Changes between Version 1 and Version 2 of TracFastCgi
- Timestamp:
- 01/02/10 17:05:00 (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracFastCgi
v1 v2 2 2 3 3 Since version 0.9, Trac supports being run through the [http://www.fastcgi.com/ FastCGI] interface. Like [wiki:TracModPython mod_python], this allows Trac to remain resident, and is faster than external CGI interfaces which must start a new process for each request. However, unlike mod_python, it is able to support [http://httpd.apache.org/docs/suexec.html SuEXEC]. Additionally, it is supported by much wider variety of web servers. 4 5 '''Note for Windows:''' Trac's FCGI does not run under Windows, as Windows does not implement `Socket.fromfd`, which is used by `_fcgi.py`. If you want to connect to IIS, your choice may be [trac:TracOnWindowsIisAjp AJP].6 4 7 5 == Simple Apache configuration == … … 9 7 There are two FastCGI modules commonly available for Apache: `mod_fastcgi` and 10 8 `mod_fcgid`. The `FastCgiIpcDir` and `FastCgiConfig` directives discussed 11 below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_f cgid`9 below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_fgcid` 12 10 directive. 13 11 … … 64 62 renaming `trac.fcgi` and adding the above code to create each such script. 65 63 66 See [https://coderanger.net/~coderanger/httpd/fcgi_example.conf this fcgid example config] which uses a !ScriptAlias directive with trac.fcgi with a trailing / like this:67 {{{68 ScriptAlias / /srv/tracsite/cgi-bin/trac.fcgi/69 }}}70 71 == Simple Cherokee Configuration ==72 73 The configuration on Cherokee's side is quite simple. You will only need to know that you can spawn Trac as an SCGI process.74 You can either start it manually, or better yet, automatically by letting Cherokee spawn the server whenever it is down.75 First set up an information source in cherokee-admin with a local interpreter.76 77 {{{78 Host:79 localhost:443380 81 Interpreter:82 /usr/bin/tracd —single-env —daemonize —protocol=scgi —hostname=localhost —port=4433 /path/to/project/83 }}}84 85 If the port was not reachable, the interpreter command would be launched. Note that, in the definition of the information source, you will have to manually launch the spawner if you use a ''Remote host'' as ''Information source'' instead of a ''Local interpreter''.86 87 After doing this, we will just have to create a new rule managed by the SCGI handler to access Trac. It can be created in a new virtual server, trac.example.net for instance, and will only need two rules. The '''default''' one will use the SCGI handler associated to the previously created information source.88 The second rule will be there to serve the few static files needed to correctly display the Trac interface. Create it as ''Directory rule'' for ''/chrome/common'' and just set it to the ''Static files'' handler and with a ''Document root'' that points to the appropriate files: ''/usr/share/trac/htdocs/''89 90 64 == Simple Lighttpd Configuration == 91 65 … … 95 69 environments. It has a very low memory footprint compared to other web servers and takes care of CPU load. 96 70 97 For using `trac.fcgi`(prior to 0.11) / fcgi_frontend.py (0.11) with lighttpd add the following to your lighttpd.conf: 98 {{{ 99 #var.fcgi_binary="/path/to/fcgi_frontend.py" # 0.11 if installed with easy_setup, it is inside the egg directory 100 var.fcgi_binary="/path/to/cgi-bin/trac.fcgi" # 0.10 name of prior fcgi executable 71 For using `trac.fcgi` with lighttpd add the following to your lighttpd.conf: 72 {{{ 101 73 fastcgi.server = ("/trac" => 102 103 74 ("trac" => 104 75 ("socket" => "/tmp/trac-fastcgi.sock", 105 "bin-path" => fcgi_binary,76 "bin-path" => "/path/to/cgi-bin/trac.fcgi", 106 77 "check-local" => "disable", 107 78 "bin-environment" => … … 121 92 ("first" => 122 93 ("socket" => "/tmp/trac-fastcgi-first.sock", 123 "bin-path" => fcgi_binary,94 "bin-path" => "/path/to/cgi-bin/trac.fcgi", 124 95 "check-local" => "disable", 125 96 "bin-environment" => … … 130 101 ("second" => 131 102 ("socket" => "/tmp/trac-fastcgi-second.sock", 132 "bin-path" => fcgi_binary,103 "bin-path" => "/path/to/cgi-bin/trac.fcgi", 133 104 "check-local" => "disable", 134 105 "bin-environment" => … … 144 115 if both are running from the same `trac.fcgi` script. 145 116 {{{ 146 #!div class=important 147 '''Note''' It's very important the order on which server.modules are loaded, if mod_auth is not loaded '''BEFORE''' mod_fastcgi, then the server will fail to authenticate the user. 117 #!html 118 <p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;"> 119 <strong>Note from c00i90wn:</strong> It's very important the order on which server.modules are loaded, if mod_auth is not loaded <strong>BEFORE</strong> mod_fastcgi, then the server will fail to authenticate the user. 120 </p> 148 121 }}} 149 122 For authentication you should enable mod_auth in lighttpd.conf 'server.modules', select auth.backend and auth rules: … … 204 177 ("trac" => 205 178 ("socket" => "/tmp/trac-fastcgi.sock", 206 "bin-path" => fcgi_binary,179 "bin-path" => "/path/to/cgi-bin/trac.fcgi", 207 180 "check-local" => "disable", 208 181 "bin-environment" => … … 223 196 ( 224 197 "socket" => "/tmp/trac.sock", 225 "bin-path" => fcgi_binary,198 "bin-path" => "/path/to/cgi-bin/trac.fcgi", 226 199 "check-local" => "disable", 227 200 "bin-environment" => … … 249 222 ("trac" => 250 223 ("socket" => "/tmp/trac-fastcgi.sock", 251 "bin-path" => fcgi_binary,224 "bin-path" => "/path/to/cgi-bin/trac.fcgi", 252 225 "check-local" => "disable", 253 226 "bin-environment" => … … 258 231 ) 259 232 }}} 260 For details about languages specification see [trac:TracFaq TracFaq]question 2.13.233 For details about languages specification see TracFaq question 2.13. 261 234 262 235 Other important information like [http://trac.lighttpd.net/trac/wiki/TracInstall this updated TracInstall page], [wiki:TracCgi#MappingStaticResources and this] are useful for non-fastcgi specific installation aspects. … … 271 244 272 245 273 == Simple !LiteSpeed Configuration ==246 == Simple LiteSpeed Configuration == 274 247 275 248 The FastCGI front-end was developed primarily for use with alternative webservers, such as [http://www.litespeedtech.com/ LiteSpeed]. 276 249 277 !LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. !LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.250 LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments. 278 251 279 252 Setup … … 320 293 URI: /trac/ <--- URI path to bind to python fcgi app we created 321 294 Fast CGI App: [VHost Level] MyTractFCGI <--- select the trac fcgi extapp we just created 322 Realm: TracUserDB <--- only if (4) is set. select rea lm created in (4)295 Realm: TracUserDB <--- only if (4) is set. select ream created in (4) 323 296 }}} 324 297 … … 332 305 }}} 333 306 334 7) Restart !LiteSpeed, “lswsctrl restart”, and access your new Trac project at:307 7) Restart LiteSpeed, “lswsctrl restart”, and access your new Trac project at: 335 308 336 309 {{{ … … 338 311 }}} 339 312 340 === Simple Nginx Configuration ===341 342 1) Nginx configuration snippet - confirmed to work on 0.6.32343 {{{344 server {345 listen 10.9.8.7:443;346 server_name trac.example;347 348 ssl on;349 ssl_certificate /etc/ssl/trac.example.crt;350 ssl_certificate_key /etc/ssl/trac.example.key;351 352 ssl_session_timeout 5m;353 354 ssl_protocols SSLv2 SSLv3 TLSv1;355 ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;356 ssl_prefer_server_ciphers on;357 358 # (Or ``^/some/prefix/(.*)``.359 if ($uri ~ ^/(.*)) {360 set $path_info /$1;361 }362 363 # You can copy this whole location to ``location [/some/prefix]/login``364 # and remove the auth entries below if you want Trac to enforce365 # authorization where appropriate instead of needing to authenticate366 # for accessing the whole site.367 # (Or ``location /some/prefix``.)368 location / {369 auth_basic "trac realm";370 auth_basic_user_file /home/trac/htpasswd;371 372 # socket address373 fastcgi_pass unix:/home/trac/run/instance.sock;374 375 # python - wsgi specific376 fastcgi_param HTTPS on;377 378 ## WSGI REQUIRED VARIABLES379 # WSGI application name - trac instance prefix.380 # (Or ``fastcgi_param SCRIPT_NAME /some/prefix``.)381 fastcgi_param SCRIPT_NAME "";382 fastcgi_param PATH_INFO $path_info;383 384 ## WSGI NEEDED VARIABLES - trac warns about them385 fastcgi_param REQUEST_METHOD $request_method;386 fastcgi_param SERVER_NAME $server_name;387 fastcgi_param SERVER_PORT $server_port;388 fastcgi_param SERVER_PROTOCOL $server_protocol;389 390 # for authentication to work391 fastcgi_param AUTH_USER $remote_user;392 fastcgi_param REMOTE_USER $remote_user;393 }394 }395 }}}396 397 2) Modified trac.fcgi:398 399 {{{400 #!/usr/bin/env python401 import os402 sockaddr = '/home/trac/run/instance.sock'403 os.environ['TRAC_ENV'] = '/home/trac/instance'404 405 try:406 from trac.web.main import dispatch_request407 import trac.web._fcgi408 409 fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request,410 bindAddress = sockaddr, umask = 7)411 fcgiserv.run()412 413 except SystemExit:414 raise415 except Exception, e:416 print 'Content-Type: text/plain\r\n\r\n',417 print 'Oops...'418 print419 print 'Trac detected an internal error:'420 print421 print e422 print423 import traceback424 import StringIO425 tb = StringIO.StringIO()426 traceback.print_exc(file=tb)427 print tb.getvalue()428 429 }}}430 431 3) reload nginx and launch trac.fcgi like that:432 433 {{{434 trac@trac.example ~ $ ./trac-standalone-fcgi.py435 }}}436 437 The above assumes that:438 * There is a user named 'trac' for running trac instances and keeping trac environments in its home directory.439 * /home/trac/instance contains a trac environment440 * /home/trac/htpasswd contains authentication information441 * /home/trac/run is owned by the same group the nginx runs under442 * and if your system is Linux the /home/trac/run has setgid bit set (chmod g+s run)443 * and patch from ticket #T7239 is applied, or you'll have to fix the socket file permissions every time444 445 Unfortunately nginx does not support variable expansion in fastcgi_pass directive.446 Thus it is not possible to serve multiple trac instances from one server block.447 448 If you worry enough about security, run trac instances under separate users.449 450 Another way to run trac as a FCGI external application is offered in ticket #T6224451 452 313 ---- 453 See also : TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracCgi CGI], [wiki:TracModPython ModPython], [trac:TracNginxRecipe TracNginxRecipe]314 See also TracCgi, TracModPython, TracInstall, TracGuide