Changes between Version 3 and Version 4 of TracFastCgi
- Timestamp:
- Apr 21, 2021 12:46:18 PM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracFastCgi
v3 v4 4 4 [[PageOutline(2-5, Contents, floated)]] 5 5 6 [http ://www.fastcgi.com/ FastCGI] interface allows Trac to remain resident much like with [wiki:TracModPython mod_python] or [wiki:TracModWSGI mod_wsgi]. It is faster than external CGI interfaces which must start a new process for each request. Additionally, it is supported bymuch wider variety of web servers.7 8 Note that unlike mod_python, FastCGI supports [http ://httpd.apache.org/docs/suexec.html Apache SuEXEC], ie run with different permissions than the web server runs with. `mod_wsgi` supports the `WSGIDaemonProcess` with user / group parameters to achieve the same effect.6 [https://fastcgi-archives.github.io FastCGI] interface allows Trac to remain resident much like with [wiki:TracModPython mod_python] or [wiki:TracModWSGI mod_wsgi]. It is faster than external CGI interfaces which must start a new process for each request. Additionally, it is supported by a much wider variety of web servers. 7 8 Note that unlike mod_python, FastCGI supports [https://httpd.apache.org/docs/suexec.html Apache SuEXEC], ie run with different permissions than the web server runs with. `mod_wsgi` supports the `WSGIDaemonProcess` with user / group parameters to achieve the same effect. 9 9 10 10 '''Note for Windows:''' Trac's FastCGI does not run under Windows, as Windows does not implement `Socket.fromfd`, which is used by `_fcgi.py`. If you want to connect to IIS, you may want to try [trac:TracOnWindowsIisAjp AJP]/[trac:TracOnWindowsIisAjp ISAPI]. 11 11 12 == Simple Apache configuration 13 14 There are two FastCGI modules commonly available for Apache: `mod_fastcgi` and 15 `mod_fcgid` (preferred). The latter is more up-to-date. 12 == Apache configuration 13 14 There are two FastCGI modules commonly available for Apache: `mod_fastcgi` and `mod_fcgid` (preferred). The latter is more up-to-date. 16 15 17 16 The following sections focus on the FCGI specific setup, see also [wiki:TracModWSGI#ConfiguringAuthentication] for configuring the authentication in Apache. 18 17 19 Regardless of which cgi module is used, be sure the web server has executable permissions on the cgi-bin folder. While FastCGI will throw specific permissions errors, mod_fcgid will throw an ambiguous error if this has not been done . Connection reset by peer: mod_fcgid: error reading data from FastCGI server.18 Regardless of which cgi module is used, be sure the web server has executable permissions on the cgi-bin folder. While FastCGI will throw specific permissions errors, mod_fcgid will throw an ambiguous error if this has not been done: `Connection reset by peer: mod_fcgid: error reading data from FastCGI server`. 20 19 21 20 === Set up with `mod_fastcgi` 22 21 23 22 `mod_fastcgi` uses `FastCgiIpcDir` and `FastCgiConfig` directives that should be added to an appropriate Apache configuration file: 24 {{{ 23 {{{#!apache 25 24 # Enable fastcgi for .fcgi files 26 25 # (If you're using a distro package for mod_fcgi, something like … … 32 31 LoadModule fastcgi_module /usr/lib/apache2/modules/mod_fastcgi.so 33 32 }}} 33 34 34 Setting `FastCgiIpcDir` is optional if the default is suitable. Note that the `LoadModule` line must be after the `IfModule` group. 35 35 36 Configure `ScriptAlias` or similar options as described in TracCgi, but 37 calling `trac.fcgi` instead of `trac.cgi`. 36 Configure `ScriptAlias` or similar options as described in TracCgi, but calling `trac.fcgi` instead of `trac.cgi`. 38 37 39 38 Add the following to the Apache configuration file (below the `FastCgiIpcDir` line) if you intend to set up the `TRAC_ENV` as an overall default: 40 {{{ 39 {{{#!apache 41 40 FastCgiConfig -initial-env TRAC_ENV=/path/to/env/trac 42 41 }}} 43 42 44 43 Alternatively, you can serve multiple Trac projects in a directory by adding this: 45 {{{ 44 {{{#!apache 46 45 FastCgiConfig -initial-env TRAC_ENV_PARENT_DIR=/parent/dir/of/projects 47 46 }}} 48 47 48 You can also specify the `PYTHON_EGG_CACHE` environment variable using a second `-initial-env` directive: 49 {{{#!apache 50 FastCgiConfig -initial-env TRAC_ENV=/var/lib/trac \ 51 -initial-env PYTHON_EGG_CACHE=/var/lib/trac/plugin-cache 52 }}} 53 49 54 === Set up with `mod_fcgid` 50 55 51 56 Configure `ScriptAlias` (see TracCgi for details), but call `trac.fcgi` instead of `trac.cgi`: 52 {{{ 57 {{{#!apache 53 58 ScriptAlias /trac /path/to/www/trac/cgi-bin/trac.fcgi/ 54 59 }}} 60 55 61 Note the slash at the end. 56 62 57 To set up Trac environment for `mod_fcgid` it is necessary to use `DefaultInitEnv` directive. It cannot be used in `Directory` or `Location` context, so if you need to support multiple projects, try alternative environment setup below. 58 59 {{{ 63 To set up Trac environment for `mod_fcgid` it is necessary to use `DefaultInitEnv` directive. It cannot be used in `Directory` or `Location` context, so if you need to support multiple projects, try the alternative environment setup below: 64 {{{#!apache 60 65 DefaultInitEnv TRAC_ENV /path/to/env/trac/ 61 66 }}} 62 67 63 === alternative environment setup64 65 A better method to specify path to the Trac environment is to embed the path into `trac.fcgi` script itself. That doesn't require configuration of the server environment variables, works for both [trac:FastCgi] modules as well as for [http://www.lighttpd.net/ lighttpd] and CGI:66 {{{ 68 === Alternative environment setup 69 70 A better method to specify the path to the Trac environment is to embed the path into `trac.fcgi` script itself. That doesn't require configuration of the server environment variables, works for both [trac:FastCgi] modules as well as for [https://www.lighttpd.net/ lighttpd] and CGI: 71 {{{#!python 67 72 import os 68 73 os.environ['TRAC_ENV'] = "/path/to/projectenv" 69 74 }}} 75 70 76 or: 71 {{{ 77 {{{#!python 72 78 import os 73 79 os.environ['TRAC_ENV_PARENT_DIR'] = "/path/to/project/parent/dir" … … 77 83 78 84 See [https://coderanger.net/~coderanger/httpd/fcgi_example.conf this fcgid example config] which uses a !ScriptAlias directive with trac.fcgi with a trailing / like this: 79 {{{ 85 {{{#!apache 80 86 ScriptAlias / /srv/tracsite/cgi-bin/trac.fcgi/ 81 87 }}} 82 88 83 == SimpleCherokee Configuration84 85 The configuration on Cherokee's side is quite simple. You will only need to know that you can spawn Trac as an SCGI process.86 You can either start it manually, or better yet, automatically by letting Cherokee spawn the server whenever it is down. 89 == Cherokee Configuration 90 91 Configuring [http://cherokee-project.com/ Cherokee] with Trac is straightforward, if you spawn Trac as an SCGI process. You can either start it manually, or better yet, automatically by letting Cherokee spawn the server whenever it is down. 92 87 93 First set up an information source in cherokee-admin with a local interpreter: 88 94 … … 98 104 99 105 After doing this, we will just have to create a new rule managed by the SCGI handler to access Trac. It can be created in a new virtual server, trac.example.net for instance, and will only need two rules. The '''default''' one will use the SCGI handler associated to the previously created information source. 100 The second rule will be there to serve the few static files needed to correctly display the Trac interface. Create it as ''Directory rule'' for ''/common'' and just set it to the ''Static files'' handler and with a ''Document root'' that points to the appropriate files: ''$TRAC_LOCAL/htdocs/'' (where $TRAC_LOCAL is a directory defined by the user or the system administrator to place local trac resources). 101 102 Note:\\ 103 If the tracd process fails to start up, and cherokee displays a 503 error page, you might be missing the [http://trac.saddi.com/flup python-flup] package.\\ 104 Python-flup is a dependency which provides trac with SCGI capability. You can install it on debian based systems with: 105 {{{ 106 The second rule will be there to serve the few static files needed to correctly display the Trac interface. Create it as ''Directory rule'' for ''/common'' and just set it to the ''Static files'' handler and with a ''Document root'' that points to the appropriate files: ''$TRAC_LOCAL/htdocs/'' (where $TRAC_LOCAL is a directory defined by the user or the system administrator to place local Trac resources). 107 108 '''Note:''' If the tracd process fails to start up, and Cherokee displays a 503 error page, you might be missing the [https://www.saddi.com/software/flup/ python-flup] package ([trac:#9903]). Python-flup is a dependency which provides Trac with SCGI capability. You can install it on Debian based systems with: 109 {{{#!sh 106 110 sudo apt-get install python-flup 107 111 }}} 108 112 109 == SimpleLighttpd Configuration110 111 The FastCGI front-end was developed primarily for use with alternative webservers, such as [http ://www.lighttpd.net/ Lighttpd].113 == Lighttpd Configuration 114 115 The FastCGI front-end was developed primarily for use with alternative webservers, such as [https://www.lighttpd.net/ Lighttpd]. 112 116 113 117 Lighttpd is a secure, fast, compliant and very flexible web-server that has been optimized for high-performance environments. It has a very low memory footprint compared to other web servers and takes care of CPU load. … … 157 161 }}} 158 162 159 Note that field values are different. If you prefer setting the environment variables in the `.fcgi` scripts, then copy/rename `trac.fcgi`, eg to `first.fcgi` and `second.fcgi`, and reference them in the above settings.163 Note that the field values are different. If you prefer setting the environment variables in the `.fcgi` scripts, then copy/rename `trac.fcgi`, eg to `first.fcgi` and `second.fcgi`, and reference them in the above settings. 160 164 Note that the above will result in different processes in any event, even if both are running from the same `trac.fcgi` script. 161 165 162 {{{ 163 #!div class=important 164 '''Note''' It's very important the order on which server.modules are loaded, if mod_auth is not loaded '''BEFORE''' mod_fastcgi, then the server will fail to authenticate the user. 166 {{{#!div class=important 167 '''Note:''' The order in which the server.modules are loaded is very important: if mod_auth is not loaded '''before''' mod_fastcgi, then the server will fail to authenticate the user. 165 168 }}} 166 169 … … 177 180 # Separated password files for each project 178 181 # See "Conditional Configuration" in 179 # http ://trac.lighttpd.net/trac/file/branches/lighttpd-merge-1.4.x/doc/configuration.txt182 # https://redmine.lighttpd.net/projects/lighttpd/repository/entry/doc/configuration.txt?rev=lighttpd-1.4.28 180 183 181 184 $HTTP["url"] =~ "^/first/" { … … 187 190 188 191 # Enable auth on trac URLs, see 189 # http ://trac.lighttpd.net/trac/file/branches/lighttpd-merge-1.4.x/doc/authentication.txt192 # https://redmine.lighttpd.net/projects/lighttpd/repository/entry/doc/authentication.txt?rev=lighttpd-1.4.28 190 193 191 194 auth.require = ("/first/login" => … … 202 205 203 206 }}} 207 204 208 Note that Lighttpd (v1.4.3) stops if the password file doesn't exist. 205 209 … … 232 236 233 237 The technique can be easily adapted for use with multiple projects by creating aliases for each of them, and wrapping the fastcgi.server declarations inside conditional configuration blocks. 234 Also there is another way to handle multiple projects and it's to use TRAC_ENV_PARENT_DIR instead of TRAC_ENV and use global auth, let's see an example: 238 239 Also there is another way to handle multiple projects and it uses `TRAC_ENV_PARENT_DIR` instead of `TRAC_ENV` as well as global authentication: 235 240 {{{ 236 241 # This is for handling multiple projects … … 276 281 ) 277 282 }}} 283 278 284 For details about languages specification see [trac:TracFaq TracFaq] question 2.13. 279 285 280 286 Other important information like the [wiki:TracInstall#MappingStaticResources mapping static resources advices] are useful for non-fastcgi specific installation aspects. 281 ]282 287 283 288 Relaunch Lighttpd and browse to `http://yourhost.example.org/trac` to access Trac. … … 285 290 Note about running Lighttpd with reduced permissions: If nothing else helps and trac.fcgi doesn't start with Lighttpd settings `server.username = "www-data"`, `server.groupname = "www-data"`, then in the `bin-environment` section set `PYTHON_EGG_CACHE` to the home directory of `www-data` or some other directory accessible to this account for writing. 286 291 287 == Simple!LiteSpeed Configuration288 289 The FastCGI front-end was developed primarily for use with alternative webservers, such as [http ://www.litespeedtech.com/ LiteSpeed].292 == !LiteSpeed Configuration 293 294 The FastCGI front-end was developed primarily for use with alternative webservers, such as [https://www.litespeedtech.com/ LiteSpeed]. 290 295 291 296 !LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. !LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments. 292 297 293 298 1. Please make sure you have a working install of a Trac project. Test install with "tracd" first. 294 295 2. Create a Virtual Host for this setup. From now on we will refer to this vhost as !TracVhost. For this tutorial we will be assuming that your Trac project will be accessible via: 299 1. Create a Virtual Host for this setup. From now on we will refer to this vhost as !TracVhost. For this tutorial we will be assuming that your Trac project will be accessible via: 296 300 {{{ 297 301 http://yourdomain.com/trac/ 298 302 }}} 299 300 3. Go "!TracVhost → External Apps" tab and create a new "External Application". 303 1. Go "!TracVhost → External Apps" tab and create a new "External Application": 301 304 {{{ 302 305 Name: MyTracFCGI … … 314 317 Instances: 10 315 318 }}} 316 317 4. Optional: If you need to use htpasswd based authentication. Go to "!TracVhost → Security" tab and create a new security Realm. 318 319 {{{ 319 1. Optional: If you need to use htpasswd based authentication. Go to "!TracVhost → Security" tab and create a new security Realm: 320 {{{ 320 321 DB Type: Password File 321 322 Realm Name: MyTracUserDB <--- any name you wish and referenced later 322 323 User DB Location: /fullpathto/htpasswd <--- path to your htpasswd file 323 324 }}} 324 325 If you don’t have a htpasswd file or don’t know how to create the entries within one, go to http://sherylcanter.com/encrypt.php, to generate the user:password combos. 326 327 5. Go to "!PythonVhost → Contexts" and create a new FCGI Context. 328 329 {{{ 325 If you don’t have a htpasswd file or don’t know how to create the entries within one, go to http://sherylcanter.com/encrypt.php, to generate the user:password combos. 326 1. Go to "!PythonVhost → Contexts" and create a new FCGI Context: 327 {{{ 330 328 URI: /trac/ <--- URI path to bind to python fcgi app we created 331 Fast CGI App: [VHost Level] MyTractFCGI <--- select the trac fcgi extapp we just created329 Fast CGI App: [VHost Level] MyTractFCGI <--- select the Trac fcgi extapp we just created 332 330 Realm: TracUserDB <--- only if (4) is set. select realm created in (4) 333 331 }}} 334 335 6. Modify `/fullpathto/mytracproject/conf/trac.ini` 336 337 {{{ 332 1. Modify `/fullpathto/mytracproject/conf/trac.ini`: 333 {{{ 338 334 #find/set base_rul, url, and link variables 339 335 base_url = http://yourdomain.com/trac/ <--- base url to generate correct links to … … 341 337 link = http://yourdomain.com/trac/ <--- link of graphic logo 342 338 }}} 343 344 7. Restart !LiteSpeed, “lswsctrl restart”, and access your new Trac project at: 345 346 {{{ 347 http://yourdomain.com/trac/ 348 }}} 349 350 == Simple Nginx Configuration 351 352 Nginx is able to communicate with FastCGI processes, but can not spawn them. So you need to start FastCGI server for Trac separately. 339 1. Restart !LiteSpeed: `lswsctrl restart`, and access your new Trac project at {{{http://yourdomain.com/trac/}}}. 340 341 == Nginx Configuration 342 343 [https://nginx.org/en/ Nginx] is able to communicate with FastCGI processes, but can not spawn them. So you need to start FastCGI server for Trac separately. 353 344 354 345 1. Nginx configuration with basic authentication handled by Nginx - confirmed to work on 0.6.32 355 {{{ 346 {{{#!nginx 356 347 server { 357 348 listen 10.9.8.7:443; … … 416 407 }}} 417 408 1. Modified trac.fcgi: 418 {{{ 409 {{{#!python 419 410 #!/usr/bin/env python 420 411 import os … … 447 438 448 439 }}} 449 1. reload nginx and launch trac.fcgi like that:440 1. Reload nginx and launch trac.fcgi: 450 441 {{{#!sh 451 442 trac@trac.example ~ $ ./trac-standalone-fcgi.py … … 453 444 454 445 The above assumes that: 455 * There is a user named 'trac' for running trac instances and keeping trac environments in its home directory456 * `/home/trac/instance` contains a trac environment446 * There is a user named 'trac' for running Trac instances and keeping Trac environments in its home directory 447 * `/home/trac/instance` contains a Trac environment 457 448 * `/home/trac/htpasswd` contains authentication information 458 * `/home/trac/run` is owned by the same group the nginx runs under449 * `/home/trac/run` is owned by the same group the Nginx runs under 459 450 * and if your system is Linux the `/home/trac/run` has setgid bit set (`chmod g+s run`) 460 * and patch from ticket #T7239is applied, or you'll have to fix the socket file permissions every time461 462 Unfortunately nginx does not support variable expansion in fastcgi_pass directive.451 * and patch from [trac:#7239] is applied, or you'll have to fix the socket file permissions every time 452 453 Unfortunately Nginx does not support variable expansion in fastcgi_pass directive. 463 454 Thus it is not possible to serve multiple Trac instances from one server block. 464 455 465 456 If you worry enough about security, run Trac instances under separate users. 466 457 467 Another way to run Trac as a FCGI external application is offered in ticket #T6224458 Another way to run Trac as a FCGI external application is offered in [trac:#6224]. 468 459 469 460 ---- 470 See also: 461 See also: TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracCgi CGI], [wiki:TracModPython ModPython], [trac:TracNginxRecipe TracNginxRecipe]