Changes between Version 1 and Version 2 of TracFastCgi
- Timestamp:
- 12/14/08 02:34:17 (16 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracFastCgi
v1 v2 2 2 3 3 Since version 0.9, Trac supports being run through the [http://www.fastcgi.com/ FastCGI] interface. Like [wiki:TracModPython mod_python], this allows Trac to remain resident, and is faster than external CGI interfaces which must start a new process for each request. However, unlike mod_python, it is able to support [http://httpd.apache.org/docs/suexec.html SuEXEC]. Additionally, it is supported by much wider variety of web servers. 4 5 '''Note for Windows:''' Trac's FCGI does not run under Windows, as Windows does not implement `Socket.fromfd`, which is used by `_fcgi.py`. If you want to connect to IIS, your choice may be [trac:TracOnWindowsIisAjp AJP]. 4 6 5 7 == Simple Apache configuration == … … 7 9 There are two FastCGI modules commonly available for Apache: `mod_fastcgi` and 8 10 `mod_fcgid`. The `FastCgiIpcDir` and `FastCgiConfig` directives discussed 9 below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_f gcid`11 below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_fcgid` 10 12 directive. 11 13 … … 62 64 renaming `trac.fcgi` and adding the above code to create each such script. 63 65 66 See [https://coderanger.net/~coderanger/httpd/fcgi_example.conf this fcgid example config] which uses a !ScriptAlias directive with trac.fcgi with a trailing / like this: 67 {{{ 68 ScriptAlias / /srv/tracsite/cgi-bin/trac.fcgi/ 69 }}} 70 71 == Simple Cherokee Configuration == 72 73 Configuration wanted. 74 64 75 == Simple Lighttpd Configuration == 65 76 … … 69 80 environments. It has a very low memory footprint compared to other web servers and takes care of CPU load. 70 81 71 For using `trac.fcgi` with lighttpd add the following to your lighttpd.conf: 72 {{{ 82 For using `trac.fcgi`(prior to 0.11) / fcgi_frontend.py (0.11) with lighttpd add the following to your lighttpd.conf: 83 {{{ 84 #var.fcgi_binary="/path/to/fcgi_frontend.py" # 0.11 if installed with easy_setup, it is inside the egg directory 85 var.fcgi_binary="/path/to/cgi-bin/trac.fcgi" # 0.10 name of prior fcgi executable 73 86 fastcgi.server = ("/trac" => 87 74 88 ("trac" => 75 89 ("socket" => "/tmp/trac-fastcgi.sock", 76 "bin-path" => "/path/to/cgi-bin/trac.fcgi",90 "bin-path" => fcgi_binary, 77 91 "check-local" => "disable", 78 92 "bin-environment" => … … 92 106 ("first" => 93 107 ("socket" => "/tmp/trac-fastcgi-first.sock", 94 "bin-path" => "/path/to/cgi-bin/trac.fcgi",108 "bin-path" => fcgi_binary, 95 109 "check-local" => "disable", 96 110 "bin-environment" => … … 101 115 ("second" => 102 116 ("socket" => "/tmp/trac-fastcgi-second.sock", 103 "bin-path" => "/path/to/cgi-bin/trac.fcgi",117 "bin-path" => fcgi_binary, 104 118 "check-local" => "disable", 105 119 "bin-environment" => … … 115 129 if both are running from the same `trac.fcgi` script. 116 130 {{{ 117 #!html 118 <p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;"> 119 <strong>Note from c00i90wn:</strong> It's very important the order on which server.modules are loaded, if mod_auth is not loaded <strong>BEFORE</strong> mod_fastcgi, then the server will fail to authenticate the user. 120 </p> 131 #!div class=important 132 '''Note''' It's very important the order on which server.modules are loaded, if mod_auth is not loaded '''BEFORE''' mod_fastcgi, then the server will fail to authenticate the user. 121 133 }}} 122 134 For authentication you should enable mod_auth in lighttpd.conf 'server.modules', select auth.backend and auth rules: … … 177 189 ("trac" => 178 190 ("socket" => "/tmp/trac-fastcgi.sock", 179 "bin-path" => "/path/to/cgi-bin/trac.fcgi",191 "bin-path" => fcgi_binary, 180 192 "check-local" => "disable", 181 193 "bin-environment" => … … 196 208 ( 197 209 "socket" => "/tmp/trac.sock", 198 "bin-path" => "/path/to/cgi-bin/trac.fcgi",210 "bin-path" => fcgi_binary, 199 211 "check-local" => "disable", 200 212 "bin-environment" => … … 222 234 ("trac" => 223 235 ("socket" => "/tmp/trac-fastcgi.sock", 224 "bin-path" => "/path/to/cgi-bin/trac.fcgi",236 "bin-path" => fcgi_binary, 225 237 "check-local" => "disable", 226 238 "bin-environment" => … … 231 243 ) 232 244 }}} 233 For details about languages specification see TracFaqquestion 2.13.245 For details about languages specification see [trac:TracFaq TracFaq] question 2.13. 234 246 235 247 Other important information like [http://trac.lighttpd.net/trac/wiki/TracInstall this updated TracInstall page], [wiki:TracCgi#MappingStaticResources and this] are useful for non-fastcgi specific installation aspects. … … 244 256 245 257 246 == Simple LiteSpeed Configuration ==258 == Simple !LiteSpeed Configuration == 247 259 248 260 The FastCGI front-end was developed primarily for use with alternative webservers, such as [http://www.litespeedtech.com/ LiteSpeed]. 249 261 250 LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources.LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.262 !LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. !LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments. 251 263 252 264 Setup … … 293 305 URI: /trac/ <--- URI path to bind to python fcgi app we created 294 306 Fast CGI App: [VHost Level] MyTractFCGI <--- select the trac fcgi extapp we just created 295 Realm: TracUserDB <--- only if (4) is set. select rea m created in (4)307 Realm: TracUserDB <--- only if (4) is set. select realm created in (4) 296 308 }}} 297 309 … … 305 317 }}} 306 318 307 7) Restart LiteSpeed, “lswsctrl restart”, and access your new Trac project at:319 7) Restart !LiteSpeed, “lswsctrl restart”, and access your new Trac project at: 308 320 309 321 {{{ … … 311 323 }}} 312 324 325 === Simple Nginx Configuration === 326 327 1) Nginx configuration snippet - confirmed to work on 0.5.36 328 {{{ 329 server { 330 listen 10.9.8.7:443; 331 server_name trac.example; 332 333 ssl on; 334 ssl_certificate /etc/ssl/trac.example.crt; 335 ssl_certificate_key /etc/ssl/trac.example.key; 336 337 ssl_session_timeout 5m; 338 339 ssl_protocols SSLv2 SSLv3 TLSv1; 340 ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; 341 ssl_prefer_server_ciphers on; 342 343 location / { 344 auth_basic "trac realm"; 345 auth_basic_user_file /home/trac/htpasswd; 346 347 # full path 348 if ($uri ~ ^/([^/]+)(/.*)) { 349 set $script_name $1; 350 set $path_info $2; 351 } 352 353 # index redirect 354 if ($uri ~ ^/([^/]+)$) { 355 rewrite (.+) $1/ permanent; 356 } 357 358 # socket address 359 fastcgi_pass unix:/home/trac/run/instance.sock; 360 361 # python - wsgi specific 362 fastcgi_param HTTPS on; 363 364 ## WSGI REQUIRED VARIABLES 365 # WSGI application name - trac instance prefix. 366 fastcgi_param SCRIPT_NAME /$script_name; 367 fastcgi_param PATH_INFO $path_info; 368 369 ## WSGI NEEDED VARIABLES - trac warns about them 370 fastcgi_param REQUEST_METHOD $request_method; 371 fastcgi_param SERVER_NAME $server_name; 372 fastcgi_param SERVER_PORT $server_port; 373 fastcgi_param SERVER_PROTOCOL $server_protocol; 374 375 # for authentication to work 376 fastcgi_param REMOTE_USER $remote_user; 377 } 378 } 379 }}} 380 381 2) Modified trac.fcgi: 382 383 {{{ 384 #!/usr/bin/env python 385 import os 386 sockaddr = '/home/trac/run/instance.sock' 387 os.environ['TRAC_ENV'] = '/home/trac/instance' 388 389 try: 390 from trac.web.main import dispatch_request 391 import trac.web._fcgi 392 393 fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request, 394 bindAddress = sockaddr, umask = 7) 395 fcgiserv.run() 396 397 except SystemExit: 398 raise 399 except Exception, e: 400 print 'Content-Type: text/plain\r\n\r\n', 401 print 'Oops...' 402 print 403 print 'Trac detected an internal error:' 404 print 405 print e 406 print 407 import traceback 408 import StringIO 409 tb = StringIO.StringIO() 410 traceback.print_exc(file=tb) 411 print tb.getvalue() 412 413 }}} 414 415 3) reload nginx and launch trac.fcgi like that: 416 417 {{{ 418 trac@trac.example ~ $ ./trac-standalone-fcgi.py 419 }}} 420 421 The above assumes that: 422 * There is a user named 'trac' for running trac instances and keeping trac environments in its home directory. 423 * /home/trac/instance contains a trac environment 424 * /home/trac/htpasswd contains authentication information 425 * /home/trac/run is owned by the same group the nginx runs under 426 * and if your system is Linux the /home/trac/run has setgid bit set (chmod g+s run) 427 * and patch from ticket #T7239 is applied, or you'll have to fix the socket file permissions every time 428 429 Unfortunately nginx does not support variable expansion in fastcgi_pass directive. 430 Thus it is not possible to serve multiple trac instances from one server block. 431 432 If you worry enough about security, run trac instances under separate users. 433 434 Another way to run trac as a FCGI external application is offered in ticket #T6224 435 313 436 ---- 314 See also TracCgi, TracModPython, TracInstall, TracGuide 437 See also TracCgi, TracModPython, TracInstall, TracGuide, [trac:TracNginxRecipe TracNginxRecipe]