 294 The built-in hooks cannot be modified, though they can be enabled or disabled in the *VCS* section.
296 295
297 296 To add another custom hook simply fill in the first textbox with
298 297 ``<name>.<hook_type>`` and the second with the hook path. Example hooks
299 298 can be found in ``kallithea.lib.hooks``.
300 299
301 300
302 301 Changing default encoding
303 302 -------------------------
304 303
305 304 By default, Kallithea uses UTF-8 encoding.
306 305 This is configurable as ``default_encoding`` in the .ini file.
307 306 This affects many parts in Kallithea including user names, filenames, and
308 307 encoding of commit messages. In addition Kallithea can detect if the ``chardet``
309 308 library is installed. If ``chardet`` is detected Kallithea will fallback to it
310 309 when there are encode/decode errors.
311 310
312 311 The Mercurial encoding is configurable as ``hgencoding``. It is similar to
313 312 setting the ``HGENCODING`` environment variable, but will override it.
314 313
315 314
316 315 Celery configuration
317 316 --------------------
318 317
319 318 Kallithea can use the distributed task queue system Celery_ to run tasks like
320 319 cloning repositories or sending emails.
321 320
322 321 Kallithea will in most setups work perfectly fine out of the box (without
323 322 Celery), executing all tasks in the web server process. Some tasks can however
324 323 take some time to run and it can be better to run such tasks asynchronously in
325 324 a separate process so the web server can focus on serving web requests.
326 325
327 326 For installation and configuration of Celery, see the `Celery documentation`_.
328 327 Note that Celery requires a message broker service like RabbitMQ_ (recommended)
329 328 or Redis_.
330 329
331 330 The use of Celery is configured in the Kallithea ini configuration file.
332 331 To enable it, simply set::
333 332
334 333 use_celery = true
335 334
336 335 and add or change the ``celery.*`` and ``broker.*`` configuration variables.
337 336
338 337 Remember that the ini files use the format with '.' and not with '_' like
339 338 Celery. So for example setting `BROKER_HOST` in Celery means setting
340 339 `broker.host` in the configuration file.
341 340
342 341 To start the Celery process, run::
343 342
344 343 kallithea-cli celery-run -c my.ini
345 344
346 345 Extra options to the Celery worker can be passed after ``--`` - see ``-- -h``
347 346 for more info.
348 347
349 348 .. note::
350 349 Make sure you run this command from the same virtualenv, and with the same
351 350 user that Kallithea runs.
352 351
353 352
354 353 HTTPS support
355 354 -------------
356 355
357 356 Kallithea will by default generate URLs based on the WSGI environment.
358 357
359 358 Alternatively, you can use some special configuration settings to control
360 359 directly which scheme/protocol Kallithea will use when generating URLs:
361 360
362 361 - With ``https_fixup = true``, the scheme will be taken from the
363 362 ``X-Url-Scheme``, ``X-Forwarded-Scheme`` or ``X-Forwarded-Proto`` HTTP header
364 363 (default ``http``).
365 364 - With ``force_https = true`` the default will be ``https``.
366 365 - With ``use_htsts = true``, Kallithea will set ``Strict-Transport-Security`` when using https.
367 366
368 367 .. _nginx_virtual_host:
369 368
370 369
371 370 Nginx virtual host example
372 371 --------------------------
373 372
374 373 Sample config for Nginx using proxy:
375 374
376 375 .. code-block:: nginx
377 376
378 377 upstream kallithea {
379 378 server 127.0.0.1:5000;
380 379 # add more instances for load balancing
381 380 #server 127.0.0.1:5001;
382 381 #server 127.0.0.1:5002;
383 382 }
384 383
385 384 ## gist alias
386 385 server {
387 386 listen 443;
388 387 server_name gist.example.com;
389 388 access_log /var/log/nginx/gist.access.log;
390 389 error_log /var/log/nginx/gist.error.log;
391 390
392 391 ssl on;
393 392 ssl_certificate gist.your.kallithea.server.crt;
394 393 ssl_certificate_key gist.your.kallithea.server.key;
395 394
396 395 ssl_session_timeout 5m;
397 396
398 397 ssl_protocols SSLv3 TLSv1;
399 398 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
400 399 ssl_prefer_server_ciphers on;
401 400
402 401 rewrite ^/(.+)$ https://kallithea.example.com/_admin/gists/$1;
403 402 rewrite (.*) https://kallithea.example.com/_admin/gists;
404 403 }
405 404
406 405 server {
407 406 listen 443;
408 407 server_name kallithea.example.com
409 408 access_log /var/log/nginx/kallithea.access.log;
410 409 error_log /var/log/nginx/kallithea.error.log;
411 410
412 411 ssl on;
413 412 ssl_certificate your.kallithea.server.crt;
414 413 ssl_certificate_key your.kallithea.server.key;
415 414
416 415 ssl_session_timeout 5m;
417 416
418 417 ssl_protocols SSLv3 TLSv1;
419 418 ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5;
420 419 ssl_prefer_server_ciphers on;
421 420
422 421 ## uncomment root directive if you want to serve static files by nginx
423 422 ## requires static_files = false in .ini file
424 423 #root /srv/kallithea/kallithea/kallithea/public;
425 424 include /etc/nginx/proxy.conf;
426 425 location / {
427 426 try_files $uri @kallithea;
428 427 }
429 428
430 429 location @kallithea {
431 430 proxy_pass http://127.0.0.1:5000;
432 431 }
433 432
434 433 }
435 434
436 435 Here's the proxy.conf. It's tuned so it will not timeout on long
437 436 pushes or large pushes::
438 437
439 438 proxy_redirect off;
440 439 proxy_set_header Host $host;
441 440 ## needed for container auth
442 441 #proxy_set_header REMOTE_USER $remote_user;
443 442 #proxy_set_header X-Forwarded-User $remote_user;
444 443 proxy_set_header X-Url-Scheme $scheme;
445 444 proxy_set_header X-Host $http_host;
446 445 proxy_set_header X-Real-IP $remote_addr;
447 446 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
448 447 proxy_set_header Proxy-host $proxy_host;
449 448 proxy_buffering off;
450 449 proxy_connect_timeout 7200;
451 450 proxy_send_timeout 7200;
452 451 proxy_read_timeout 7200;
453 452 proxy_buffers 8 32k;
454 453 client_max_body_size 1024m;
455 454 client_body_buffer_size 128k;
456 455 large_client_header_buffers 8 64k;
457 456
458 457 .. _apache_virtual_host_reverse_proxy:
459 458
460 459
461 460 Apache virtual host reverse proxy example
462 461 -----------------------------------------
463 462
464 463 Here is a sample configuration file for Apache using proxy:
465 464
466 465 .. code-block:: apache
467 466
468 467 <VirtualHost *:80>
469 468 ServerName kallithea.example.com
470 469
471 470 <Proxy *>
472 471 # For Apache 2.4 and later:
473 472 Require all granted
474 473
475 474 # For Apache 2.2 and earlier, instead use:
476 475 # Order allow,deny
477 476 # Allow from all
478 477 </Proxy>
479 478
480 479 #important !
481 480 #Directive to properly generate url (clone url) for Kallithea
482 481 ProxyPreserveHost On
483 482
484 483 #kallithea instance
485 484 ProxyPass / http://127.0.0.1:5000/
486 485 ProxyPassReverse / http://127.0.0.1:5000/
487 486
488 487 #to enable https use line below
489 488 #SetEnvIf X-Url-Scheme https HTTPS=1
490 489 </VirtualHost>
491 490
492 491 Additional tutorial
493 492 http://pylonsbook.com/en/1.1/deployment.html#using-apache-to-proxy-requests-to-pylons
494 493
495 494 .. _apache_subdirectory:
496 495
497 496
498 497 Apache as subdirectory
499 498 ----------------------
500 499
501 500 Apache subdirectory part:
502 501
503 502 .. code-block:: apache
504 503
505 504 <Location /PREFIX >
506 505 ProxyPass http://127.0.0.1:5000/PREFIX
507 506 ProxyPassReverse http://127.0.0.1:5000/PREFIX
508 507 SetEnvIf X-Url-Scheme https HTTPS=1
509 508 </Location>
510 509
511 510 Besides the regular apache setup you will need to add the following line
512 511 into ``[app:main]`` section of your .ini file::
513 512
514 513 filter-with = proxy-prefix
515 514
516 515 Add the following at the end of the .ini file::
517 516
518 517 [filter:proxy-prefix]
519 518 use = egg:PasteDeploy#prefix
520 519 prefix = /PREFIX
521 520
522 521 then change ``PREFIX`` into your chosen prefix
523 522
524 523 .. _apache_mod_wsgi:
525 524
526 525
527 526 Apache with mod_wsgi
528 527 --------------------
529 528
530 529 Alternatively, Kallithea can be set up with Apache under mod_wsgi. For
531 530 that, you'll need to:
532 531
533 532 - Install mod_wsgi. If using a Debian-based distro, you can install
534 533 the package libapache2-mod-wsgi::
535 534
536 535 aptitude install libapache2-mod-wsgi
537 536
538 537 - Enable mod_wsgi::
539 538
540 539 a2enmod wsgi
541 540
542 541 - Add global Apache configuration to tell mod_wsgi that Python only will be
543 542 used in the WSGI processes and shouldn't be initialized in the Apache
544 543 processes::
545 544
546 545 WSGIRestrictEmbedded On
547 546
548 547 - Create a WSGI dispatch script, like the one below. Make sure you
549 548 check that the paths correctly point to where you installed Kallithea
550 549 and its Python Virtual Environment.
551 550
552 551 .. code-block:: python
553 552
554 553 import os
555 554 os.environ['PYTHON_EGG_CACHE'] = '/srv/kallithea/.egg-cache'
556 555
557 556 # sometimes it's needed to set the current dir
558 557 os.chdir('/srv/kallithea/')
559 558
560 559 import site
561 560 site.addsitedir("/srv/kallithea/venv/lib/python2.7/site-packages")
562 561
563 562 ini = '/srv/kallithea/my.ini'
564 563 from logging.config import fileConfig
565 564 fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})
566 565 from paste.deploy import loadapp
567 566 application = loadapp('config:' + ini)
568 567
569 568 Or using proper virtualenv activation:
570 569
571 570 .. code-block:: python
572 571
573 572 activate_this = '/srv/kallithea/venv/bin/activate_this.py'
574 573 execfile(activate_this, dict(__file__=activate_this))
575 574
576 575 import os
577 576 os.environ['HOME'] = '/srv/kallithea'
578 577
579 578 ini = '/srv/kallithea/kallithea.ini'
580 579 from logging.config import fileConfig
581 580 fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})
582 581 from paste.deploy import loadapp
583 582 application = loadapp('config:' + ini)
584 583
585 584 - Add the necessary ``WSGI*`` directives to the Apache Virtual Host configuration
586 585 file, like in the example below. Notice that the WSGI dispatch script created
587 586 above is referred to with the ``WSGIScriptAlias`` directive.
588 587 The default locale settings Apache provides for web services are often not
589 588 adequate, with `C` as the default language and `ASCII` as the encoding.
590 589 Instead, use the ``lang`` parameter of ``WSGIDaemonProcess`` to specify a
591 590 suitable locale. See also the :ref:`overview` section and the
592 591 `WSGIDaemonProcess documentation`_.
593 592
594 593 Apache will by default run as a special Apache user, on Linux systems
595 594 usually ``www-data`` or ``apache``. If you need to have the repositories
596 595 directory owned by a different user, use the user and group options to
597 596 WSGIDaemonProcess to set the name of the user and group.
598 597
599 598 Once again, check that all paths are correctly specified.
600 599
601 600 .. code-block:: apache
602 601
603 602 WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 \
604 603 python-home=/srv/kallithea/venv lang=C.UTF-8
605 604 WSGIProcessGroup kallithea
606 605 WSGIScriptAlias / /srv/kallithea/dispatch.wsgi
607 606 WSGIPassAuthorization On
608 607
609 608 Or if using a dispatcher WSGI script with proper virtualenv activation:
610 609
611 610 .. code-block:: apache
612 611
613 612 WSGIDaemonProcess kallithea processes=5 threads=1 maximum-requests=100 lang=en_US.utf8
614 613 WSGIProcessGroup kallithea
615 614 WSGIScriptAlias / /srv/kallithea/dispatch.wsgi
616 615 WSGIPassAuthorization On
617 616
618 617
619 618 Other configuration files
620 619 -------------------------
621 620
622 621 A number of `example init.d scripts`__ can be found in
623 622 the ``init.d`` directory of the Kallithea source.
624 623
625 624 .. __: https://kallithea-scm.org/repos/kallithea/files/tip/init.d/ .
626 625
627 626
628 627 .. _virtualenv: http://pypi.python.org/pypi/virtualenv
629 628 .. _python: http://www.python.org/
630 629 .. _Python regular expression documentation: https://docs.python.org/2/library/re.html
631 630 .. _Mercurial: https://www.mercurial-scm.org/
632 631 .. _Celery: http://celeryproject.org/
633 632 .. _Celery documentation: http://docs.celeryproject.org/en/latest/getting-started/index.html
634 633 .. _RabbitMQ: http://www.rabbitmq.com/
635 634 .. _Redis: http://redis.io/
636 635 .. _mercurial-server: http://www.lshift.net/mercurial-server.html
637 636 .. _PublishingRepositories: https://www.mercurial-scm.org/wiki/PublishingRepositories
638 637 .. _WSGIDaemonProcess documentation: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html
Show file before | Show file after | Hide comments
@@ -1,211 +1,216 b''
1 1 # -*- coding: utf-8 -*-
2 2 # This program is free software: you can redistribute it and/or modify
3 3 # it under the terms of the GNU General Public License as published by
4 4 # the Free Software Foundation, either version 3 of the License, or
5 5 # (at your option) any later version.
6 6 #
7 7 # This program is distributed in the hope that it will be useful,
8 8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 10 # GNU General Public License for more details.
11 11 #
12 12 # You should have received a copy of the GNU General Public License
13 13 # along with this program. If not, see <http://www.gnu.org/licenses/>.
14 14 """
15 15 Global configuration file for TurboGears2 specific settings in Kallithea.
16 16
17 17 This file complements the .ini file.
18 18 """
19 19
20 20 import logging
21 21 import os
22 22 import platform
23 23 import sys
24 24
25 25 import alembic.config
26 26 import mercurial
27 27 import tg
28 28 from alembic.migration import MigrationContext
29 29 from alembic.script.base import ScriptDirectory
30 30 from sqlalchemy import create_engine
31 31 from tg import hooks
32 32 from tg.configuration import AppConfig
33 33 from tg.support.converters import asbool
34 34
35 35 import kallithea.lib.locale
36 36 import kallithea.model.base
37 37 from kallithea.lib.auth import set_available_permissions
38 38 from kallithea.lib.middleware.https_fixup import HttpsFixup
39 39 from kallithea.lib.middleware.permanent_repo_url import PermanentRepoUrl
40 40 from kallithea.lib.middleware.simplegit import SimpleGit
41 41 from kallithea.lib.middleware.simplehg import SimpleHg
42 42 from kallithea.lib.middleware.wrapper import RequestWrapper
43 43 from kallithea.lib.utils import check_git_version, load_rcextensions, make_ui, set_app_settings, set_indexer_config, set_vcs_config
44 44 from kallithea.lib.utils2 import str2bool
45 45
46 46
47 47 log = logging.getLogger(__name__)
48 48
49 49
50 50 class KallitheaAppConfig(AppConfig):
51 51 # Note: AppConfig has a misleading name, as it's not the application
52 52 # configuration, but the application configurator. The AppConfig values are
53 53 # used as a template to create the actual configuration, which might
54 54 # overwrite or extend the one provided by the configurator template.
55 55
56 56 # To make it clear, AppConfig creates the config and sets into it the same
57 57 # values that AppConfig itself has. Then the values from the config file and
58 58 # gearbox options are loaded and merged into the configuration. Then an
59 59 # after_init_config(conf) method of AppConfig is called for any change that
60 60 # might depend on options provided by configuration files.
61 61
62 62 def __init__(self):
63 63 super(KallitheaAppConfig, self).__init__()
64 64
65 65 self['package'] = kallithea
66 66
67 67 self['prefer_toscawidgets2'] = False
68 68 self['use_toscawidgets'] = False
69 69
70 70 self['renderers'] = []
71 71
72 72 # Enable json in expose
73 73 self['renderers'].append('json')
74 74
75 75 # Configure template rendering
76 76 self['renderers'].append('mako')
77 77 self['default_renderer'] = 'mako'
78 78 self['use_dotted_templatenames'] = False
79 79
80 80 # Configure Sessions, store data as JSON to avoid pickle security issues
81 81 self['session.enabled'] = True
82 82 self['session.data_serializer'] = 'json'
83 83
84 84 # Configure the base SQLALchemy Setup
85 85 self['use_sqlalchemy'] = True
86 86 self['model'] = kallithea.model.base
87 87 self['DBSession'] = kallithea.model.meta.Session
88 88
89 89 # Configure App without an authentication backend.
90 90 self['auth_backend'] = None
91 91
92 92 # Use custom error page for these errors. By default, Turbogears2 does not add
93 93 # 400 in this list.
94 94 # Explicitly listing all is considered more robust than appending to defaults,
95 95 # in light of possible future framework changes.
96 96 self['errorpage.status_codes'] = [400, 401, 403, 404]
97 97
98 98 # Disable transaction manager -- currently Kallithea takes care of transactions itself
99 99 self['tm.enabled'] = False
100 100
101 # Set the i18n source language so TG doesn't search beyond 'en' in Accept-Language.
102 # Don't force the default here if configuration force something else.
103 if not self.get('i18n.lang'):
104 self['i18n.lang'] = 'en'
105
101 106
102 107 base_config = KallitheaAppConfig()
103 108
104 109 # TODO still needed as long as we use pylonslib
105 110 sys.modules['pylons'] = tg
106 111
107 112 # DebugBar, a debug toolbar for TurboGears2.
108 113 # (https://github.com/TurboGears/tgext.debugbar)
109 114 # To enable it, install 'tgext.debugbar' and 'kajiki', and run Kallithea with
110 115 # 'debug = true' (not in production!)
111 116 # See the Kallithea documentation for more information.
112 117 try:
113 118 from tgext.debugbar import enable_debugbar
114 119 import kajiki # only to check its existence
115 120 except ImportError:
116 121 pass
117 122 else:
118 123 base_config['renderers'].append('kajiki')
119 124 enable_debugbar(base_config)
120 125
121 126
122 127 def setup_configuration(app):
123 128 config = app.config
124 129
125 130 if not kallithea.lib.locale.current_locale_is_valid():
126 131 log.error("Terminating ...")
127 132 sys.exit(1)
128 133
129 134 # Mercurial sets encoding at module import time, so we have to monkey patch it
130 135 hgencoding = config.get('hgencoding')
131 136 if hgencoding:
132 137 mercurial.encoding.encoding = hgencoding
133 138
134 139 if config.get('ignore_alembic_revision', False):
135 140 log.warn('database alembic revision checking is disabled')
136 141 else:
137 142 dbconf = config['sqlalchemy.url']
138 143 alembic_cfg = alembic.config.Config()
139 144 alembic_cfg.set_main_option('script_location', 'kallithea:alembic')
140 145 alembic_cfg.set_main_option('sqlalchemy.url', dbconf)
141 146 script_dir = ScriptDirectory.from_config(alembic_cfg)
142 147 available_heads = sorted(script_dir.get_heads())
143 148
144 149 engine = create_engine(dbconf)
145 150 with engine.connect() as conn:
146 151 context = MigrationContext.configure(conn)
147 152 current_heads = sorted(str(s) for s in context.get_current_heads())
148 153 if current_heads != available_heads:
149 154 log.error('Failed to run Kallithea:\n\n'
150 155 'The database version does not match the Kallithea version.\n'
151 156 'Please read the documentation on how to upgrade or downgrade the database.\n'
152 157 'Current database version id(s): %s\n'
153 158 'Expected database version id(s): %s\n'
154 159 'If you are a developer and you know what you are doing, you can add `ignore_alembic_revision = True` '
155 160 'to your .ini file to skip the check.\n' % (' '.join(current_heads), ' '.join(available_heads)))
156 161 sys.exit(1)
157 162
158 163 # store some globals into kallithea
159 164 kallithea.CELERY_ON = str2bool(config.get('use_celery'))
160 165 kallithea.CELERY_EAGER = str2bool(config.get('celery.always.eager'))
161 166 kallithea.CONFIG = config
162 167
163 168 load_rcextensions(root_path=config['here'])
164 169
165 170 set_available_permissions(config)
166 171 repos_path = make_ui().configitems('paths')[0][1]
167 172 config['base_path'] = repos_path
168 173 set_app_settings(config)
169 174
170 175 instance_id = kallithea.CONFIG.get('instance_id', '*')
171 176 if instance_id == '*':
172 177 instance_id = '%s-%s' % (platform.uname()[1], os.getpid())
173 178 kallithea.CONFIG['instance_id'] = instance_id
174 179
175 180 # update kallithea.CONFIG with the meanwhile changed 'config'
176 181 kallithea.CONFIG.update(config)
177 182
178 183 # configure vcs and indexer libraries (they are supposed to be independent
179 184 # as much as possible and thus avoid importing tg.config or
180 185 # kallithea.CONFIG).
181 186 set_vcs_config(kallithea.CONFIG)
182 187 set_indexer_config(kallithea.CONFIG)
183 188
184 189 check_git_version()
185 190
186 191
187 192 hooks.register('configure_new_app', setup_configuration)
188 193
189 194
190 195 def setup_application(app):
191 196 config = app.config
192 197
193 198 # we want our low level middleware to get to the request ASAP. We don't
194 199 # need any stack middleware in them - especially no StatusCodeRedirect buffering
195 200 app = SimpleHg(app, config)
196 201 app = SimpleGit(app, config)
197 202
198 203 # Enable https redirects based on HTTP_X_URL_SCHEME set by proxy
199 204 if any(asbool(config.get(x)) for x in ['https_fixup', 'force_https', 'use_htsts']):
200 205 app = HttpsFixup(app, config)
201 206
202 207 app = PermanentRepoUrl(app, config)
203 208
204 209 # Optional and undocumented wrapper - gives more verbose request/response logging, but has a slight overhead
205 210 if str2bool(config.get('use_wsgi_wrapper')):
206 211 app = RequestWrapper(app, config)
207 212
208 213 return app
209 214
210 215
211 216 hooks.register('before_config', setup_application)
Show file before | Show file after | Hide comments
@@ -1,697 +1,699 b''
1 1 ## -*- coding: utf-8 -*-
2 2 <%text>################################################################################</%text>
3 3 <%text>################################################################################</%text>
4 4 # Kallithea - config file generated with kallithea-config #
5 5 # #
6 6 # The %(here)s variable will be replaced with the parent directory of this file#
7 7 <%text>################################################################################</%text>
8 8 <%text>################################################################################</%text>
9 9
10 10 [DEFAULT]
11 11
12 12 <%text>################################################################################</%text>
13 13 <%text>## Email settings ##</%text>
14 14 <%text>## ##</%text>
15 15 <%text>## Refer to the documentation ("Email settings") for more details. ##</%text>
16 16 <%text>## ##</%text>
17 17 <%text>## It is recommended to use a valid sender address that passes access ##</%text>
18 18 <%text>## validation and spam filtering in mail servers. ##</%text>
19 19 <%text>################################################################################</%text>
20 20
21 21 <%text>## 'From' header for application emails. You can optionally add a name.</%text>
22 22 <%text>## Default:</%text>
23 23 #app_email_from = Kallithea
24 24 <%text>## Examples:</%text>
25 25 #app_email_from = Kallithea <kallithea-noreply@example.com>
26 26 #app_email_from = kallithea-noreply@example.com
27 27
28 28 <%text>## Subject prefix for application emails.</%text>
29 29 <%text>## A space between this prefix and the real subject is automatically added.</%text>
30 30 <%text>## Default:</%text>
31 31 #email_prefix =
32 32 <%text>## Example:</%text>
33 33 #email_prefix = [Kallithea]
34 34
35 35 <%text>## Recipients for error emails and fallback recipients of application mails.</%text>
36 36 <%text>## Multiple addresses can be specified, comma-separated.</%text>
37 37 <%text>## Only addresses are allowed, do not add any name part.</%text>
38 38 <%text>## Default:</%text>
39 39 #email_to =
40 40 <%text>## Examples:</%text>
41 41 #email_to = admin@example.com
42 42 #email_to = admin@example.com,another_admin@example.com
43 43 email_to =
44 44
45 45 <%text>## 'From' header for error emails. You can optionally add a name.</%text>
46 46 <%text>## Default: (none)</%text>
47 47 <%text>## Examples:</%text>
48 48 #error_email_from = Kallithea Errors <kallithea-noreply@example.com>
49 49 #error_email_from = kallithea_errors@example.com
50 50 error_email_from =
51 51
52 52 <%text>## SMTP server settings</%text>
53 53 <%text>## If specifying credentials, make sure to use secure connections.</%text>
54 54 <%text>## Default: Send unencrypted unauthenticated mails to the specified smtp_server.</%text>
55 55 <%text>## For "SSL", use smtp_use_ssl = true and smtp_port = 465.</%text>
56 56 <%text>## For "STARTTLS", use smtp_use_tls = true and smtp_port = 587.</%text>
57 57 smtp_server =
58 58 #smtp_username =
59 59 #smtp_password =
60 60 smtp_port =
61 61 #smtp_use_ssl = false
62 62 #smtp_use_tls = false
63 63
64 64 %if http_server != 'uwsgi':
65 65 <%text>## Entry point for 'gearbox serve'</%text>
66 66 [server:main]
67 67 host = ${host}
68 68 port = ${port}
69 69
70 70 %if http_server == 'gearbox':
71 71 <%text>## Gearbox default web server ##</%text>
72 72 use = egg:gearbox#wsgiref
73 73 <%text>## nr of worker threads to spawn</%text>
74 74 threadpool_workers = 1
75 75 <%text>## max request before thread respawn</%text>
76 76 threadpool_max_requests = 100
77 77 <%text>## option to use threads of process</%text>
78 78 use_threadpool = true
79 79
80 80 %elif http_server == 'gevent':
81 81 <%text>## Gearbox gevent web server ##</%text>
82 82 use = egg:gearbox#gevent
83 83
84 84 %elif http_server == 'waitress':
85 85 <%text>## WAITRESS ##</%text>
86 86 use = egg:waitress#main
87 87 <%text>## number of worker threads</%text>
88 88 threads = 1
89 89 <%text>## MAX BODY SIZE 100GB</%text>
90 90 max_request_body_size = 107374182400
91 91 <%text>## use poll instead of select, fixes fd limits, may not work on old</%text>
92 92 <%text>## windows systems.</%text>
93 93 #asyncore_use_poll = True
94 94
95 95 %elif http_server == 'gunicorn':
96 96 <%text>## GUNICORN ##</%text>
97 97 use = egg:gunicorn#main
98 98 <%text>## number of process workers. You must set `instance_id = *` when this option</%text>
99 99 <%text>## is set to more than one worker</%text>
100 100 workers = 4
101 101 <%text>## process name</%text>
102 102 proc_name = kallithea
103 103 <%text>## type of worker class, one of sync, eventlet, gevent, tornado</%text>
104 104 <%text>## recommended for bigger setup is using of of other than sync one</%text>
105 105 worker_class = sync
106 106 max_requests = 1000
107 107 <%text>## amount of time a worker can handle request before it gets killed and</%text>
108 108 <%text>## restarted</%text>
109 109 timeout = 3600
110 110
111 111 %endif
112 112 %else:
113 113 <%text>## UWSGI ##</%text>
114 114 <%text>## run with uwsgi --ini-paste-logged <inifile.ini></%text>
115 115 [uwsgi]
116 116 socket = /tmp/uwsgi.sock
117 117 master = true
118 118 http = ${host}:${port}
119 119
120 120 <%text>## set as daemon and redirect all output to file</%text>
121 121 #daemonize = ./uwsgi_kallithea.log
122 122
123 123 <%text>## master process PID</%text>
124 124 pidfile = ./uwsgi_kallithea.pid
125 125
126 126 <%text>## stats server with workers statistics, use uwsgitop</%text>
127 127 <%text>## for monitoring, `uwsgitop 127.0.0.1:1717`</%text>
128 128 stats = 127.0.0.1:1717
129 129 memory-report = true
130 130
131 131 <%text>## log 5XX errors</%text>
132 132 log-5xx = true
133 133
134 134 <%text>## Set the socket listen queue size.</%text>
135 135 listen = 128
136 136
137 137 <%text>## Gracefully Reload workers after the specified amount of managed requests</%text>
138 138 <%text>## (avoid memory leaks).</%text>
139 139 max-requests = 1000
140 140
141 141 <%text>## enable large buffers</%text>
142 142 buffer-size = 65535
143 143
144 144 <%text>## socket and http timeouts ##</%text>
145 145 http-timeout = 3600
146 146 socket-timeout = 3600
147 147
148 148 <%text>## Log requests slower than the specified number of milliseconds.</%text>
149 149 log-slow = 10
150 150
151 151 <%text>## Exit if no app can be loaded.</%text>
152 152 need-app = true
153 153
154 154 <%text>## Set lazy mode (load apps in workers instead of master).</%text>
155 155 lazy = true
156 156
157 157 <%text>## scaling ##</%text>
158 158 <%text>## set cheaper algorithm to use, if not set default will be used</%text>
159 159 cheaper-algo = spare
160 160
161 161 <%text>## minimum number of workers to keep at all times</%text>
162 162 cheaper = 1
163 163
164 164 <%text>## number of workers to spawn at startup</%text>
165 165 cheaper-initial = 1
166 166
167 167 <%text>## maximum number of workers that can be spawned</%text>
168 168 workers = 4
169 169
170 170 <%text>## how many workers should be spawned at a time</%text>
171 171 cheaper-step = 1
172 172
173 173 %endif
174 174 <%text>## middleware for hosting the WSGI application under a URL prefix</%text>
175 175 #[filter:proxy-prefix]
176 176 #use = egg:PasteDeploy#prefix
177 177 #prefix = /<your-prefix>
178 178
179 179 [app:main]
180 180 use = egg:kallithea
181 181 <%text>## enable proxy prefix middleware</%text>
182 182 #filter-with = proxy-prefix
183 183
184 184 full_stack = true
185 185 static_files = true
186 186
187 187 <%text>## Internationalization (see setup documentation for details)</%text>
188 <%text>## By default, the language requested by the browser is used if available.</%text>
189 #i18n.enabled = false
190 <%text>## Fallback language, empty for English (valid values are the names of subdirectories in kallithea/i18n):</%text>
191 i18n.lang =
188 <%text>## By default, the languages requested by the browser are used if available, with English as default.</%text>
189 <%text>## Set i18n.enabled=false to disable automatic language choice.</%text>
190 #i18n.enabled = true
191 <%text>## To Force a language, set i18n.enabled=false and specify the language in i18n.lang.</%text>
192 <%text>## Valid values are the names of subdirectories in kallithea/i18n with a LC_MESSAGES/kallithea.mo</%text>
193 #i18n.lang = en
192 194
193 195 cache_dir = %(here)s/data
194 196 index_dir = %(here)s/data/index
195 197
196 198 <%text>## uncomment and set this path to use archive download cache</%text>
197 199 archive_cache_dir = %(here)s/tarballcache
198 200
199 201 <%text>## change this to unique ID for security</%text>
200 202 app_instance_uuid = ${uuid()}
201 203
202 204 <%text>## cut off limit for large diffs (size in bytes)</%text>
203 205 cut_off_limit = 256000
204 206
205 207 <%text>## force https in Kallithea, fixes https redirects, assumes it's always https</%text>
206 208 force_https = false
207 209
208 210 <%text>## use Strict-Transport-Security headers</%text>
209 211 use_htsts = false
210 212
211 213 <%text>## number of commits stats will parse on each iteration</%text>
212 214 commit_parse_limit = 25
213 215
214 216 <%text>## Path to Python executable to be used for git hooks.</%text>
215 217 <%text>## This value will be written inside the git hook scripts as the text</%text>
216 218 <%text>## after '#!' (shebang). When empty or not defined, the value of</%text>
217 219 <%text>## 'sys.executable' at the time of installation of the git hooks is</%text>
218 220 <%text>## used, which is correct in many cases but for example not when using uwsgi.</%text>
219 221 <%text>## If you change this setting, you should reinstall the Git hooks via</%text>
220 222 <%text>## Admin > Settings > Remap and Rescan.</%text>
221 223 # git_hook_interpreter = /srv/kallithea/venv/bin/python2
222 224 %if git_hook_interpreter:
223 225 git_hook_interpreter = ${git_hook_interpreter}
224 226 %endif
225 227
226 228 <%text>## path to git executable</%text>
227 229 git_path = git
228 230
229 231 <%text>## git rev filter option, --all is the default filter, if you need to</%text>
230 232 <%text>## hide all refs in changelog switch this to --branches --tags</%text>
231 233 #git_rev_filter = --branches --tags
232 234
233 235 <%text>## RSS feed options</%text>
234 236 rss_cut_off_limit = 256000
235 237 rss_items_per_page = 10
236 238 rss_include_diff = false
237 239
238 240 <%text>## options for showing and identifying changesets</%text>
239 241 show_sha_length = 12
240 242 show_revision_number = false
241 243
242 244 <%text>## Canonical URL to use when creating full URLs in UI and texts.</%text>
243 245 <%text>## Useful when the site is available under different names or protocols.</%text>
244 246 <%text>## Defaults to what is provided in the WSGI environment.</%text>
245 247 #canonical_url = https://kallithea.example.com/repos
246 248
247 249 <%text>## gist URL alias, used to create nicer urls for gist. This should be an</%text>
248 250 <%text>## url that does rewrites to _admin/gists/<gistid>.</%text>
249 251 <%text>## example: http://gist.example.com/{gistid}. Empty means use the internal</%text>
250 252 <%text>## Kallithea url, ie. http[s]://kallithea.example.com/_admin/gists/<gistid></%text>
251 253 gist_alias_url =
252 254
253 255 <%text>## default encoding used to convert from and to unicode</%text>
254 256 <%text>## can be also a comma separated list of encoding in case of mixed encodings</%text>
255 257 default_encoding = utf-8
256 258
257 259 <%text>## Set Mercurial encoding, similar to setting HGENCODING before launching Kallithea</%text>
258 260 hgencoding = utf-8
259 261
260 262 <%text>## issue tracker for Kallithea (leave blank to disable, absent for default)</%text>
261 263 #bugtracker = https://bitbucket.org/conservancy/kallithea/issues
262 264
263 265 <%text>## issue tracking mapping for commit messages, comments, PR descriptions, ...</%text>
264 266 <%text>## Refer to the documentation ("Integration with issue trackers") for more details.</%text>
265 267
266 268 <%text>## regular expression to match issue references</%text>
267 269 <%text>## This pattern may/should contain parenthesized groups, that can</%text>
268 270 <%text>## be referred to in issue_server_link or issue_sub using Python backreferences</%text>
269 271 <%text>## (e.g. \1, \2, ...). You can also create named groups with '(?P<groupname>)'.</%text>
270 272 <%text>## To require mandatory whitespace before the issue pattern, use:</%text>
271 273 <%text>## (?:^|(?<=\s)) before the actual pattern, and for mandatory whitespace</%text>
272 274 <%text>## behind the issue pattern, use (?:$|(?=\s)) after the actual pattern.</%text>
273 275
274 276 issue_pat = #(\d+)
275 277
276 278 <%text>## server url to the issue</%text>
277 279 <%text>## This pattern may/should contain backreferences to parenthesized groups in issue_pat.</%text>
278 280 <%text>## A backreference can be \1, \2, ... or \g<groupname> if you specified a named group</%text>
279 281 <%text>## called 'groupname' in issue_pat.</%text>
280 282 <%text>## The special token {repo} is replaced with the full repository name</%text>
281 283 <%text>## including repository groups, while {repo_name} is replaced with just</%text>
282 284 <%text>## the name of the repository.</%text>
283 285
284 286 issue_server_link = https://issues.example.com/{repo}/issue/\1
285 287
286 288 <%text>## substitution pattern to use as the link text</%text>
287 289 <%text>## If issue_sub is empty, the text matched by issue_pat is retained verbatim</%text>
288 290 <%text>## for the link text. Otherwise, the link text is that of issue_sub, with any</%text>
289 291 <%text>## backreferences to groups in issue_pat replaced.</%text>
290 292
291 293 issue_sub =
292 294
293 295 <%text>## issue_pat, issue_server_link and issue_sub can have suffixes to specify</%text>
294 296 <%text>## multiple patterns, to other issues server, wiki or others</%text>
295 297 <%text>## below an example how to create a wiki pattern</%text>
296 298 # wiki-some-id -> https://wiki.example.com/some-id
297 299
298 300 #issue_pat_wiki = wiki-(\S+)
299 301 #issue_server_link_wiki = https://wiki.example.com/\1
300 302 #issue_sub_wiki = WIKI-\1
301 303
302 304 <%text>## alternative return HTTP header for failed authentication. Default HTTP</%text>
303 305 <%text>## response is 401 HTTPUnauthorized. Currently Mercurial clients have trouble with</%text>
304 306 <%text>## handling that. Set this variable to 403 to return HTTPForbidden</%text>
305 307 auth_ret_code =
306 308
307 309 <%text>## allows to change the repository location in settings page</%text>
308 310 allow_repo_location_change = True
309 311
310 312 <%text>## allows to setup custom hooks in settings page</%text>
311 313 allow_custom_hooks_settings = True
312 314
313 315 <%text>## extra extensions for indexing, space separated and without the leading '.'.</%text>
314 316 # index.extensions =
315 317 # gemfile
316 318 # lock
317 319
318 320 <%text>## extra filenames for indexing, space separated</%text>
319 321 # index.filenames =
320 322 # .dockerignore
321 323 # .editorconfig
322 324 # INSTALL
323 325 # CHANGELOG
324 326
325 327 <%text>####################################</%text>
326 328 <%text>### SSH CONFIG ####</%text>
327 329 <%text>####################################</%text>
328 330
329 331 <%text>## SSH is disabled by default, until an Administrator decides to enable it.</%text>
330 332 ssh_enabled = false
331 333
332 334 <%text>## File where users' SSH keys will be stored *if* ssh_enabled is true.</%text>
333 335 #ssh_authorized_keys = /home/kallithea/.ssh/authorized_keys
334 336 %if user_home_path:
335 337 ssh_authorized_keys = ${user_home_path}/.ssh/authorized_keys
336 338 %endif
337 339
338 340 <%text>## Path to be used in ssh_authorized_keys file to invoke kallithea-cli with ssh-serve.</%text>
339 341 #kallithea_cli_path = /srv/kallithea/venv/bin/kallithea-cli
340 342 %if kallithea_cli_path:
341 343 kallithea_cli_path = ${kallithea_cli_path}
342 344 %endif
343 345
344 346 <%text>## Locale to be used in the ssh-serve command.</%text>
345 347 <%text>## This is needed because an SSH client may try to use its own locale</%text>
346 348 <%text>## settings, which may not be available on the server.</%text>
347 349 <%text>## See `locale -a` for valid values on this system.</%text>
348 350 #ssh_locale = C.UTF-8
349 351 %if ssh_locale:
350 352 ssh_locale = ${ssh_locale}
351 353 %endif
352 354
353 355 <%text>####################################</%text>
354 356 <%text>### CELERY CONFIG ####</%text>
355 357 <%text>####################################</%text>
356 358
357 359 use_celery = false
358 360
359 361 <%text>## Example: connect to the virtual host 'rabbitmqhost' on localhost as rabbitmq:</%text>
360 362 broker.url = amqp://rabbitmq:qewqew@localhost:5672/rabbitmqhost
361 363
362 364 celery.imports = kallithea.lib.celerylib.tasks
363 365 celery.accept.content = pickle
364 366 celery.result.backend = amqp
365 367 celery.result.dburi = amqp://
366 368 celery.result.serialier = json
367 369
368 370 #celery.send.task.error.emails = true
369 371 #celery.amqp.task.result.expires = 18000
370 372
371 373 celeryd.concurrency = 2
372 374 celeryd.max.tasks.per.child = 1
373 375
374 376 <%text>## If true, tasks will never be sent to the queue, but executed locally instead.</%text>
375 377 celery.always.eager = false
376 378
377 379 <%text>####################################</%text>
378 380 <%text>### BEAKER CACHE ####</%text>
379 381 <%text>####################################</%text>
380 382
381 383 beaker.cache.data_dir = %(here)s/data/cache/data
382 384 beaker.cache.lock_dir = %(here)s/data/cache/lock
383 385
384 386 beaker.cache.regions = short_term,long_term,sql_cache_short
385 387
386 388 beaker.cache.short_term.type = memory
387 389 beaker.cache.short_term.expire = 60
388 390 beaker.cache.short_term.key_length = 256
389 391
390 392 beaker.cache.long_term.type = memory
391 393 beaker.cache.long_term.expire = 36000
392 394 beaker.cache.long_term.key_length = 256
393 395
394 396 beaker.cache.sql_cache_short.type = memory
395 397 beaker.cache.sql_cache_short.expire = 10
396 398 beaker.cache.sql_cache_short.key_length = 256
397 399
398 400 <%text>####################################</%text>
399 401 <%text>### BEAKER SESSION ####</%text>
400 402 <%text>####################################</%text>
401 403
402 404 <%text>## Name of session cookie. Should be unique for a given host and path, even when running</%text>
403 405 <%text>## on different ports. Otherwise, cookie sessions will be shared and messed up.</%text>
404 406 session.key = kallithea
405 407 <%text>## Sessions should always only be accessible by the browser, not directly by JavaScript.</%text>
406 408 session.httponly = true
407 409 <%text>## Session lifetime. 2592000 seconds is 30 days.</%text>
408 410 session.timeout = 2592000
409 411
410 412 <%text>## Server secret used with HMAC to ensure integrity of cookies.</%text>
411 413 session.secret = ${uuid()}
412 414 <%text>## Further, encrypt the data with AES.</%text>
413 415 #session.encrypt_key = <key_for_encryption>
414 416 #session.validate_key = <validation_key>
415 417
416 418 <%text>## Type of storage used for the session, current types are</%text>
417 419 <%text>## dbm, file, memcached, database, and memory.</%text>
418 420
419 421 <%text>## File system storage of session data. (default)</%text>
420 422 #session.type = file
421 423
422 424 <%text>## Cookie only, store all session data inside the cookie. Requires secure secrets.</%text>
423 425 #session.type = cookie
424 426
425 427 <%text>## Database storage of session data.</%text>
426 428 #session.type = ext:database
427 429 #session.sa.url = postgresql://postgres:qwe@localhost/kallithea
428 430 #session.table_name = db_session
429 431
430 432 <%text>############################</%text>
431 433 <%text>## ERROR HANDLING SYSTEMS ##</%text>
432 434 <%text>############################</%text>
433 435
434 436 # Propagate email settings to ErrorReporter of TurboGears2
435 437 # You do not normally need to change these lines
436 438 get trace_errors.error_email = email_to
437 439 get trace_errors.smtp_server = smtp_server
438 440 get trace_errors.smtp_port = smtp_port
439 441 get trace_errors.from_address = error_email_from
440 442
441 443 %if error_aggregation_service == 'appenlight':
442 444 <%text>####################</%text>
443 445 <%text>### [appenlight] ###</%text>
444 446 <%text>####################</%text>
445 447
446 448 <%text>## AppEnlight is tailored to work with Kallithea, see</%text>
447 449 <%text>## http://appenlight.com for details how to obtain an account</%text>
448 450 <%text>## you must install python package `appenlight_client` to make it work</%text>
449 451
450 452 <%text>## appenlight enabled</%text>
451 453 appenlight = false
452 454
453 455 appenlight.server_url = https://api.appenlight.com
454 456 appenlight.api_key = YOUR_API_KEY
455 457
456 458 <%text>## TWEAK AMOUNT OF INFO SENT HERE</%text>
457 459
458 460 <%text>## enables 404 error logging (default False)</%text>
459 461 appenlight.report_404 = false
460 462
461 463 <%text>## time in seconds after request is considered being slow (default 1)</%text>
462 464 appenlight.slow_request_time = 1
463 465
464 466 <%text>## record slow requests in application</%text>
465 467 <%text>## (needs to be enabled for slow datastore recording and time tracking)</%text>
466 468 appenlight.slow_requests = true
467 469
468 470 <%text>## enable hooking to application loggers</%text>
469 471 #appenlight.logging = true
470 472
471 473 <%text>## minimum log level for log capture</%text>
472 474 #appenlight.logging.level = WARNING
473 475
474 476 <%text>## send logs only from erroneous/slow requests</%text>
475 477 <%text>## (saves API quota for intensive logging)</%text>
476 478 appenlight.logging_on_error = false
477 479
478 480 <%text>## list of additional keywords that should be grabbed from environ object</%text>
479 481 <%text>## can be string with comma separated list of words in lowercase</%text>
480 482 <%text>## (by default client will always send following info:</%text>
481 483 <%text>## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that</%text>
482 484 <%text>## start with HTTP* this list be extended with additional keywords here</%text>
483 485 appenlight.environ_keys_whitelist =
484 486
485 487 <%text>## list of keywords that should be blanked from request object</%text>
486 488 <%text>## can be string with comma separated list of words in lowercase</%text>
487 489 <%text>## (by default client will always blank keys that contain following words</%text>
488 490 <%text>## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'</%text>
489 491 <%text>## this list be extended with additional keywords set here</%text>
490 492 appenlight.request_keys_blacklist =
491 493
492 494 <%text>## list of namespaces that should be ignores when gathering log entries</%text>
493 495 <%text>## can be string with comma separated list of namespaces</%text>
494 496 <%text>## (by default the client ignores own entries: appenlight_client.client)</%text>
495 497 appenlight.log_namespace_blacklist =
496 498
497 499 %elif error_aggregation_service == 'sentry':
498 500 <%text>################</%text>
499 501 <%text>### [sentry] ###</%text>
500 502 <%text>################</%text>
501 503
502 504 <%text>## sentry is a alternative open source error aggregator</%text>
503 505 <%text>## you must install python packages `sentry` and `raven` to enable</%text>
504 506
505 507 sentry.dsn = YOUR_DNS
506 508 sentry.servers =
507 509 sentry.name =
508 510 sentry.key =
509 511 sentry.public_key =
510 512 sentry.secret_key =
511 513 sentry.project =
512 514 sentry.site =
513 515 sentry.include_paths =
514 516 sentry.exclude_paths =
515 517
516 518 %endif
517 519 <%text>################################################################################</%text>
518 520 <%text>## WARNING: *DEBUG MODE MUST BE OFF IN A PRODUCTION ENVIRONMENT* ##</%text>
519 521 <%text>## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##</%text>
520 522 <%text>## execute malicious code after an exception is raised. ##</%text>
521 523 <%text>################################################################################</%text>
522 524 debug = false
523 525
524 526 <%text>##################################</%text>
525 527 <%text>### LOGVIEW CONFIG ###</%text>
526 528 <%text>##################################</%text>
527 529
528 530 logview.sqlalchemy = #faa
529 531 logview.pylons.templating = #bfb
530 532 logview.pylons.util = #eee
531 533
532 534 <%text>#########################################################</%text>
533 535 <%text>### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###</%text>
534 536 <%text>#########################################################</%text>
535 537
536 538 %if database_engine == 'sqlite':
537 539 # SQLITE [default]
538 540 sqlalchemy.url = sqlite:///%(here)s/kallithea.db?timeout=60
539 541
540 542 %elif database_engine == 'postgres':
541 543 # POSTGRESQL
542 544 sqlalchemy.url = postgresql://user:pass@localhost/kallithea
543 545
544 546 %elif database_engine == 'mysql':
545 547 # MySQL
546 548 sqlalchemy.url = mysql://user:pass@localhost/kallithea?charset=utf8
547 549
548 550 %endif
549 551 # see sqlalchemy docs for others
550 552
551 553 sqlalchemy.pool_recycle = 3600
552 554
553 555 <%text>################################</%text>
554 556 <%text>### ALEMBIC CONFIGURATION ####</%text>
555 557 <%text>################################</%text>
556 558
557 559 [alembic]
558 560 script_location = kallithea:alembic
559 561
560 562 <%text>################################</%text>
561 563 <%text>### LOGGING CONFIGURATION ####</%text>
562 564 <%text>################################</%text>
563 565
564 566 [loggers]
565 567 keys = root, routes, kallithea, sqlalchemy, tg, gearbox, beaker, templates, whoosh_indexer, werkzeug, backlash
566 568
567 569 [handlers]
568 570 keys = console, console_color, console_color_sql, null
569 571
570 572 [formatters]
571 573 keys = generic, color_formatter, color_formatter_sql
572 574
573 575 <%text>#############</%text>
574 576 <%text>## LOGGERS ##</%text>
575 577 <%text>#############</%text>
576 578
577 579 [logger_root]
578 580 level = NOTSET
579 581 handlers = console
580 582 # For coloring based on log level:
581 583 # handlers = console_color
582 584
583 585 [logger_routes]
584 586 level = WARN
585 587 handlers =
586 588 qualname = routes.middleware
587 589 <%text>## "level = DEBUG" logs the route matched and routing variables.</%text>
588 590
589 591 [logger_beaker]
590 592 level = WARN
591 593 handlers =
592 594 qualname = beaker.container
593 595
594 596 [logger_templates]
595 597 level = WARN
596 598 handlers =
597 599 qualname = pylons.templating
598 600
599 601 [logger_kallithea]
600 602 level = WARN
601 603 handlers =
602 604 qualname = kallithea
603 605
604 606 [logger_tg]
605 607 level = WARN
606 608 handlers =
607 609 qualname = tg
608 610
609 611 [logger_gearbox]
610 612 level = WARN
611 613 handlers =
612 614 qualname = gearbox
613 615
614 616 [logger_sqlalchemy]
615 617 level = WARN
616 618 handlers =
617 619 qualname = sqlalchemy.engine
618 620 # For coloring based on log level and pretty printing of SQL:
619 621 # level = INFO
620 622 # handlers = console_color_sql
621 623 # propagate = 0
622 624
623 625 [logger_whoosh_indexer]
624 626 level = WARN
625 627 handlers =
626 628 qualname = whoosh_indexer
627 629
628 630 [logger_werkzeug]
629 631 level = WARN
630 632 handlers =
631 633 qualname = werkzeug
632 634
633 635 [logger_backlash]
634 636 level = WARN
635 637 handlers =
636 638 qualname = backlash
637 639
638 640 <%text>##############</%text>
639 641 <%text>## HANDLERS ##</%text>
640 642 <%text>##############</%text>
641 643
642 644 [handler_console]
643 645 class = StreamHandler
644 646 args = (sys.stderr,)
645 647 formatter = generic
646 648
647 649 [handler_console_color]
648 650 # ANSI color coding based on log level
649 651 class = StreamHandler
650 652 args = (sys.stderr,)
651 653 formatter = color_formatter
652 654
653 655 [handler_console_color_sql]
654 656 # ANSI color coding and pretty printing of SQL statements
655 657 class = StreamHandler
656 658 args = (sys.stderr,)
657 659 formatter = color_formatter_sql
658 660
659 661 [handler_null]
660 662 class = NullHandler
661 663 args = ()
662 664
663 665 <%text>################</%text>
664 666 <%text>## FORMATTERS ##</%text>
665 667 <%text>################</%text>
666 668
667 669 [formatter_generic]
668 670 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
669 671 datefmt = %Y-%m-%d %H:%M:%S
670 672
671 673 [formatter_color_formatter]
672 674 class = kallithea.lib.colored_formatter.ColorFormatter
673 675 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
674 676 datefmt = %Y-%m-%d %H:%M:%S
675 677
676 678 [formatter_color_formatter_sql]
677 679 class = kallithea.lib.colored_formatter.ColorFormatterSql
678 680 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
679 681 datefmt = %Y-%m-%d %H:%M:%S
680 682
681 683 <%text>#################</%text>
682 684 <%text>## SSH LOGGING ##</%text>
683 685 <%text>#################</%text>
684 686
685 687 # The default loggers use 'handler_console' that uses StreamHandler with
686 688 # destination 'sys.stderr'. In the context of the SSH server process, these log
687 689 # messages would be sent to the client, which is normally not what you want.
688 690 # By default, when running ssh-serve, just use NullHandler and disable logging
689 691 # completely. For other logging options, see:
690 692 # https://docs.python.org/2/library/logging.handlers.html
691 693
692 694 [ssh_serve:logger_root]
693 695 level = CRITICAL
694 696 handlers = null
695 697
696 698 # Note: If logging is configured with other handlers, they might need similar
697 699 # muting for ssh-serve too.
General Comments 0
You need to be logged in to leave comments. Login now