Changes between Version 1 and Version 2 of TracFastCgi

Show
Ignore:
Timestamp:
2009/12/27 07:40:49 (14 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracFastCgi

    v1 v2  
    11= Trac with FastCGI = 
    22 
    3 Since version 0.9, Trac supports being run through the [http://www.fastcgi.com/ FastCGI] interface. Like [wiki:TracModPython mod_python], this allows Trac to remain resident, and is faster than external CGI interfaces which must start a new process for each request. However, unlike mod_python, it is able to support [http://httpd.apache.org/docs/suexec.html SuEXEC]. Additionally, it is supported by much wider variety of web servers. 
     3[http://www.fastcgi.com/ FastCGI] interface allows Trac to remain resident much like with [wiki:TracModPython mod_python]. It is faster than external CGI interfaces which must start a new process for each request. However, unlike mod_python, FastCGI supports [http://httpd.apache.org/docs/suexec.html Apache SuEXEC], i.e. run with different permissions than web server. Additionally, it is supported by much wider variety of web servers. 
     4 
     5'''Note for Windows:''' Trac's FastCGI does not run under Windows, as Windows does not implement `Socket.fromfd`, which is used by `_fcgi.py`. If you want to connect to IIS, you may want to try [trac:TracOnWindowsIisAjp AJP]. 
    46 
    57== Simple Apache configuration == 
    68 
    79There are two FastCGI modules commonly available for Apache: `mod_fastcgi` and 
    8 `mod_fcgid`.  The `FastCgiIpcDir` and `FastCgiConfig` directives discussed 
    9 below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_fgcid` 
    10 directive. 
    11  
    12 For `mod_fastcgi`, add the following to an appropriate Apache configuration 
    13 file: 
     10`mod_fcgid` (preferred). The latter is more up-to-date. 
     11 
     12==== setup with `mod_fastcgi` ==== 
     13`mod_fastcgi` uses `FastCgiIpcDir` and `FastCgiConfig` directives that should be added to an appropriate Apache configuration file: 
    1414{{{ 
    1515# Enable fastcgi for .fcgi files 
     
    3737}}} 
    3838 
    39 But neither of these will work for `mod_fcgid`.  A similar but partial 
    40 solution for `mod_fcgid` is: 
    41 {{{ 
    42 DefaultInitEnv TRAC_ENV /path/to/env/trac/ 
    43 }}} 
    44 But this cannot be used in `Directory` or `Location` context, which makes it 
    45 difficult to support multiple projects. 
    46  
    47 A better method which works for both of these modules (and for  [http://www.lighttpd.net/ lighttpd] and CGI as well), because it involves 
    48 no server configuration settings for environment variables, is to set one 
    49 of the variables in `trac.fcgi`, e.g.: 
     39==== setup with `mod_fcgid` ==== 
     40Configure `ScriptAlias` (see TracCgi for details), but call `trac.fcgi` 
     41instead of `trac.cgi`. Note that slash at the end - it is important. 
     42{{{ 
     43ScriptAlias /trac /path/to/www/trac/cgi-bin/trac.fcgi/ 
     44}}} 
     45 
     46To setup Trac environment for `mod_fcgid` it is necessary to use 
     47`FCGIDDefaultInitEnv` directive. It cannot be used in `Directory` or 
     48`Location` context, so if you need to support multiple projects, try 
     49alternative environment setup below. 
     50 
     51{{{ 
     52FCGIDDefaultInitEnv TRAC_ENV /path/to/env/trac/ 
     53}}} 
     54 
     55==== alternative environment setup ==== 
     56A better method to specify path to Trac environment it to embed the path 
     57into `trac.fcgi` script itself. That doesn't require configuration of server 
     58environment variables, works for both FastCgi modules 
     59(and for [http://www.lighttpd.net/ lighttpd] and CGI as well): 
    5060{{{ 
    5161import os 
     
    5868}}} 
    5969 
    60 Using this method, different projects can be supported by using different 
    61 `.fcgi` scripts with different `ScriptAliases`, copying and appropriately 
    62 renaming `trac.fcgi` and adding the above code to create each such script. 
     70With this method different projects can be supported by using different 
     71`.fcgi` scripts with different `ScriptAliases`. 
     72 
     73See [https://coderanger.net/~coderanger/httpd/fcgi_example.conf this fcgid example config] which uses a !ScriptAlias directive with trac.fcgi with a trailing / like this: 
     74{{{ 
     75ScriptAlias / /srv/tracsite/cgi-bin/trac.fcgi/ 
     76}}} 
     77 
     78== Simple Cherokee Configuration == 
     79 
     80The configuration on Cherokee's side is quite simple. You will only need to know that you can spawn Trac as an SCGI process. 
     81You can either start it manually, or better yet, automatically by letting Cherokee spawn the server whenever it is down. 
     82First set up an information source in cherokee-admin with a local interpreter. 
     83 
     84{{{ 
     85Host: 
     86localhost:4433 
     87 
     88Interpreter: 
     89/usr/bin/tracd —single-env —daemonize —protocol=scgi —hostname=localhost —port=4433 /path/to/project/ 
     90}}} 
     91 
     92If the port was not reachable, the interpreter command would be launched. Note that, in the definition of the information source, you will have to manually launch the spawner if you use a ''Remote host'' as ''Information source'' instead of a ''Local interpreter''. 
     93 
     94After doing this, we will just have to create a new rule managed by the SCGI handler to access Trac. It can be created in a new virtual server, trac.example.net for instance, and will only need two rules. The '''default''' one will use the SCGI handler associated to the previously created information source. 
     95The second rule will be there to serve the few static files needed to correctly display the Trac interface. Create it as ''Directory rule'' for ''/chrome/common'' and just set it to the ''Static files'' handler and with a ''Document root'' that points to the appropriate files: ''/usr/share/trac/htdocs/'' 
    6396 
    6497== Simple Lighttpd Configuration == 
     
    69102environments.  It has a very low memory footprint compared to other web servers and takes care of CPU load. 
    70103 
    71 For using `trac.fcgi` with lighttpd add the following to your lighttpd.conf: 
    72 {{{ 
     104For using `trac.fcgi`(prior to 0.11) / fcgi_frontend.py (0.11) with lighttpd add the following to your lighttpd.conf: 
     105{{{ 
     106#var.fcgi_binary="/usr/bin/python /path/to/fcgi_frontend.py" # 0.11 if installed with easy_setup, it is inside the egg directory 
     107var.fcgi_binary="/path/to/cgi-bin/trac.fcgi" # 0.10 name of prior fcgi executable 
    73108fastcgi.server = ("/trac" => 
     109    
    74110                   ("trac" => 
    75111                     ("socket" => "/tmp/trac-fastcgi.sock", 
    76                       "bin-path" => "/path/to/cgi-bin/trac.fcgi", 
     112                      "bin-path" => fcgi_binary, 
    77113                      "check-local" => "disable", 
    78114                      "bin-environment" => 
     
    92128                   ("first" => 
    93129                    ("socket" => "/tmp/trac-fastcgi-first.sock", 
    94                      "bin-path" => "/path/to/cgi-bin/trac.fcgi", 
     130                     "bin-path" => fcgi_binary, 
    95131                     "check-local" => "disable", 
    96132                     "bin-environment" => 
     
    101137                    ("second" => 
    102138                    ("socket" => "/tmp/trac-fastcgi-second.sock", 
    103                      "bin-path" => "/path/to/cgi-bin/trac.fcgi", 
     139                     "bin-path" => fcgi_binary, 
    104140                     "check-local" => "disable", 
    105141                     "bin-environment" => 
     
    115151if both are running from the same `trac.fcgi` script. 
    116152{{{ 
    117 #!html 
    118 <p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;"> 
    119 <strong>Note from c00i90wn:</strong> It's very important the order on which server.modules are loaded, if mod_auth is not loaded <strong>BEFORE</strong> mod_fastcgi, then the server will fail to authenticate the user. 
    120 </p> 
     153#!div class=important 
     154'''Note''' It's very important the order on which server.modules are loaded, if mod_auth is not loaded '''BEFORE''' mod_fastcgi, then the server will fail to authenticate the user. 
    121155}}} 
    122156For authentication you should enable mod_auth in lighttpd.conf 'server.modules', select auth.backend and auth rules: 
     
    177211                   ("trac" => 
    178212                     ("socket" => "/tmp/trac-fastcgi.sock", 
    179                       "bin-path" => "/path/to/cgi-bin/trac.fcgi", 
     213                      "bin-path" => fcgi_binary, 
    180214                      "check-local" => "disable", 
    181215                      "bin-environment" => 
     
    196230                        ( 
    197231                          "socket" => "/tmp/trac.sock", 
    198                           "bin-path" => "/path/to/cgi-bin/trac.fcgi", 
     232                          "bin-path" => fcgi_binary, 
    199233                          "check-local" => "disable", 
    200234                          "bin-environment" => 
     
    222256                   ("trac" => 
    223257                     ("socket" => "/tmp/trac-fastcgi.sock", 
    224                       "bin-path" => "/path/to/cgi-bin/trac.fcgi", 
     258                      "bin-path" => fcgi_binary, 
    225259                      "check-local" => "disable", 
    226260                      "bin-environment" => 
     
    231265                 ) 
    232266}}} 
    233 For details about languages specification see TracFaq question 2.13. 
     267For details about languages specification see [trac:TracFaq TracFaq] question 2.13. 
    234268 
    235269Other important information like [http://trac.lighttpd.net/trac/wiki/TracInstall this updated TracInstall page], [wiki:TracCgi#MappingStaticResources and this] are useful for non-fastcgi specific installation aspects. 
     
    244278 
    245279 
    246 == Simple LiteSpeed Configuration == 
     280== Simple !LiteSpeed Configuration == 
    247281 
    248282The FastCGI front-end was developed primarily for use with alternative webservers, such as [http://www.litespeedtech.com/ LiteSpeed]. 
    249283 
    250 LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments. 
     284!LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. !LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments. 
    251285 
    252286Setup 
     
    293327URI: /trac/                              <--- URI path to bind to python fcgi app we created     
    294328Fast CGI App: [VHost Level] MyTractFCGI  <--- select the trac fcgi extapp we just created 
    295 Realm: TracUserDB                        <--- only if (4) is set. select ream created in (4) 
     329Realm: TracUserDB                        <--- only if (4) is set. select realm created in (4) 
    296330}}} 
    297331 
     
    305339}}} 
    306340 
    307 7) Restart LiteSpeed, “lswsctrl restart”, and access your new Trac project at:  
     3417) Restart !LiteSpeed, “lswsctrl restart”, and access your new Trac project at:  
    308342 
    309343{{{ 
     
    311345}}} 
    312346 
     347=== Simple Nginx Configuration === 
     348 
     3491) Nginx configuration snippet - confirmed to work on 0.6.32 
     350{{{ 
     351    server { 
     352        listen       10.9.8.7:443; 
     353        server_name  trac.example; 
     354 
     355        ssl                  on; 
     356        ssl_certificate      /etc/ssl/trac.example.crt; 
     357        ssl_certificate_key  /etc/ssl/trac.example.key; 
     358 
     359        ssl_session_timeout  5m; 
     360 
     361        ssl_protocols  SSLv2 SSLv3 TLSv1; 
     362        ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; 
     363        ssl_prefer_server_ciphers   on; 
     364 
     365        # (Or ``^/some/prefix/(.*)``. 
     366        if ($uri ~ ^/(.*)) { 
     367             set $path_info /$1; 
     368        } 
     369 
     370        # You can copy this whole location to ``location [/some/prefix]/login`` 
     371        # and remove the auth entries below if you want Trac to enforce 
     372        # authorization where appropriate instead of needing to authenticate 
     373        # for accessing the whole site. 
     374        # (Or ``location /some/prefix``.) 
     375        location / { 
     376            auth_basic            "trac realm"; 
     377            auth_basic_user_file /home/trac/htpasswd; 
     378 
     379            # socket address 
     380            fastcgi_pass   unix:/home/trac/run/instance.sock; 
     381 
     382            # python - wsgi specific 
     383            fastcgi_param HTTPS on; 
     384 
     385            ## WSGI REQUIRED VARIABLES 
     386            # WSGI application name - trac instance prefix. 
     387            # (Or ``fastcgi_param  SCRIPT_NAME  /some/prefix``.) 
     388            fastcgi_param  SCRIPT_NAME        ""; 
     389            fastcgi_param  PATH_INFO          $path_info; 
     390 
     391            ## WSGI NEEDED VARIABLES - trac warns about them 
     392            fastcgi_param  REQUEST_METHOD     $request_method; 
     393            fastcgi_param  SERVER_NAME        $server_name; 
     394            fastcgi_param  SERVER_PORT        $server_port; 
     395            fastcgi_param  SERVER_PROTOCOL    $server_protocol; 
     396 
     397            # for authentication to work 
     398            fastcgi_param  AUTH_USER          $remote_user; 
     399            fastcgi_param  REMOTE_USER        $remote_user; 
     400        } 
     401    } 
     402}}} 
     403 
     4042) Modified trac.fcgi: 
     405 
     406{{{ 
     407#!/usr/bin/env python 
     408import os 
     409sockaddr = '/home/trac/run/instance.sock' 
     410os.environ['TRAC_ENV'] = '/home/trac/instance' 
     411 
     412try: 
     413     from trac.web.main import dispatch_request 
     414     import trac.web._fcgi 
     415 
     416     fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request,  
     417          bindAddress = sockaddr, umask = 7) 
     418     fcgiserv.run() 
     419 
     420except SystemExit: 
     421    raise 
     422except Exception, e: 
     423    print 'Content-Type: text/plain\r\n\r\n', 
     424    print 'Oops...' 
     425    print 
     426    print 'Trac detected an internal error:' 
     427    print 
     428    print e 
     429    print 
     430    import traceback 
     431    import StringIO 
     432    tb = StringIO.StringIO() 
     433    traceback.print_exc(file=tb) 
     434    print tb.getvalue() 
     435 
     436}}} 
     437 
     4383) reload nginx and launch trac.fcgi like that: 
     439 
     440{{{ 
     441trac@trac.example ~ $ ./trac-standalone-fcgi.py  
     442}}} 
     443 
     444The above assumes that: 
     445 * There is a user named 'trac' for running trac instances and keeping trac environments in its home directory. 
     446 * /home/trac/instance contains a trac environment 
     447 * /home/trac/htpasswd contains authentication information 
     448 * /home/trac/run is owned by the same group the nginx runs under 
     449  * and if your system is Linux the /home/trac/run has setgid bit set (chmod g+s run) 
     450  * and patch from ticket #T7239 is applied, or you'll have to fix the socket file permissions every time 
     451 
     452Unfortunately nginx does not support variable expansion in fastcgi_pass directive.  
     453Thus it is not possible to serve multiple trac instances from one server block.  
     454 
     455If you worry enough about security, run trac instances under separate users.  
     456 
     457Another way to run trac as a FCGI external application is offered in ticket #T6224 
     458 
    313459---- 
    314 See also TracCgi, TracModPython, TracInstall, TracGuide 
     460See also:  TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracCgi CGI], [wiki:TracModPython ModPython], [trac:TracNginxRecipe TracNginxRecipe]