Changes between Version 6 and Version 7 of TracStandalone


Ignore:
Timestamp:
08/08/15 13:07:51 (2 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracStandalone

    v6 v7  
    1 ** Note: this page documents the version 1.0 of Trac, see [[0.12/TracStandalone]] if you need the previous version ** 
    2 = Tracd = 
     1= Tracd 
    32 
    43Tracd is a lightweight standalone Trac web server. 
    54It can be used in a variety of situations, from a test or development server to a multiprocess setup behind another web server used as a load balancer. 
    65 
    7 == Pros == 
     6== Pros 
    87 
    98 * Fewer dependencies: You don't need to install apache or any other web-server. 
     
    1110 * Automatic reloading: For development, Tracd can be used in ''auto_reload'' mode, which will automatically restart the server whenever you make a change to the code (in Trac itself or in a plugin). 
    1211 
    13 == Cons == 
     12== Cons 
    1413 
    1514 * Fewer features: Tracd implements a very simple web-server and is not as configurable or as scalable as Apache httpd. 
    1615 * No native HTTPS support: [http://www.rickk.com/sslwrap/ sslwrap] can be used instead, 
    17    or [http://trac.edgewall.org/wiki/STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy. 
    18  
    19 == Usage examples == 
     16   or [trac:wiki:STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy. 
     17 
     18== Usage examples 
    2019 
    2120A single project on port 8080. (http://localhost:8080/) 
    22 {{{ 
     21{{{#!sh 
    2322 $ tracd -p 8080 /path/to/project 
    2423}}} 
    25 Stricly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname'' option. 
    26 {{{ 
     24Strictly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use the `--hostname` option. 
     25{{{#!sh 
    2726 $ tracd --hostname=localhost -p 8080 /path/to/project 
    2827}}} 
    2928With more than one project. (http://localhost:8080/project1/ and http://localhost:8080/project2/) 
    30 {{{ 
     29{{{#!sh 
    3130 $ tracd -p 8080 /path/to/project1 /path/to/project2 
    3231}}} 
     
    3635 
    3736An alternative way to serve multiple projects is to specify a parent directory in which each subdirectory is a Trac project, using the `-e` option. The example above could be rewritten: 
    38 {{{ 
     37{{{#!sh 
    3938 $ tracd -p 8080 -e /path/to 
    4039}}} 
    4140 
    42 To exit the server on Windows, be sure to use {{{CTRL-BREAK}}} -- using {{{CTRL-C}}} will leave a Python process running in the background. 
    43  
    44 == Installing as a Windows Service == 
    45  
    46 === Option 1 === 
     41To exit the server on Windows, be sure to use `CTRL-BREAK` -- using `CTRL-C` will leave a Python process running in the background. 
     42 
     43== Installing as a Windows Service 
     44 
     45=== Option 1 
    4746To install as a Windows service, get the [http://www.google.com/search?q=srvany.exe SRVANY] utility and run: 
    48 {{{ 
     47{{{#!cmd 
    4948 C:\path\to\instsrv.exe tracd C:\path\to\srvany.exe 
    5049 reg add HKLM\SYSTEM\CurrentControlSet\Services\tracd\Parameters /v Application /d "\"C:\path\to\python.exe\" \"C:\path\to\python\scripts\tracd-script.py\" <your tracd parameters>" 
     
    5554 
    5655If you want tracd to start automatically when you boot Windows, do: 
    57 {{{ 
     56{{{#!cmd 
    5857 sc config tracd start= auto 
    5958}}} 
     
    7574 
    7675For Windows 7 User, srvany.exe may not be an option, so you can use [http://www.google.com/search?q=winserv.exe WINSERV] utility and run: 
    77 {{{ 
     76{{{#!cmd 
    7877"C:\path\to\winserv.exe" install tracd -displayname "tracd" -start auto "C:\path\to\python.exe" c:\path\to\python\scripts\tracd-script.py <your tracd parameters>" 
    79  
    8078net start tracd 
    8179}}} 
    8280 
    83 === Option 2 === 
     81=== Option 2 
    8482 
    8583Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service. 
    8684 
    87 === Option 3 === 
     85=== Option 3 
    8886 
    8987also cygwin's cygrunsrv.exe can be used: 
    90 {{{ 
     88{{{#!sh 
    9189$ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects' 
    9290$ net start tracd 
    9391}}} 
    9492 
    95 == Using Authentication == 
     93== Using Authentication 
     94 
     95Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (`htpasswd` and `htdigest`) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without `htpasswd` or `htdigest`; see below for alternatives) 
     96 
     97Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux, or HFS+ on OSX). 
    9698 
    9799Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line. 
    98100 
    99101The general format for using authentication is: 
    100 {{{ 
     102{{{#!sh 
    101103 $ tracd -p port --auth="base_project_dir,password_file_path,realm" project_path 
    102104}}} 
     
    114116Examples: 
    115117 
    116 {{{ 
     118{{{#!sh 
    117119 $ tracd -p 8080 \ 
    118120   --auth="project1,/path/to/passwordfile,mycompany.com" /path/to/project1 
     
    120122 
    121123Of course, the password file can be be shared so that it is used for more than one project: 
    122 {{{ 
     124{{{#!sh 
    123125 $ tracd -p 8080 \ 
    124126   --auth="project1,/path/to/passwordfile,mycompany.com" \ 
     
    128130 
    129131Another way to share the password file is to specify "*" for the project name: 
    130 {{{ 
     132{{{#!sh 
    131133 $ tracd -p 8080 \ 
    132134   --auth="*,/path/to/users.htdigest,mycompany.com" \ 
     
    134136}}} 
    135137 
    136 === Basic Authorization: Using a htpasswd password file === 
     138=== Basic Authorization: Using a htpasswd password file 
    137139This section describes how to use `tracd` with Apache .htpasswd files. 
    138140 
     
    142144 
    143145To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): 
    144 {{{ 
     146{{{#!sh 
    145147 $ sudo htpasswd -c /path/to/env/.htpasswd username 
    146148}}} 
    147149then for additional users: 
    148 {{{ 
     150{{{#!sh 
    149151 $ sudo htpasswd /path/to/env/.htpasswd username2 
    150152}}} 
    151153 
    152154Then to start `tracd` run something like this: 
    153 {{{ 
    154  $ tracd -p 8080 --basic-auth="projectdirname,/fullpath/environmentname/.htpasswd,realmname" /fullpath/environmentname 
     155{{{#!sh 
     156 $ tracd -p 8080 --basic-auth="project,/fullpath/environmentname/.htpasswd,realmname" /path/to/project 
    155157}}} 
    156158 
    157159For example: 
    158 {{{ 
    159  $ tracd -p 8080 --basic-auth="testenv,/srv/tracenv/testenv/.htpasswd,My Test Env" /srv/tracenv/testenv 
     160{{{#!sh 
     161 $ tracd -p 8080 --basic-auth="project,/srv/tracenv/testenv/.htpasswd,My Test Env" /path/to/project 
    160162}}} 
    161163''Note:'' You might need to pass "-m" as a parameter to htpasswd on some platforms (OpenBSD). 
    162164 
    163 === Digest authentication: Using a htdigest password file === 
     165=== Digest authentication: Using a htdigest password file 
    164166 
    165167If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions.  You'll be prompted for a password to enter for each user that you create.  For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. 
     
    167169Note that you can start tracd without the `--auth` argument, but if you click on the ''Login'' link you will get an error. 
    168170 
    169 === Generating Passwords Without Apache === 
    170  
    171 Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5. 
    172  
    173 You can use this simple Python script to generate a '''digest''' password file: 
    174  
    175 {{{ 
    176 #!python 
    177 from optparse import OptionParser 
    178 # The md5 module is deprecated in Python 2.5 
    179 try: 
    180     from hashlib import md5 
    181 except ImportError: 
    182     from md5 import md5 
    183 realm = 'trac' 
    184  
    185 # build the options 
    186 usage = "usage: %prog [options]" 
    187 parser = OptionParser(usage=usage) 
    188 parser.add_option("-u", "--username",action="store", dest="username", type = "string", 
    189                   help="the username for whom to generate a password") 
    190 parser.add_option("-p", "--password",action="store", dest="password", type = "string", 
    191                   help="the password to use") 
    192 parser.add_option("-r", "--realm",action="store", dest="realm", type = "string", 
    193                   help="the realm in which to create the digest") 
    194 (options, args) = parser.parse_args() 
    195  
    196 # check options 
    197 if (options.username is None) or (options.password is None): 
    198    parser.error("You must supply both the username and password") 
    199 if (options.realm is not None): 
    200    realm = options.realm 
    201     
    202 # Generate the string to enter into the htdigest file 
    203 kd = lambda x: md5(':'.join(x)).hexdigest() 
    204 print ':'.join((options.username, realm, kd([options.username, realm, options.password]))) 
    205 }}} 
    206  
    207 Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py): 
    208  
    209 {{{ 
    210  $ python trac-digest.py -u username -p password >> c:\digest.txt 
    211  $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name 
     171=== Generating Passwords Without Apache 
     172 
     173Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd. Windows Python can grok MD5 password hashes just fine and you should use MD5. 
     174 
     175Trac also provides `htpasswd` and `htdigest` scripts in `contrib`: 
     176{{{#!sh 
     177$ ./contrib/htpasswd.py -cb htpasswd user1 user1 
     178$ ./contrib/htpasswd.py -b htpasswd user2 user2 
     179}}} 
     180 
     181{{{#!sh 
     182$ ./contrib/htdigest.py -cb htdigest trac user1 user1 
     183$ ./contrib/htdigest.py -b htdigest trac user2 user2 
    212184}}} 
    213185 
    214186==== Using `md5sum` 
    215187It is possible to use `md5sum` utility to generate digest-password file: 
    216 {{{ 
     188{{{#!sh 
    217189user= 
    218190realm= 
     
    222194}}} 
    223195 
    224 == Reference == 
     196== Reference 
    225197 
    226198Here's the online help, as a reminder (`tracd --help`): 
     
    258230Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started. 
    259231 
    260 == Tips == 
    261  
    262 === Serving static content === 
     232== Tips 
     233 
     234=== Serving static content 
    263235 
    264236If `tracd` is the only web server used for the project,  
     
    271243Example: given a `$TRAC_ENV/htdocs/software-0.1.tar.gz` file, 
    272244the corresponding relative URL would be `/<project_name>/chrome/site/software-0.1.tar.gz`,  
    273 which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax).  
    274  
    275  ''Support for `htdocs:` TracLinks syntax was added in version 0.10'' 
     245which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax). 
    276246 
    277247=== Using tracd behind a proxy 
     
    286256 
    287257=== Authentication for tracd behind a proxy 
    288 It is convenient to provide central external authentication to your tracd instances, instead of using {{{--basic-auth}}}. There is some discussion about this in #9206. 
     258It is convenient to provide central external authentication to your tracd instances, instead of using `--basic-auth`. There is some discussion about this in [trac:#9206]. 
    289259 
    290260Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap. 
     
    292262First we bring tracd into Apache's location namespace. 
    293263 
    294 {{{ 
     264{{{#!apache 
    295265<Location /project/proxified> 
    296266        Require ldap-group cn=somegroup, ou=Groups,dc=domain.com 
     
    303273 
    304274Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory: 
    305 {{{ 
    306 #!python 
     275{{{#!python 
    307276from trac.core import * 
    308277from trac.config import BoolOption 
     
    325294 
    326295Add this new parameter to your TracIni: 
    327 {{{ 
    328 ... 
     296{{{#!ini 
    329297[trac] 
    330298... 
     
    334302 
    335303Run tracd: 
    336 {{{ 
     304{{{#!sh 
    337305tracd -p 8101 -r -s proxified --base-path=/project/proxified 
    338306}}} 
     
    341309 
    342310Global config (e.g. `/srv/trac/conf/trac.ini`): 
    343 {{{ 
     311{{{#!ini 
    344312[components] 
    345313remote-user-auth.* = enabled 
     
    351319 
    352320Environment config (e.g. `/srv/trac/envs/myenv`): 
    353 {{{ 
     321{{{#!ini 
    354322[inherit] 
    355323file = /srv/trac/conf/trac.ini 
    356324}}} 
    357325 
    358 === Serving a different base path than / === 
     326=== Serving a different base path than / 
    359327Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is 
    360 {{{ 
     328{{{#!sh 
    361329 $ tracd --base-path=/some/path 
    362330}}}