Changes between Version 2 and Version 3 of TracStandalone
- Timestamp:
- May 11, 2016, 1:39:07 PM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracStandalone
v2 v3 1 = Tracd =1 = Tracd 2 2 3 3 Tracd is a lightweight standalone Trac web server. 4 4 It can be used in a variety of situations, from a test or development server to a multiprocess setup behind another web server used as a load balancer. 5 5 6 == Pros ==6 == Pros 7 7 8 8 * Fewer dependencies: You don't need to install apache or any other web-server. … … 10 10 * Automatic reloading: For development, Tracd can be used in ''auto_reload'' mode, which will automatically restart the server whenever you make a change to the code (in Trac itself or in a plugin). 11 11 12 == Cons ==12 == Cons 13 13 14 14 * Fewer features: Tracd implements a very simple web-server and is not as configurable or as scalable as Apache httpd. 15 15 * No native HTTPS support: [http://www.rickk.com/sslwrap/ sslwrap] can be used instead, 16 or [ http://trac.edgewall.org/wiki/STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy.17 18 == Usage examples ==16 or [trac:wiki:STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy. 17 18 == Usage examples 19 19 20 20 A single project on port 8080. (http://localhost:8080/) 21 {{{ 21 {{{#!sh 22 22 $ tracd -p 8080 /path/to/project 23 23 }}} 24 Stric ly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname''option.25 {{{ 24 Strictly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use the `--hostname` option. 25 {{{#!sh 26 26 $ tracd --hostname=localhost -p 8080 /path/to/project 27 27 }}} 28 28 With more than one project. (http://localhost:8080/project1/ and http://localhost:8080/project2/) 29 {{{ 29 {{{#!sh 30 30 $ tracd -p 8080 /path/to/project1 /path/to/project2 31 31 }}} … … 35 35 36 36 An alternative way to serve multiple projects is to specify a parent directory in which each subdirectory is a Trac project, using the `-e` option. The example above could be rewritten: 37 {{{ 37 {{{#!sh 38 38 $ tracd -p 8080 -e /path/to 39 39 }}} 40 40 41 To exit the server on Windows, be sure to use {{{CTRL-BREAK}}} -- using {{{CTRL-C}}}will leave a Python process running in the background.42 43 == Installing as a Windows Service ==44 45 === Option 1 ===41 To exit the server on Windows, be sure to use `CTRL-BREAK` -- using `CTRL-C` will leave a Python process running in the background. 42 43 == Installing as a Windows Service 44 45 === Option 1 46 46 To install as a Windows service, get the [http://www.google.com/search?q=srvany.exe SRVANY] utility and run: 47 {{{ 47 {{{#!cmd 48 48 C:\path\to\instsrv.exe tracd C:\path\to\srvany.exe 49 49 reg add HKLM\SYSTEM\CurrentControlSet\Services\tracd\Parameters /v Application /d "\"C:\path\to\python.exe\" \"C:\path\to\python\scripts\tracd-script.py\" <your tracd parameters>" … … 54 54 55 55 If you want tracd to start automatically when you boot Windows, do: 56 {{{ 56 {{{#!cmd 57 57 sc config tracd start= auto 58 58 }}} … … 74 74 75 75 For Windows 7 User, srvany.exe may not be an option, so you can use [http://www.google.com/search?q=winserv.exe WINSERV] utility and run: 76 {{{ 76 {{{#!cmd 77 77 "C:\path\to\winserv.exe" install tracd -displayname "tracd" -start auto "C:\path\to\python.exe" c:\path\to\python\scripts\tracd-script.py <your tracd parameters>" 78 79 78 net start tracd 80 79 }}} 81 80 82 === Option 2 ===81 === Option 2 83 82 84 83 Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service. 85 84 86 == Using Authentication == 85 === Option 3 86 87 also cygwin's cygrunsrv.exe can be used: 88 {{{#!sh 89 $ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects' 90 $ net start tracd 91 }}} 92 93 == Using Authentication 94 95 Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (`htpasswd` and `htdigest`) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without `htpasswd` or `htdigest`; see below for alternatives) 96 97 {{{#!div style="border: 1pt dotted; margin: 1em" 98 **Attention:** Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux, or HFS+ on OSX). 99 }}} 87 100 88 101 Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line. 89 102 90 103 The general format for using authentication is: 91 {{{ 104 {{{#!sh 92 105 $ tracd -p port --auth="base_project_dir,password_file_path,realm" project_path 93 106 }}} … … 105 118 Examples: 106 119 107 {{{ 120 {{{#!sh 108 121 $ tracd -p 8080 \ 109 122 --auth="project1,/path/to/passwordfile,mycompany.com" /path/to/project1 … … 111 124 112 125 Of course, the password file can be be shared so that it is used for more than one project: 113 {{{ 126 {{{#!sh 114 127 $ tracd -p 8080 \ 115 128 --auth="project1,/path/to/passwordfile,mycompany.com" \ … … 119 132 120 133 Another way to share the password file is to specify "*" for the project name: 121 {{{ 134 {{{#!sh 122 135 $ tracd -p 8080 \ 123 136 --auth="*,/path/to/users.htdigest,mycompany.com" \ … … 125 138 }}} 126 139 127 === Basic Authorization: Using a htpasswd password file ===140 === Basic Authorization: Using a htpasswd password file 128 141 This section describes how to use `tracd` with Apache .htpasswd files. 129 142 143 Note: On Windows It is necessary to install the fcrypt package in order to 144 decode some htpasswd formats. Only `SHA-1` passwords (since Trac 1.0) work 145 without this module. 146 130 147 To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): 131 {{{ 148 {{{#!sh 132 149 $ sudo htpasswd -c /path/to/env/.htpasswd username 133 150 }}} 134 151 then for additional users: 135 {{{ 152 {{{#!sh 136 153 $ sudo htpasswd /path/to/env/.htpasswd username2 137 154 }}} 138 155 139 156 Then to start `tracd` run something like this: 140 {{{ 141 $ tracd -p 8080 --basic-auth="project dirname,/fullpath/environmentname/.htpasswd,realmname" /fullpath/environmentname157 {{{#!sh 158 $ tracd -p 8080 --basic-auth="project,/fullpath/environmentname/.htpasswd,realmname" /path/to/project 142 159 }}} 143 160 144 161 For example: 145 {{{ 146 $ tracd -p 8080 --basic-auth=" testenv,/srv/tracenv/testenv/.htpasswd,My Test Env" /srv/tracenv/testenv162 {{{#!sh 163 $ tracd -p 8080 --basic-auth="project,/srv/tracenv/testenv/.htpasswd,My Test Env" /path/to/project 147 164 }}} 148 165 ''Note:'' You might need to pass "-m" as a parameter to htpasswd on some platforms (OpenBSD). 149 166 150 === Digest authentication: Using a htdigest password file ===167 === Digest authentication: Using a htdigest password file 151 168 152 169 If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions. You'll be prompted for a password to enter for each user that you create. For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. 153 170 154 Note that you can start tracd without the --auth argument, but if you click on the ''Login'' link you will get an error. 155 156 === Generating Passwords Without Apache === 157 158 Basic Authorization can be accomplished via this [http://www.4webhelp.net/us/password.php online HTTP Password generator]. Copy the generated password-hash line to the .htpasswd file on your system. 159 160 You can use this simple Python script to generate a '''digest''' password file: 161 162 {{{ 163 #!python 164 from optparse import OptionParser 165 # The md5 module is deprecated in Python 2.5 166 try: 167 from hashlib import md5 168 except ImportError: 169 from md5 import md5 170 realm = 'trac' 171 172 # build the options 173 usage = "usage: %prog [options]" 174 parser = OptionParser(usage=usage) 175 parser.add_option("-u", "--username",action="store", dest="username", type = "string", 176 help="the username for whom to generate a password") 177 parser.add_option("-p", "--password",action="store", dest="password", type = "string", 178 help="the password to use") 179 parser.add_option("-r", "--realm",action="store", dest="realm", type = "string", 180 help="the realm in which to create the digest") 181 (options, args) = parser.parse_args() 182 183 # check options 184 if (options.username is None) or (options.password is None): 185 parser.error("You must supply both the username and password") 186 if (options.realm is not None): 187 realm = options.realm 188 189 # Generate the string to enter into the htdigest file 190 kd = lambda x: md5(':'.join(x)).hexdigest() 191 print ':'.join((options.username, realm, kd([options.username, realm, options.password]))) 192 }}} 193 194 Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py): 195 196 {{{ 197 $ python trac-digest.py -u username -p password >> c:\digest.txt 198 $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name 171 Note that you can start tracd without the `--auth` argument, but if you click on the ''Login'' link you will get an error. 172 173 === Generating Passwords Without Apache 174 175 Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`. Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd. Windows Python can grok MD5 password hashes just fine and you should use MD5. 176 177 Trac also provides `htpasswd` and `htdigest` scripts in `contrib`: 178 {{{#!sh 179 $ ./contrib/htpasswd.py -cb htpasswd user1 user1 180 $ ./contrib/htpasswd.py -b htpasswd user2 user2 181 }}} 182 183 {{{#!sh 184 $ ./contrib/htdigest.py -cb htdigest trac user1 user1 185 $ ./contrib/htdigest.py -b htdigest trac user2 user2 199 186 }}} 200 187 201 188 ==== Using `md5sum` 202 189 It is possible to use `md5sum` utility to generate digest-password file: 203 {{{ 204 $ printf "${user}:trac:${password}" | md5sum - >>user.htdigest 205 }}} 206 and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'. 207 208 == Reference == 190 {{{#!sh 191 user= 192 realm= 193 password= 194 path_to_file= 195 echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file} 196 }}} 197 198 == Reference 209 199 210 200 Here's the online help, as a reminder (`tracd --help`): … … 222 212 -b HOSTNAME, --hostname=HOSTNAME 223 213 the host name or IP address to bind to 224 --protocol=PROTOCOL http|scgi|ajp 214 --protocol=PROTOCOL http|scgi|ajp|fcgi 225 215 -q, --unquote unquote PATH_INFO (may be needed when using ajp) 226 --http10 use HTTP/1.0 protocol version (default)227 --http11 use HTTP/1.1 protocol version instead of HTTP/1.0216 --http10 use HTTP/1.0 protocol version instead of HTTP/1.1 217 --http11 use HTTP/1.1 protocol version (default) 228 218 -e PARENTDIR, --env-parent-dir=PARENTDIR 229 219 parent directory of the project environments … … 232 222 -r, --auto-reload restart automatically when sources are modified 233 223 -s, --single-env only serve a single project without the project list 234 }}} 235 236 == Tips == 237 238 === Serving static content === 224 -d, --daemonize run in the background as a daemon 225 --pidfile=PIDFILE when daemonizing, file to which to write pid 226 --umask=MASK when daemonizing, file mode creation mask to use, in 227 octal notation (default 022) 228 --group=GROUP the group to run as 229 --user=USER the user to run as 230 }}} 231 232 Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started. 233 234 == Tips 235 236 === Serving static content 239 237 240 238 If `tracd` is the only web server used for the project, … … 247 245 Example: given a `$TRAC_ENV/htdocs/software-0.1.tar.gz` file, 248 246 the corresponding relative URL would be `/<project_name>/chrome/site/software-0.1.tar.gz`, 249 which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax). 250 251 ''Support for `htdocs:` TracLinks syntax was added in version 0.10'' 247 which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax). 252 248 253 249 === Using tracd behind a proxy … … 261 257 See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe]. 262 258 263 === Serving a different base path than / === 259 === Authentication for tracd behind a proxy 260 It is convenient to provide central external authentication to your tracd instances, instead of using `--basic-auth`. There is some discussion about this in [trac:#9206]. 261 262 Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap. 263 264 First we bring tracd into Apache's location namespace. 265 266 {{{#!apache 267 <Location /project/proxified> 268 Require ldap-group cn=somegroup, ou=Groups,dc=domain.com 269 Require ldap-user somespecificusertoo 270 ProxyPass http://localhost:8101/project/proxified/ 271 # Turns out we don't really need complicated RewriteRules here at all 272 RequestHeader set REMOTE_USER %{REMOTE_USER}s 273 </Location> 274 }}} 275 276 Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory: 277 {{{#!python 278 from trac.core import * 279 from trac.config import BoolOption 280 from trac.web.api import IAuthenticator 281 282 class MyRemoteUserAuthenticator(Component): 283 284 implements(IAuthenticator) 285 286 obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false', 287 """Whether the 'Remote-User:' HTTP header is to be trusted for user logins 288 (''since ??.??').""") 289 290 def authenticate(self, req): 291 if self.obey_remote_user_header and req.get_header('Remote-User'): 292 return req.get_header('Remote-User') 293 return None 294 295 }}} 296 297 Add this new parameter to your TracIni: 298 {{{#!ini 299 [trac] 300 ... 301 obey_remote_user_header = true 302 ... 303 }}} 304 305 Run tracd: 306 {{{#!sh 307 tracd -p 8101 -s proxified --base-path=/project/proxified 308 }}} 309 310 Note that if you want to install this plugin for all projects, you have to put it in your [TracPlugins#Plugindiscovery global plugins_dir] and enable it in your global trac.ini. 311 312 Global config (e.g. `/srv/trac/conf/trac.ini`): 313 {{{#!ini 314 [components] 315 remote-user-auth.* = enabled 316 [inherit] 317 plugins_dir = /srv/trac/plugins 318 [trac] 319 obey_remote_user_header = true 320 }}} 321 322 Environment config (e.g. `/srv/trac/envs/myenv`): 323 {{{#!ini 324 [inherit] 325 file = /srv/trac/conf/trac.ini 326 }}} 327 328 === Serving a different base path than / 264 329 Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is 265 {{{ 330 {{{#!sh 266 331 $ tracd --base-path=/some/path 267 332 }}}