Changes between Version 1 and Version 2 of TracStandalone


Ignore:
Timestamp:
Jul 17, 2008 10:45:00 AM (12 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracStandalone

    v1 v2  
    11= Tracd = 
    22 
    3 Tracd is a lightweight standalone Trac web server. 
    4 It can be used in a variety of situations, from a test or development server to a multiprocess setup behind another web server used as a load balancer. 
     3Tracd is a lightweight standalone Trac web server. In most cases it's easier to setup and runs faster than the [wiki:TracCgi CGI script]. 
    54 
    65== Pros == 
    76 
    87 * Fewer dependencies: You don't need to install apache or any other web-server. 
    9  * Fast: Should be almost as fast as the [wiki:TracModPython mod_python] version (and much faster than the [wiki:TracCgi CGI]), even more so since version 0.12 where the HTTP/1.1 version of the protocol is enabled by default 
     8 * Fast: Should be almost as fast as the [wiki:TracModPython mod_python] version (and much faster than the [wiki:TracCgi CGI]). 
    109 * Automatic reloading: For development, Tracd can be used in ''auto_reload'' mode, which will automatically restart the server whenever you make a change to the code (in Trac itself or in a plugin). 
    1110 
    1211== Cons == 
    1312 
    14  * Fewer features: Tracd implements a very simple web-server and is not as configurable or as scalable as Apache httpd. 
     13 * Fewer features: Tracd implements a very simple web-server and is not as configurable or as scalable as Apache HTTPD. 
    1514 * No native HTTPS support: [http://www.rickk.com/sslwrap/ sslwrap] can be used instead, 
    1615   or [http://trac.edgewall.org/wiki/STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy. 
     
    4140To exit the server on Windows, be sure to use {{{CTRL-BREAK}}} -- using {{{CTRL-C}}} will leave a Python process running in the background. 
    4241 
    43 == Installing as a Windows Service == 
    44  
    45 === Option 1 === 
    46 To install as a Windows service, get the [http://www.google.com/search?q=srvany.exe SRVANY] utility and run: 
    47 {{{ 
    48  C:\path\to\instsrv.exe tracd C:\path\to\srvany.exe 
    49  reg add HKLM\SYSTEM\CurrentControlSet\Services\tracd\Parameters /v Application /d "\"C:\path\to\python.exe\" \"C:\path\to\python\scripts\tracd-script.py\" <your tracd parameters>" 
    50  net start tracd 
    51 }}} 
    52  
    53 '''DO NOT''' use {{{tracd.exe}}}.  Instead register {{{python.exe}}} directly with {{{tracd-script.py}}} as a parameter.  If you use {{{tracd.exe}}}, it will spawn the python process without SRVANY's knowledge.  This python process will survive a {{{net stop tracd}}}. 
    54  
    55 If you want tracd to start automatically when you boot Windows, do: 
    56 {{{ 
    57  sc config tracd start= auto 
    58 }}} 
    59  
    60 The spacing here is important. 
    61  
    62 {{{#!div 
    63 Once the service is installed, it might be simpler to run the Registry Editor rather than use the `reg add` command documented above.  Navigate to:[[BR]] 
    64 `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tracd\Parameters` 
    65  
    66 Three (string) parameters are provided: 
    67 ||!AppDirectory ||C:\Python26\ || 
    68 ||Application ||python.exe || 
    69 ||!AppParameters ||scripts\tracd-script.py -p 8080 ... || 
    70  
    71 Note that, if the !AppDirectory is set as above, the paths of the executable ''and'' of the script name and parameter values are relative to the directory.  This makes updating Python a little simpler because the change can be limited, here, to a single point. 
    72 (This is true for the path to the .htpasswd file, as well, despite the documentation calling out the /full/path/to/htpasswd; however, you may not wish to store that file under the Python directory.) 
    73 }}} 
    74  
    75 For Windows 7 User, srvany.exe may not be an option, so you can use [http://www.google.com/search?q=winserv.exe WINSERV] utility and run: 
    76 {{{ 
    77 "C:\path\to\winserv.exe" install tracd -displayname "tracd" -start auto "C:\path\to\python.exe" c:\path\to\python\scripts\tracd-script.py <your tracd parameters>" 
    78  
    79 net start tracd 
    80 }}} 
    81  
    82 === Option 2 === 
    83  
    84 Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service. 
    85  
    86 === Option 3 === 
    87  
    88 also cygwin's cygrunsrv.exe can be used: 
    89 {{{ 
    90 $ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects' 
    91 $ net start tracd 
    92 }}} 
    9342 
    9443== Using Authentication == 
    9544 
    96 Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line. 
     45Using tracd with Apache .htpasswd files: 
     46 
     47To create a .htpasswd file using htpasswd: 
     48 
     49{{{ 
     50sudo htpasswd -c /path/to/env/.htpasswd username 
     51}}} 
     52then for additional users: 
     53{{{ 
     54sudo htpasswd /var/www/html/.htpasswd-users username2 
     55}}} 
     56then for starting the tracd: 
     57{{{ 
     58tracd -p 8080 --basic-auth=environmentname,/fullpath/environmentname/.htpasswd,/fullpath/environmentname /fullpath/environmentname 
     59}}} 
     60 
     61 
     62Tracd provides support for both Basic and Digest authentication. The default is to use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the examples below. (You must still specify a dialogic "realm", which can be an empty string by trailing the BASICAUTH with a comma.) 
     63 
     64  ''Support for Basic authentication was added in version 0.9.'' 
    9765 
    9866The general format for using authentication is: 
     67 
    9968{{{ 
    100  $ tracd -p port --auth="base_project_dir,password_file_path,realm" project_path 
     69 $ tracd -p port --auth=base_project_dir,password_file_path,realm project_path 
    10170}}} 
     71 
    10272where: 
    103  * '''base_project_dir''': the base directory of the project specified as follows: 
    104    * when serving multiple projects: ''relative'' to the `project_path` 
    105    * when serving only a single project (`-s`): the name of the project directory 
    106  Don't use an absolute path here as this won't work. ''Note:'' This parameter is case-sensitive even for environments on Windows. 
    107  * '''password_file_path''': path to the password file 
    108  * '''realm''': the realm name (can be anything) 
    109  * '''project_path''': path of the project 
    11073 
    111  * **`--auth`** in the above means use Digest authentication, replace `--auth` with `--basic-auth` if you want to use Basic auth.  Although Basic authentication does not require a "realm", the command parser does, so the second comma is required, followed directly by the closing quote for an empty realm name. 
     74 * '''base_project_dir''' is the base directory of the project; note: this doesn't refer to the project name, and it is case-sensitive even for windows environments 
     75 * '''password_file_path''' path of the password file 
     76 * '''realm''' realm 
     77 * '''project_path''' path of the project 
    11278 
    113 Examples: 
     79Example: 
    11480 
    11581{{{ 
    11682 $ tracd -p 8080 \ 
    117    --auth="project1,/path/to/passwordfile,mycompany.com" /path/to/project1 
     83   --auth=project1,/path/to/users.htdigest,mycompany.com /path/to/project1 
    11884}}} 
    119  
    120 Of course, the password file can be be shared so that it is used for more than one project: 
     85Of course, the digest file can be be shared so that it is used for more than one project: 
    12186{{{ 
    12287 $ tracd -p 8080 \ 
    123    --auth="project1,/path/to/passwordfile,mycompany.com" \ 
    124    --auth="project2,/path/to/passwordfile,mycompany.com" \ 
     88   --auth=project1,/path/to/users.htdigest,mycompany.com \ 
     89   --auth=project2,/path/to/users.htdigest,mycompany.com \ 
    12590   /path/to/project1 /path/to/project2 
    12691}}} 
    12792 
    128 Another way to share the password file is to specify "*" for the project name: 
     93Another way to share the digest file is to specify "*" 
     94for the project name: 
    12995{{{ 
    13096 $ tracd -p 8080 \ 
    131    --auth="*,/path/to/users.htdigest,mycompany.com" \ 
     97   --auth=*,/path/to/users.htdigest,mycompany.com \ 
    13298   /path/to/project1 /path/to/project2 
    13399}}} 
    134100 
    135 === Basic Authorization: Using a htpasswd password file === 
    136 This section describes how to use `tracd` with Apache .htpasswd files. 
    137  
    138   Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to 
    139   decode the htpasswd format.  Trac source code attempt an `import crypt` first, but there 
    140   is no such package for Python 2.6. 
    141  
    142 To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): 
    143 {{{ 
    144  $ sudo htpasswd -c /path/to/env/.htpasswd username 
    145 }}} 
    146 then for additional users: 
    147 {{{ 
    148  $ sudo htpasswd /path/to/env/.htpasswd username2 
    149 }}} 
    150  
    151 Then to start `tracd` run something like this: 
    152 {{{ 
    153  $ tracd -p 8080 --basic-auth="projectdirname,/fullpath/environmentname/.htpasswd,realmname" /fullpath/environmentname 
    154 }}} 
    155  
    156 For example: 
    157 {{{ 
    158  $ tracd -p 8080 --basic-auth="testenv,/srv/tracenv/testenv/.htpasswd,My Test Env" /srv/tracenv/testenv 
    159 }}} 
    160 ''Note:'' You might need to pass "-m" as a parameter to htpasswd on some platforms (OpenBSD). 
    161  
    162 === Digest authentication: Using a htdigest password file === 
     101== How to set up an htdigest password file == 
    163102 
    164103If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions.  You'll be prompted for a password to enter for each user that you create.  For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. 
     
    166105Note that you can start tracd without the --auth argument, but if you click on the ''Login'' link you will get an error. 
    167106 
    168 === Generating Passwords Without Apache === 
     107== Generating Passwords Without Apache == 
    169108 
    170 Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator].  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5. 
    171  
    172 You can use this simple Python script to generate a '''digest''' password file: 
     109If you don't have Apache available, you can use this simple Python script to generate your passwords: 
    173110 
    174111{{{ 
    175112#!python 
    176113from optparse import OptionParser 
    177 # The md5 module is deprecated in Python 2.5 
    178 try: 
    179     from hashlib import md5 
    180 except ImportError: 
    181     from md5 import md5 
    182 realm = 'trac' 
     114import md5 
    183115 
    184116# build the options 
     
    189121parser.add_option("-p", "--password",action="store", dest="password", type = "string", 
    190122                  help="the password to use") 
    191 parser.add_option("-r", "--realm",action="store", dest="realm", type = "string", 
    192                   help="the realm in which to create the digest") 
    193123(options, args) = parser.parse_args() 
    194124 
     
    196126if (options.username is None) or (options.password is None): 
    197127   parser.error("You must supply both the username and password") 
    198 if (options.realm is not None): 
    199    realm = options.realm 
    200128    
    201129# Generate the string to enter into the htdigest file 
    202 kd = lambda x: md5(':'.join(x)).hexdigest() 
     130realm = 'trac' 
     131kd = lambda x: md5.md5(':'.join(x)).hexdigest() 
    203132print ':'.join((options.username, realm, kd([options.username, realm, options.password]))) 
    204133}}} 
    205134 
    206 Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py): 
     135Note: If you use the above script you must use the --auth option to tracd, not --basic-auth, and you must set the realm in the --auth value to 'trac' (without the quotes). Example usage (assuming you saved the script as trac-digest.py): 
    207136 
    208137{{{ 
    209  $ python trac-digest.py -u username -p password >> c:\digest.txt 
    210  $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name 
     138python trac-digest.py -u username -p password >> c:\digest.txt 
     139tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name 
    211140}}} 
    212141 
    213 ==== Using `md5sum` 
    214 It is possible to use `md5sum` utility to generate digest-password file: 
     142Note: If you would like to use --basic-auth you need to use htpasswd tool from apache server to generate .htpasswd file. The remaining part is similar but make sure to use empty realm (i.e. coma after path). When using on Windows make sure to use -m option for it (did not tested it on *nix, so not sure if that is the case there).  If you do not have Apache, [trac:source:/tags/trac-0.11b2/contrib/htpasswd.py htpasswd.py] may help.  (Note that it requires a `crypt` or `fcrypt` module; see the source comments for details.) 
     143 
     144It is possible to use md5sum utility to generate digest-password file using such method: 
    215145{{{ 
    216 user= 
    217 realm= 
    218 password= 
    219 path_to_file= 
    220 echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file} 
     146echo -e "${user}:trac:${password}\c" | md5sum - >>to-file 
    221147}}} 
    222  
    223 == Reference == 
    224  
    225 Here's the online help, as a reminder (`tracd --help`): 
    226 {{{ 
    227 Usage: tracd [options] [projenv] ... 
    228  
    229 Options: 
    230   --version             show program's version number and exit 
    231   -h, --help            show this help message and exit 
    232   -a DIGESTAUTH, --auth=DIGESTAUTH 
    233                         [projectdir],[htdigest_file],[realm] 
    234   --basic-auth=BASICAUTH 
    235                         [projectdir],[htpasswd_file],[realm] 
    236   -p PORT, --port=PORT  the port number to bind to 
    237   -b HOSTNAME, --hostname=HOSTNAME 
    238                         the host name or IP address to bind to 
    239   --protocol=PROTOCOL   http|scgi|ajp|fcgi 
    240   -q, --unquote         unquote PATH_INFO (may be needed when using ajp) 
    241   --http10              use HTTP/1.0 protocol version instead of HTTP/1.1 
    242   --http11              use HTTP/1.1 protocol version (default) 
    243   -e PARENTDIR, --env-parent-dir=PARENTDIR 
    244                         parent directory of the project environments 
    245   --base-path=BASE_PATH 
    246                         the initial portion of the request URL's "path" 
    247   -r, --auto-reload     restart automatically when sources are modified 
    248   -s, --single-env      only serve a single project without the project list 
    249   -d, --daemonize       run in the background as a daemon 
    250   --pidfile=PIDFILE     When daemonizing, file to which to write pid 
    251   --umask=MASK          When daemonizing, file mode creation mask to use, in 
    252                         octal notation (default 022) 
    253 }}} 
    254  
    255 Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started. 
     148and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'. You can see attachment:trac-digest-corrected.sh for detail. 
    256149 
    257150== Tips == 
     
    259152=== Serving static content === 
    260153 
    261 If `tracd` is the only web server used for the project,  
     154If `tracd` is the only webserver used for the project,  
    262155it can also be used to distribute static content  
    263156(tarballs, Doxygen documentation, etc.) 
     
    268161Example: given a `$TRAC_ENV/htdocs/software-0.1.tar.gz` file, 
    269162the corresponding relative URL would be `/<project_name>/chrome/site/software-0.1.tar.gz`,  
    270 which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax).  
     163which in turn can be written using the relative link syntax 
     164in the Wiki: `[/<project_name>/chrome/site/software-0.1.tar.gz]`  
    271165 
    272  ''Support for `htdocs:` TracLinks syntax was added in version 0.10'' 
     166The development version of Trac supports a new `htdocs:` TracLinks  
     167syntax for the above. With this, the example link above can be written simply  
     168`htdocs:software-0.1.tar.gz`.  
    273169 
    274 === Using tracd behind a proxy 
    275  
    276 In some situations when you choose to use tracd behind Apache or another web server. 
    277  
    278 In this situation, you might experience issues with redirects, like being redirected to URLs with the wrong host or protocol. In this case (and only in this case), setting the `[trac] use_base_url_for_redirect` to `true` can help, as this will force Trac to use the value of `[trac] base_url` for doing the redirects. 
    279  
    280 If you're using the AJP protocol to connect with `tracd` (which is possible if you have flup installed), then you might experience problems with double quoting. Consider adding the `--unquote` parameter. 
    281  
    282 See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe]. 
    283  
    284 === Authentication for tracd behind a proxy 
    285 It is convenient to provide central external authentication to your tracd instances, instead of using {{{--basic-auth}}}. There is some discussion about this in #9206. 
    286  
    287 Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap. 
    288  
    289 First we bring tracd into Apache's location namespace. 
    290  
    291 {{{ 
    292 <Location /project/proxified> 
    293         Require ldap-group cn=somegroup, ou=Groups,dc=domain.com 
    294         Require ldap-user somespecificusertoo 
    295         ProxyPass http://localhost:8101/project/proxified/ 
    296         # Turns out we don't really need complicated RewriteRules here at all 
    297         RequestHeader set REMOTE_USER %{REMOTE_USER}s 
    298 </Location> 
    299 }}} 
    300  
    301 Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory: 
    302 {{{ 
    303 #!python 
    304 from trac.core import * 
    305 from trac.config import BoolOption 
    306 from trac.web.api import IAuthenticator 
    307  
    308 class MyRemoteUserAuthenticator(Component): 
    309  
    310     implements(IAuthenticator) 
    311  
    312     obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false',  
    313                """Whether the 'Remote-User:' HTTP header is to be trusted for user logins  
    314                 (''since ??.??').""")  
    315  
    316     def authenticate(self, req): 
    317         if self.obey_remote_user_header and req.get_header('Remote-User'):  
    318             return req.get_header('Remote-User')  
    319         return None 
    320  
    321 }}} 
    322  
    323 Add this new parameter to your TracIni: 
    324 {{{ 
    325 ... 
    326 [trac] 
    327 ... 
    328 obey_remote_user_header = true 
    329 ... 
    330 }}} 
    331  
    332 Run tracd: 
    333 {{{ 
    334 tracd -p 8101 -r -s proxified --base-path=/project/proxified 
    335 }}} 
     170=== Using apache rewrite rules === 
     171In some situations when you choose to use tracd behind apache, you might experience issues with redirects, like being redirected to URLs with the wrong host or protocol. In this case (and only in this case), setting the `[trac] use_base_url_for_redirect` to `true` can help, as this will force Trac to use the value of `[trac] base_url` for doing the redirects. 
    336172 
    337173=== Serving a different base path than / === 
    338 Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is 
     174Tracd supports serving projects with different base urls then /<project>. The parameter name to change this is 
    339175{{{ 
    340  $ tracd --base-path=/some/path 
     176tracd --base-path=/some/path 
    341177}}} 
    342178 
    343179---- 
    344 See also: TracInstall, TracCgi, TracModPython, TracGuide, [trac:TracOnWindowsStandalone#RunningTracdasservice Running tracd.exe as a Windows service] 
     180See also: TracInstall, TracCgi, TracModPython, TracGuide