Changes between Version 1 and Version 2 of TracFastCgi


Ignore:
Timestamp:
12/14/08 02:34:17 (16 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracFastCgi

    v1 v2  
    22
    33Since version 0.9, Trac supports being run through the [http://www.fastcgi.com/ FastCGI] interface. Like [wiki:TracModPython mod_python], this allows Trac to remain resident, and is faster than external CGI interfaces which must start a new process for each request. However, unlike mod_python, it is able to support [http://httpd.apache.org/docs/suexec.html SuEXEC]. Additionally, it is supported by much wider variety of web servers.
     4
     5'''Note for Windows:''' Trac's FCGI does not run under Windows, as Windows does not implement `Socket.fromfd`, which is used by `_fcgi.py`. If you want to connect to IIS, your choice may be [trac:TracOnWindowsIisAjp AJP].
    46
    57== Simple Apache configuration ==
     
    79There are two FastCGI modules commonly available for Apache: `mod_fastcgi` and
    810`mod_fcgid`.  The `FastCgiIpcDir` and `FastCgiConfig` directives discussed
    9 below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_fgcid`
     11below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_fcgid`
    1012directive.
    1113
     
    6264renaming `trac.fcgi` and adding the above code to create each such script.
    6365
     66See [https://coderanger.net/~coderanger/httpd/fcgi_example.conf this fcgid example config] which uses a !ScriptAlias directive with trac.fcgi with a trailing / like this:
     67{{{
     68ScriptAlias / /srv/tracsite/cgi-bin/trac.fcgi/
     69}}}
     70
     71== Simple Cherokee Configuration ==
     72
     73Configuration wanted.
     74
    6475== Simple Lighttpd Configuration ==
    6576
     
    6980environments.  It has a very low memory footprint compared to other web servers and takes care of CPU load.
    7081
    71 For using `trac.fcgi` with lighttpd add the following to your lighttpd.conf:
    72 {{{
     82For using `trac.fcgi`(prior to 0.11) / fcgi_frontend.py (0.11) with lighttpd add the following to your lighttpd.conf:
     83{{{
     84#var.fcgi_binary="/path/to/fcgi_frontend.py" # 0.11 if installed with easy_setup, it is inside the egg directory
     85var.fcgi_binary="/path/to/cgi-bin/trac.fcgi" # 0.10 name of prior fcgi executable
    7386fastcgi.server = ("/trac" =>
     87   
    7488                   ("trac" =>
    7589                     ("socket" => "/tmp/trac-fastcgi.sock",
    76                       "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     90                      "bin-path" => fcgi_binary,
    7791                      "check-local" => "disable",
    7892                      "bin-environment" =>
     
    92106                   ("first" =>
    93107                    ("socket" => "/tmp/trac-fastcgi-first.sock",
    94                      "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     108                     "bin-path" => fcgi_binary,
    95109                     "check-local" => "disable",
    96110                     "bin-environment" =>
     
    101115                    ("second" =>
    102116                    ("socket" => "/tmp/trac-fastcgi-second.sock",
    103                      "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     117                     "bin-path" => fcgi_binary,
    104118                     "check-local" => "disable",
    105119                     "bin-environment" =>
     
    115129if both are running from the same `trac.fcgi` script.
    116130{{{
    117 #!html
    118 <p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;">
    119 <strong>Note from c00i90wn:</strong> It's very important the order on which server.modules are loaded, if mod_auth is not loaded <strong>BEFORE</strong> mod_fastcgi, then the server will fail to authenticate the user.
    120 </p>
     131#!div class=important
     132'''Note''' It's very important the order on which server.modules are loaded, if mod_auth is not loaded '''BEFORE''' mod_fastcgi, then the server will fail to authenticate the user.
    121133}}}
    122134For authentication you should enable mod_auth in lighttpd.conf 'server.modules', select auth.backend and auth rules:
     
    177189                   ("trac" =>
    178190                     ("socket" => "/tmp/trac-fastcgi.sock",
    179                       "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     191                      "bin-path" => fcgi_binary,
    180192                      "check-local" => "disable",
    181193                      "bin-environment" =>
     
    196208                        (
    197209                          "socket" => "/tmp/trac.sock",
    198                           "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     210                          "bin-path" => fcgi_binary,
    199211                          "check-local" => "disable",
    200212                          "bin-environment" =>
     
    222234                   ("trac" =>
    223235                     ("socket" => "/tmp/trac-fastcgi.sock",
    224                       "bin-path" => "/path/to/cgi-bin/trac.fcgi",
     236                      "bin-path" => fcgi_binary,
    225237                      "check-local" => "disable",
    226238                      "bin-environment" =>
     
    231243                 )
    232244}}}
    233 For details about languages specification see TracFaq question 2.13.
     245For details about languages specification see [trac:TracFaq TracFaq] question 2.13.
    234246
    235247Other important information like [http://trac.lighttpd.net/trac/wiki/TracInstall this updated TracInstall page], [wiki:TracCgi#MappingStaticResources and this] are useful for non-fastcgi specific installation aspects.
     
    244256
    245257
    246 == Simple LiteSpeed Configuration ==
     258== Simple !LiteSpeed Configuration ==
    247259
    248260The FastCGI front-end was developed primarily for use with alternative webservers, such as [http://www.litespeedtech.com/ LiteSpeed].
    249261
    250 LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.
     262!LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. !LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.
    251263
    252264Setup
     
    293305URI: /trac/                              <--- URI path to bind to python fcgi app we created   
    294306Fast CGI App: [VHost Level] MyTractFCGI  <--- select the trac fcgi extapp we just created
    295 Realm: TracUserDB                        <--- only if (4) is set. select ream created in (4)
     307Realm: TracUserDB                        <--- only if (4) is set. select realm created in (4)
    296308}}}
    297309
     
    305317}}}
    306318
    307 7) Restart LiteSpeed, “lswsctrl restart”, and access your new Trac project at:
     3197) Restart !LiteSpeed, “lswsctrl restart”, and access your new Trac project at:
    308320
    309321{{{
     
    311323}}}
    312324
     325=== Simple Nginx Configuration ===
     326
     3271) Nginx configuration snippet - confirmed to work on 0.5.36
     328{{{
     329    server {
     330        listen       10.9.8.7:443;
     331        server_name  trac.example;
     332
     333        ssl                  on;
     334        ssl_certificate      /etc/ssl/trac.example.crt;
     335        ssl_certificate_key  /etc/ssl/trac.example.key;
     336
     337        ssl_session_timeout  5m;
     338
     339        ssl_protocols  SSLv2 SSLv3 TLSv1;
     340        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
     341        ssl_prefer_server_ciphers   on;
     342
     343        location / {
     344            auth_basic            "trac realm";
     345            auth_basic_user_file /home/trac/htpasswd;
     346
     347            # full path
     348            if ($uri ~ ^/([^/]+)(/.*)) {
     349                 set $script_name $1;
     350                 set $path_info $2;
     351            }
     352
     353            # index redirect
     354            if ($uri ~ ^/([^/]+)$) {
     355                 rewrite (.+) $1/ permanent;
     356            }
     357         
     358            # socket address
     359            fastcgi_pass   unix:/home/trac/run/instance.sock;
     360
     361            # python - wsgi specific
     362            fastcgi_param HTTPS on;
     363
     364            ## WSGI REQUIRED VARIABLES
     365            # WSGI application name - trac instance prefix.
     366            fastcgi_param  SCRIPT_NAME        /$script_name;
     367            fastcgi_param  PATH_INFO          $path_info;
     368
     369            ## WSGI NEEDED VARIABLES - trac warns about them
     370            fastcgi_param  REQUEST_METHOD     $request_method;
     371            fastcgi_param  SERVER_NAME        $server_name;
     372            fastcgi_param  SERVER_PORT        $server_port;
     373            fastcgi_param  SERVER_PROTOCOL    $server_protocol;
     374
     375            # for authentication to work
     376            fastcgi_param  REMOTE_USER        $remote_user;
     377        }
     378    }
     379}}}
     380
     3812) Modified trac.fcgi:
     382
     383{{{
     384#!/usr/bin/env python
     385import os
     386sockaddr = '/home/trac/run/instance.sock'
     387os.environ['TRAC_ENV'] = '/home/trac/instance'
     388
     389try:
     390     from trac.web.main import dispatch_request
     391     import trac.web._fcgi
     392
     393     fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request,
     394          bindAddress = sockaddr, umask = 7)
     395     fcgiserv.run()
     396
     397except SystemExit:
     398    raise
     399except Exception, e:
     400    print 'Content-Type: text/plain\r\n\r\n',
     401    print 'Oops...'
     402    print
     403    print 'Trac detected an internal error:'
     404    print
     405    print e
     406    print
     407    import traceback
     408    import StringIO
     409    tb = StringIO.StringIO()
     410    traceback.print_exc(file=tb)
     411    print tb.getvalue()
     412
     413}}}
     414
     4153) reload nginx and launch trac.fcgi like that:
     416
     417{{{
     418trac@trac.example ~ $ ./trac-standalone-fcgi.py
     419}}}
     420
     421The above assumes that:
     422 * There is a user named 'trac' for running trac instances and keeping trac environments in its home directory.
     423 * /home/trac/instance contains a trac environment
     424 * /home/trac/htpasswd contains authentication information
     425 * /home/trac/run is owned by the same group the nginx runs under
     426  * and if your system is Linux the /home/trac/run has setgid bit set (chmod g+s run)
     427  * and patch from ticket #T7239 is applied, or you'll have to fix the socket file permissions every time
     428
     429Unfortunately nginx does not support variable expansion in fastcgi_pass directive.
     430Thus it is not possible to serve multiple trac instances from one server block.
     431
     432If you worry enough about security, run trac instances under separate users.
     433
     434Another way to run trac as a FCGI external application is offered in ticket #T6224
     435
    313436----
    314 See also TracCgi, TracModPython, TracInstall, TracGuide
     437See also TracCgi, TracModPython, TracInstall, TracGuide, [trac:TracNginxRecipe TracNginxRecipe]