close
Warning:
Error with navigation contributor "AccountModule"
- Timestamp:
-
May 31, 2020, 9:49:13 PM (5 years ago)
- Author:
-
trac
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
v3
|
v4
|
|
14 | 14 | * Fewer features: Tracd implements a very simple web-server and is not as configurable or as scalable as Apache httpd. |
15 | 15 | * No native HTTPS support: [http://www.rickk.com/sslwrap/ sslwrap] can be used instead, |
16 | | or [http://trac.edgewall.org/wiki/STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy. |
| 16 | or [trac:wiki:STunnelTracd stunnel -- a tutorial on how to use stunnel with tracd] or Apache with mod_proxy. |
17 | 17 | |
18 | 18 | == Usage examples == |
… |
… |
|
22 | 22 | $ tracd -p 8080 /path/to/project |
23 | 23 | }}} |
24 | | Stricly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname'' option. |
| 24 | Strictly speaking this will make your Trac accessible to everybody from your network rather than ''localhost only''. To truly limit it use ''--hostname'' option. |
25 | 25 | {{{ |
26 | 26 | $ tracd --hostname=localhost -p 8080 /path/to/project |
… |
… |
|
93 | 93 | |
94 | 94 | == Using Authentication == |
| 95 | |
| 96 | Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (htpasswd and htdigest) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without htpasswd or htdigest; see below for alternatives) |
| 97 | |
| 98 | Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux) may go undetected. |
95 | 99 | |
96 | 100 | Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line. |
… |
… |
|
137 | 141 | |
138 | 142 | Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to |
139 | | decode the htpasswd format. Trac source code attempt an `import crypt` first, but there |
140 | | is no such package for Python 2.6. |
| 143 | decode some htpasswd formats. Trac source code attempt an `import crypt` first, but there |
| 144 | is no such package for Python 2.6. Only `SHA-1` passwords (since Trac 1.0) work without this module. |
141 | 145 | |
142 | 146 | To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): |
… |
… |
|
164 | 168 | If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions. You'll be prompted for a password to enter for each user that you create. For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. |
165 | 169 | |
166 | | Note that you can start tracd without the --auth argument, but if you click on the ''Login'' link you will get an error. |
| 170 | Note that you can start tracd without the `--auth` argument, but if you click on the ''Login'' link you will get an error. |
167 | 171 | |
168 | 172 | === Generating Passwords Without Apache === |
169 | 173 | |
170 | | Basic Authorization can be accomplished via this [http://www.4webhelp.net/us/password.php online HTTP Password generator]. Copy the generated password-hash line to the .htpasswd file on your system. |
| 174 | Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`. Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5. |
171 | 175 | |
172 | 176 | You can use this simple Python script to generate a '''digest''' password file: |
… |
… |
|
214 | 218 | It is possible to use `md5sum` utility to generate digest-password file: |
215 | 219 | {{{ |
216 | | $ printf "${user}:trac:${password}" | md5sum - >>user.htdigest |
217 | | }}} |
218 | | and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'. |
| 220 | user= |
| 221 | realm= |
| 222 | password= |
| 223 | path_to_file= |
| 224 | echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file} |
| 225 | }}} |
219 | 226 | |
220 | 227 | == Reference == |
… |
… |
|
234 | 241 | -b HOSTNAME, --hostname=HOSTNAME |
235 | 242 | the host name or IP address to bind to |
236 | | --protocol=PROTOCOL http|scgi|ajp |
| 243 | --protocol=PROTOCOL http|scgi|ajp|fcgi |
237 | 244 | -q, --unquote unquote PATH_INFO (may be needed when using ajp) |
238 | | --http10 use HTTP/1.0 protocol version (default) |
239 | | --http11 use HTTP/1.1 protocol version instead of HTTP/1.0 |
| 245 | --http10 use HTTP/1.0 protocol version instead of HTTP/1.1 |
| 246 | --http11 use HTTP/1.1 protocol version (default) |
240 | 247 | -e PARENTDIR, --env-parent-dir=PARENTDIR |
241 | 248 | parent directory of the project environments |
… |
… |
|
244 | 251 | -r, --auto-reload restart automatically when sources are modified |
245 | 252 | -s, --single-env only serve a single project without the project list |
246 | | }}} |
| 253 | -d, --daemonize run in the background as a daemon |
| 254 | --pidfile=PIDFILE when daemonizing, file to which to write pid |
| 255 | --umask=MASK when daemonizing, file mode creation mask to use, in |
| 256 | octal notation (default 022) |
| 257 | --group=GROUP the group to run as |
| 258 | --user=USER the user to run as |
| 259 | }}} |
| 260 | |
| 261 | Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started. |
247 | 262 | |
248 | 263 | == Tips == |
… |
… |
|
326 | 341 | }}} |
327 | 342 | |
| 343 | Note that if you want to install this plugin for all projects, you have to put it in your [TracPlugins#Plugindiscovery global plugins_dir] and enable it in your global trac.ini. |
| 344 | |
| 345 | Global config (e.g. `/srv/trac/conf/trac.ini`): |
| 346 | {{{ |
| 347 | [components] |
| 348 | remote-user-auth.* = enabled |
| 349 | [inherit] |
| 350 | plugins_dir = /srv/trac/plugins |
| 351 | [trac] |
| 352 | obey_remote_user_header = true |
| 353 | }}} |
| 354 | |
| 355 | Environment config (e.g. `/srv/trac/envs/myenv`): |
| 356 | {{{ |
| 357 | [inherit] |
| 358 | file = /srv/trac/conf/trac.ini |
| 359 | }}} |
| 360 | |
328 | 361 | === Serving a different base path than / === |
329 | 362 | Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is |