Changes between Version 1 and Version 2 of TracStandalone
- Timestamp:
- 02/19/15 14:27:32 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracStandalone
v1 v2 1 = Tracd =1 = Tracd 2 2 3 3 Tracd is a lightweight standalone Trac web server. 4 4 It can be used in a variety of situations, from a test or development server to a multiprocess setup behind another web server used as a load balancer. 5 5 6 == Pros ==6 == Pros 7 7 8 8 * Fewer dependencies: You don't need to install apache or any other web-server. … … 10 10 * Automatic reloading: For development, Tracd can be used in ''auto_reload'' mode, which will automatically restart the server whenever you make a change to the code (in Trac itself or in a plugin). 11 11 12 == Cons ==12 == Cons 13 13 14 14 * Fewer features: Tracd implements a very simple web-server and is not as configurable or as scalable as Apache httpd. 15 15 * No native HTTPS support: [http://www.rickk.com/sslwrap/ sslwrap] can be used instead, 16 or [ http://trac.edgewall.org/wiki/STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy.17 18 == Usage examples ==16 or [trac:wiki:STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy. 17 18 == Usage examples 19 19 20 20 A single project on port 8080. (http://localhost:8080/) 21 {{{ 21 {{{#!sh 22 22 $ tracd -p 8080 /path/to/project 23 23 }}} 24 Stric ly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname'' option.25 {{{ 24 Strictly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname'' option. 25 {{{#!sh 26 26 $ tracd --hostname=localhost -p 8080 /path/to/project 27 27 }}} 28 28 With more than one project. (http://localhost:8080/project1/ and http://localhost:8080/project2/) 29 {{{ 29 {{{#!sh 30 30 $ tracd -p 8080 /path/to/project1 /path/to/project2 31 31 }}} … … 35 35 36 36 An alternative way to serve multiple projects is to specify a parent directory in which each subdirectory is a Trac project, using the `-e` option. The example above could be rewritten: 37 {{{ 37 {{{#!sh 38 38 $ tracd -p 8080 -e /path/to 39 39 }}} 40 40 41 To exit the server on Windows, be sure to use {{{CTRL-BREAK}}} -- using {{{CTRL-C}}}will leave a Python process running in the background.42 43 == Installing as a Windows Service ==44 45 === Option 1 ===41 To exit the server on Windows, be sure to use `CTRL-BREAK` -- using `CTRL-C` will leave a Python process running in the background. 42 43 == Installing as a Windows Service 44 45 === Option 1 46 46 To install as a Windows service, get the [http://www.google.com/search?q=srvany.exe SRVANY] utility and run: 47 {{{ 47 {{{#!cmd 48 48 C:\path\to\instsrv.exe tracd C:\path\to\srvany.exe 49 49 reg add HKLM\SYSTEM\CurrentControlSet\Services\tracd\Parameters /v Application /d "\"C:\path\to\python.exe\" \"C:\path\to\python\scripts\tracd-script.py\" <your tracd parameters>" … … 54 54 55 55 If you want tracd to start automatically when you boot Windows, do: 56 {{{ 56 {{{#!cmd 57 57 sc config tracd start= auto 58 58 }}} … … 74 74 75 75 For Windows 7 User, srvany.exe may not be an option, so you can use [http://www.google.com/search?q=winserv.exe WINSERV] utility and run: 76 {{{ 76 {{{#!cmd 77 77 "C:\path\to\winserv.exe" install tracd -displayname "tracd" -start auto "C:\path\to\python.exe" c:\path\to\python\scripts\tracd-script.py <your tracd parameters>" 78 79 78 net start tracd 80 79 }}} 81 80 82 === Option 2 ===81 === Option 2 83 82 84 83 Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service. 85 84 86 == Using Authentication == 85 === Option 3 86 87 also cygwin's cygrunsrv.exe can be used: 88 {{{#!sh 89 $ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects' 90 $ net start tracd 91 }}} 92 93 == Using Authentication 94 95 Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (htpasswd and htdigest) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without htpasswd or htdigest; see below for alternatives) 96 97 Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux) may go undetected. 87 98 88 99 Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line. 89 100 90 101 The general format for using authentication is: 91 {{{ 102 {{{#!sh 92 103 $ tracd -p port --auth="base_project_dir,password_file_path,realm" project_path 93 104 }}} … … 105 116 Examples: 106 117 107 {{{ 118 {{{#!sh 108 119 $ tracd -p 8080 \ 109 120 --auth="project1,/path/to/passwordfile,mycompany.com" /path/to/project1 … … 111 122 112 123 Of course, the password file can be be shared so that it is used for more than one project: 113 {{{ 124 {{{#!sh 114 125 $ tracd -p 8080 \ 115 126 --auth="project1,/path/to/passwordfile,mycompany.com" \ … … 119 130 120 131 Another way to share the password file is to specify "*" for the project name: 121 {{{ 132 {{{#!sh 122 133 $ tracd -p 8080 \ 123 134 --auth="*,/path/to/users.htdigest,mycompany.com" \ … … 125 136 }}} 126 137 127 === Basic Authorization: Using a htpasswd password file ===138 === Basic Authorization: Using a htpasswd password file 128 139 This section describes how to use `tracd` with Apache .htpasswd files. 129 140 141 Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to 142 decode some htpasswd formats. Trac source code attempt an `import crypt` first, but there 143 is no such package for Python 2.6. Only `SHA-1` passwords (since Trac 1.0) work without this module. 144 130 145 To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): 131 {{{ 146 {{{#!sh 132 147 $ sudo htpasswd -c /path/to/env/.htpasswd username 133 148 }}} 134 149 then for additional users: 135 {{{ 150 {{{#!sh 136 151 $ sudo htpasswd /path/to/env/.htpasswd username2 137 152 }}} 138 153 139 154 Then to start `tracd` run something like this: 140 {{{ 155 {{{#!sh 141 156 $ tracd -p 8080 --basic-auth="projectdirname,/fullpath/environmentname/.htpasswd,realmname" /fullpath/environmentname 142 157 }}} 143 158 144 159 For example: 145 {{{ 160 {{{#!sh 146 161 $ tracd -p 8080 --basic-auth="testenv,/srv/tracenv/testenv/.htpasswd,My Test Env" /srv/tracenv/testenv 147 162 }}} 148 163 ''Note:'' You might need to pass "-m" as a parameter to htpasswd on some platforms (OpenBSD). 149 164 150 === Digest authentication: Using a htdigest password file ===165 === Digest authentication: Using a htdigest password file 151 166 152 167 If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions. You'll be prompted for a password to enter for each user that you create. For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. 153 168 154 Note that you can start tracd without the --authargument, but if you click on the ''Login'' link you will get an error.155 156 === Generating Passwords Without Apache ===157 158 Basic Authorization can be accomplished via this [http:// www.4webhelp.net/us/password.php online HTTP Password generator]. Copy the generated password-hash line to the .htpasswd file on your system.169 Note that you can start tracd without the `--auth` argument, but if you click on the ''Login'' link you will get an error. 170 171 === Generating Passwords Without Apache 172 173 Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`. Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5. 159 174 160 175 You can use this simple Python script to generate a '''digest''' password file: 161 176 162 {{{ 163 #!python 177 {{{#!python 164 178 from optparse import OptionParser 165 179 # The md5 module is deprecated in Python 2.5 … … 194 208 Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py): 195 209 196 {{{ 210 {{{#!sh 197 211 $ python trac-digest.py -u username -p password >> c:\digest.txt 198 212 $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name … … 202 216 It is possible to use `md5sum` utility to generate digest-password file: 203 217 {{{ 204 $ printf "${user}:trac:${password}" | md5sum - >>user.htdigest 205 }}} 206 and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'. 207 208 == Reference == 218 user= 219 realm= 220 password= 221 path_to_file= 222 echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file} 223 }}} 224 225 == Reference 209 226 210 227 Here's the online help, as a reminder (`tracd --help`): … … 222 239 -b HOSTNAME, --hostname=HOSTNAME 223 240 the host name or IP address to bind to 224 --protocol=PROTOCOL http|scgi|ajp 241 --protocol=PROTOCOL http|scgi|ajp|fcgi 225 242 -q, --unquote unquote PATH_INFO (may be needed when using ajp) 226 --http10 use HTTP/1.0 protocol version (default)227 --http11 use HTTP/1.1 protocol version instead of HTTP/1.0243 --http10 use HTTP/1.0 protocol version instead of HTTP/1.1 244 --http11 use HTTP/1.1 protocol version (default) 228 245 -e PARENTDIR, --env-parent-dir=PARENTDIR 229 246 parent directory of the project environments … … 232 249 -r, --auto-reload restart automatically when sources are modified 233 250 -s, --single-env only serve a single project without the project list 234 }}} 235 236 == Tips == 237 238 === Serving static content === 251 -d, --daemonize run in the background as a daemon 252 --pidfile=PIDFILE when daemonizing, file to which to write pid 253 --umask=MASK when daemonizing, file mode creation mask to use, in 254 octal notation (default 022) 255 --group=GROUP the group to run as 256 --user=USER the user to run as 257 }}} 258 259 Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started. 260 261 == Tips 262 263 === Serving static content 239 264 240 265 If `tracd` is the only web server used for the project, … … 247 272 Example: given a `$TRAC_ENV/htdocs/software-0.1.tar.gz` file, 248 273 the corresponding relative URL would be `/<project_name>/chrome/site/software-0.1.tar.gz`, 249 which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax). 250 251 ''Support for `htdocs:` TracLinks syntax was added in version 0.10'' 274 which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax). 252 275 253 276 === Using tracd behind a proxy … … 261 284 See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe]. 262 285 263 === Serving a different base path than / === 286 === Authentication for tracd behind a proxy 287 It is convenient to provide central external authentication to your tracd instances, instead of using `--basic-auth`. There is some discussion about this in #9206. 288 289 Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap. 290 291 First we bring tracd into Apache's location namespace. 292 293 {{{#!apache 294 <Location /project/proxified> 295 Require ldap-group cn=somegroup, ou=Groups,dc=domain.com 296 Require ldap-user somespecificusertoo 297 ProxyPass http://localhost:8101/project/proxified/ 298 # Turns out we don't really need complicated RewriteRules here at all 299 RequestHeader set REMOTE_USER %{REMOTE_USER}s 300 </Location> 301 }}} 302 303 Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory: 304 {{{#!python 305 from trac.core import * 306 from trac.config import BoolOption 307 from trac.web.api import IAuthenticator 308 309 class MyRemoteUserAuthenticator(Component): 310 311 implements(IAuthenticator) 312 313 obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false', 314 """Whether the 'Remote-User:' HTTP header is to be trusted for user logins 315 (''since ??.??').""") 316 317 def authenticate(self, req): 318 if self.obey_remote_user_header and req.get_header('Remote-User'): 319 return req.get_header('Remote-User') 320 return None 321 322 }}} 323 324 Add this new parameter to your TracIni: 325 {{{#!ini 326 [trac] 327 ... 328 obey_remote_user_header = true 329 ... 330 }}} 331 332 Run tracd: 333 {{{#!sh 334 tracd -p 8101 -r -s proxified --base-path=/project/proxified 335 }}} 336 337 Note that if you want to install this plugin for all projects, you have to put it in your [TracPlugins#Plugindiscovery global plugins_dir] and enable it in your global trac.ini. 338 339 Global config (e.g. `/srv/trac/conf/trac.ini`): 340 {{{#!ini 341 [components] 342 remote-user-auth.* = enabled 343 [inherit] 344 plugins_dir = /srv/trac/plugins 345 [trac] 346 obey_remote_user_header = true 347 }}} 348 349 Environment config (e.g. `/srv/trac/envs/myenv`): 350 {{{#!ini 351 [inherit] 352 file = /srv/trac/conf/trac.ini 353 }}} 354 355 === Serving a different base path than / 264 356 Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is 265 {{{ 357 {{{#!sh 266 358 $ tracd --base-path=/some/path 267 359 }}}