Changes between Version 3 and Version 4 of TracStandalone


Ignore:
Timestamp:
12/08/13 22:22:58 (3 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracStandalone

    v3 v4  
    8383 
    8484Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service. 
     85 
     86=== Option 3 === 
     87 
     88also cygwin's cygrunsrv.exe can be used: 
     89{{{ 
     90$ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects' 
     91$ net start tracd 
     92}}} 
    8593 
    8694== Using Authentication == 
     
    128136This section describes how to use `tracd` with Apache .htpasswd files. 
    129137 
     138  Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to 
     139  decode the htpasswd format.  Trac source code attempt an `import crypt` first, but there 
     140  is no such package for Python 2.6. 
     141 
    130142To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): 
    131143{{{ 
     
    156168=== Generating Passwords Without Apache === 
    157169 
    158 Basic Authorization can be accomplished via this [http://www.4webhelp.net/us/password.php online HTTP Password generator].  Copy the generated password-hash line to the .htpasswd file on your system. 
     170Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator].  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5. 
    159171 
    160172You can use this simple Python script to generate a '''digest''' password file: 
     
    202214It is possible to use `md5sum` utility to generate digest-password file: 
    203215{{{ 
    204  $ printf "${user}:trac:${password}" | md5sum - >>user.htdigest 
    205 }}} 
    206 and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'. 
     216user= 
     217realm= 
     218password= 
     219path_to_file= 
     220echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file} 
     221}}} 
    207222 
    208223== Reference == 
     
    222237  -b HOSTNAME, --hostname=HOSTNAME 
    223238                        the host name or IP address to bind to 
    224   --protocol=PROTOCOL   http|scgi|ajp 
     239  --protocol=PROTOCOL   http|scgi|ajp|fcgi 
    225240  -q, --unquote         unquote PATH_INFO (may be needed when using ajp) 
    226   --http10              use HTTP/1.0 protocol version (default) 
    227   --http11              use HTTP/1.1 protocol version instead of HTTP/1.0 
     241  --http10              use HTTP/1.0 protocol version instead of HTTP/1.1 
     242  --http11              use HTTP/1.1 protocol version (default) 
    228243  -e PARENTDIR, --env-parent-dir=PARENTDIR 
    229244                        parent directory of the project environments 
     
    232247  -r, --auto-reload     restart automatically when sources are modified 
    233248  -s, --single-env      only serve a single project without the project list 
    234 }}} 
     249  -d, --daemonize       run in the background as a daemon 
     250  --pidfile=PIDFILE     When daemonizing, file to which to write pid 
     251  --umask=MASK          When daemonizing, file mode creation mask to use, in 
     252                        octal notation (default 022) 
     253}}} 
     254 
     255Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started. 
    235256 
    236257== Tips == 
     
    261282See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe]. 
    262283 
     284=== Authentication for tracd behind a proxy 
     285It is convenient to provide central external authentication to your tracd instances, instead of using {{{--basic-auth}}}. There is some discussion about this in #9206. 
     286 
     287Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap. 
     288 
     289First we bring tracd into Apache's location namespace. 
     290 
     291{{{ 
     292<Location /project/proxified> 
     293        Require ldap-group cn=somegroup, ou=Groups,dc=domain.com 
     294        Require ldap-user somespecificusertoo 
     295        ProxyPass http://localhost:8101/project/proxified/ 
     296        # Turns out we don't really need complicated RewriteRules here at all 
     297        RequestHeader set REMOTE_USER %{REMOTE_USER}s 
     298</Location> 
     299}}} 
     300 
     301Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory: 
     302{{{ 
     303#!python 
     304from trac.core import * 
     305from trac.config import BoolOption 
     306from trac.web.api import IAuthenticator 
     307 
     308class MyRemoteUserAuthenticator(Component): 
     309 
     310    implements(IAuthenticator) 
     311 
     312    obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false',  
     313               """Whether the 'Remote-User:' HTTP header is to be trusted for user logins  
     314                (''since ??.??').""")  
     315 
     316    def authenticate(self, req): 
     317        if self.obey_remote_user_header and req.get_header('Remote-User'):  
     318            return req.get_header('Remote-User')  
     319        return None 
     320 
     321}}} 
     322 
     323Add this new parameter to your TracIni: 
     324{{{ 
     325... 
     326[trac] 
     327... 
     328obey_remote_user_header = true 
     329... 
     330}}} 
     331 
     332Run tracd: 
     333{{{ 
     334tracd -p 8101 -r -s proxified --base-path=/project/proxified 
     335}}} 
     336 
    263337=== Serving a different base path than / === 
    264338Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is