Changes between Version 1 and Version 2 of TracStandalone


Ignore:
Timestamp:
Oct 22, 2021, 8:34:04 PM (7 months ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracStandalone

    v1 v2  
    1 = Tracd =
     1= Tracd
    22
    33Tracd is a lightweight standalone Trac web server.
    44It can be used in a variety of situations, from a test or development server to a multiprocess setup behind another web server used as a load balancer.
    55
    6 == Pros ==
     6== Pros
    77
    88 * Fewer dependencies: You don't need to install apache or any other web-server.
     
    1010 * Automatic reloading: For development, Tracd can be used in ''auto_reload'' mode, which will automatically restart the server whenever you make a change to the code (in Trac itself or in a plugin).
    1111
    12 == Cons ==
     12== Cons
    1313
    1414 * Fewer features: Tracd implements a very simple web-server and is not as configurable or as scalable as Apache httpd.
     
    1616   or [trac:wiki:STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy.
    1717
    18 == Usage examples ==
     18== Usage examples
    1919
    2020A single project on port 8080. (http://localhost:8080/)
    21 {{{
     21{{{#!sh
    2222 $ tracd -p 8080 /path/to/project
    2323}}}
    24 Strictly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname'' option.
    25 {{{
     24Strictly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use the `--hostname` option.
     25{{{#!sh
    2626 $ tracd --hostname=localhost -p 8080 /path/to/project
    2727}}}
    2828With more than one project. (http://localhost:8080/project1/ and http://localhost:8080/project2/)
    29 {{{
     29{{{#!sh
    3030 $ tracd -p 8080 /path/to/project1 /path/to/project2
    3131}}}
     
    3535
    3636An alternative way to serve multiple projects is to specify a parent directory in which each subdirectory is a Trac project, using the `-e` option. The example above could be rewritten:
    37 {{{
     37{{{#!sh
    3838 $ tracd -p 8080 -e /path/to
    3939}}}
    4040
    41 To exit the server on Windows, be sure to use {{{CTRL-BREAK}}} -- using {{{CTRL-C}}} will leave a Python process running in the background.
    42 
    43 == Installing as a Windows Service ==
    44 
    45 === Option 1 ===
    46 To install as a Windows service, get the [http://www.google.com/search?q=srvany.exe SRVANY] utility and run:
    47 {{{
     41There is support for the HTTPS protocol (//Since 1.3.4//). Specify the path to the PEM certificate file and keyfile using the `--certfile` and `--keyfile` options. You can specify just the `--certfile` option if you have a [https://docs.python.org/2/library/ssl.html#combined-key-and-certificate combined key and certificate].
     42
     43To exit the server on Windows, be sure to use `CTRL-BREAK` -- using `CTRL-C` will leave a Python process running in the background.
     44
     45== Installing as a Windows Service
     46
     47=== Option 1
     48To install as a Windows service, get the [https://www.google.com/search?q=srvany.exe SRVANY] utility and run:
     49{{{#!cmd
    4850 C:\path\to\instsrv.exe tracd C:\path\to\srvany.exe
    49  reg add HKLM\SYSTEM\CurrentControlSet\Services\tracd\Parameters /v Application /d "\"C:\path\to\python.exe\" \"C:\path\to\python\scripts\tracd-script.py\" <your tracd parameters>"
     51 reg add HKLM\SYSTEM\CurrentControlSet\Services\tracd\Parameters /v Application /d "\"C:\path\to\python.exe\" \"C:\path\to\python\scripts\tracd.exe\" <your tracd parameters>"
    5052 net start tracd
    5153}}}
    5254
    53 '''DO NOT''' use {{{tracd.exe}}}.  Instead register {{{python.exe}}} directly with {{{tracd-script.py}}} as a parameter.  If you use {{{tracd.exe}}}, it will spawn the python process without SRVANY's knowledge.  This python process will survive a {{{net stop tracd}}}.
     55{{{#!div style="border: 1pt dotted; margin: 1em;"
     56**Attention:** Do not use `tracd.exe` directly.  Instead register `python.exe` directly with `tracd.exe` as a parameter.  If you use `tracd.exe`, it will spawn the python process without SRVANY's knowledge.  This python process will survive a `net stop tracd`.
     57}}}
    5458
    5559If you want tracd to start automatically when you boot Windows, do:
    56 {{{
     60{{{#!cmd
    5761 sc config tracd start= auto
    5862}}}
     
    6569
    6670Three (string) parameters are provided:
    67 ||!AppDirectory ||C:\Python26\ ||
     71||!AppDirectory ||C:\Python27\ ||
    6872||Application ||python.exe ||
    69 ||!AppParameters ||scripts\tracd-script.py -p 8080 ... ||
     73||!AppParameters ||scripts\tracd.exe -p 8080 ... ||
    7074
    7175Note that, if the !AppDirectory is set as above, the paths of the executable ''and'' of the script name and parameter values are relative to the directory.  This makes updating Python a little simpler because the change can be limited, here, to a single point.
     
    7377}}}
    7478
    75 For Windows 7 User, srvany.exe may not be an option, so you can use [http://www.google.com/search?q=winserv.exe WINSERV] utility and run:
    76 {{{
    77 "C:\path\to\winserv.exe" install tracd -displayname "tracd" -start auto "C:\path\to\python.exe" c:\path\to\python\scripts\tracd-script.py <your tracd parameters>"
    78 
     79For Windows 7 User, srvany.exe may not be an option, so you can use [https://www.google.com/search?q=winserv.exe WINSERV] utility and run:
     80{{{#!cmd
     81"C:\path\to\winserv.exe" install tracd -displayname "tracd" -start auto "C:\path\to\python.exe" c:\path\to\python\scripts\tracd.exe <your tracd parameters>"
    7982net start tracd
    8083}}}
    8184
    82 === Option 2 ===
    83 
    84 Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service.
    85 
    86 === Option 3 ===
     85=== Option 2
     86
     87Use [https://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [https://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service.
     88
     89=== Option 3
    8790
    8891also cygwin's cygrunsrv.exe can be used:
    89 {{{
     92{{{#!sh
    9093$ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects'
    9194$ net start tracd
    9295}}}
    9396
    94 == Using Authentication ==
    95 
    96 Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (htpasswd and htdigest) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without htpasswd or htdigest; see below for alternatives)
    97 
    98 Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux) may go undetected.
     97== Using Authentication
     98
     99Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (`htpasswd` and `htdigest`) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without `htpasswd` or `htdigest`; see below for alternatives)
     100
     101{{{#!div style="border: 1pt dotted; margin: 1em"
     102**Attention:** Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux, or HFS+ on OSX).
     103}}}
    99104
    100105Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line.
    101106
    102107The general format for using authentication is:
    103 {{{
     108{{{#!sh
    104109 $ tracd -p port --auth="base_project_dir,password_file_path,realm" project_path
    105110}}}
     
    117122Examples:
    118123
    119 {{{
     124{{{#!sh
    120125 $ tracd -p 8080 \
    121126   --auth="project1,/path/to/passwordfile,mycompany.com" /path/to/project1
     
    123128
    124129Of course, the password file can be be shared so that it is used for more than one project:
    125 {{{
     130{{{#!sh
    126131 $ tracd -p 8080 \
    127132   --auth="project1,/path/to/passwordfile,mycompany.com" \
     
    131136
    132137Another way to share the password file is to specify "*" for the project name:
    133 {{{
     138{{{#!sh
    134139 $ tracd -p 8080 \
    135140   --auth="*,/path/to/users.htdigest,mycompany.com" \
     
    137142}}}
    138143
    139 === Basic Authorization: Using a htpasswd password file ===
     144=== Basic Authorization: Using a htpasswd password file
    140145This section describes how to use `tracd` with Apache .htpasswd files.
    141146
    142   Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to
    143   decode some htpasswd formats.  Trac source code attempt an `import crypt` first, but there
    144   is no such package for Python 2.6. Only `SHA-1` passwords (since Trac 1.0) work without this module.
     147  Note: On Windows It is necessary to install the [https://pypi.python.org/pypi/passlib passlib]
     148  package in order to decode some htpasswd formats. Only `SHA-1` passwords (since Trac 1.0)
     149  work without this module.
    145150
    146151To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache):
    147 {{{
     152{{{#!sh
    148153 $ sudo htpasswd -c /path/to/env/.htpasswd username
    149154}}}
    150155then for additional users:
    151 {{{
     156{{{#!sh
    152157 $ sudo htpasswd /path/to/env/.htpasswd username2
    153158}}}
    154159
    155160Then to start `tracd` run something like this:
    156 {{{
    157  $ tracd -p 8080 --basic-auth="projectdirname,/fullpath/environmentname/.htpasswd,realmname" /fullpath/environmentname
     161{{{#!sh
     162 $ tracd -p 8080 --basic-auth="project,/fullpath/environmentname/.htpasswd,realmname" /path/to/project
    158163}}}
    159164
    160165For example:
    161 {{{
    162  $ tracd -p 8080 --basic-auth="testenv,/srv/tracenv/testenv/.htpasswd,My Test Env" /srv/tracenv/testenv
     166{{{#!sh
     167 $ tracd -p 8080 --basic-auth="project,/srv/tracenv/testenv/.htpasswd,My Test Env" /path/to/project
    163168}}}
    164169''Note:'' You might need to pass "-m" as a parameter to htpasswd on some platforms (OpenBSD).
    165170
    166 === Digest authentication: Using a htdigest password file ===
    167 
    168 If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions.  You'll be prompted for a password to enter for each user that you create.  For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file.
     171=== Digest authentication: Using a htdigest password file
     172
     173If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [https://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions.  You'll be prompted for a password to enter for each user that you create.  For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file.
    169174
    170175Note that you can start tracd without the `--auth` argument, but if you click on the ''Login'' link you will get an error.
    171176
    172 === Generating Passwords Without Apache ===
    173 
    174 Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5.
    175 
    176 You can use this simple Python script to generate a '''digest''' password file:
    177 
    178 {{{
    179 #!python
    180 from optparse import OptionParser
    181 # The md5 module is deprecated in Python 2.5
    182 try:
    183     from hashlib import md5
    184 except ImportError:
    185     from md5 import md5
    186 realm = 'trac'
    187 
    188 # build the options
    189 usage = "usage: %prog [options]"
    190 parser = OptionParser(usage=usage)
    191 parser.add_option("-u", "--username",action="store", dest="username", type = "string",
    192                   help="the username for whom to generate a password")
    193 parser.add_option("-p", "--password",action="store", dest="password", type = "string",
    194                   help="the password to use")
    195 parser.add_option("-r", "--realm",action="store", dest="realm", type = "string",
    196                   help="the realm in which to create the digest")
    197 (options, args) = parser.parse_args()
    198 
    199 # check options
    200 if (options.username is None) or (options.password is None):
    201    parser.error("You must supply both the username and password")
    202 if (options.realm is not None):
    203    realm = options.realm
    204    
    205 # Generate the string to enter into the htdigest file
    206 kd = lambda x: md5(':'.join(x)).hexdigest()
    207 print ':'.join((options.username, realm, kd([options.username, realm, options.password])))
    208 }}}
    209 
    210 Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py):
    211 
    212 {{{
    213  $ python trac-digest.py -u username -p password >> c:\digest.txt
    214  $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name
     177=== Generating Passwords Without Apache
     178
     179Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd. Windows Python can grok MD5 password hashes just fine and you should use MD5.
     180
     181Trac also provides `htpasswd` and `htdigest` scripts in `contrib`:
     182{{{#!sh
     183$ ./contrib/htpasswd.py -cb htpasswd user1 user1
     184$ ./contrib/htpasswd.py -b htpasswd user2 user2
     185}}}
     186
     187{{{#!sh
     188$ ./contrib/htdigest.py -cb htdigest trac user1 user1
     189$ ./contrib/htdigest.py -b htdigest trac user2 user2
    215190}}}
    216191
    217192==== Using `md5sum`
    218193It is possible to use `md5sum` utility to generate digest-password file:
    219 {{{
     194{{{#!sh
    220195user=
    221196realm=
     
    225200}}}
    226201
    227 == Reference ==
    228 
    229 Here's the online help, as a reminder (`tracd --help`):
     202== Reference
     203
     204Here's the online help, as a reminder (`tracd -h` or `tracd --help`):
    230205{{{
    231 Usage: tracd [options] [projenv] ...
    232 
    233 Options:
     206usage: tracd [-h] [--version] [-e PARENTDIR | -s]
     207             [-a DIGESTAUTH | --basic-auth BASICAUTH] [-p PORT] [-b HOSTNAME]
     208             [--protocol {http,https,scgi,ajp,fcgi}] [--certfile CERTFILE]
     209             [--keyfile KEYFILE] [-q] [--base-path BASE_PATH]
     210             [--http10 | --http11] [-r | -d] [--pidfile PIDFILE] [--umask MASK]
     211             [--group GROUP] [--user USER]
     212             [envs ...]
     213
     214positional arguments:
     215  envs                  path of the project environment(s)
     216
     217optional arguments:
     218  -h, --help            show this help message and exit
    234219  --version             show program's version number and exit
    235   -h, --help            show this help message and exit
    236   -a DIGESTAUTH, --auth=DIGESTAUTH
     220  -e PARENTDIR, --env-parent-dir PARENTDIR
     221                        parent directory of the project environments
     222  -s, --single-env      only serve a single project without the project list
     223  -a DIGESTAUTH, --auth DIGESTAUTH
    237224                        [projectdir],[htdigest_file],[realm]
    238   --basic-auth=BASICAUTH
     225  --basic-auth BASICAUTH
    239226                        [projectdir],[htpasswd_file],[realm]
    240   -p PORT, --port=PORT  the port number to bind to
    241   -b HOSTNAME, --hostname=HOSTNAME
     227  -p PORT, --port PORT  the port number to bind to
     228  -b HOSTNAME, --hostname HOSTNAME
    242229                        the host name or IP address to bind to
    243   --protocol=PROTOCOL   http|scgi|ajp|fcgi
    244   -q, --unquote         unquote PATH_INFO (may be needed when using ajp)
    245   --http10              use HTTP/1.0 protocol version instead of HTTP/1.1
    246   --http11              use HTTP/1.1 protocol version (default)
    247   -e PARENTDIR, --env-parent-dir=PARENTDIR
    248                         parent directory of the project environments
    249   --base-path=BASE_PATH
     230  --protocol {http,https,scgi,ajp,fcgi}
     231                        the server protocol (default: http)
     232  --certfile CERTFILE   PEM certificate file for HTTPS
     233  --keyfile KEYFILE     PEM key file for HTTPS
     234  -q, --unquote         unquote PATH_INFO (may be needed when using the ajp
     235                        protocol)
     236  --base-path BASE_PATH
    250237                        the initial portion of the request URL's "path"
     238  --http10              use HTTP/1.0 protocol instead of HTTP/1.1
     239  --http11              use HTTP/1.1 protocol (default)
    251240  -r, --auto-reload     restart automatically when sources are modified
    252   -s, --single-env      only serve a single project without the project list
    253241  -d, --daemonize       run in the background as a daemon
    254   --pidfile=PIDFILE     when daemonizing, file to which to write pid
    255   --umask=MASK          when daemonizing, file mode creation mask to use, in
    256                         octal notation (default 022)
    257   --group=GROUP         the group to run as
    258   --user=USER           the user to run as
     242  --pidfile PIDFILE     file to write pid when daemonizing
     243  --umask MASK          when daemonizing, file mode creation mask to use, in
     244                        octal notation (default: 022)
     245  --group GROUP         the group to run as
     246  --user USER           the user to run as
    259247}}}
    260248
    261249Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started.
    262250
    263 == Tips ==
    264 
    265 === Serving static content ===
    266 
    267 If `tracd` is the only web server used for the project, 
    268 it can also be used to distribute static content 
     251== Tips
     252
     253=== Serving static content
     254
     255If `tracd` is the only web server used for the project,
     256it can also be used to distribute static content
    269257(tarballs, Doxygen documentation, etc.)
    270258
     
    273261
    274262Example: given a `$TRAC_ENV/htdocs/software-0.1.tar.gz` file,
    275 the corresponding relative URL would be `/<project_name>/chrome/site/software-0.1.tar.gz`,
    276 which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax).
    277 
    278  ''Support for `htdocs:` TracLinks syntax was added in version 0.10''
     263the corresponding relative URL would be `/<project_name>/chrome/site/software-0.1.tar.gz`,
     264which in turn can be written as `htdocs:software-0.1.tar.gz` (TracLinks syntax) or `[/<project_name>/chrome/site/software-0.1.tar.gz]` (relative link syntax).
    279265
    280266=== Using tracd behind a proxy
     
    289275
    290276=== Authentication for tracd behind a proxy
    291 It is convenient to provide central external authentication to your tracd instances, instead of using {{{--basic-auth}}}. There is some discussion about this in #9206.
     277It is convenient to provide central external authentication to your tracd instances, instead of using `--basic-auth`. There is some discussion about this in [trac:#9206].
    292278
    293279Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap.
     
    295281First we bring tracd into Apache's location namespace.
    296282
    297 {{{
     283{{{#!apache
    298284<Location /project/proxified>
    299285        Require ldap-group cn=somegroup, ou=Groups,dc=domain.com
     
    306292
    307293Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory:
    308 {{{
    309 #!python
     294{{{#!python
    310295from trac.core import *
    311296from trac.config import BoolOption
     
    316301    implements(IAuthenticator)
    317302
    318     obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false', 
    319                """Whether the 'Remote-User:' HTTP header is to be trusted for user logins 
    320                 (''since ??.??').""") 
     303    obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false',
     304               """Whether the 'Remote-User:' HTTP header is to be trusted for user logins
     305                (''since ??.??').""")
    321306
    322307    def authenticate(self, req):
    323         if self.obey_remote_user_header and req.get_header('Remote-User'): 
    324             return req.get_header('Remote-User') 
     308        if self.obey_remote_user_header and req.get_header('Remote-User'):
     309            return req.get_header('Remote-User')
    325310        return None
    326311
     
    328313
    329314Add this new parameter to your TracIni:
    330 {{{
    331 ...
     315{{{#!ini
    332316[trac]
    333317...
     
    337321
    338322Run tracd:
    339 {{{
    340 tracd -p 8101 -r -s proxified --base-path=/project/proxified
     323{{{#!sh
     324tracd -p 8101 -s proxified --base-path=/project/proxified
    341325}}}
    342326
     
    344328
    345329Global config (e.g. `/srv/trac/conf/trac.ini`):
    346 {{{
     330{{{#!ini
    347331[components]
    348332remote-user-auth.* = enabled
     
    354338
    355339Environment config (e.g. `/srv/trac/envs/myenv`):
    356 {{{
     340{{{#!ini
    357341[inherit]
    358342file = /srv/trac/conf/trac.ini
    359343}}}
    360344
    361 === Serving a different base path than / ===
     345=== Serving a different base path than /
    362346Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is
    363 {{{
     347{{{#!sh
    364348 $ tracd --base-path=/some/path
    365349}}}