Changes between Version 1 and Version 2 of TracStandalone


Ignore:
Timestamp:
Jan 13, 2014 4:30:30 PM (11 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracStandalone

    v1 v2  
     1** Note: this page documents the version 1.0 of Trac, see [[0.12/TracStandalone]] if you need the previous version ** 
    12= Tracd = 
    23 
     
    8384 
    8485Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service. 
     86 
     87=== Option 3 === 
     88 
     89also cygwin's cygrunsrv.exe can be used: 
     90{{{ 
     91$ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects' 
     92$ net start tracd 
     93}}} 
    8594 
    8695== Using Authentication == 
     
    128137This section describes how to use `tracd` with Apache .htpasswd files. 
    129138 
     139  Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to 
     140  decode some htpasswd formats.  Trac source code attempt an `import crypt` first, but there 
     141  is no such package for Python 2.6. Only `SHA-1` passwords (since Trac 1.0) work without this module. 
     142 
    130143To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): 
    131144{{{ 
     
    152165If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions.  You'll be prompted for a password to enter for each user that you create.  For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. 
    153166 
    154 Note that you can start tracd without the --auth argument, but if you click on the ''Login'' link you will get an error. 
     167Note that you can start tracd without the `--auth` argument, but if you click on the ''Login'' link you will get an error. 
    155168 
    156169=== Generating Passwords Without Apache === 
    157170 
    158 Basic Authorization can be accomplished via this [http://www.4webhelp.net/us/password.php online HTTP Password generator].  Copy the generated password-hash line to the .htpasswd file on your system. 
     171Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5. 
    159172 
    160173You can use this simple Python script to generate a '''digest''' password file: 
     
    202215It is possible to use `md5sum` utility to generate digest-password file: 
    203216{{{ 
    204  $ printf "${user}:trac:${password}" | md5sum - >>user.htdigest 
    205 }}} 
    206 and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'. 
     217user= 
     218realm= 
     219password= 
     220path_to_file= 
     221echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file} 
     222}}} 
    207223 
    208224== Reference == 
     
    222238  -b HOSTNAME, --hostname=HOSTNAME 
    223239                        the host name or IP address to bind to 
    224   --protocol=PROTOCOL   http|scgi|ajp 
     240  --protocol=PROTOCOL   http|scgi|ajp|fcgi 
    225241  -q, --unquote         unquote PATH_INFO (may be needed when using ajp) 
    226   --http10              use HTTP/1.0 protocol version (default) 
    227   --http11              use HTTP/1.1 protocol version instead of HTTP/1.0 
     242  --http10              use HTTP/1.0 protocol version instead of HTTP/1.1 
     243  --http11              use HTTP/1.1 protocol version (default) 
    228244  -e PARENTDIR, --env-parent-dir=PARENTDIR 
    229245                        parent directory of the project environments 
     
    232248  -r, --auto-reload     restart automatically when sources are modified 
    233249  -s, --single-env      only serve a single project without the project list 
    234 }}} 
     250  -d, --daemonize       run in the background as a daemon 
     251  --pidfile=PIDFILE     when daemonizing, file to which to write pid 
     252  --umask=MASK          when daemonizing, file mode creation mask to use, in 
     253                        octal notation (default 022) 
     254  --group=GROUP         the group to run as 
     255  --user=USER           the user to run as 
     256}}} 
     257 
     258Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started. 
    235259 
    236260== Tips == 
     
    261285See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe]. 
    262286 
     287=== Authentication for tracd behind a proxy 
     288It is convenient to provide central external authentication to your tracd instances, instead of using {{{--basic-auth}}}. There is some discussion about this in #9206. 
     289 
     290Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap. 
     291 
     292First we bring tracd into Apache's location namespace. 
     293 
     294{{{ 
     295<Location /project/proxified> 
     296        Require ldap-group cn=somegroup, ou=Groups,dc=domain.com 
     297        Require ldap-user somespecificusertoo 
     298        ProxyPass http://localhost:8101/project/proxified/ 
     299        # Turns out we don't really need complicated RewriteRules here at all 
     300        RequestHeader set REMOTE_USER %{REMOTE_USER}s 
     301</Location> 
     302}}} 
     303 
     304Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory: 
     305{{{ 
     306#!python 
     307from trac.core import * 
     308from trac.config import BoolOption 
     309from trac.web.api import IAuthenticator 
     310 
     311class MyRemoteUserAuthenticator(Component): 
     312 
     313    implements(IAuthenticator) 
     314 
     315    obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false',  
     316               """Whether the 'Remote-User:' HTTP header is to be trusted for user logins  
     317                (''since ??.??').""")  
     318 
     319    def authenticate(self, req): 
     320        if self.obey_remote_user_header and req.get_header('Remote-User'):  
     321            return req.get_header('Remote-User')  
     322        return None 
     323 
     324}}} 
     325 
     326Add this new parameter to your TracIni: 
     327{{{ 
     328... 
     329[trac] 
     330... 
     331obey_remote_user_header = true 
     332... 
     333}}} 
     334 
     335Run tracd: 
     336{{{ 
     337tracd -p 8101 -r -s proxified --base-path=/project/proxified 
     338}}} 
     339 
     340Note that if you want to install this plugin for all projects, you have to put it in your [TracPlugins#Plugindiscovery global plugins_dir] and enable it in your global trac.ini. 
     341 
     342Global config (e.g. `/srv/trac/conf/trac.ini`): 
     343{{{ 
     344[components] 
     345remote-user-auth.* = enabled 
     346[inherit] 
     347plugins_dir = /srv/trac/plugins 
     348[trac] 
     349obey_remote_user_header = true 
     350}}} 
     351 
     352Environment config (e.g. `/srv/trac/envs/myenv`): 
     353{{{ 
     354[inherit] 
     355file = /srv/trac/conf/trac.ini 
     356}}} 
     357 
    263358=== Serving a different base path than / === 
    264359Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is