Changes between Version 1 and Version 2 of TracFastCgi


Ignore:
Timestamp:
03/20/09 12:02:34 (16 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracFastCgi

    v1 v2  
    33Since version 0.9, Trac supports being run through the [http://www.fastcgi.com/ FastCGI] interface. Like [wiki:TracModPython mod_python], this allows Trac to remain resident, and is faster than external CGI interfaces which must start a new process for each request. However, unlike mod_python, it is able to support [http://httpd.apache.org/docs/suexec.html SuEXEC]. Additionally, it is supported by much wider variety of web servers.
    44
    5 {{{
    6 #!html
    7 <p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;">
    8 <strong>Note for Windows:</strong> Trac's FCGI does not run under Windows, as Windows does not implement Socket.fromfd, which is used by _fcgi.py
    9 </p>
    10 }}}
     5'''Note for Windows:''' Trac's FCGI does not run under Windows, as Windows does not implement `Socket.fromfd`, which is used by `_fcgi.py`. If you want to connect to IIS, your choice may be [trac:TracOnWindowsIisAjp AJP].
    116
    127== Simple Apache configuration ==
     
    7671== Simple Cherokee Configuration ==
    7772
    78 Configuration wanted.
     73The configuration on Cherokee's side is quite simple. You will only need to know that you can spawn Trac as an SCGI process.
     74You can either start it manually, or better yet, automatically by letting Cherokee spawn the server whenever it is down.
     75First set up an information source in cherokee-admin with a local interpreter.
     76
     77{{{
     78Host:
     79localhost:4433
     80
     81Interpreter:
     82/usr/bin/tracd —single-env —daemonize —protocol=scgi —hostname=localhost —port=4433 /path/to/project/
     83}}}
     84
     85If the port was not reachable, the interpreter command would be launched. Note that, in the definition of the information source, you will have to manually launch the spawner if you use a ''Remote host'' as ''Information source'' instead of a ''Local interpreter''.
     86
     87After doing this, we will just have to create a new rule managed by the SCGI handler to access Trac. It can be created in a new virtual server, trac.example.net for instance, and will only need two rules. The '''default''' one will use the SCGI handler associated to the previously created information source.
     88The second rule will be there to serve the few static files needed to correctly display the Trac interface. Create it as ''Directory rule'' for ''/chrome/common'' and just set it to the ''Static files'' handler and with a ''Document root'' that points to the appropriate files: ''/usr/share/trac/htdocs/''
    7989
    8090== Simple Lighttpd Configuration ==
     
    8595environments.  It has a very low memory footprint compared to other web servers and takes care of CPU load.
    8696
    87 For using `trac.fcgi` with lighttpd add the following to your lighttpd.conf:
    88 {{{
     97For using `trac.fcgi`(prior to 0.11) / fcgi_frontend.py (0.11) with lighttpd add the following to your lighttpd.conf:
     98{{{
     99#var.fcgi_binary="/path/to/fcgi_frontend.py" # 0.11 if installed with easy_setup, it is inside the egg directory
     100var.fcgi_binary="/path/to/cgi-bin/trac.fcgi" # 0.10 name of prior fcgi executable
    89101fastcgi.server = ("/trac" =>
     102   
    90103                   ("trac" =>
    91104                     ("socket" => "/tmp/trac-fastcgi.sock",
    92                       "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     105                      "bin-path" => fcgi_binary,
    93106                      "check-local" => "disable",
    94107                      "bin-environment" =>
     
    108121                   ("first" =>
    109122                    ("socket" => "/tmp/trac-fastcgi-first.sock",
    110                      "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     123                     "bin-path" => fcgi_binary,
    111124                     "check-local" => "disable",
    112125                     "bin-environment" =>
     
    117130                    ("second" =>
    118131                    ("socket" => "/tmp/trac-fastcgi-second.sock",
    119                      "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     132                     "bin-path" => fcgi_binary,
    120133                     "check-local" => "disable",
    121134                     "bin-environment" =>
     
    131144if both are running from the same `trac.fcgi` script.
    132145{{{
    133 #!html
    134 <p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;">
    135 <strong>Note from c00i90wn:</strong> It's very important the order on which server.modules are loaded, if mod_auth is not loaded <strong>BEFORE</strong> mod_fastcgi, then the server will fail to authenticate the user.
    136 </p>
     146#!div class=important
     147'''Note''' It's very important the order on which server.modules are loaded, if mod_auth is not loaded '''BEFORE''' mod_fastcgi, then the server will fail to authenticate the user.
    137148}}}
    138149For authentication you should enable mod_auth in lighttpd.conf 'server.modules', select auth.backend and auth rules:
     
    193204                   ("trac" =>
    194205                     ("socket" => "/tmp/trac-fastcgi.sock",
    195                       "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     206                      "bin-path" => fcgi_binary,
    196207                      "check-local" => "disable",
    197208                      "bin-environment" =>
     
    212223                        (
    213224                          "socket" => "/tmp/trac.sock",
    214                           "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     225                          "bin-path" => fcgi_binary,
    215226                          "check-local" => "disable",
    216227                          "bin-environment" =>
     
    238249                   ("trac" =>
    239250                     ("socket" => "/tmp/trac-fastcgi.sock",
    240                       "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     251                      "bin-path" => fcgi_binary,
    241252                      "check-local" => "disable",
    242253                      "bin-environment" =>
     
    247258                 )
    248259}}}
    249 For details about languages specification see TracFaq question 2.13.
     260For details about languages specification see [trac:TracFaq TracFaq] question 2.13.
    250261
    251262Other important information like [http://trac.lighttpd.net/trac/wiki/TracInstall this updated TracInstall page], [wiki:TracCgi#MappingStaticResources and this] are useful for non-fastcgi specific installation aspects.
     
    260271
    261272
    262 == Simple LiteSpeed Configuration ==
     273== Simple !LiteSpeed Configuration ==
    263274
    264275The FastCGI front-end was developed primarily for use with alternative webservers, such as [http://www.litespeedtech.com/ LiteSpeed].
    265276
    266 LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.
     277!LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. !LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.
    267278
    268279Setup
     
    321332}}}
    322333
    323 7) Restart LiteSpeed, “lswsctrl restart”, and access your new Trac project at:
     3347) Restart !LiteSpeed, “lswsctrl restart”, and access your new Trac project at:
    324335
    325336{{{
     
    327338}}}
    328339
     340=== Simple Nginx Configuration ===
     341
     3421) Nginx configuration snippet - confirmed to work on 0.6.32
     343{{{
     344    server {
     345        listen       10.9.8.7:443;
     346        server_name  trac.example;
     347
     348        ssl                  on;
     349        ssl_certificate      /etc/ssl/trac.example.crt;
     350        ssl_certificate_key  /etc/ssl/trac.example.key;
     351
     352        ssl_session_timeout  5m;
     353
     354        ssl_protocols  SSLv2 SSLv3 TLSv1;
     355        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
     356        ssl_prefer_server_ciphers   on;
     357
     358        # (Or ``^/some/prefix/(.*)``.
     359        if ($uri ~ ^/(.*)) {
     360             set $path_info /$1;
     361        }
     362
     363        # You can copy this whole location to ``location [/some/prefix]/login``
     364        # and remove the auth entries below if you want Trac to enforce
     365        # authorization where appropriate instead of needing to authenticate
     366        # for accessing the whole site.
     367        # (Or ``location /some/prefix``.)
     368        location / {
     369            auth_basic            "trac realm";
     370            auth_basic_user_file /home/trac/htpasswd;
     371
     372            # socket address
     373            fastcgi_pass   unix:/home/trac/run/instance.sock;
     374
     375            # python - wsgi specific
     376            fastcgi_param HTTPS on;
     377
     378            ## WSGI REQUIRED VARIABLES
     379            # WSGI application name - trac instance prefix.
     380            # (Or ``fastcgi_param  SCRIPT_NAME  /some/prefix``.)
     381            fastcgi_param  SCRIPT_NAME        "";
     382            fastcgi_param  PATH_INFO          $path_info;
     383
     384            ## WSGI NEEDED VARIABLES - trac warns about them
     385            fastcgi_param  REQUEST_METHOD     $request_method;
     386            fastcgi_param  SERVER_NAME        $server_name;
     387            fastcgi_param  SERVER_PORT        $server_port;
     388            fastcgi_param  SERVER_PROTOCOL    $server_protocol;
     389
     390            # for authentication to work
     391            fastcgi_param  AUTH_USER          $remote_user;
     392            fastcgi_param  REMOTE_USER        $remote_user;
     393        }
     394    }
     395}}}
     396
     3972) Modified trac.fcgi:
     398
     399{{{
     400#!/usr/bin/env python
     401import os
     402sockaddr = '/home/trac/run/instance.sock'
     403os.environ['TRAC_ENV'] = '/home/trac/instance'
     404
     405try:
     406     from trac.web.main import dispatch_request
     407     import trac.web._fcgi
     408
     409     fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request,
     410          bindAddress = sockaddr, umask = 7)
     411     fcgiserv.run()
     412
     413except SystemExit:
     414    raise
     415except Exception, e:
     416    print 'Content-Type: text/plain\r\n\r\n',
     417    print 'Oops...'
     418    print
     419    print 'Trac detected an internal error:'
     420    print
     421    print e
     422    print
     423    import traceback
     424    import StringIO
     425    tb = StringIO.StringIO()
     426    traceback.print_exc(file=tb)
     427    print tb.getvalue()
     428
     429}}}
     430
     4313) reload nginx and launch trac.fcgi like that:
     432
     433{{{
     434trac@trac.example ~ $ ./trac-standalone-fcgi.py
     435}}}
     436
     437The above assumes that:
     438 * There is a user named 'trac' for running trac instances and keeping trac environments in its home directory.
     439 * /home/trac/instance contains a trac environment
     440 * /home/trac/htpasswd contains authentication information
     441 * /home/trac/run is owned by the same group the nginx runs under
     442  * and if your system is Linux the /home/trac/run has setgid bit set (chmod g+s run)
     443  * and patch from ticket #T7239 is applied, or you'll have to fix the socket file permissions every time
     444
     445Unfortunately nginx does not support variable expansion in fastcgi_pass directive.
     446Thus it is not possible to serve multiple trac instances from one server block.
     447
     448If you worry enough about security, run trac instances under separate users.
     449
     450Another way to run trac as a FCGI external application is offered in ticket #T6224
     451
    329452----
    330 See also TracCgi, TracModPython, TracInstall, TracGuide
     453See also:  TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracCgi CGI], [wiki:TracModPython ModPython], [trac:TracNginxRecipe TracNginxRecipe]