Changes between Version 2 and Version 3 of TracStandalone
- Timestamp:
- 08/29/13 12:47:07 (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracStandalone
v2 v3 83 83 84 84 Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service. 85 86 === Option 3 === 87 88 also cygwin's cygrunsrv.exe can be used: 89 {{{ 90 $ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects' 91 $ net start tracd 92 }}} 85 93 86 94 == Using Authentication == … … 128 136 This section describes how to use `tracd` with Apache .htpasswd files. 129 137 138 Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to 139 decode the htpasswd format. Trac source code attempt an `import crypt` first, but there 140 is no such package for Python 2.6. 141 130 142 To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): 131 143 {{{ … … 156 168 === Generating Passwords Without Apache === 157 169 158 Basic Authorization can be accomplished via this [http:// www.4webhelp.net/us/password.php online HTTP Password generator]. Copy the generated password-hash line to the .htpasswd file on your system.170 Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator]. Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5. 159 171 160 172 You can use this simple Python script to generate a '''digest''' password file: … … 202 214 It is possible to use `md5sum` utility to generate digest-password file: 203 215 {{{ 204 $ printf "${user}:trac:${password}" | md5sum - >>user.htdigest 205 }}} 206 and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'. 216 user= 217 realm= 218 password= 219 path_to_file= 220 echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file} 221 }}} 207 222 208 223 == Reference == … … 222 237 -b HOSTNAME, --hostname=HOSTNAME 223 238 the host name or IP address to bind to 224 --protocol=PROTOCOL http|scgi|ajp 239 --protocol=PROTOCOL http|scgi|ajp|fcgi 225 240 -q, --unquote unquote PATH_INFO (may be needed when using ajp) 226 --http10 use HTTP/1.0 protocol version (default)227 --http11 use HTTP/1.1 protocol version instead of HTTP/1.0241 --http10 use HTTP/1.0 protocol version instead of HTTP/1.1 242 --http11 use HTTP/1.1 protocol version (default) 228 243 -e PARENTDIR, --env-parent-dir=PARENTDIR 229 244 parent directory of the project environments … … 232 247 -r, --auto-reload restart automatically when sources are modified 233 248 -s, --single-env only serve a single project without the project list 234 }}} 249 -d, --daemonize run in the background as a daemon 250 --pidfile=PIDFILE When daemonizing, file to which to write pid 251 --umask=MASK When daemonizing, file mode creation mask to use, in 252 octal notation (default 022) 253 }}} 254 255 Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started. 235 256 236 257 == Tips == … … 261 282 See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe]. 262 283 284 === Authentication for tracd behind a proxy 285 It is convenient to provide central external authentication to your tracd instances, instead of using {{{--basic-auth}}}. There is some discussion about this in #9206. 286 287 Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap. 288 289 First we bring tracd into Apache's location namespace. 290 291 {{{ 292 <Location /project/proxified> 293 Require ldap-group cn=somegroup, ou=Groups,dc=domain.com 294 Require ldap-user somespecificusertoo 295 ProxyPass http://localhost:8101/project/proxified/ 296 # Turns out we don't really need complicated RewriteRules here at all 297 RequestHeader set REMOTE_USER %{REMOTE_USER}s 298 </Location> 299 }}} 300 301 Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory: 302 {{{ 303 #!python 304 from trac.core import * 305 from trac.config import BoolOption 306 from trac.web.api import IAuthenticator 307 308 class MyRemoteUserAuthenticator(Component): 309 310 implements(IAuthenticator) 311 312 obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false', 313 """Whether the 'Remote-User:' HTTP header is to be trusted for user logins 314 (''since ??.??').""") 315 316 def authenticate(self, req): 317 if self.obey_remote_user_header and req.get_header('Remote-User'): 318 return req.get_header('Remote-User') 319 return None 320 321 }}} 322 323 Add this new parameter to your TracIni: 324 {{{ 325 ... 326 [trac] 327 ... 328 obey_remote_user_header = true 329 ... 330 }}} 331 332 Run tracd: 333 {{{ 334 tracd -p 8101 -r -s proxified --base-path=/project/proxified 335 }}} 336 263 337 === Serving a different base path than / === 264 338 Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is