Changes between Version 1 and Version 2 of TracFastCgi

Timestamp:

11/15/09 23:38:02 (15 years ago)

Author:

trac

Comment:

—

TracFastCgi

@@ -2 +2 @@
 
 Since version 0.9, Trac supports being run through the [http://www.fastcgi.com/ FastCGI] interface. Like [wiki:TracModPython mod_python], this allows Trac to remain resident, and is faster than external CGI interfaces which must start a new process for each request. However, unlike mod_python, it is able to support [http://httpd.apache.org/docs/suexec.html SuEXEC]. Additionally, it is supported by much wider variety of web servers.
+
+'''Note for Windows:''' Trac's FCGI does not run under Windows, as Windows does not implement `Socket.fromfd`, which is used by `_fcgi.py`. If you want to connect to IIS, your choice may be [trac:TracOnWindowsIisAjp AJP].
 
 == Simple Apache configuration ==
@@ -7 +9 @@
 There are two FastCGI modules commonly available for Apache: `mod_fastcgi` and
 `mod_fcgid`.  The `FastCgiIpcDir` and `FastCgiConfig` directives discussed
-below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_fgcid`
+below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_fcgid`
 directive.
 
@@ -62 +64 @@
 renaming `trac.fcgi` and adding the above code to create each such script.
 
+See [https://coderanger.net/~coderanger/httpd/fcgi_example.conf this fcgid example config] which uses a !ScriptAlias directive with trac.fcgi with a trailing / like this:
+{{{
+ScriptAlias / /srv/tracsite/cgi-bin/trac.fcgi/
+}}}
+
+== Simple Cherokee Configuration ==
+
+The configuration on Cherokee's side is quite simple. You will only need to know that you can spawn Trac as an SCGI process.
+You can either start it manually, or better yet, automatically by letting Cherokee spawn the server whenever it is down.
+First set up an information source in cherokee-admin with a local interpreter.
+
+{{{
+Host:
+localhost:4433
+
+Interpreter:
+/usr/bin/tracd —single-env —daemonize —protocol=scgi —hostname=localhost —port=4433 /path/to/project/
+}}}
+
+If the port was not reachable, the interpreter command would be launched. Note that, in the definition of the information source, you will have to manually launch the spawner if you use a ''Remote host'' as ''Information source'' instead of a ''Local interpreter''.
+
+After doing this, we will just have to create a new rule managed by the SCGI handler to access Trac. It can be created in a new virtual server, trac.example.net for instance, and will only need two rules. The '''default''' one will use the SCGI handler associated to the previously created information source.
+The second rule will be there to serve the few static files needed to correctly display the Trac interface. Create it as ''Directory rule'' for ''/chrome/common'' and just set it to the ''Static files'' handler and with a ''Document root'' that points to the appropriate files: ''/usr/share/trac/htdocs/''
+
 == Simple Lighttpd Configuration ==
 
@@ -69 +95 @@
 environments.  It has a very low memory footprint compared to other web servers and takes care of CPU load.
 
-For using `trac.fcgi` with lighttpd add the following to your lighttpd.conf:
-{{{
+For using `trac.fcgi`(prior to 0.11) / fcgi_frontend.py (0.11) with lighttpd add the following to your lighttpd.conf:
+{{{
+#var.fcgi_binary="/path/to/fcgi_frontend.py" # 0.11 if installed with easy_setup, it is inside the egg directory
+var.fcgi_binary="/path/to/cgi-bin/trac.fcgi" # 0.10 name of prior fcgi executable
 fastcgi.server = ("/trac" =>
+   
                    ("trac" =>
                      ("socket" => "/tmp/trac-fastcgi.sock",
-                      "bin-path" => "/path/to/cgi-bin/trac.fcgi",
+                      "bin-path" => fcgi_binary,
                       "check-local" => "disable",
                       "bin-environment" =>
@@ -92 +121 @@
                    ("first" =>
                     ("socket" => "/tmp/trac-fastcgi-first.sock",
-                     "bin-path" => "/path/to/cgi-bin/trac.fcgi",
+                     "bin-path" => fcgi_binary,
                      "check-local" => "disable",
                      "bin-environment" =>
@@ -101 +130 @@
                     ("second" =>
                     ("socket" => "/tmp/trac-fastcgi-second.sock",
-                     "bin-path" => "/path/to/cgi-bin/trac.fcgi",
+                     "bin-path" => fcgi_binary,
                      "check-local" => "disable",
                      "bin-environment" =>
@@ -115 +144 @@
 if both are running from the same `trac.fcgi` script.
 {{{
-#!html
-<p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;">
-<strong>Note from c00i90wn:</strong> It's very important the order on which server.modules are loaded, if mod_auth is not loaded <strong>BEFORE</strong> mod_fastcgi, then the server will fail to authenticate the user.
-</p>
+#!div class=important
+'''Note''' It's very important the order on which server.modules are loaded, if mod_auth is not loaded '''BEFORE''' mod_fastcgi, then the server will fail to authenticate the user.
 }}}
 For authentication you should enable mod_auth in lighttpd.conf 'server.modules', select auth.backend and auth rules:
@@ -177 +204 @@
                    ("trac" =>
                      ("socket" => "/tmp/trac-fastcgi.sock",
-                      "bin-path" => "/path/to/cgi-bin/trac.fcgi",
+                      "bin-path" => fcgi_binary,
                       "check-local" => "disable",
                       "bin-environment" =>
@@ -196 +223 @@
                         (
                           "socket" => "/tmp/trac.sock",
-                          "bin-path" => "/path/to/cgi-bin/trac.fcgi",
+                          "bin-path" => fcgi_binary,
                           "check-local" => "disable",
                           "bin-environment" =>
@@ -222 +249 @@
                    ("trac" =>
                      ("socket" => "/tmp/trac-fastcgi.sock",
-                      "bin-path" => "/path/to/cgi-bin/trac.fcgi",
+                      "bin-path" => fcgi_binary,
                       "check-local" => "disable",
                       "bin-environment" =>
@@ -231 +258 @@
                  )
 }}}
-For details about languages specification see TracFaq question 2.13.
+For details about languages specification see [trac:TracFaq TracFaq] question 2.13.
 
 Other important information like [http://trac.lighttpd.net/trac/wiki/TracInstall this updated TracInstall page], [wiki:TracCgi#MappingStaticResources and this] are useful for non-fastcgi specific installation aspects.
@@ -244 +271 @@
 
 
-== Simple LiteSpeed Configuration ==
+== Simple !LiteSpeed Configuration ==
 
 The FastCGI front-end was developed primarily for use with alternative webservers, such as [http://www.litespeedtech.com/ LiteSpeed].
 
-LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.
+!LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. !LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.
 
 Setup
@@ -293 +320 @@
 URI: /trac/                              <--- URI path to bind to python fcgi app we created    
 Fast CGI App: [VHost Level] MyTractFCGI  <--- select the trac fcgi extapp we just created
-Realm: TracUserDB                        <--- only if (4) is set. select ream created in (4)
+Realm: TracUserDB                        <--- only if (4) is set. select realm created in (4)
 }}}
 
@@ -305 +332 @@
 }}}
 
-7) Restart LiteSpeed, “lswsctrl restart”, and access your new Trac project at: 
+7) Restart !LiteSpeed, “lswsctrl restart”, and access your new Trac project at: 
 
 {{{
@@ -311 +338 @@
 }}}
 
+=== Simple Nginx Configuration ===
+
+1) Nginx configuration snippet - confirmed to work on 0.6.32
+{{{
+    server {
+        listen       10.9.8.7:443;
+        server_name  trac.example;
+
+        ssl                  on;
+        ssl_certificate      /etc/ssl/trac.example.crt;
+        ssl_certificate_key  /etc/ssl/trac.example.key;
+
+        ssl_session_timeout  5m;
+
+        ssl_protocols  SSLv2 SSLv3 TLSv1;
+        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
+        ssl_prefer_server_ciphers   on;
+
+        # (Or ``^/some/prefix/(.*)``.
+        if ($uri ~ ^/(.*)) {
+             set $path_info /$1;
+        }
+
+        # You can copy this whole location to ``location [/some/prefix]/login``
+        # and remove the auth entries below if you want Trac to enforce
+        # authorization where appropriate instead of needing to authenticate
+        # for accessing the whole site.
+        # (Or ``location /some/prefix``.)
+        location / {
+            auth_basic            "trac realm";
+            auth_basic_user_file /home/trac/htpasswd;
+
+            # socket address
+            fastcgi_pass   unix:/home/trac/run/instance.sock;
+
+            # python - wsgi specific
+            fastcgi_param HTTPS on;
+
+            ## WSGI REQUIRED VARIABLES
+            # WSGI application name - trac instance prefix.
+            # (Or ``fastcgi_param  SCRIPT_NAME  /some/prefix``.)
+            fastcgi_param  SCRIPT_NAME        "";
+            fastcgi_param  PATH_INFO          $path_info;
+
+            ## WSGI NEEDED VARIABLES - trac warns about them
+            fastcgi_param  REQUEST_METHOD     $request_method;
+            fastcgi_param  SERVER_NAME        $server_name;
+            fastcgi_param  SERVER_PORT        $server_port;
+            fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+
+            # for authentication to work
+            fastcgi_param  AUTH_USER          $remote_user;
+            fastcgi_param  REMOTE_USER        $remote_user;
+        }
+    }
+}}}
+
+2) Modified trac.fcgi:
+
+{{{
+#!/usr/bin/env python
+import os
+sockaddr = '/home/trac/run/instance.sock'
+os.environ['TRAC_ENV'] = '/home/trac/instance'
+
+try:
+     from trac.web.main import dispatch_request
+     import trac.web._fcgi
+
+     fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request, 
+          bindAddress = sockaddr, umask = 7)
+     fcgiserv.run()
+
+except SystemExit:
+    raise
+except Exception, e:
+    print 'Content-Type: text/plain\r\n\r\n',
+    print 'Oops...'
+    print
+    print 'Trac detected an internal error:'
+    print
+    print e
+    print
+    import traceback
+    import StringIO
+    tb = StringIO.StringIO()
+    traceback.print_exc(file=tb)
+    print tb.getvalue()
+
+}}}
+
+3) reload nginx and launch trac.fcgi like that:
+
+{{{
+trac@trac.example ~ $ ./trac-standalone-fcgi.py 
+}}}
+
+The above assumes that:
+ * There is a user named 'trac' for running trac instances and keeping trac environments in its home directory.
+ * /home/trac/instance contains a trac environment
+ * /home/trac/htpasswd contains authentication information
+ * /home/trac/run is owned by the same group the nginx runs under
+  * and if your system is Linux the /home/trac/run has setgid bit set (chmod g+s run)
+  * and patch from ticket #T7239 is applied, or you'll have to fix the socket file permissions every time
+
+Unfortunately nginx does not support variable expansion in fastcgi_pass directive. 
+Thus it is not possible to serve multiple trac instances from one server block. 
+
+If you worry enough about security, run trac instances under separate users. 
+
+Another way to run trac as a FCGI external application is offered in ticket #T6224
+
 ----
-See also TracCgi, TracModPython, TracInstall, TracGuide
+See also:  TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracCgi CGI], [wiki:TracModPython ModPython], [trac:TracNginxRecipe TracNginxRecipe]