forked from assembl/assembl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
production.ini
520 lines (437 loc) · 18.3 KB
/
production.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
[pipeline:main]
pipeline =
raven
assembl
[app:assembl]
use = egg:assembl
pyramid.reload_templates = false
pyramid.debug_authorization = false
pyramid.debug_notfound = false
pyramid.debug_routematch = false
sqltap = false
pyramid.includes =
pyramid_tm
# Don't let cornice handle exceptions
handle_exceptions =
# Should we show our own view for exceptions? true for production.
assembl_handle_exceptions = true
# Ensure to have the same url scheme as Assembl and Sentry's (http or https)
raven_url = %(sentry_scheme)s://%(sentry_key)s@%(sentry_host)s/%(sentry_id)s
tm.attempts=3
# Assembl will strip countries if needed, so you should provide a proper locale
# including country. If you don't you may have problems with facebook and other
# For some reason de, ar, es should not have countries, because for some reason
# facebook doesn't like it.
# Note that currently, only en, fr, and de variants are fully supported
# If you contribute an additional translation, be sure to update
# initLocale() in context.js Otherwise, date localisations using moment.js will
# revert to english
available_languages = fr_CA en_CA de
pyramid.default_locale_name = en_CA
# Should requirejs defeat browser caching? Useful in development
requirejs.cache_bust = false
sqlalchemy.url = postgresql+psycopg2://%(db_user)s:%(db_password)s@%(db_host)s/%(db_database)s?sslmode=disable
# Unnessary to set this true in development, as logger_sqlalchemy DEBUG
# below will also output sql statements
sqlalchemy.echo = False
sqlalchemy.strategy = atexit_cleanup
# Do we use elastic_search indexing
use_elasticsearch = true
jinja2.directories = assembl:templates
#If false, every user will be immediately validated
assembl.validate_registration_emails = true
mail.host = %(smtp_host)s
mail.tls = true
assembl.admin_email = assembl@%(public_hostname)s
# Set a discussion slug here so root redirects to a that discussion.
# TODO: Replace with a host router.
# default_discussion = sandbox
# Offline mode: if true, the application will avoid making calls to other websites (e.g. gravatar)
#offline_mode = false
#The default theme. If unset, will be set to "default"
#The themes must be stored in a folder assembl/static/css/themes/name_of_theme
#default_theme = default
# Each of these providers requires us to register a client app ID.
# Also, we must give a visible callback URL.
# Please contact maparent@acm.org for details.
# Python Social Auth settings
SOCIAL_AUTH_LOGIN_URL = /login
SOCIAL_AUTH_LOGIN_REDIRECT_URL = /
SOCIAL_AUTH_USER_MODEL = assembl.models.auth.User
# SOCIAL_AUTH_LOGIN_FUNCTION = assembl.views.auth.views.velruse_login_complete_view
SOCIAL_AUTH_LOGIN_FUNCTION = assembl.auth.social_auth.login_user
SOCIAL_AUTH_LOGGEDIN_FUNCTION = assembl.auth.social_auth.login_required
SOCIAL_AUTH_STORAGE = assembl.models.social_auth.AssemblStorage
SOCIAL_AUTH_STRATEGY = assembl.auth.social_auth.AssemblStrategy
SOCIAL_AUTH_USER_FIELDS = email
fullname
SOCIAL_AUTH_PROTECTED_USER_FIELDS = fullname
USE_UNIQUE_USER_ID=True
IGNORE_DEFAULT_SCOPE = True
SOCIAL_AUTH_FACEBOOK_SCOPE = public_profile
email
SOCIAL_AUTH_GOOGLE_OAUTH2_SCOPE = profile email
SOCIAL_AUTH_GITHUB_SCOPE = repo
SOCIAL_AUTH_FIELDS_STORED_IN_SESSION = next_view
SOCIAL_AUTH_AUTHENTICATION_BACKENDS = assembl.auth.wordpress.WordPressServerOAuth2
social.backends.twitter.TwitterOAuth
social.backends.open_id.OpenIdAuth
social.backends.google.GoogleOpenId
social.backends.google.GoogleOAuth2
social.backends.google.GoogleOAuth
social.backends.yammer.YammerOAuth2
social.backends.yahoo.YahooOpenId
social.backends.stripe.StripeOAuth2
social.backends.persona.PersonaAuth
social.backends.facebook.FacebookOAuth2
social.backends.facebook.FacebookAppOAuth2
social.backends.yahoo.YahooOAuth
social.backends.angel.AngelOAuth2
social.backends.behance.BehanceOAuth2
social.backends.bitbucket.BitbucketOAuth
social.backends.box.BoxOAuth2
social.backends.linkedin.LinkedinOAuth
social.backends.github.GithubOAuth2
social.backends.foursquare.FoursquareOAuth2
social.backends.instagram.InstagramOAuth2
social.backends.live.LiveOAuth2
social.backends.vk.VKOAuth2
social.backends.dailymotion.DailymotionOAuth2
social.backends.disqus.DisqusOAuth2
social.backends.dropbox.DropboxOAuth
social.backends.eveonline.EVEOnlineOAuth2
social.backends.evernote.EvernoteSandboxOAuth
social.backends.flickr.FlickrOAuth
social.backends.livejournal.LiveJournalOpenId
social.backends.soundcloud.SoundcloudOAuth2
social.backends.thisismyjam.ThisIsMyJamOAuth1
social.backends.stocktwits.StocktwitsOAuth2
social.backends.tripit.TripItOAuth
social.backends.twilio.TwilioAuth
social.backends.clef.ClefOAuth2
social.backends.xing.XingOAuth
social.backends.yandex.YandexOAuth2
social.backends.podio.PodioOAuth2
social.backends.reddit.RedditOAuth2
social.backends.mineid.MineIDOAuth2
social.backends.wunderlist.WunderlistOAuth2
social.backends.saml.SAMLAuth
# Those will be shown in the login page
login_providers =
# facebook
# twitter
# google-oauth2
# Users from these providers (if enabled in login_providers) will not need
# to verify their email
trusted_login_providers = facebook
google-oauth2
twitter
saml
# https://developers.facebook.com/docs/facebook-login/getting-started-web/
# https://developers.facebook.com/apps/
#
SOCIAL_AUTH_FACEBOOK_KEY = ...
SOCIAL_AUTH_FACEBOOK_SECRET = ...
SOCIAL_AUTH_FACEBOOK_SCOPE = public_profile
email
# Further parameters for facebook import/export
# facebook.consumer_key =
# facebook.consumer_secret =
# facebook.app_access_token =
facebook.export_permissions = public_profile, email, publish_actions, user_posts, user_likes, manage_pages, publish_pages, user_groups, user_managed_groups
facebook.debug_mode = false
# facebook.api_version =
supported_exports_list =
# https://dev.twitter.com/apps/new
#
SOCIAL_AUTH_TWITTER_KEY = ...
SOCIAL_AUTH_TWITTER_SECRET = ...
# http://developer.github.com/v3/oauth/
# https://github.com/settings/applications
SOCIAL_AUTH_GITHUB_KEY = ...
SOCIAL_AUTH_GITHUB_SECRET = ...
SOCIAL_AUTH_GITHUB_SCOPE = repo
# https://code.google.com/apis/console/ ; API & auth; Credentials; Create Client ID for web application
# API & auth; APIs; Google+ API: Activate
SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = ...
SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = ...
# Based on https://wp-oauth.com/
SOCIAL_AUTH_WORDPRESS_OAUTH2_KEY = ....
SOCIAL_AUTH_WORDPRESS_OAUTH2_SECRET = ....
SOCIAL_AUTH_SAML_SP_ENTITY_ID = http://saml.%(public_hostname)s
# Absolute url of image to show for users that do not have an avatar.
# If not present, assembl default will be used.
# Conflicts with avatar.gravatar_default, you cannot define both.
# Gravatar caches the image aggressively; change the filename to change the image.
#avatar.default_image_url = none
# What gravatar will use if email isn't found.
# If not present, the image above will be used.
# Typical values are:
# identicon: a geometric pattern based on an email hash
# monsterid: a generated 'monster' with different colors, faces, etc
# wavatar: generated faces with differing features and backgrounds
# retro: generated, 8-bit arcade-style pixelated faces
# mm: only show avatars for people who have one on gravatar
avatar.gravatar_default = mm
# Beaker settings
beaker.session.type = ext:memcached
beaker.session.url = %(memcached_host)s:11211
beaker.session.data_dir = %(here)s/var/sessions/data
beaker.session.lock_dir = %(here)s/var/sessions/lock
beaker.session.key = assembl_session
session.secret = CHANGEME_enter_a_secret
beaker.session.cookie_on_exception = true
#security.hash_algorithm = sha256
security.email_token_salt = CHANGEME_enter_a_salt
beaker.session.session_class = assembl.auth.upgradable_session.AssemblUpgradableSession
# Set to false on an entreprise server
beaker.session.cookie_expires = true
beaker.session.elevated_expires = 2635200
new_frontend = true
# Anykeystore settings for Velruse
store = sqlalchemy
store.url = sqlite:///%(here)s/assembl.db
# Dogpile cache
dogpile_cache.backend = file
dogpile_cache.expiration_time = 10000
dogpile_cache.arguments.filename = var/dogpile_cache.dbm
# Change this to the hostname visible from outside
public_hostname = localhost
# Change this to the port visible from the outside
# Typically 80 for prod, 6543 for dev
public_port = 80
# Do we accept https? If so we'll force it in some cases.
accept_secure_connection = true
# Do we force https?
require_secure_connection = true
# ZMQ Websockets are used for frontend to backend communication
# ZMQ model changes local socket (backend will connect to this)
# UNIQUE_PER_SERVER
# Convention:
# /0 thru /2: reserved for development
# /3 thru /4: reserved for automated testing
# /5-: production
changes.socket = ipc:///tmp/assembl_changes/5
changes.multiplex = true
# The port to use for the websocket (client frontends will connect to this)
# In prod, your firewall needs to allow this through or proxy it through nginx
# UNIQUE_PER_SERVER
# Convention:
# 8085 thru 8087: reserved for development
# 8088 thru 8089: reserved for automated testing
# 8090-: production
changes.websocket.port = 8090
# Whether the websocket is proxied by nginx, and exposed through the public_port
changes.websocket.proxied = true
changes.prefix = /socket
# This may use another port than above, in case of reverse proxying.
changes.websocket.url = //%(public_hostname)s:%(public_port)s%(changes.prefix)s/
# Notification broker. possible configurations:
# Noop configurations: Just print.
# assembl.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# celery_tasks.notification_dispatch.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# celery_tasks.imap.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# Direct configuration
# assembl.imodeleventwatcher = assembl.models.notification.ModelEventWatcherNotificationSubscriptionDispatcher
# celery_tasks.notification_dispatch.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# celery_tasks.imap.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# Threaded configurations: Send to thread, thread acts.
# assembl.imodeleventwatcher = assembl.tasks.threaded_model_watcher.ThreadedModelEventWatcher
# celery_tasks.notification_dispatch.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
# assembl.threadedmodelwatcher = assembl.models.notification.ModelEventWatcherNotificationSubscriptionDispatcher
# celery_tasks.imap.imodeleventwatcher = assembl.tasks.threaded_model_watcher.ThreadedModelEventWatcher
# celery_tasks.imap.threadedmodelwatcher = assembl.models.notification.ModelEventWatcherNotificationSubscriptionDispatcher
# Broker configurations: send to celery, celery task acts.
assembl.imodeleventwatcher = assembl.tasks.notification_dispatch.ModelEventWatcherCelerySender
celery_tasks.notification_dispatch.imodeleventwatcher = assembl.models.notification.ModelEventWatcherNotificationSubscriptionDispatcher
celery_tasks.imap.imodeleventwatcher = assembl.tasks.notification_dispatch.ModelEventWatcherCelerySender
celery_tasks.source_reader.imodeleventwatcher = assembl.tasks.notification_dispatch.ModelEventWatcherCelerySender
# ZMQ model changes local socket (backend will connect to this)
# UNIQUE_PER_SERVER
# Convention:
# /0 - /3: reserved for development
# /4: reserved for automated testing
# /5 - /12: production
redis_socket = 5
celery_tasks.broker = redis://%(redis_host)s:6379/%(redis_socket)s
celery_tasks.imap.num_workers = 1
celery_tasks.notification_dispatch.num_workers = 1
celery_tasks.notify.num_workers = 2
celery_tasks.translate.num_workers = 2
# Uncomment this if you want a delay (seconds, float) between outgoing notifications
# celery_tasks.notify.smtp_delay. = 0.1
# You can also specify a delay for a specific server, thus:
# celery_tasks.notify.smtp_delay.smtp.example.com = 1.1
# Has to be defined as noop.
celery_tasks.notify.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
celery_tasks.translate.imodeleventwatcher = assembl.lib.model_watcher.ModelEventWatcherPrinter
cache_viewdefs = true
activate_tour = false
# minified_js = debug builds with map, which is much slower.
minified_js = false
use_webpack_server = false
# Default subscriptions
subscriptions.participant.default = FOLLOW_SYNTHESES
EMAIL_BOUNCED
EMAIL_VALIDATE
PARTICIPATED_FOR_FIRST_TIME_WELCOME
SUBSCRIPTION_WELCOME
# Default URL of the Help page. Each discussion can set a custom URL. You can use "%s" for user interface language
help_url = http://assembl.org/user-guides/
# Paste here the Piwik script corresponding to your server, and replace the site id with "%d".
# So this gives _paq.push(['setSiteId', %d]);
# And ...<img src="//.../piwik.php?idsite=%d"...
# Then, a piwik site id can be set in the administration panel of each discussion.
# If web_analytics_piwik_script or the discussion's piwik site id is empty, the Assembl server does not integrate the Piwik tracking code in the web pages it delivers.
web_analytics_piwik_script = <!-- Piwik -->
<script type="text/javascript">
var _paq = _paq || [];
_paq.push([function() {
var self = this;
function getOriginalVisitorCookieTimeout() {
var now = new Date(),
nowTs = Math.round(now.getTime() / 1000),
visitorInfo = self.getVisitorInfo();
var createTs = parseInt(visitorInfo[2]);
var cookieTimeout = 33696000; // 13 mois en secondes
var originalTimeout = createTs + cookieTimeout - nowTs;
return originalTimeout;
}
this.setVisitorCookieTimeout( getOriginalVisitorCookieTimeout() );
}]);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function() {
var u="//%(piwik_host)s/";
_paq.push(['setTrackerUrl', u+'piwik.php']);
_paq.push(['setSiteId', %%d]);
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
})();
</script>
<noscript><p><img src="//%(piwik_host)s/piwik.php?idsite=%%d" style="border:0;" alt="" /></p></noscript>
<!-- End Piwik Code -->
# URL of your Piwik server. For example: https://stats.bluenove.com . This token is required when the automatic discussion creation process is run.
web_analytics_piwik_url = https://%(piwik_host)s
# API token of a Piwik Super User. This token is required when the automatic discussion creation process is run: a Piwik user and website are created and associated to the discussion.
# For more information, see http://developer.piwik.org/api-reference/reporting-api#authenticate-to-the-api-via-token_auth-parameter
web_analytics_piwik_api_token =
# When a discussion is created, those callbacks will be invoked
# If any of these callbacks throws an exception, the database transaction fails and so the Discussion object will not be added into the database (Discussion is not created).
# Each callback must be indempotent: Calling it once or several times should produce the same result.
discussion_callbacks =
assembl.lib.discussion_creation.DiscussionCreationPrinter
# assembl.tasks.piwik.AutomaticPiwikBindingAtDiscussionCreation
[pshell]
db = assembl.lib.pshell_session.db
models = assembl.models
transaction = transaction
[alembic]
# Path to migration scripts
script_location = assembl/alembic
sqlalchemy.url = postgresql+psycopg2://%(db_user)s:%(db_password)s@%(db_host)s/%(db_database)s?sslmode=disable
transaction_per_migration = true
# Template used to generate migration files
# file_template = %%(rev)s_%%(slug)s
# Set to 'true' to run the environment during
# the 'revision' command, regardless of autogenerate
# revision_environment = false
[server:main]
use = egg:waitress#main
host = 0.0.0.0
# If not proxied by nginx or something, public_port in app:main needs to match
# this value
# UNIQUE_PER_SERVER
# Default port is 6543.
# Convention:
# 6543 thru 6545: reserved for development
# 6546 thru 6547: reserved for automated testing
# 6548-: production
port = 6548
threads = 10
# Begin logging configuration
[loggers]
keys = root, assembl, sqlalchemy, alembic, sentry
[handlers]
keys = console, sentry
[formatters]
keys = generic
[logger_root]
level = WARN
handlers = console, sentry
[logger_assembl]
level = WARN
handlers = console, sentry
qualname = assembl
[logger_sqlalchemy]
level = WARN
handlers = console, sentry
qualname = sqlalchemy.engine
# "level = INFO" logs SQL queries.
# "level = DEBUG" logs SQL queries and results.
# "level = WARN" logs neither. (Recommended for production systems.)
[logger_alembic]
level = WARN
handlers = console, sentry
qualname = alembic
[logger_sentry]
level = WARN
handlers = console
qualname = sentry.errors
propagate = 0
[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic
[handler_sentry]
class = raven.handlers.logging.SentryHandler
args = ('%(sentry_scheme)s://%(sentry_key)s:%(sentry_secret)s@%(sentry_host)s/%(sentry_id)s',)
level = WARNING
formatter = generic
[formatter_generic]
format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
# End logging configuration
[filter:raven]
use = egg:raven#raven
dsn = %(sentry_scheme)s://%(sentry_key)s:%(sentry_secret)s@%(sentry_host)s/%(sentry_id)s
include_paths = assembl
exclude_paths =
[supervisor]
autostart_celery_imap = true
autostart_celery_notification_dispatch = true
autostart_celery_notify = true
autostart_celery_notify_beat = true
autostart_celery_translate = false
autostart_source_reader = true
autostart_changes_router = true
autostart_pserve = false
autostart_nodesass = false
autostart_gulp = false
autostart_webpack = false
autostart_uwsgi = true
autostart_metrics_server = false
autostart_metrics_server = false
autostart_edgesense_server = false
[uwsgi]
# Set this dangerous umask if uwsgi is not the same user as nginx. Alternately, use proper uid/gid and run as root.
#umask = 000
umask = 007
uid = %U
gid = www-data
master = 1
processes = 8
lazy = 1
die-on-term = 1
# Do NOT use threads here, there are problems with pyodbc
# Defining the threads variable with any value enables threading
# threads = DO NOT USE
buffer-size = 65535
socket = %d/var/run/uwsgi.sock
stats = %d/var/run/uwsgi_stats.sock
plugin=python
virtualenv=%dvenv
pythonpath=%d
paste=config://%d%s
# Thunder-lock is only relevant in multiprocess+multithread mode
# thunder-lock = true