502 on large commits with Apache Proxy

jarrod.cook's Avatar

jarrod.cook

21 Apr, 2017 09:37 PM

Hello,

I am running Rhodecode community 4.6.1 with a Proxy via Apache version 2.4.18 and I am having an issue pushing large commits. Everything works fine if the commit is under like 7MB, but over that when i try to push i get:

HTTP Error: 502 (Bad Gateway)

And the Apache error.log shows:
[Fri Apr 21 17:27:19.803540 2017] [proxy:error] [pid 49565:tid 140214919988992] (104)Connection reset by peer: [client 172.16.20.140:46450] AH01084: pass request body failed to 127.0.0.1:10002 (127.0.0.1)
[Fri Apr 21 17:27:19.803591 2017] [proxy_http:error] [pid 49565:tid 140214919988992] [client 172.16.20.140:46450] AH01097: pass request body failed to 127.0.0.1:10002 (127.0.0.1) from 172.16.20.140 ()

I have tried searching around and making every timeout I can find as large as possible, although the error only occurs after a couple seconds anyways. My apache2 conf looks like the following:
<VirtualHost *:80>
    ServerName engmercurial
    ServerAlias engmercurial
    <Location /rhodecode>
      ProxyPreserveHost On
      ProxyPass "http://127.0.0.1:10002/"
      ProxyPassReverse "http://127.0.0.1:10002/"
    </Location>
</VirtualHost>

Any ideas???

Thanks,
Jarrod

  1. Support Staff 1 Posted by Marcin Kuzminsk... on 21 Apr, 2017 10:41 PM

    Marcin Kuzminski's Avatar

    Hi,

    Please upgrade to 4.7.2 and test. If this doesn't help:

    If this doesn't help:

    Try a test pushing directly from the server to http://127.0.0.1:10002/ ?
    If this fails means something on RhodeCode side might be a problem not on apache.

    If this is GIT repos, this also might be related to the
    http.postBuffer, this is the size before GIT starts to stream data to the backend server, i'm thinking the chunking encoding GIT starts using for larger data could be a problem.

    Setting:
    git config --global http.postBuffer 524288000

    Should fix this issue, however it's not the best fix. You want a streaming uploads as they generally are faster and more memory efficient.

  2. 2 Posted by jarrod.cook on 24 Apr, 2017 03:07 PM

    jarrod.cook's Avatar

    Thanks for the response! Alright i will try these things later today and see if they help. I will let you know! Also I am using hg.

  3. 3 Posted by jarrod.cook on 24 Apr, 2017 09:13 PM

    jarrod.cook's Avatar

    Sorry for the delay. Updating did not fix the problem, I am now on the latest version:
    RHODECODE CONTROL VERSION: 1.13.1

     - NAME: community-1
     - STATUS: RUNNING
       logs:/home/administrator/.rccontrol/community-1/community.log
     - VERSION: 4.7.2 Community
     - VCS: vcsserver-1
     - URL: http://127.0.0.1:10002
     - CONFIG: /home/administrator/.rccontrol/community-1/rhodecode.ini

     - NAME: vcsserver-1
     - STATUS: RUNNING
       logs:/home/administrator/.rccontrol/vcsserver-1/vcsserver.log
     - VERSION: 4.7.2 VCSServer
     - URL: http://127.0.0.1:10001
     - CONFIG: /home/administrator/.rccontrol/vcsserver-1/vcsserver.ini

    I also tried adding the timeout and Keepalive to the Proxy and it did not help either.

    Finally pushing from the server itself also failed, so it would seem to be a rhodecode problem then??

    administrator@engmercurial:~/TestRepo$ hg push
    pushing to http://127.0.0.1:10002/TestRepo
    searching for changes
    abort: error: Connection reset by peer

    I can push fine local or remote until my push size get over some amount, then fails. I am not sure what the exact size is but in this case i have a 12MB commit that won't work.

  4. Support Staff 4 Posted by Marcin Kuzminsk... on 24 Apr, 2017 09:16 PM

    Marcin Kuzminski's Avatar

    Hi,

    Thanks for added info. Can you check vcsserver.log/rhodecode.log for any errors during the push ?

    One idea i had is that Mercurial unpacks objects to /tmp during push, maybe running out of space there ?

    Is it possible this push could be made to our private DemoContainers, to test if it's a configuration issue ?

  5. 5 Posted by jarrod.cook on 24 Apr, 2017 09:30 PM

    jarrod.cook's Avatar

    I don't see any errors really during the push, just looks like it tries several times. Here are the outputs:

    vcsserver.log:
    2017-04-24 17:18:55.957 DEBUG [vcsserver.scm_app] Creating Mercurial WSGI application
    2017-04-24 17:18:55.957 DEBUG [vcsserver.scm_app] hgrc file is not present at /home/administrator/repos/TestRepo/.hg/hgrc, skipping...
    2017-04-24 17:18:55.960 DEBUG [vcsserver.hg] Extension largefiles enabled
    2017-04-24 17:18:55.960 INFO [vcsserver.tweens] IP: 127.0.0.1 Request to /TestRepo time: 0.003s
    [24/Apr/2017:17:18:55 -0400] GNCRN <54743> 127.0.0.1 rqt:0.009929 200 401 "GET:/TestRepo cmd=capabilities" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:56.244 DEBUG [vcsserver.scm_app] Creating Mercurial WSGI application
    2017-04-24 17:18:56.244 DEBUG [vcsserver.scm_app] hgrc file is not present at /home/administrator/repos/TestRepo/.hg/hgrc, skipping...
    2017-04-24 17:18:56.248 INFO [vcsserver.tweens] IP: 127.0.0.1 Request to /TestRepo time: 0.004s
    [24/Apr/2017:17:18:56 -0400] GNCRN <54743> 127.0.0.1 rqt:0.011027 200 43 "GET:/TestRepo cmd=batch" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:56.637 DEBUG [vcsserver.scm_app] Creating Mercurial WSGI application
    2017-04-24 17:18:56.638 DEBUG [vcsserver.scm_app] hgrc file is not present at /home/administrator/repos/TestRepo/.hg/hgrc, skipping...
    2017-04-24 17:18:56.640 INFO [vcsserver.tweens] IP: 127.0.0.1 Request to /TestRepo time: 0.003s
    [24/Apr/2017:17:18:56 -0400] GNCRN <54743> 127.0.0.1 rqt:0.009779 200 15 "GET:/TestRepo cmd=listkeys" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:56.925 DEBUG [vcsserver.scm_app] Creating Mercurial WSGI application
    2017-04-24 17:18:56.926 DEBUG [vcsserver.scm_app] hgrc file is not present at /home/administrator/repos/TestRepo/.hg/hgrc, skipping...
    2017-04-24 17:18:56.929 INFO [vcsserver.tweens] IP: 127.0.0.1 Request to /TestRepo time: 0.004s
    [24/Apr/2017:17:18:56 -0400] GNCRN <54743> 127.0.0.1 rqt:0.014114 200 - "GET:/TestRepo cmd=listkeys" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:57.233 DEBUG [vcsserver.scm_app] Creating Mercurial WSGI application
    2017-04-24 17:18:57.233 DEBUG [vcsserver.scm_app] hgrc file is not present at /home/administrator/repos/TestRepo/.hg/hgrc, skipping...
    2017-04-24 17:18:57.237 INFO [vcsserver.tweens] IP: 127.0.0.1 Request to /TestRepo time: 0.004s
    [24/Apr/2017:17:18:57 -0400] GNCRN <54743> 127.0.0.1 rqt:0.010080 200 48 "GET:/TestRepo cmd=branchmap" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:57.510 DEBUG [vcsserver.scm_app] Creating Mercurial WSGI application
    2017-04-24 17:18:57.511 DEBUG [vcsserver.scm_app] hgrc file is not present at /home/administrator/repos/TestRepo/.hg/hgrc, skipping...
    2017-04-24 17:18:57.514 INFO [vcsserver.tweens] IP: 127.0.0.1 Request to /TestRepo time: 0.004s
    [24/Apr/2017:17:18:57 -0400] GNCRN <54743> 127.0.0.1 rqt:0.012826 200 48 "GET:/TestRepo cmd=branchmap" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:57.809 DEBUG [vcsserver.scm_app] Creating Mercurial WSGI application
    2017-04-24 17:18:57.810 DEBUG [vcsserver.scm_app] hgrc file is not present at /home/administrator/repos/TestRepo/.hg/hgrc, skipping...
    2017-04-24 17:18:57.814 INFO [vcsserver.tweens] IP: 127.0.0.1 Request to /TestRepo time: 0.005s
    [24/Apr/2017:17:18:57 -0400] GNCRN <54743> 127.0.0.1 rqt:0.014238 200 - "GET:/TestRepo cmd=listkeys" usr:- "-" "mercurial/proto-1.0"

    community.log:
    2017-04-24 17:18:55.752 INFO [rhodecode.lib.middleware.simplevcs] Access for IP:127.0.0.1 allowed
    2017-04-24 17:18:55.937 INFO [rhodecode.lib.middleware.simplevcs] pull action on hg repo "TestRepo" by "default" from 127.0.0.1
    2017-04-24 17:18:55.955 INFO [rhodecode.lib.middleware.simplevcs] Using HTTP implementation of scm app.
    2017-04-24 17:18:55.961 INFO [rhodecode.lib.middleware.request_wrapper] IP: 127.0.0.1 Request to /TestRepo time: 0.251s
    2017-04-24 17:18:56.030 INFO [rhodecode.lib.middleware.simplevcs] Access for IP:127.0.0.1 allowed
    [24/Apr/2017:17:18:56 -0400] GNCRN <54769> 127.0.0.1 rqt:0.364453 200 401 "GET:/TestRepo cmd=capabilities" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:56.226 INFO [rhodecode.lib.middleware.simplevcs] pull action on hg repo "TestRepo" by "default" from 127.0.0.1
    2017-04-24 17:18:56.242 INFO [rhodecode.lib.middleware.simplevcs] Using HTTP implementation of scm app.
    2017-04-24 17:18:56.249 INFO [rhodecode.lib.middleware.request_wrapper] IP: 127.0.0.1 Request to /TestRepo time: 0.264s
    2017-04-24 17:18:56.297 INFO [rhodecode.lib.middleware.simplevcs] Access for IP:127.0.0.1 allowed
    [24/Apr/2017:17:18:56 -0400] GNCRN <54771> 127.0.0.1 rqt:0.375560 200 43 "GET:/TestRepo cmd=batch" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:56.616 INFO [rhodecode.lib.middleware.simplevcs] pull action on hg repo "TestRepo" by "default" from 127.0.0.1
    2017-04-24 17:18:56.635 INFO [rhodecode.lib.middleware.simplevcs] Using HTTP implementation of scm app.
    2017-04-24 17:18:56.641 INFO [rhodecode.lib.middleware.request_wrapper] IP: 127.0.0.1 Request to /TestRepo time: 0.375s
    2017-04-24 17:18:56.695 INFO [rhodecode.lib.middleware.simplevcs] Access for IP:127.0.0.1 allowed
    [24/Apr/2017:17:18:56 -0400] GNCRN <54769> 127.0.0.1 rqt:0.489622 200 15 "GET:/TestRepo cmd=listkeys" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:56.906 INFO [rhodecode.lib.middleware.simplevcs] pull action on hg repo "TestRepo" by "default" from 127.0.0.1
    2017-04-24 17:18:56.922 INFO [rhodecode.lib.middleware.simplevcs] Using HTTP implementation of scm app.
    2017-04-24 17:18:56.930 INFO [rhodecode.lib.middleware.request_wrapper] IP: 127.0.0.1 Request to /TestRepo time: 0.266s
    2017-04-24 17:18:56.988 INFO [rhodecode.lib.middleware.simplevcs] Access for IP:127.0.0.1 allowed
    [24/Apr/2017:17:18:57 -0400] GNCRN <54771> 127.0.0.1 rqt:0.380756 200 - "GET:/TestRepo cmd=listkeys" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:57.215 INFO [rhodecode.lib.middleware.simplevcs] pull action on hg repo "TestRepo" by "default" from 127.0.0.1
    2017-04-24 17:18:57.230 INFO [rhodecode.lib.middleware.simplevcs] Using HTTP implementation of scm app.
    2017-04-24 17:18:57.238 INFO [rhodecode.lib.middleware.request_wrapper] IP: 127.0.0.1 Request to /TestRepo time: 0.289s
    2017-04-24 17:18:57.290 INFO [rhodecode.lib.middleware.simplevcs] Access for IP:127.0.0.1 allowed
    [24/Apr/2017:17:18:57 -0400] GNCRN <54769> 127.0.0.1 rqt:0.404482 200 48 "GET:/TestRepo cmd=branchmap" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:57.490 INFO [rhodecode.lib.middleware.simplevcs] pull action on hg repo "TestRepo" by "default" from 127.0.0.1
    2017-04-24 17:18:57.508 INFO [rhodecode.lib.middleware.simplevcs] Using HTTP implementation of scm app.
    2017-04-24 17:18:57.516 INFO [rhodecode.lib.middleware.request_wrapper] IP: 127.0.0.1 Request to /TestRepo time: 0.258s
    2017-04-24 17:18:57.570 INFO [rhodecode.lib.middleware.simplevcs] Access for IP:127.0.0.1 allowed
    [24/Apr/2017:17:18:57 -0400] GNCRN <54771> 127.0.0.1 rqt:0.375441 200 48 "GET:/TestRepo cmd=branchmap" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:57.782 INFO [rhodecode.lib.middleware.simplevcs] pull action on hg repo "TestRepo" by "default" from 127.0.0.1
    2017-04-24 17:18:57.805 INFO [rhodecode.lib.middleware.simplevcs] Using HTTP implementation of scm app.
    2017-04-24 17:18:57.816 INFO [rhodecode.lib.middleware.request_wrapper] IP: 127.0.0.1 Request to /TestRepo time: 0.278s
    [24/Apr/2017:17:18:57 -0400] GNCRN <54769> 127.0.0.1 rqt:0.396441 200 - "GET:/TestRepo cmd=listkeys" usr:- "-" "mercurial/proto-1.0"
    2017-04-24 17:18:58.546 INFO [rhodecode.lib.middleware.simplevcs] Access for IP:127.0.0.1 allowed
    2017-04-24 17:18:58.716 INFO [rhodecode.lib.middleware.request_wrapper] IP: 127.0.0.1 Request to /TestRepo time: 0.200s
    [24/Apr/2017:17:18:58 -0400] GNCRN <54769> 127.0.0.1 rqt:0.219320 401 260 "POST:/TestRepo cmd=unbundle" usr:- "-" "mercurial/proto-1.0"

    As for tmp i don't think space should be an issue there is plenty there and i can copy objects larger than the whole repo there with no issues.

    I could push to your DemoContainers, just let me know how to go about that and i will try it out! Thanks!

  6. Support Staff 6 Posted by Marcin Kuzminsk... on 24 Apr, 2017 09:31 PM

    Marcin Kuzminski's Avatar

    Hi,

    Please register an account on our website, and there from your dashboard you can start a demo/evaluation container.

    P.S. Please consider joining our Slack community channel under https://rhodecode.com/join . Get access to our development team as well as community members always willing to help.

  7. 7 Posted by jarrod.cook on 24 Apr, 2017 09:53 PM

    jarrod.cook's Avatar

    Alright i tried in a Demo Container (https://rc-721a26512ce1.rhodecode.com/TestRepo) and it worked fine.

    So not sure what is going on with my server : /. When mine fails is about the time when it would normally ask for authentication if i do it from the Tortoise GUI. It looks like it sends about half of the commit size then on small commits it would ask for password but on large one it just 502's.

  8. Support Staff 8 Posted by Marcin Kuzminsk... on 24 Apr, 2017 09:56 PM

    Marcin Kuzminski's Avatar

    I seen such behaviour before. It was related to pre-push hooks. Please check if your repo doesn't have any custom .hgrc file, or maybe some other hooks are installed via RhodeCode.

    We have also a thing called rcextension which can execute pre/post push code, i'd check for rcextensions folder present next to your rhodecode.ini file.

  9. 9 Posted by jarrod.cook on 24 Apr, 2017 10:11 PM

    jarrod.cook's Avatar

    I checked for an hgrc in the repo on the server itself (/home/administrator/repos) and there was not. The hgrc on the repo clone with the large commit i am trying to push has no hooks in the hgrc:

    # example repository config (see "hg help config" for more info)
    [paths]
    default = http://127.0.0.1:10002/TestRepo

    # path aliases to other clones of this repo in URLs or filesystem paths
    # (see "hg help config.paths" for more info)
    #
    # default-push = ssh://[email blocked]/hg/jdoes-fork
    # my-fork = ssh://[email blocked]/hg/jdoes-fork
    # my-clone = /home/jdoe/jdoes-clone

    [ui]
    # name and email (local to this repository, optional), e.g.
    # username = Jane Doe <[email blocked]>

    There is no rcextensions folder in with the .ini:
    administrator@engmercurial:~/.rccontrol/community-1$ ls
    accepted_license_2017_03_06.txt data rhodecode.db
    backup gunicorn_conf.py rhodecode.ini
    channelstream_history profile rhodecode.template.ini
    community.log public search_mapping.ini
    custom_modules rhodecode.backup_4.6.1.ini static

    And i actually went into the rhodecode settings and unchecked Execute pre/post push hooks under the internal hooks section and that didn't help either. I also tried checking and unchecking large file support under the mercurial section, no success there either : (.

  10. 10 Posted by jarrod.cook on 24 Apr, 2017 10:28 PM

    jarrod.cook's Avatar

    So I got it to push buy changing the permission of TestRepo to a default of write. This means there is no longer any authentication needed. When i do this is pushes fine; however, i do not want to do this because then anyone could push to the repo. I want to have authentication enabled.

    I have LDAP, Rhodecode, and Rhodecode Token enabled normally but i tried disabling both LDAP and Rhodecode Token so that only the default Rhodecode auth was enabled and it still failed with a "Connection Reset by Peer". So something to do with the authentication, but only with large commits. I know when commiting it seems to send like half of the data first and then asks for authentication. So maybe this delay between starting the commit and asking for the authentication is causing the problem? What kind of settings would even affect this? It happens local from 127.0.0.1 so it can't be any type of Apache or network settting...

  11. Support Staff 11 Posted by Marcin Kuzminsk... on 25 Apr, 2017 04:43 AM

    Marcin Kuzminski's Avatar

    Hmm interesting, it must be something with the anonymous access, would it be possible you can try this on the demo container with the same settings as you have ?

    So probably anonymous access on, and permissions of default to read ?

    Also what client of HG do you use ?

  12. 12 Posted by jarrod.cook on 25 Apr, 2017 03:35 PM

    jarrod.cook's Avatar

    So i tried this on my demo container and the settings looks the same as far as i can tell. I have anonymous access enabled with default read and i can push fine. It does the thing where it pushes everything then asks me for username/password then pushes again but it works. On my server the connection is reset after it sends all the data the first time right before it should authenticate.

    I have multiple versions of HG which i tried:
    On the Rhodecode server (Ubuntu Server 16.04): Mercurial Distributed SCM (version 4.1.3)
    On my windows machine: TortoiseHg 3.5 with Mercurial-3.5+5
    On my Ubuntu machine (14.04): TortoiseHg 3.0 with Mercurial-3.0.1

    All of them do the same thing.

    However, you hit it on the head with that anonymous access. I mean it doesn't fix the problem but it is a good workaround for me. If i disable anonymous access it instead asks for authentication immediately instead of after sending the data and prevents the connection reset. This means that you can only pull if you have an account now, but that is no big deal there is only a few of us and we all have accounts anyways because we need to push as well.

    So the actual problem still exists but disabling anonymous access should be a valid workaround for me : ).

  13. Support Staff 13 Posted by Marcin Kuzminsk... on 25 Apr, 2017 04:43 PM

    Marcin Kuzminski's Avatar

    we were wondering if it maybe is nginx proxy buffering that "fixes" the slow client problem...

    Theory is there's some timeout while running on Apache/Direct RhodeCode and nginx fixes the problem by buffering the data between sending it to rhodecode backend.

    AFAIR you tried direct push into the server from the same machine, so "slow" client shouldn't be a problem.

    I'm attaching configuration that we use on demo containers of rhodecode.ini maybe it will help ?

  14. Support Staff 14 Posted by Marcin Kuzminsk... on 25 Apr, 2017 04:43 PM

    Marcin Kuzminski's Avatar
    ################################################################################
    ##                    RHODECODE ENTERPRISE CONFIGURATION                      ##
    # The %(here)s variable will be replaced with the parent directory of this file#
    ################################################################################
    
    [DEFAULT]
    debug = true
    
    ################################################################################
    ##                            EMAIL CONFIGURATION                             ##
    ## Uncomment and replace with the email address which should receive          ##
    ## any error reports after an application crash                               ##
    ## Additionally these settings will be used by the RhodeCode mailing system   ##
    ################################################################################
    
    ## prefix all emails subjects with given prefix, helps filtering out emails
    email_prefix = [RhodeCode]
    
    ## email FROM address all mails will be sent
    app_email_from = [email blocked]
    
    ## Uncomment and replace with the address which should receive any error report
    ## note: using appenlight for error handling doesn't need this to be uncommented
    email_to = [email blocked]
    
    ## in case of Application errors, sent an error email form
    error_email_from = [email blocked]
    
    ## additional error message to be send in case of server crash
    #error_message =
    
    
    smtp_server = localhost
    #smtp_username =
    #smtp_password =
    #smtp_port =
    #smtp_use_tls = false
    #smtp_use_ssl = true
    ## Specify available auth parameters here (e.g. LOGIN PLAIN CRAM-MD5, etc.)
    #smtp_auth =
    
    [server:main]
    ## COMMON ##
    host = 127.0.0.1
    port = 10006
    
    ##########################
    ## GUNICORN WSGI SERVER ##
    ##########################
    ## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
    
    use = egg:gunicorn#main
    ## Sets the number of process workers. You must set `instance_id = *`
    ## when this option is set to more than one worker, recommended
    ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
    ## The `instance_id = *` must be set in the [app:main] section below
    workers = 2
    ## number of threads for each of the worker, must be set to 1 for gevent
    ## generally recommened to be at 1
    #threads = 1
    ## process name
    proc_name = rhodecode
    ## type of worker class, one of sync, gevent
    ## recommended for bigger setup is using of of other than sync one
    worker_class = sync
    ## The maximum number of simultaneous clients. Valid only for Gevent
    #worker_connections = 10
    ## max number of requests that worker will handle before being gracefully
    ## restarted, could prevent memory leaks
    max_requests = 1000
    max_requests_jitter = 30
    ## amount of time a worker can spend with handling a request before it
    ## gets killed and restarted. Set to 6hrs
    timeout = 21600
    
    
    ## prefix middleware for RhodeCode, disables force_https flag.
    ## recommended when using proxy setup.
    ## allows to set RhodeCode under a prefix in server.
    ## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
    ## optionally set prefix like: `prefix = /<your-prefix>`
    [filter:proxy-prefix]
    use = egg:PasteDeploy#prefix
    prefix = /
    
    [app:main]
    use = egg:rhodecode-enterprise-ce
    
    ## enable proxy prefix middleware, defined above
    #filter-with = proxy-prefix
    
    ## encryption key used to encrypt social plugin tokens,
    ## remote_urls with credentials etc, if not set it defaults to
    ## `beaker.session.secret`
    #rhodecode.encrypted_values.secret =
    
    ## decryption strict mode (enabled by default). It controls if decryption raises
    ## `SignatureVerificationError` in case of wrong key, or damaged encryption data.
    #rhodecode.encrypted_values.strict = false
    
    ## return gzipped responses from Rhodecode (static files/application)
    gzip_responses = false
    
    ## autogenerate javascript routes file on startup
    generate_js_files = false
    
    ## Optional Languages
    ## en(default), be, de, es, fr, it, ja, pl, pt, ru, zh
    lang = en
    
    ## perform a full repository scan on each server start, this should be
    ## set to false after first startup, to allow faster server restarts.
    startup.import_repos = false
    
    ## Uncomment and set this path to use archive download cache.
    ## Once enabled, generated archives will be cached at this location
    ## and served from the cache during subsequent requests for the same archive of
    ## the repository.
    #archive_cache_dir = /tmp/tarballcache
    
    ## change this to unique ID for security
    app_instance_uuid = 25918cb8eda7464c9003342bace4e27d
    
    ## cut off limit for large diffs (size in bytes)
    cut_off_limit_diff = 1024000
    cut_off_limit_file = 256000
    
    ## use cache version of scm repo everywhere
    vcs_full_cache = true
    
    ## force https in RhodeCode, fixes https redirects, assumes it's always https
    ## Normally this is controlled by proper http flags sent from http server
    force_https = false
    
    ## use Strict-Transport-Security headers
    use_htsts = false
    
    ## number of commits stats will parse on each iteration
    commit_parse_limit = 25
    
    ## git rev filter option, --all is the default filter, if you need to
    ## hide all refs in changelog switch this to --branches --tags
    git_rev_filter = --all
    
    # Set to true if your repos are exposed using the dumb protocol
    git_update_server_info = false
    
    ## RSS/ATOM feed options
    rss_cut_off_limit = 256000
    rss_items_per_page = 10
    rss_include_diff = false
    
    ## gist URL alias, used to create nicer urls for gist. This should be an
    ## url that does rewrites to _admin/gists/<gistid>.
    ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
    ## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
    gist_alias_url = ""
    
    ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
    ## used for access.
    ## Adding ?auth_token = <token> to the url authenticates this request as if it
    ## came from the the logged in user who own this authentication token.
    ##
    ## Syntax is <ControllerClass>:<function_pattern>.
    ## To enable access to raw_files put `FilesController:raw`.
    ## To enable access to patches add `ChangesetController:changeset_patch`.
    ## The list should be "," separated and on a single line.
    ##
    ## Recommended controllers to enable:
    #    ChangesetController:changeset_patch,
    #    ChangesetController:changeset_raw,
    #    FilesController:raw,
    #    FilesController:archivefile,
    #    GistsController:*,
    api_access_controllers_whitelist = ""
    
    ## default encoding used to convert from and to unicode
    ## can be also a comma separated list of encoding in case of mixed encodings
    default_encoding = UTF-8
    
    ## instance-id prefix
    ## a prefix key for this instance used for cache invalidation when running
    ## multiple instances of rhodecode, make sure it's globally unique for
    ## all running rhodecode instances. Leave empty if you don't use it
    instance_id = *
    
    ## Fallback authentication plugin. Set this to a plugin ID to force the usage
    ## of an authentication plugin also if it is disabled by it's settings.
    ## This could be useful if you are unable to log in to the system due to broken
    ## authentication settings. Then you can enable e.g. the internal rhodecode auth
    ## module to log in again and fix the settings.
    ##
    ## Available builtin plugin IDs (hash is part of the ID):
    ## egg:rhodecode-enterprise-ce#rhodecode
    ## egg:rhodecode-enterprise-ce#pam
    ## egg:rhodecode-enterprise-ce#ldap
    ## egg:rhodecode-enterprise-ce#jasig_cas
    ## egg:rhodecode-enterprise-ce#headers
    ## egg:rhodecode-enterprise-ce#crowd
    #rhodecode.auth_plugin_fallback = egg:rhodecode-enterprise-ce#rhodecode
    
    ## alternative return HTTP header for failed authentication. Default HTTP
    ## response is 401 HTTPUnauthorized. Currently HG clients have troubles with
    ## handling that causing a series of failed authentication calls.
    ## Set this variable to 403 to return HTTPForbidden, or any other HTTP code
    ## This will be served instead of default 401 on bad authnetication
    auth_ret_code = ""
    
    ## use special detection method when serving auth_ret_code, instead of serving
    ## ret_code directly, use 401 initially (Which triggers credentials prompt)
    ## and then serve auth_ret_code to clients
    auth_ret_code_detection = false
    
    ## locking return code. When repository is locked return this HTTP code. 2XX
    ## codes don't break the transactions while 4XX codes do
    lock_ret_code = 423
    
    ## allows to change the repository location in settings page
    allow_repo_location_change = false
    
    ## allows to setup custom hooks in settings page
    allow_custom_hooks_settings = true
    
    ## generated license token, goto license page in RhodeCode settings to obtain
    ## new token
    license_token =
    
    ## supervisor connection uri, for managing supervisor and logs.
    supervisor.uri = 127.0.0.1:10000
    ## supervisord group name/id we only want this RC instance to handle
    supervisor.group_id = prod
    
    ## Display extended labs settings
    labs_settings_active = true
    
    ####################################
    ###        CELERY CONFIG        ####
    ####################################
    use_celery = false
    broker.host = localhost
    broker.vhost = rabbitmqhost
    broker.port = 5672
    broker.user = rabbitmq
    broker.password = qweqwe
    
    celery.imports = rhodecode.lib.celerylib.tasks
    
    celery.result.backend = amqp
    celery.result.dburi = amqp://
    celery.result.serialier = json
    
    #celery.send.task.error.emails = true
    #celery.amqp.task.result.expires = 18000
    
    celeryd.concurrency = 2
    #celeryd.log.file = celeryd.log
    celeryd.log.level = debug
    celeryd.max.tasks.per.child = 1
    
    ## tasks will never be sent to the queue, but executed locally instead.
    celery.always.eager = false
    
    ####################################
    ###         BEAKER CACHE        ####
    ####################################
    # default cache dir for templates.  Putting this into a ramdisk
    ## can boost performance, eg. %(here)s/data_ramdisk
    cache_dir = %(here)s/data
    
    ## locking and default file storage for Beaker. Putting this into a ramdisk
    ## can boost performance, eg. %(here)s/data_ramdisk/cache/beaker_data
    beaker.cache.data_dir = %(here)s/data/cache/beaker_data
    beaker.cache.lock_dir = %(here)s/data/cache/beaker_lock
    
    beaker.cache.regions = super_short_term, short_term, long_term, sql_cache_short, auth_plugins, repo_cache_long
    
    beaker.cache.super_short_term.type = memory
    beaker.cache.super_short_term.expire = 10
    beaker.cache.super_short_term.key_length = 256
    
    beaker.cache.short_term.type = memory
    beaker.cache.short_term.expire = 60
    beaker.cache.short_term.key_length = 256
    
    beaker.cache.long_term.type = memory
    beaker.cache.long_term.expire = 36000
    beaker.cache.long_term.key_length = 256
    
    beaker.cache.sql_cache_short.type = memory
    beaker.cache.sql_cache_short.expire = 10
    beaker.cache.sql_cache_short.key_length = 256
    
    ## default is memory cache, configure only if required
    ## using multi-node or multi-worker setup
    #beaker.cache.auth_plugins.type = ext:database
    #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
    #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
    #beaker.cache.auth_plugins.url = mysql://root:[email blocked].0.1/rhodecode
    #beaker.cache.auth_plugins.sa.pool_recycle = 3600
    #beaker.cache.auth_plugins.sa.pool_size = 10
    #beaker.cache.auth_plugins.sa.max_overflow = 0
    
    beaker.cache.repo_cache_long.type = memorylru_base
    beaker.cache.repo_cache_long.max_items = 4096
    beaker.cache.repo_cache_long.expire = 2592000
    
    ## default is memorylru_base cache, configure only if required
    ## using multi-node or multi-worker setup
    #beaker.cache.repo_cache_long.type = ext:memcached
    #beaker.cache.repo_cache_long.url = localhost:11211
    #beaker.cache.repo_cache_long.expire = 1209600
    #beaker.cache.repo_cache_long.key_length = 256
    
    ####################################
    ###       BEAKER SESSION        ####
    ####################################
    
    ## .session.type is type of storage options for the session, current allowed
    ## types are file, ext:memcached, ext:database, and memory (default).
    beaker.session.type = file
    beaker.session.data_dir = %(here)s/data/sessions/data
    
    ## db based session, fast, and allows easy management over logged in users
    #beaker.session.type = ext:database
    #beaker.session.table_name = db_session
    #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
    #beaker.session.sa.url = mysql://root:[email blocked].0.1/rhodecode
    #beaker.session.sa.pool_recycle = 3600
    #beaker.session.sa.echo = false
    
    beaker.session.key = rhodecode
    beaker.session.secret = SECRET
    beaker.session.lock_dir = %(here)s/data/sessions/lock
    
    ## Secure encrypted cookie. Requires AES and AES python libraries
    ## you must disable beaker.session.secret to use this
    #beaker.session.encrypt_key = <key_for_encryption>
    #beaker.session.validate_key = <validation_key>
    
    ## sets session as invalid(also logging out user) if it haven not been
    ## accessed for given amount of time in seconds
    beaker.session.timeout = 2592000
    beaker.session.httponly = true
    ## Path to use for the cookie.
    #beaker.session.cookie_path = /<your-prefix>
    
    ## uncomment for https secure cookie
    beaker.session.secure = false
    
    ## auto save the session to not to use .save()
    beaker.session.auto = false
    
    ## default cookie expiration time in seconds, set to `true` to set expire
    ## at browser close
    #beaker.session.cookie_expires = 3600
    
    ###################################
    ## SEARCH INDEXING CONFIGURATION ##
    ###################################
    ## Full text search indexer is available in rhodecode-tools under
    ## `rhodecode-tools index` command
    
    # WHOOSH Backend, doesn't require additional services to run
    # it works good with few dozen repos
    search.module = rhodecode.lib.index.whoosh
    search.location = %(here)s/data/index
    
    ########################################
    ###    CHANNELSTREAM CONFIG         ####
    ########################################
    ## channelstream enables persistent connections and live notification
    ## in the system. It's also used by the chat system
    
    channelstream.enabled = false
    ## location of channelstream server on the backend
    channelstream.server = 127.0.0.1:9800
    ## location of the channelstream server from outside world
    ## most likely this would be an http server special backend URL, that handles
    ## websocket connections see nginx example for config
    channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
    channelstream.secret = rcsecret
    channelstream.history.location = %(here)s/channelstream_history
    
    
    ###################################
    ##       APPENLIGHT CONFIG       ##
    ###################################
    
    ## Appenlight is tailored to work with RhodeCode, see
    ## http://appenlight.com for details how to obtain an account
    
    ## appenlight integration enabled
    appenlight = false
    
    appenlight.server_url = https://api.appenlight.com
    appenlight.api_key = YOUR_API_KEY
    #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
    
    # used for JS client
    appenlight.api_public_key = YOUR_API_PUBLIC_KEY
    
    ## TWEAK AMOUNT OF INFO SENT HERE
    
    ## enables 404 error logging (default False)
    appenlight.report_404 = false
    
    ## time in seconds after request is considered being slow (default 1)
    appenlight.slow_request_time = 1
    
    ## record slow requests in application
    ## (needs to be enabled for slow datastore recording and time tracking)
    appenlight.slow_requests = true
    
    ## enable hooking to application loggers
    appenlight.logging = true
    
    ## minimum log level for log capture
    appenlight.logging.level = WARNING
    
    ## send logs only from erroneous/slow requests
    ## (saves API quota for intensive logging)
    appenlight.logging_on_error = false
    
    ## list of additonal keywords that should be grabbed from environ object
    ## can be string with comma separated list of words in lowercase
    ## (by default client will always send following info:
    ## 'REMOTE_USER', 'REMOTE_ADDR', 'SERVER_NAME', 'CONTENT_TYPE' + all keys that
    ## start with HTTP* this list be extended with additional keywords here
    appenlight.environ_keys_whitelist = ""
    
    ## list of keywords that should be blanked from request object
    ## can be string with comma separated list of words in lowercase
    ## (by default client will always blank keys that contain following words
    ## 'password', 'passwd', 'pwd', 'auth_tkt', 'secret', 'csrf'
    ## this list be extended with additional keywords set here
    appenlight.request_keys_blacklist = ""
    
    ## list of namespaces that should be ignores when gathering log entries
    ## can be string with comma separated list of namespaces
    ## (by default the client ignores own entries: appenlight_client.client)
    appenlight.log_namespace_blacklist = ""
    
    
    ################################################################################
    ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*  ##
    ## Debug mode will enable the interactive debugging tool, allowing ANYONE to  ##
    ## execute malicious code after an exception is raised.                       ##
    ################################################################################
    set debug = false
    
    
    #########################################################
    ### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG    ###
    #########################################################
    #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
    #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
    #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
    sqlalchemy.db1.url = postgresql://postgres:secret@localhost/rhodecode
    
    # see sqlalchemy docs for other advanced settings
    
    ## print the sql statements to output
    sqlalchemy.db1.echo = false
    ## recycle the connections after this ammount of seconds
    sqlalchemy.db1.pool_recycle = 3600
    sqlalchemy.db1.convert_unicode = true
    
    ## the number of connections to keep open inside the connection pool.
    ## 0 indicates no limit
    #sqlalchemy.db1.pool_size = 5
    
    ## the number of connections to allow in connection pool "overflow", that is
    ## connections that can be opened above and beyond the pool_size setting,
    ## which defaults to five.
    #sqlalchemy.db1.max_overflow = 10
    
    
    ##################
    ### VCS CONFIG ###
    ##################
    vcs.server.enable = true
    vcs.server = 127.0.0.1:10008
    
    ## Web server connectivity protocol, responsible for web based VCS operatations
    ## Available protocols are:
    ## `pyro4` - using pyro4 server
    ## `http` - using http-rpc backend
    vcs.server.protocol = http
    
    ## Push/Pull operations protocol, available options are:
    ## `pyro4` - using pyro4 server
    ## `rhodecode.lib.middleware.utils.scm_app_http` - Http based, recommended
    ## `vcsserver.scm_app` - internal app (EE only)
    vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
    
    ## Push/Pull operations hooks protocol, available options are:
    ## `pyro4` - using pyro4 server
    ## `http` - using http-rpc backend
    vcs.hooks.protocol = http
    
    vcs.server.log_level = info
    ## Start VCSServer with this instance as a subprocess, usefull for development
    vcs.start_server = false
    
    ## List of enabled VCS backends, available options are:
    ## `hg`  - mercurial
    ## `git` - git
    ## `svn` - subversion
    vcs.backends = hg, git, svn
    
    vcs.connection_timeout = 3600
    ## Compatibility version when creating SVN repositories. Defaults to newest version when commented out.
    ## Available options are: pre-1.4-compatible, pre-1.5-compatible, pre-1.6-compatible, pre-1.8-compatible
    #vcs.svn.compatible_version = pre-1.8-compatible
    
    
    ############################################################
    ### Subversion proxy support (mod_dav_svn)               ###
    ### Maps RhodeCode repo groups into SVN paths for Apache ###
    ############################################################
    ## Enable or disable the config file generation.
    svn.proxy.generate_config = true
    ## Generate config file with `SVNListParentPath` set to `On`.
    svn.proxy.list_parent_path = true
    ## Set location and file name of generated config file.
    svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
    ## File system path to the directory containing the repositories served by
    ## RhodeCode.
    svn.proxy.parent_path_root = /home/ubuntu/repos
    ## Used as a prefix to the <Location> block in the generated config file. In
    ## most cases it should be set to `/`.
    svn.proxy.location_root = /
    
    
    ################################
    ### LOGGING CONFIGURATION   ####
    ################################
    [loggers]
    keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates
    
    [handlers]
    keys = console, console_sql
    
    [formatters]
    keys = generic, color_formatter, color_formatter_sql
    
    #############
    ## LOGGERS ##
    #############
    [logger_root]
    level = NOTSET
    handlers = console
    
    [logger_routes]
    level = DEBUG
    handlers = ""
    qualname = routes.middleware
    ## "level = DEBUG" logs the route matched and routing variables.
    propagate = 1
    
    [logger_beaker]
    level = DEBUG
    handlers = ""
    qualname = beaker.container
    propagate = 1
    
    [logger_pyro4]
    level = DEBUG
    handlers = ""
    qualname = Pyro4
    propagate = 1
    
    [logger_templates]
    level = INFO
    handlers = ""
    qualname = pylons.templating
    propagate = 1
    
    [logger_rhodecode]
    level = DEBUG
    handlers = ""
    qualname = rhodecode
    propagate = 1
    
    [logger_sqlalchemy]
    level = INFO
    handlers = console_sql
    qualname = sqlalchemy.engine
    propagate = 0
    
    ##############
    ## HANDLERS ##
    ##############
    
    [handler_console]
    class = StreamHandler
    args = (sys.stderr,)
    level = INFO
    formatter = generic
    
    [handler_console_sql]
    class = StreamHandler
    args = (sys.stderr,)
    level = WARN
    formatter = generic
    
    ################
    ## FORMATTERS ##
    ################
    
    [formatter_generic]
    class = rhodecode.lib.logging_formatter.Pyro4AwareFormatter
    format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
    datefmt = %Y-%m-%d %H:%M:%S
    
    [formatter_color_formatter]
    class = rhodecode.lib.logging_formatter.ColorFormatter
    format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
    datefmt = %Y-%m-%d %H:%M:%S
    
    [formatter_color_formatter_sql]
    class = rhodecode.lib.logging_formatter.ColorFormatterSql
    format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
    datefmt = %Y-%m-%d %H:%M:%S
    
  15. 15 Posted by jarrod.cook on 25 Apr, 2017 07:37 PM

    jarrod.cook's Avatar

    Yes i tried both direct push from the server itself via 127.0.0.1 as well as through apache and it didn't work for either. I tried changing some of the stuff in your ini that was different than mine but it did not help. Here is the diff of my ini vs yours:

    ################################################################################
    -## RHODECODE ENTERPRISE CONFIGURATION ##
    +## RHODECODE COMMUNITY EDITION CONFIGURATION ##
     # The %(here)s variable will be replaced with the parent directory of this file#
     ################################################################################
     
    @@ -14,23 +15,23 @@
     ################################################################################
     
     ## prefix all emails subjects with given prefix, helps filtering out emails
    -email_prefix = [RhodeCode]
    +#email_prefix = [RhodeCode]
     
     ## email FROM address all mails will be sent
    -app_email_from = [email blocked]
    +#app_email_from = rhodecode-noreply@localhost
     
     ## Uncomment and replace with the address which should receive any error report
     ## note: using appenlight for error handling doesn't need this to be uncommented
    -email_to = [email blocked]
    +#email_to = admin@localhost
     
     ## in case of Application errors, sent an error email form
    -error_email_from = [email blocked]
    +#error_email_from = rhodecode_error@localhost
     
     ## additional error message to be send in case of server crash
     #error_message =
     
     
    -smtp_server = localhost
    +#smtp_server = mail.server.com
     #smtp_username =
     #smtp_password =
     #smtp_port =
    @@ -42,24 +43,39 @@
     [server:main]
     ## COMMON ##
     host = 127.0.0.1
    -port = 10006
    +port = 10002
    +
    +##################################
    +## WAITRESS WSGI SERVER ##
    +## Recommended for Development ##
    +##################################
    +
    +#use = egg:waitress#main
    +## number of worker threads
    +#threads = 5
    +## MAX BODY SIZE 100GB
    +#max_request_body_size = 107374182400
    +## Use poll instead of select, fixes file descriptors limits problems.
    +## May not work on old windows systems.
    +#asyncore_use_poll = true
    +
     
     ##########################
     ## GUNICORN WSGI SERVER ##
     ##########################
    -## run with gunicorn --log-config <inifile.ini> --paste <inifile.ini>
    +## run with gunicorn --log-config rhodecode.ini --paste rhodecode.ini>
     
     use = egg:gunicorn#main
     ## Sets the number of process workers. You must set `instance_id = *`
     ## when this option is set to more than one worker, recommended
     ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
     ## The `instance_id = *` must be set in the [app:main] section below
    -workers = 2
    +workers = 3
     ## number of threads for each of the worker, must be set to 1 for gevent
     ## generally recommened to be at 1
     #threads = 1
     ## process name
    -proc_name = rhodecode
    +proc_name = RhodeCodeCommunity
     ## type of worker class, one of sync, gevent
     ## recommended for bigger setup is using of of other than sync one
     worker_class = sync
    @@ -74,20 +90,22 @@
     timeout = 21600
     
     
    -## prefix middleware for RhodeCode, disables force_https flag.
    +## prefix middleware for RhodeCode.
     ## recommended when using proxy setup.
     ## allows to set RhodeCode under a prefix in server.
    -## eg https://server.com/<prefix>. Enable `filter-with =` option below as well.
    -## optionally set prefix like: `prefix = /<your-prefix>`
    +## eg https://server.com/custom_prefix. Enable `filter-with =` option below as well.
    +## And set your prefix like: `prefix = /custom_prefix`
    +## be sure to also set beaker.session.cookie_path = /custom_prefix if you need
    +## to make your cookies only work on prefix url
     [filter:proxy-prefix]
     use = egg:PasteDeploy#prefix
    -prefix = /
    +prefix = /rhodecode
     
     [app:main]
     use = egg:rhodecode-enterprise-ce
     
     ## enable proxy prefix middleware, defined above
    -#filter-with = proxy-prefix
    +filter-with = proxy-prefix
     
     ## encryption key used to encrypt social plugin tokens,
     ## remote_urls with credentials etc, if not set it defaults to
    @@ -116,10 +134,10 @@
     ## Once enabled, generated archives will be cached at this location
     ## and served from the cache during subsequent requests for the same archive of
     ## the repository.
    -#archive_cache_dir = /tmp/tarballcache
    +#archive_cache_dir = /home/administrator/.rccontrol/community-1/tarballcache
     
     ## change this to unique ID for security
    -app_instance_uuid = 25918cb8eda7464c9003342bace4e27d
    +app_instance_uuid = 93e23204d1784a36a683cb64275ea710
     
     ## cut off limit for large diffs (size in bytes)
     cut_off_limit_diff = 1024000
    @@ -140,7 +158,7 @@
     
     ## git rev filter option, --all is the default filter, if you need to
     ## hide all refs in changelog switch this to --branches --tags
    -git_rev_filter = --all
    +git_rev_filter = --branches --tags
     
     # Set to true if your repos are exposed using the dumb protocol
     git_update_server_info = false
    @@ -151,27 +169,27 @@
     rss_include_diff = false
     
     ## gist URL alias, used to create nicer urls for gist. This should be an
    -## url that does rewrites to _admin/gists/<gistid>.
    +## url that does rewrites to _admin/gists/{gistid}.
     ## example: http://gist.rhodecode.org/{gistid}. Empty means use the internal
    -## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/<gistid>
    +## RhodeCode url, ie. http[s]://rhodecode.server/_admin/gists/{gistid}
     gist_alias_url = ""
     
     ## List of controllers (using glob pattern syntax) that AUTH TOKENS could be
     ## used for access.
    -## Adding ?auth_token = <token> to the url authenticates this request as if it
    +## Adding ?auth_token=TOKEN_HASH to the url authenticates this request as if it
     ## came from the the logged in user who own this authentication token.
     ##
    -## Syntax is <ControllerClass>:<function_pattern>.
    +## Syntax is ControllerClass:function_pattern.
     ## To enable access to raw_files put `FilesController:raw`.
     ## To enable access to patches add `ChangesetController:changeset_patch`.
     ## The list should be "," separated and on a single line.
     ##
     ## Recommended controllers to enable:
    -# ChangesetController:changeset_patch,
    -# ChangesetController:changeset_raw,
    -# FilesController:raw,
    -# FilesController:archivefile,
    -# GistsController:*,
    +## ChangesetController:changeset_patch,
    +## ChangesetController:changeset_raw,
    +## FilesController:raw,
    +## FilesController:archivefile,
    +## GistsController:*,
     api_access_controllers_whitelist = ""
     
     ## default encoding used to convert from and to unicode
    @@ -182,7 +200,7 @@
     ## a prefix key for this instance used for cache invalidation when running
     ## multiple instances of rhodecode, make sure it's globally unique for
     ## all running rhodecode instances. Leave empty if you don't use it
    -instance_id = *
    +instance_id = ""
     
     ## Fallback authentication plugin. Set this to a plugin ID to force the usage
     ## of an authentication plugin also if it is disabled by it's settings.
    @@ -216,19 +234,19 @@
     lock_ret_code = 423
     
     ## allows to change the repository location in settings page
    -allow_repo_location_change = false
    +allow_repo_location_change = true
     
     ## allows to setup custom hooks in settings page
     allow_custom_hooks_settings = true
     
     ## generated license token, goto license page in RhodeCode settings to obtain
     ## new token
    -license_token =
    +license_token = 5d1a-af73-02c1-11e7
     
     ## supervisor connection uri, for managing supervisor and logs.
    -supervisor.uri = 127.0.0.1:10000
    +supervisor.uri = 127.0.0.1:10002
     ## supervisord group name/id we only want this RC instance to handle
    -supervisor.group_id = prod
    +supervisor.group_id = community-1
     
     ## Display extended labs settings
     labs_settings_active = true
    @@ -263,7 +281,7 @@
     ####################################
     ### BEAKER CACHE ####
     ####################################
    -# default cache dir for templates. Putting this into a ramdisk
    +## default cache dir for templates. Putting this into a ramdisk
     ## can boost performance, eg. %(here)s/data_ramdisk
     cache_dir = %(here)s/data
     
    @@ -295,7 +313,7 @@
     #beaker.cache.auth_plugins.type = ext:database
     #beaker.cache.auth_plugins.lock_dir = %(here)s/data/cache/auth_plugin_lock
     #beaker.cache.auth_plugins.url = postgresql://postgres:secret@localhost/rhodecode
    -#beaker.cache.auth_plugins.url = mysql://root:[email blocked].0.1/rhodecode
    +#beaker.cache.auth_plugins.url = mysql://root:[email blocked].0.1/rhodecode
     #beaker.cache.auth_plugins.sa.pool_recycle = 3600
     #beaker.cache.auth_plugins.sa.pool_size = 10
     #beaker.cache.auth_plugins.sa.max_overflow = 0
    @@ -324,25 +342,25 @@
     #beaker.session.type = ext:database
     #beaker.session.table_name = db_session
     #beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
    -#beaker.session.sa.url = mysql://root:[email blocked].0.1/rhodecode
    +#beaker.session.sa.url = mysql://root:[email blocked].0.1/rhodecode
     #beaker.session.sa.pool_recycle = 3600
     #beaker.session.sa.echo = false
     
    -beaker.session.key = rhodecode
    -beaker.session.secret = SECRET
    +beaker.session.key = community-1
    +beaker.session.secret = edac540e183e4a61b6411f1ac67592a7
     beaker.session.lock_dir = %(here)s/data/sessions/lock
     
     ## Secure encrypted cookie. Requires AES and AES python libraries
     ## you must disable beaker.session.secret to use this
    -#beaker.session.encrypt_key = <key_for_encryption>
    -#beaker.session.validate_key = <validation_key>
    +#beaker.session.encrypt_key = key_for_encryption
    +#beaker.session.validate_key = validation_key
     
     ## sets session as invalid(also logging out user) if it haven not been
     ## accessed for given amount of time in seconds
     beaker.session.timeout = 2592000
     beaker.session.httponly = true
    -## Path to use for the cookie.
    -#beaker.session.cookie_path = /<your-prefix>
    +## Path to use for the cookie. Set to prefix if you use prefix middleware
    +#beaker.session.cookie_path = /custom_prefix
     
     ## uncomment for https secure cookie
     beaker.session.secure = false
    @@ -360,8 +378,8 @@
     ## Full text search indexer is available in rhodecode-tools under
     ## `rhodecode-tools index` command
     
    -# WHOOSH Backend, doesn't require additional services to run
    -# it works good with few dozen repos
    +## WHOOSH Backend, doesn't require additional services to run
    +## it works good with few dozen repos
     search.module = rhodecode.lib.index.whoosh
     search.location = %(here)s/data/index
     
    @@ -370,17 +388,23 @@
     ########################################
     ## channelstream enables persistent connections and live notification
     ## in the system. It's also used by the chat system
    -
     channelstream.enabled = false
    -## location of channelstream server on the backend
    +
    +## server address for channelstream server on the backend
     channelstream.server = 127.0.0.1:9800
    +
     ## location of the channelstream server from outside world
    -## most likely this would be an http server special backend URL, that handles
    -## websocket connections see nginx example for config
    +## use ws:// for http or wss:// for https. This address needs to be handled
    +## by external HTTP server such as Nginx or Apache
    +## see nginx/apache configuration examples in our docs
     channelstream.ws_url = ws://rhodecode.yourserver.com/_channelstream
    -channelstream.secret = rcsecret
    +channelstream.secret = secret
     channelstream.history.location = %(here)s/channelstream_history
     
    +## Internal application path that Javascript uses to connect into.
    +## If you use proxy-prefix the prefix should be added before /_channelstream
    +channelstream.proxy_path = /_channelstream
    +
     
     ###################################
     ## APPENLIGHT CONFIG ##
    @@ -396,7 +420,7 @@
     appenlight.api_key = YOUR_API_KEY
     #appenlight.transport_config = https://api.appenlight.com?threaded=1&timeout=5
     
    -# used for JS client
    +## used for JS client
     appenlight.api_public_key = YOUR_API_PUBLIC_KEY
     
     ## TWEAK AMOUNT OF INFO SENT HERE
    @@ -449,19 +473,19 @@
     set debug = false
     
     
    -#########################################################
    -### DB CONFIGS - EACH DB WILL HAVE IT'S OWN CONFIG ###
    -#########################################################
    +###########################################
    +### MAIN RHODECODE DATABASE CONFIG ###
    +###########################################
     #sqlalchemy.db1.url = sqlite:///%(here)s/rhodecode.db?timeout=30
     #sqlalchemy.db1.url = postgresql://postgres:qweqwe@localhost/rhodecode
     #sqlalchemy.db1.url = mysql://root:qweqwe@localhost/rhodecode
    -sqlalchemy.db1.url = postgresql://postgres:secret@localhost/rhodecode
    +sqlalchemy.db1.url = sqlite:////home/administrator/.rccontrol/community-1/rhodecode.db
     
    -# see sqlalchemy docs for other advanced settings
    +## see sqlalchemy docs for other advanced settings
     
     ## print the sql statements to output
     sqlalchemy.db1.echo = false
    -## recycle the connections after this ammount of seconds
    +## recycle the connections after this amount of seconds
     sqlalchemy.db1.pool_recycle = 3600
     sqlalchemy.db1.convert_unicode = true
     
    @@ -479,23 +503,23 @@
     ### VCS CONFIG ###
     ##################
     vcs.server.enable = true
    -vcs.server = 127.0.0.1:10008
    +vcs.server = 127.0.0.1:10001
     
     ## Web server connectivity protocol, responsible for web based VCS operatations
     ## Available protocols are:
    -## `pyro4` - using pyro4 server
    -## `http` - using http-rpc backend
    +## `pyro4` - use pyro4 server
    +## `http` - use http-rpc backend (default)
     vcs.server.protocol = http
     
     ## Push/Pull operations protocol, available options are:
    -## `pyro4` - using pyro4 server
    -## `rhodecode.lib.middleware.utils.scm_app_http` - Http based, recommended
    -## `vcsserver.scm_app` - internal app (EE only)
    +## `pyro4` - use pyro4 server
    +## `http` - use http-rpc backend (default)
    +##
     vcs.scm_app_implementation = rhodecode.lib.middleware.utils.scm_app_http
     
     ## Push/Pull operations hooks protocol, available options are:
    -## `pyro4` - using pyro4 server
    -## `http` - using http-rpc backend
    +## `pyro4` - use pyro4 server
    +## `http` - use http-rpc backend (default)
     vcs.hooks.protocol = http
     
     vcs.server.log_level = info
    @@ -519,24 +543,31 @@
     ### Maps RhodeCode repo groups into SVN paths for Apache ###
     ############################################################
     ## Enable or disable the config file generation.
    -svn.proxy.generate_config = true
    +svn.proxy.generate_config = false
     ## Generate config file with `SVNListParentPath` set to `On`.
     svn.proxy.list_parent_path = true
     ## Set location and file name of generated config file.
     svn.proxy.config_file_path = %(here)s/mod_dav_svn.conf
    -## File system path to the directory containing the repositories served by
    -## RhodeCode.
    -svn.proxy.parent_path_root = /home/ubuntu/repos
    -## Used as a prefix to the <Location> block in the generated config file. In
    -## most cases it should be set to `/`.
    +## Used as a prefix to the `Location` block in the generated config file.
    +## In most cases it should be set to `/`.
     svn.proxy.location_root = /
    +## Command to reload the mod dav svn configuration on change.
    +## Example: `/etc/init.d/apache2 reload`
    +#svn.proxy.reload_cmd = /etc/init.d/apache2 reload
    +## If the timeout expires before the reload command finishes, the command will
    +## be killed. Setting it to zero means no timeout. Defaults to 10 seconds.
    +#svn.proxy.reload_timeout = 10
    +
    +## Dummy marker to add new entries after.
    +## Add any custom entries below. Please don't remove.
    +custom.conf = 1
     
     
     ################################
     ### LOGGING CONFIGURATION ####
     ################################
     [loggers]
    -keys = root, routes, rhodecode, sqlalchemy, beaker, pyro4, templates
    +keys = root, routes, rhodecode, sqlalchemy, beaker, templates
     
     [handlers]
     keys = console, console_sql
    @@ -564,12 +595,6 @@
     qualname = beaker.container
     propagate = 1
     
    -[logger_pyro4]
    -level = DEBUG
    -handlers = ""
    -qualname = Pyro4
    -propagate = 1
    -
     [logger_templates]
     level = INFO
     handlers = ""

    Maybe at some point when i have some free time i will try installing nginx on a server and see if it works with that. For now ill just leave anonymous access disabled : ).

  16. 16 Posted by Nattee Niparnan on 14 Jul, 2017 07:46 AM

    Nattee Niparnan's Avatar

    Hi,

    I have the same problem. I am running Rhodecode community 4.8 with a Proxy via Apache. When I tried to push a relatively) large commit, it fails with "502: Bad Gateway". Pushing any small commit works just fine. I have already using KeepAlive directive as per https://issues.rhodecode.com/issues/5213

    I can confirm that changing the permission of the default user to either None or Write would solve the problem. The problem only occurs on some push to a repository that has the default permission as Read.

    The strange things is that even though I push using "http://user:pass@host/repo" which should authenticate the push to some user, the problem still occurs. In other words, I cannot use Read permission for the default user, no matter what user I am using to authenticate the push.

    Again, this only happen for some particular commit.

    Now this is my workaround. All I have to do now is that when "502: Bad Gateway" happens, I change the permission of the default user to None and push again. After that, I change the permission back to Read.

    Hope this help,
    -- Nattee

  17. Support Staff 17 Posted by Marcin Kuzminsk... on 14 Jul, 2017 04:16 PM

    Marcin Kuzminski's Avatar

    We found a similar issue posted somewhere, and recommended was to set the the timeout limit, also we found wery interesting thread on Apache itself with a keepalive race condition, maybe this is the cause here ?

    https://bz.apache.org/bugzilla/show_bug.cgi?id=37770

  18. 18 Posted by Nattee Niparnan on 14 Jul, 2017 05:15 PM

    Nattee Niparnan's Avatar

    Thanks for a quick reply.

    Could you advice on which timeout you are referring to? Also where to set them? So that I could test it on my server.

    Best,
    -- Nattee

  19. Support Staff 19 Posted by Marcin Kuzminsk... on 14 Jul, 2017 06:37 PM

    Marcin Kuzminski's Avatar

    It should be something like that:

            <Proxy *>
              Order allow,deny
              Allow from all
            </Proxy>
    
            ProxyTimeout 7200
    

    If this doesn't help, please check the other issue, there was a bug in Apache itself, maybe your version is affected ?

  20. Support Staff 20 Posted by Marcin Kuzminsk... on 25 Sep, 2017 05:54 AM

    Marcin Kuzminski's Avatar

    Want to ping that issue back. Is this resolved?

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

23 Nov, 2017 03:02 PM
21 Nov, 2017 06:38 PM
03 Oct, 2017 08:26 PM
03 Oct, 2017 05:48 PM
28 Sep, 2017 05:55 PM