HAMcast developers

Changes between Version 1 and Version 2 of TracStandalone


Ignore:
Timestamp:
02/19/15 14:27:32 (10 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracStandalone

    v1 v2  
    1 = Tracd =
     1= Tracd
    22
    33Tracd is a lightweight standalone Trac web server.
    44It can be used in a variety of situations, from a test or development server to a multiprocess setup behind another web server used as a load balancer.
    55
    6 == Pros ==
     6== Pros
    77
    88 * Fewer dependencies: You don't need to install apache or any other web-server.
     
    1010 * Automatic reloading: For development, Tracd can be used in ''auto_reload'' mode, which will automatically restart the server whenever you make a change to the code (in Trac itself or in a plugin).
    1111
    12 == Cons ==
     12== Cons
    1313
    1414 * Fewer features: Tracd implements a very simple web-server and is not as configurable or as scalable as Apache httpd.
    1515 * No native HTTPS support: [http://www.rickk.com/sslwrap/ sslwrap] can be used instead,
    16    or [http://trac.edgewall.org/wiki/STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy.
    17 
    18 == Usage examples ==
     16   or [trac:wiki:STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy.
     17
     18== Usage examples
    1919
    2020A single project on port 8080. (http://localhost:8080/)
    21 {{{
     21{{{#!sh
    2222 $ tracd -p 8080 /path/to/project
    2323}}}
    24 Stricly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname'' option.
    25 {{{
     24Strictly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname'' option.
     25{{{#!sh
    2626 $ tracd --hostname=localhost -p 8080 /path/to/project
    2727}}}
    2828With more than one project. (http://localhost:8080/project1/ and http://localhost:8080/project2/)
    29 {{{
     29{{{#!sh
    3030 $ tracd -p 8080 /path/to/project1 /path/to/project2
    3131}}}
     
    3535
    3636An alternative way to serve multiple projects is to specify a parent directory in which each subdirectory is a Trac project, using the `-e` option. The example above could be rewritten:
    37 {{{
     37{{{#!sh
    3838 $ tracd -p 8080 -e /path/to
    3939}}}
    4040
    41 To exit the server on Windows, be sure to use {{{CTRL-BREAK}}} -- using {{{CTRL-C}}} will leave a Python process running in the background.
    42 
    43 == Installing as a Windows Service ==
    44 
    45 === Option 1 ===
     41To exit the server on Windows, be sure to use `CTRL-BREAK` -- using `CTRL-C` will leave a Python process running in the background.
     42
     43== Installing as a Windows Service
     44
     45=== Option 1
    4646To install as a Windows service, get the [http://www.google.com/search?q=srvany.exe SRVANY] utility and run:
    47 {{{
     47{{{#!cmd
    4848 C:\path\to\instsrv.exe tracd C:\path\to\srvany.exe
    4949 reg add HKLM\SYSTEM\CurrentControlSet\Services\tracd\Parameters /v Application /d "\"C:\path\to\python.exe\" \"C:\path\to\python\scripts\tracd-script.py\" <your tracd parameters>"
     
    5454
    5555If you want tracd to start automatically when you boot Windows, do:
    56 {{{
     56{{{#!cmd
    5757 sc config tracd start= auto
    5858}}}
     
    7474
    7575For Windows 7 User, srvany.exe may not be an option, so you can use [http://www.google.com/search?q=winserv.exe WINSERV] utility and run:
    76 {{{
     76{{{#!cmd
    7777"C:\path\to\winserv.exe" install tracd -displayname "tracd" -start auto "C:\path\to\python.exe" c:\path\to\python\scripts\tracd-script.py <your tracd parameters>"
    78 
    7978net start tracd
    8079}}}
    8180
    82 === Option 2 ===
     81=== Option 2
    8382
    8483Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service.
    8584
    86 == Using Authentication ==
     85=== Option 3
     86
     87also cygwin's cygrunsrv.exe can be used:
     88{{{#!sh
     89$ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects'
     90$ net start tracd
     91}}}
     92
     93== Using Authentication
     94
     95Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (htpasswd and htdigest) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without htpasswd or htdigest; see below for alternatives)
     96
     97Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux) may go undetected.
    8798
    8899Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line.
    89100
    90101The general format for using authentication is:
    91 {{{
     102{{{#!sh
    92103 $ tracd -p port --auth="base_project_dir,password_file_path,realm" project_path
    93104}}}
     
    105116Examples:
    106117
    107 {{{
     118{{{#!sh
    108119 $ tracd -p 8080 \
    109120   --auth="project1,/path/to/passwordfile,mycompany.com" /path/to/project1
     
    111122
    112123Of course, the password file can be be shared so that it is used for more than one project:
    113 {{{
     124{{{#!sh
    114125 $ tracd -p 8080 \
    115126   --auth="project1,/path/to/passwordfile,mycompany.com" \
     
    119130
    120131Another way to share the password file is to specify "*" for the project name:
    121 {{{
     132{{{#!sh
    122133 $ tracd -p 8080 \
    123134   --auth="*,/path/to/users.htdigest,mycompany.com" \
     
    125136}}}
    126137
    127 === Basic Authorization: Using a htpasswd password file ===
     138=== Basic Authorization: Using a htpasswd password file
    128139This section describes how to use `tracd` with Apache .htpasswd files.
    129140
     141  Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to
     142  decode some htpasswd formats.  Trac source code attempt an `import crypt` first, but there
     143  is no such package for Python 2.6. Only `SHA-1` passwords (since Trac 1.0) work without this module.
     144
    130145To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache):
    131 {{{
     146{{{#!sh
    132147 $ sudo htpasswd -c /path/to/env/.htpasswd username
    133148}}}
    134149then for additional users:
    135 {{{
     150{{{#!sh
    136151 $ sudo htpasswd /path/to/env/.htpasswd username2
    137152}}}
    138153
    139154Then to start `tracd` run something like this:
    140 {{{
     155{{{#!sh
    141156 $ tracd -p 8080 --basic-auth="projectdirname,/fullpath/environmentname/.htpasswd,realmname" /fullpath/environmentname
    142157}}}
    143158
    144159For example:
    145 {{{
     160{{{#!sh
    146161 $ tracd -p 8080 --basic-auth="testenv,/srv/tracenv/testenv/.htpasswd,My Test Env" /srv/tracenv/testenv
    147162}}}
    148163''Note:'' You might need to pass "-m" as a parameter to htpasswd on some platforms (OpenBSD).
    149164
    150 === Digest authentication: Using a htdigest password file ===
     165=== Digest authentication: Using a htdigest password file
    151166
    152167If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions.  You'll be prompted for a password to enter for each user that you create.  For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file.
    153168
    154 Note that you can start tracd without the --auth argument, but if you click on the ''Login'' link you will get an error.
    155 
    156 === Generating Passwords Without Apache ===
    157 
    158 Basic Authorization can be accomplished via this [http://www.4webhelp.net/us/password.php online HTTP Password generator].  Copy the generated password-hash line to the .htpasswd file on your system.
     169Note that you can start tracd without the `--auth` argument, but if you click on the ''Login'' link you will get an error.
     170
     171=== Generating Passwords Without Apache
     172
     173Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5.
    159174
    160175You can use this simple Python script to generate a '''digest''' password file:
    161176
    162 {{{
    163 #!python
     177{{{#!python
    164178from optparse import OptionParser
    165179# The md5 module is deprecated in Python 2.5
     
    194208Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py):
    195209
    196 {{{
     210{{{#!sh
    197211 $ python trac-digest.py -u username -p password >> c:\digest.txt
    198212 $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name
     
    202216It is possible to use `md5sum` utility to generate digest-password file:
    203217{{{
    204  $ printf "${user}:trac:${password}" | md5sum - >>user.htdigest
    205 }}}
    206 and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'.
    207 
    208 == Reference ==
     218user=
     219realm=
     220password=
     221path_to_file=
     222echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file}
     223}}}
     224
     225== Reference
    209226
    210227Here's the online help, as a reminder (`tracd --help`):
     
    222239  -b HOSTNAME, --hostname=HOSTNAME
    223240                        the host name or IP address to bind to
    224   --protocol=PROTOCOL   http|scgi|ajp
     241  --protocol=PROTOCOL   http|scgi|ajp|fcgi
    225242  -q, --unquote         unquote PATH_INFO (may be needed when using ajp)
    226   --http10              use HTTP/1.0 protocol version (default)
    227   --http11              use HTTP/1.1 protocol version instead of HTTP/1.0
     243  --http10              use HTTP/1.0 protocol version instead of HTTP/1.1
     244  --http11              use HTTP/1.1 protocol version (default)
    228245  -e PARENTDIR, --env-parent-dir=PARENTDIR
    229246                        parent directory of the project environments
     
    232249  -r, --auto-reload     restart automatically when sources are modified
    233250  -s, --single-env      only serve a single project without the project list
    234 }}}
    235 
    236 == Tips ==
    237 
    238 === Serving static content ===
     251  -d, --daemonize       run in the background as a daemon
     252  --pidfile=PIDFILE     when daemonizing, file to which to write pid
     253  --umask=MASK          when daemonizing, file mode creation mask to use, in
     254                        octal notation (default 022)
     255  --group=GROUP         the group to run as
     256  --user=USER           the user to run as
     257}}}
     258
     259Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started.
     260
     261== Tips
     262
     263=== Serving static content
    239264
    240265If `tracd` is the only web server used for the project,
     
    247272Example: given a `$TRAC_ENV/htdocs/software-0.1.tar.gz` file,
    248273the corresponding relative URL would be `/<project_name>/chrome/site/software-0.1.tar.gz`,
    249 which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax).
    250 
    251  ''Support for `htdocs:` TracLinks syntax was added in version 0.10''
     274which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax).
    252275
    253276=== Using tracd behind a proxy
     
    261284See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe].
    262285
    263 === Serving a different base path than / ===
     286=== Authentication for tracd behind a proxy
     287It is convenient to provide central external authentication to your tracd instances, instead of using `--basic-auth`. There is some discussion about this in #9206.
     288
     289Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap.
     290
     291First we bring tracd into Apache's location namespace.
     292
     293{{{#!apache
     294<Location /project/proxified>
     295        Require ldap-group cn=somegroup, ou=Groups,dc=domain.com
     296        Require ldap-user somespecificusertoo
     297        ProxyPass http://localhost:8101/project/proxified/
     298        # Turns out we don't really need complicated RewriteRules here at all
     299        RequestHeader set REMOTE_USER %{REMOTE_USER}s
     300</Location>
     301}}}
     302
     303Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory:
     304{{{#!python
     305from trac.core import *
     306from trac.config import BoolOption
     307from trac.web.api import IAuthenticator
     308
     309class MyRemoteUserAuthenticator(Component):
     310
     311    implements(IAuthenticator)
     312
     313    obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false',
     314               """Whether the 'Remote-User:' HTTP header is to be trusted for user logins
     315                (''since ??.??').""")
     316
     317    def authenticate(self, req):
     318        if self.obey_remote_user_header and req.get_header('Remote-User'):
     319            return req.get_header('Remote-User')
     320        return None
     321
     322}}}
     323
     324Add this new parameter to your TracIni:
     325{{{#!ini
     326[trac]
     327...
     328obey_remote_user_header = true
     329...
     330}}}
     331
     332Run tracd:
     333{{{#!sh
     334tracd -p 8101 -r -s proxified --base-path=/project/proxified
     335}}}
     336
     337Note that if you want to install this plugin for all projects, you have to put it in your [TracPlugins#Plugindiscovery global plugins_dir] and enable it in your global trac.ini.
     338
     339Global config (e.g. `/srv/trac/conf/trac.ini`):
     340{{{#!ini
     341[components]
     342remote-user-auth.* = enabled
     343[inherit]
     344plugins_dir = /srv/trac/plugins
     345[trac]
     346obey_remote_user_header = true
     347}}}
     348
     349Environment config (e.g. `/srv/trac/envs/myenv`):
     350{{{#!ini
     351[inherit]
     352file = /srv/trac/conf/trac.ini
     353}}}
     354
     355=== Serving a different base path than /
    264356Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is
    265 {{{
     357{{{#!sh
    266358 $ tracd --base-path=/some/path
    267359}}}