Changes between Version 1 and Version 2 of TracFastCgi
- Timestamp:
- 03/20/09 12:02:34 (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracFastCgi
v1 v2 3 3 Since version 0.9, Trac supports being run through the [http://www.fastcgi.com/ FastCGI] interface. Like [wiki:TracModPython mod_python], this allows Trac to remain resident, and is faster than external CGI interfaces which must start a new process for each request. However, unlike mod_python, it is able to support [http://httpd.apache.org/docs/suexec.html SuEXEC]. Additionally, it is supported by much wider variety of web servers. 4 4 5 {{{ 6 #!html 7 <p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;"> 8 <strong>Note for Windows:</strong> Trac's FCGI does not run under Windows, as Windows does not implement Socket.fromfd, which is used by _fcgi.py 9 </p> 10 }}} 5 '''Note for Windows:''' Trac's FCGI does not run under Windows, as Windows does not implement `Socket.fromfd`, which is used by `_fcgi.py`. If you want to connect to IIS, your choice may be [trac:TracOnWindowsIisAjp AJP]. 11 6 12 7 == Simple Apache configuration == … … 76 71 == Simple Cherokee Configuration == 77 72 78 Configuration wanted. 73 The configuration on Cherokee's side is quite simple. You will only need to know that you can spawn Trac as an SCGI process. 74 You can either start it manually, or better yet, automatically by letting Cherokee spawn the server whenever it is down. 75 First set up an information source in cherokee-admin with a local interpreter. 76 77 {{{ 78 Host: 79 localhost:4433 80 81 Interpreter: 82 /usr/bin/tracd —single-env —daemonize —protocol=scgi —hostname=localhost —port=4433 /path/to/project/ 83 }}} 84 85 If the port was not reachable, the interpreter command would be launched. Note that, in the definition of the information source, you will have to manually launch the spawner if you use a ''Remote host'' as ''Information source'' instead of a ''Local interpreter''. 86 87 After doing this, we will just have to create a new rule managed by the SCGI handler to access Trac. It can be created in a new virtual server, trac.example.net for instance, and will only need two rules. The '''default''' one will use the SCGI handler associated to the previously created information source. 88 The second rule will be there to serve the few static files needed to correctly display the Trac interface. Create it as ''Directory rule'' for ''/chrome/common'' and just set it to the ''Static files'' handler and with a ''Document root'' that points to the appropriate files: ''/usr/share/trac/htdocs/'' 79 89 80 90 == Simple Lighttpd Configuration == … … 85 95 environments. It has a very low memory footprint compared to other web servers and takes care of CPU load. 86 96 87 For using `trac.fcgi` with lighttpd add the following to your lighttpd.conf: 88 {{{ 97 For using `trac.fcgi`(prior to 0.11) / fcgi_frontend.py (0.11) with lighttpd add the following to your lighttpd.conf: 98 {{{ 99 #var.fcgi_binary="/path/to/fcgi_frontend.py" # 0.11 if installed with easy_setup, it is inside the egg directory 100 var.fcgi_binary="/path/to/cgi-bin/trac.fcgi" # 0.10 name of prior fcgi executable 89 101 fastcgi.server = ("/trac" => 102 90 103 ("trac" => 91 104 ("socket" => "/tmp/trac-fastcgi.sock", 92 "bin-path" => "/path/to/cgi-bin/trac.fcgi",105 "bin-path" => fcgi_binary, 93 106 "check-local" => "disable", 94 107 "bin-environment" => … … 108 121 ("first" => 109 122 ("socket" => "/tmp/trac-fastcgi-first.sock", 110 "bin-path" => "/path/to/cgi-bin/trac.fcgi",123 "bin-path" => fcgi_binary, 111 124 "check-local" => "disable", 112 125 "bin-environment" => … … 117 130 ("second" => 118 131 ("socket" => "/tmp/trac-fastcgi-second.sock", 119 "bin-path" => "/path/to/cgi-bin/trac.fcgi",132 "bin-path" => fcgi_binary, 120 133 "check-local" => "disable", 121 134 "bin-environment" => … … 131 144 if both are running from the same `trac.fcgi` script. 132 145 {{{ 133 #!html 134 <p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;"> 135 <strong>Note from c00i90wn:</strong> It's very important the order on which server.modules are loaded, if mod_auth is not loaded <strong>BEFORE</strong> mod_fastcgi, then the server will fail to authenticate the user. 136 </p> 146 #!div class=important 147 '''Note''' It's very important the order on which server.modules are loaded, if mod_auth is not loaded '''BEFORE''' mod_fastcgi, then the server will fail to authenticate the user. 137 148 }}} 138 149 For authentication you should enable mod_auth in lighttpd.conf 'server.modules', select auth.backend and auth rules: … … 193 204 ("trac" => 194 205 ("socket" => "/tmp/trac-fastcgi.sock", 195 "bin-path" => "/path/to/cgi-bin/trac.fcgi",206 "bin-path" => fcgi_binary, 196 207 "check-local" => "disable", 197 208 "bin-environment" => … … 212 223 ( 213 224 "socket" => "/tmp/trac.sock", 214 "bin-path" => "/path/to/cgi-bin/trac.fcgi",225 "bin-path" => fcgi_binary, 215 226 "check-local" => "disable", 216 227 "bin-environment" => … … 238 249 ("trac" => 239 250 ("socket" => "/tmp/trac-fastcgi.sock", 240 "bin-path" => "/path/to/cgi-bin/trac.fcgi",251 "bin-path" => fcgi_binary, 241 252 "check-local" => "disable", 242 253 "bin-environment" => … … 247 258 ) 248 259 }}} 249 For details about languages specification see TracFaqquestion 2.13.260 For details about languages specification see [trac:TracFaq TracFaq] question 2.13. 250 261 251 262 Other important information like [http://trac.lighttpd.net/trac/wiki/TracInstall this updated TracInstall page], [wiki:TracCgi#MappingStaticResources and this] are useful for non-fastcgi specific installation aspects. … … 260 271 261 272 262 == Simple LiteSpeed Configuration ==273 == Simple !LiteSpeed Configuration == 263 274 264 275 The FastCGI front-end was developed primarily for use with alternative webservers, such as [http://www.litespeedtech.com/ LiteSpeed]. 265 276 266 LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources.LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.277 !LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. !LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments. 267 278 268 279 Setup … … 321 332 }}} 322 333 323 7) Restart LiteSpeed, “lswsctrl restart”, and access your new Trac project at:334 7) Restart !LiteSpeed, “lswsctrl restart”, and access your new Trac project at: 324 335 325 336 {{{ … … 327 338 }}} 328 339 340 === Simple Nginx Configuration === 341 342 1) Nginx configuration snippet - confirmed to work on 0.6.32 343 {{{ 344 server { 345 listen 10.9.8.7:443; 346 server_name trac.example; 347 348 ssl on; 349 ssl_certificate /etc/ssl/trac.example.crt; 350 ssl_certificate_key /etc/ssl/trac.example.key; 351 352 ssl_session_timeout 5m; 353 354 ssl_protocols SSLv2 SSLv3 TLSv1; 355 ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; 356 ssl_prefer_server_ciphers on; 357 358 # (Or ``^/some/prefix/(.*)``. 359 if ($uri ~ ^/(.*)) { 360 set $path_info /$1; 361 } 362 363 # You can copy this whole location to ``location [/some/prefix]/login`` 364 # and remove the auth entries below if you want Trac to enforce 365 # authorization where appropriate instead of needing to authenticate 366 # for accessing the whole site. 367 # (Or ``location /some/prefix``.) 368 location / { 369 auth_basic "trac realm"; 370 auth_basic_user_file /home/trac/htpasswd; 371 372 # socket address 373 fastcgi_pass unix:/home/trac/run/instance.sock; 374 375 # python - wsgi specific 376 fastcgi_param HTTPS on; 377 378 ## WSGI REQUIRED VARIABLES 379 # WSGI application name - trac instance prefix. 380 # (Or ``fastcgi_param SCRIPT_NAME /some/prefix``.) 381 fastcgi_param SCRIPT_NAME ""; 382 fastcgi_param PATH_INFO $path_info; 383 384 ## WSGI NEEDED VARIABLES - trac warns about them 385 fastcgi_param REQUEST_METHOD $request_method; 386 fastcgi_param SERVER_NAME $server_name; 387 fastcgi_param SERVER_PORT $server_port; 388 fastcgi_param SERVER_PROTOCOL $server_protocol; 389 390 # for authentication to work 391 fastcgi_param AUTH_USER $remote_user; 392 fastcgi_param REMOTE_USER $remote_user; 393 } 394 } 395 }}} 396 397 2) Modified trac.fcgi: 398 399 {{{ 400 #!/usr/bin/env python 401 import os 402 sockaddr = '/home/trac/run/instance.sock' 403 os.environ['TRAC_ENV'] = '/home/trac/instance' 404 405 try: 406 from trac.web.main import dispatch_request 407 import trac.web._fcgi 408 409 fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request, 410 bindAddress = sockaddr, umask = 7) 411 fcgiserv.run() 412 413 except SystemExit: 414 raise 415 except Exception, e: 416 print 'Content-Type: text/plain\r\n\r\n', 417 print 'Oops...' 418 print 419 print 'Trac detected an internal error:' 420 print 421 print e 422 print 423 import traceback 424 import StringIO 425 tb = StringIO.StringIO() 426 traceback.print_exc(file=tb) 427 print tb.getvalue() 428 429 }}} 430 431 3) reload nginx and launch trac.fcgi like that: 432 433 {{{ 434 trac@trac.example ~ $ ./trac-standalone-fcgi.py 435 }}} 436 437 The above assumes that: 438 * There is a user named 'trac' for running trac instances and keeping trac environments in its home directory. 439 * /home/trac/instance contains a trac environment 440 * /home/trac/htpasswd contains authentication information 441 * /home/trac/run is owned by the same group the nginx runs under 442 * and if your system is Linux the /home/trac/run has setgid bit set (chmod g+s run) 443 * and patch from ticket #T7239 is applied, or you'll have to fix the socket file permissions every time 444 445 Unfortunately nginx does not support variable expansion in fastcgi_pass directive. 446 Thus it is not possible to serve multiple trac instances from one server block. 447 448 If you worry enough about security, run trac instances under separate users. 449 450 Another way to run trac as a FCGI external application is offered in ticket #T6224 451 329 452 ---- 330 See also TracCgi, TracModPython, TracInstall, TracGuide453 See also: TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracCgi CGI], [wiki:TracModPython ModPython], [trac:TracNginxRecipe TracNginxRecipe]