Changes between Initial Version and Version 1 of TracStandalone


Ignore:
Timestamp:
Jan 8, 2013 12:57:55 PM (12 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracStandalone

    v1 v1  
     1** Note: this page documents the version 1.0 of Trac, see [[0.12/TracStandalone]] if you need the previous version ** 
     2= Tracd = 
     3 
     4Tracd is a lightweight standalone Trac web server. 
     5It can be used in a variety of situations, from a test or development server to a multiprocess setup behind another web server used as a load balancer. 
     6 
     7== Pros == 
     8 
     9 * Fewer dependencies: You don't need to install apache or any other web-server. 
     10 * Fast: Should be almost as fast as the [wiki:TracModPython mod_python] version (and much faster than the [wiki:TracCgi CGI]), even more so since version 0.12 where the HTTP/1.1 version of the protocol is enabled by default 
     11 * Automatic reloading: For development, Tracd can be used in ''auto_reload'' mode, which will automatically restart the server whenever you make a change to the code (in Trac itself or in a plugin). 
     12 
     13== Cons == 
     14 
     15 * Fewer features: Tracd implements a very simple web-server and is not as configurable or as scalable as Apache httpd. 
     16 * No native HTTPS support: [http://www.rickk.com/sslwrap/ sslwrap] can be used instead, 
     17   or [http://trac.edgewall.org/wiki/STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy. 
     18 
     19== Usage examples == 
     20 
     21A single project on port 8080. (http://localhost:8080/) 
     22{{{ 
     23 $ tracd -p 8080 /path/to/project 
     24}}} 
     25Stricly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname'' option. 
     26{{{ 
     27 $ tracd --hostname=localhost -p 8080 /path/to/project 
     28}}} 
     29With more than one project. (http://localhost:8080/project1/ and http://localhost:8080/project2/) 
     30{{{ 
     31 $ tracd -p 8080 /path/to/project1 /path/to/project2 
     32}}} 
     33 
     34You can't have the last portion of the path identical between the projects since Trac uses that name to keep the URLs of the 
     35different projects unique. So if you use `/project1/path/to` and `/project2/path/to`, you will only see the second project. 
     36 
     37An alternative way to serve multiple projects is to specify a parent directory in which each subdirectory is a Trac project, using the `-e` option. The example above could be rewritten: 
     38{{{ 
     39 $ tracd -p 8080 -e /path/to 
     40}}} 
     41 
     42To exit the server on Windows, be sure to use {{{CTRL-BREAK}}} -- using {{{CTRL-C}}} will leave a Python process running in the background. 
     43 
     44== Installing as a Windows Service == 
     45 
     46=== Option 1 === 
     47To install as a Windows service, get the [http://www.google.com/search?q=srvany.exe SRVANY] utility and run: 
     48{{{ 
     49 C:\path\to\instsrv.exe tracd C:\path\to\srvany.exe 
     50 reg add HKLM\SYSTEM\CurrentControlSet\Services\tracd\Parameters /v Application /d "\"C:\path\to\python.exe\" \"C:\path\to\python\scripts\tracd-script.py\" <your tracd parameters>" 
     51 net start tracd 
     52}}} 
     53 
     54'''DO NOT''' use {{{tracd.exe}}}.  Instead register {{{python.exe}}} directly with {{{tracd-script.py}}} as a parameter.  If you use {{{tracd.exe}}}, it will spawn the python process without SRVANY's knowledge.  This python process will survive a {{{net stop tracd}}}. 
     55 
     56If you want tracd to start automatically when you boot Windows, do: 
     57{{{ 
     58 sc config tracd start= auto 
     59}}} 
     60 
     61The spacing here is important. 
     62 
     63{{{#!div 
     64Once the service is installed, it might be simpler to run the Registry Editor rather than use the `reg add` command documented above.  Navigate to:[[BR]] 
     65`HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tracd\Parameters` 
     66 
     67Three (string) parameters are provided: 
     68||!AppDirectory ||C:\Python26\ || 
     69||Application ||python.exe || 
     70||!AppParameters ||scripts\tracd-script.py -p 8080 ... || 
     71 
     72Note that, if the !AppDirectory is set as above, the paths of the executable ''and'' of the script name and parameter values are relative to the directory.  This makes updating Python a little simpler because the change can be limited, here, to a single point. 
     73(This is true for the path to the .htpasswd file, as well, despite the documentation calling out the /full/path/to/htpasswd; however, you may not wish to store that file under the Python directory.) 
     74}}} 
     75 
     76For Windows 7 User, srvany.exe may not be an option, so you can use [http://www.google.com/search?q=winserv.exe WINSERV] utility and run: 
     77{{{ 
     78"C:\path\to\winserv.exe" install tracd -displayname "tracd" -start auto "C:\path\to\python.exe" c:\path\to\python\scripts\tracd-script.py <your tracd parameters>" 
     79 
     80net start tracd 
     81}}} 
     82 
     83=== Option 2 === 
     84 
     85Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service. 
     86 
     87=== Option 3 === 
     88 
     89also cygwin's cygrunsrv.exe can be used: 
     90{{{ 
     91$ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects' 
     92$ net start tracd 
     93}}} 
     94 
     95== Using Authentication == 
     96 
     97Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line. 
     98 
     99The general format for using authentication is: 
     100{{{ 
     101 $ tracd -p port --auth="base_project_dir,password_file_path,realm" project_path 
     102}}} 
     103where: 
     104 * '''base_project_dir''': the base directory of the project specified as follows: 
     105   * when serving multiple projects: ''relative'' to the `project_path` 
     106   * when serving only a single project (`-s`): the name of the project directory 
     107 Don't use an absolute path here as this won't work. ''Note:'' This parameter is case-sensitive even for environments on Windows. 
     108 * '''password_file_path''': path to the password file 
     109 * '''realm''': the realm name (can be anything) 
     110 * '''project_path''': path of the project 
     111 
     112 * **`--auth`** in the above means use Digest authentication, replace `--auth` with `--basic-auth` if you want to use Basic auth.  Although Basic authentication does not require a "realm", the command parser does, so the second comma is required, followed directly by the closing quote for an empty realm name. 
     113 
     114Examples: 
     115 
     116{{{ 
     117 $ tracd -p 8080 \ 
     118   --auth="project1,/path/to/passwordfile,mycompany.com" /path/to/project1 
     119}}} 
     120 
     121Of course, the password file can be be shared so that it is used for more than one project: 
     122{{{ 
     123 $ tracd -p 8080 \ 
     124   --auth="project1,/path/to/passwordfile,mycompany.com" \ 
     125   --auth="project2,/path/to/passwordfile,mycompany.com" \ 
     126   /path/to/project1 /path/to/project2 
     127}}} 
     128 
     129Another way to share the password file is to specify "*" for the project name: 
     130{{{ 
     131 $ tracd -p 8080 \ 
     132   --auth="*,/path/to/users.htdigest,mycompany.com" \ 
     133   /path/to/project1 /path/to/project2 
     134}}} 
     135 
     136=== Basic Authorization: Using a htpasswd password file === 
     137This section describes how to use `tracd` with Apache .htpasswd files. 
     138 
     139  Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to 
     140  decode some htpasswd formats.  Trac source code attempt an `import crypt` first, but there 
     141  is no such package for Python 2.6. Only `SHA-1` passwords (since Trac 1.0) work without this module. 
     142 
     143To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): 
     144{{{ 
     145 $ sudo htpasswd -c /path/to/env/.htpasswd username 
     146}}} 
     147then for additional users: 
     148{{{ 
     149 $ sudo htpasswd /path/to/env/.htpasswd username2 
     150}}} 
     151 
     152Then to start `tracd` run something like this: 
     153{{{ 
     154 $ tracd -p 8080 --basic-auth="projectdirname,/fullpath/environmentname/.htpasswd,realmname" /fullpath/environmentname 
     155}}} 
     156 
     157For example: 
     158{{{ 
     159 $ tracd -p 8080 --basic-auth="testenv,/srv/tracenv/testenv/.htpasswd,My Test Env" /srv/tracenv/testenv 
     160}}} 
     161''Note:'' You might need to pass "-m" as a parameter to htpasswd on some platforms (OpenBSD). 
     162 
     163=== Digest authentication: Using a htdigest password file === 
     164 
     165If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions.  You'll be prompted for a password to enter for each user that you create.  For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. 
     166 
     167Note that you can start tracd without the `--auth` argument, but if you click on the ''Login'' link you will get an error. 
     168 
     169=== Generating Passwords Without Apache === 
     170 
     171Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5. 
     172 
     173You can use this simple Python script to generate a '''digest''' password file: 
     174 
     175{{{ 
     176#!python 
     177from optparse import OptionParser 
     178# The md5 module is deprecated in Python 2.5 
     179try: 
     180    from hashlib import md5 
     181except ImportError: 
     182    from md5 import md5 
     183realm = 'trac' 
     184 
     185# build the options 
     186usage = "usage: %prog [options]" 
     187parser = OptionParser(usage=usage) 
     188parser.add_option("-u", "--username",action="store", dest="username", type = "string", 
     189                  help="the username for whom to generate a password") 
     190parser.add_option("-p", "--password",action="store", dest="password", type = "string", 
     191                  help="the password to use") 
     192parser.add_option("-r", "--realm",action="store", dest="realm", type = "string", 
     193                  help="the realm in which to create the digest") 
     194(options, args) = parser.parse_args() 
     195 
     196# check options 
     197if (options.username is None) or (options.password is None): 
     198   parser.error("You must supply both the username and password") 
     199if (options.realm is not None): 
     200   realm = options.realm 
     201    
     202# Generate the string to enter into the htdigest file 
     203kd = lambda x: md5(':'.join(x)).hexdigest() 
     204print ':'.join((options.username, realm, kd([options.username, realm, options.password]))) 
     205}}} 
     206 
     207Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py): 
     208 
     209{{{ 
     210 $ python trac-digest.py -u username -p password >> c:\digest.txt 
     211 $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name 
     212}}} 
     213 
     214==== Using `md5sum` 
     215It is possible to use `md5sum` utility to generate digest-password file: 
     216{{{ 
     217user= 
     218realm= 
     219password= 
     220path_to_file= 
     221echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file} 
     222}}} 
     223 
     224== Reference == 
     225 
     226Here's the online help, as a reminder (`tracd --help`): 
     227{{{ 
     228Usage: tracd [options] [projenv] ... 
     229 
     230Options: 
     231  --version             show program's version number and exit 
     232  -h, --help            show this help message and exit 
     233  -a DIGESTAUTH, --auth=DIGESTAUTH 
     234                        [projectdir],[htdigest_file],[realm] 
     235  --basic-auth=BASICAUTH 
     236                        [projectdir],[htpasswd_file],[realm] 
     237  -p PORT, --port=PORT  the port number to bind to 
     238  -b HOSTNAME, --hostname=HOSTNAME 
     239                        the host name or IP address to bind to 
     240  --protocol=PROTOCOL   http|scgi|ajp|fcgi 
     241  -q, --unquote         unquote PATH_INFO (may be needed when using ajp) 
     242  --http10              use HTTP/1.0 protocol version instead of HTTP/1.1 
     243  --http11              use HTTP/1.1 protocol version (default) 
     244  -e PARENTDIR, --env-parent-dir=PARENTDIR 
     245                        parent directory of the project environments 
     246  --base-path=BASE_PATH 
     247                        the initial portion of the request URL's "path" 
     248  -r, --auto-reload     restart automatically when sources are modified 
     249  -s, --single-env      only serve a single project without the project list 
     250  -d, --daemonize       run in the background as a daemon 
     251  --pidfile=PIDFILE     when daemonizing, file to which to write pid 
     252  --umask=MASK          when daemonizing, file mode creation mask to use, in 
     253                        octal notation (default 022) 
     254  --group=GROUP         the group to run as 
     255  --user=USER           the user to run as 
     256}}} 
     257 
     258Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started. 
     259 
     260== Tips == 
     261 
     262=== Serving static content === 
     263 
     264If `tracd` is the only web server used for the project,  
     265it can also be used to distribute static content  
     266(tarballs, Doxygen documentation, etc.) 
     267 
     268This static content should be put in the `$TRAC_ENV/htdocs` folder, 
     269and is accessed by URLs like `<project_URL>/chrome/site/...`. 
     270 
     271Example: given a `$TRAC_ENV/htdocs/software-0.1.tar.gz` file, 
     272the corresponding relative URL would be `/<project_name>/chrome/site/software-0.1.tar.gz`,  
     273which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax).  
     274 
     275 ''Support for `htdocs:` TracLinks syntax was added in version 0.10'' 
     276 
     277=== Using tracd behind a proxy 
     278 
     279In some situations when you choose to use tracd behind Apache or another web server. 
     280 
     281In this situation, you might experience issues with redirects, like being redirected to URLs with the wrong host or protocol. In this case (and only in this case), setting the `[trac] use_base_url_for_redirect` to `true` can help, as this will force Trac to use the value of `[trac] base_url` for doing the redirects. 
     282 
     283If you're using the AJP protocol to connect with `tracd` (which is possible if you have flup installed), then you might experience problems with double quoting. Consider adding the `--unquote` parameter. 
     284 
     285See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe]. 
     286 
     287=== Authentication for tracd behind a proxy 
     288It is convenient to provide central external authentication to your tracd instances, instead of using {{{--basic-auth}}}. There is some discussion about this in #9206. 
     289 
     290Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap. 
     291 
     292First we bring tracd into Apache's location namespace. 
     293 
     294{{{ 
     295<Location /project/proxified> 
     296        Require ldap-group cn=somegroup, ou=Groups,dc=domain.com 
     297        Require ldap-user somespecificusertoo 
     298        ProxyPass http://localhost:8101/project/proxified/ 
     299        # Turns out we don't really need complicated RewriteRules here at all 
     300        RequestHeader set REMOTE_USER %{REMOTE_USER}s 
     301</Location> 
     302}}} 
     303 
     304Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory: 
     305{{{ 
     306#!python 
     307from trac.core import * 
     308from trac.config import BoolOption 
     309from trac.web.api import IAuthenticator 
     310 
     311class MyRemoteUserAuthenticator(Component): 
     312 
     313    implements(IAuthenticator) 
     314 
     315    obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false',  
     316               """Whether the 'Remote-User:' HTTP header is to be trusted for user logins  
     317                (''since ??.??').""")  
     318 
     319    def authenticate(self, req): 
     320        if self.obey_remote_user_header and req.get_header('Remote-User'):  
     321            return req.get_header('Remote-User')  
     322        return None 
     323 
     324}}} 
     325 
     326Add this new parameter to your TracIni: 
     327{{{ 
     328... 
     329[trac] 
     330... 
     331obey_remote_user_header = true 
     332... 
     333}}} 
     334 
     335Run tracd: 
     336{{{ 
     337tracd -p 8101 -r -s proxified --base-path=/project/proxified 
     338}}} 
     339 
     340Note that if you want to install this plugin for all projects, you have to put it in your [TracPlugins#Plugindiscovery global plugins_dir] and enable it in your global trac.ini. 
     341 
     342Global config (e.g. `/srv/trac/conf/trac.ini`): 
     343{{{ 
     344[components] 
     345remote-user-auth.* = enabled 
     346[inherit] 
     347plugins_dir = /srv/trac/plugins 
     348[trac] 
     349obey_remote_user_header = true 
     350}}} 
     351 
     352Environment config (e.g. `/srv/trac/envs/myenv`): 
     353{{{ 
     354[inherit] 
     355file = /srv/trac/conf/trac.ini 
     356}}} 
     357 
     358=== Serving a different base path than / === 
     359Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is 
     360{{{ 
     361 $ tracd --base-path=/some/path 
     362}}} 
     363 
     364---- 
     365See also: TracInstall, TracCgi, TracModPython, TracGuide, [trac:TracOnWindowsStandalone#RunningTracdasservice Running tracd.exe as a Windows service]