| 1 | | = trac 0.11 rc1 on Ubuntu 8.04 Server, without mod_python (because of bugs), multiple repositories and authentication = |
| 2 | | |
| 3 | | This guide shows all the steps to correctly install a Trac system on a Ubuntu 8.04 Server. If you have any corrections, be sensible and document it here. This guide is based on [wiki:TracOnUbuntuHardy Johannes' original] covering trac 0.10 (Ubuntu stock). |
| 4 | | |
| 5 | | Differences from Johannes' guide |
| 6 | | * trac 0.11 rc1 (obviously) |
| 7 | | * No mod_python (there are some bugs related to it) - using CGI instead to keep it simple (you can try FastCGI, WSGI or mod_python if you want later - it's just a matter of changing Apache configuration) |
| 8 | | * Multiple projects are implemented under a single Subversion repository |
| 9 | | |
| 10 | | Enjoy and comment! |
| 11 | | |
| 12 | | == Benefits of this approach == |
| 13 | | * Access to SVN paths are always consistant |
| 14 | | * ... |
| 15 | | |
| 16 | | == Needed software == |
| 17 | | |
| 18 | | Throughout the guide, we'll need to install some packages from Ubuntu repositories. Let's install what we need to get Trac running first so we can download the rest of the packages while we install and configure Trac. You may want to exchange SQLite for one of the [DatabaseBackend]s, but we'll be using SQLite on this guide. |
| 19 | | |
| 20 | | {{{ |
| 21 | | $ sudo apt-get install python-setuptools genshi python-pysqlite2 subversion |
| 22 | | }}} |
| 23 | | |
| 24 | | After it's installed, you can start getting the rest of the packages and carry on with the guide as APT does its work. |
| 25 | | |
| 26 | | {{{ |
| 27 | | $ sudo apt-get install libapache2-svn apache2 |
| 28 | | }}} |
| 29 | | |
| 30 | | |
| 31 | | == Subversion == |
| 32 | | |
| 33 | | We will have a single subversion repository for all trac environments, each environment residing in a subdirectory in our subversion tree. |
| 34 | | |
| 35 | | The idea with our subversion installation is to have a main directory and several repositories under it. We'll be setting {{{/svn}}} as our subversion parent dir and then create {{{/svn/project1}}}, {{{/svn/project2}}}, etc as needed. This second step will configure subversion, set apache to use mod_dav_svn and enable Basic authentication. |
| 36 | | |
| 37 | | * We start by apt-getting the packages |
| 38 | | |
| 39 | | {{{ |
| 40 | | $ sudo apt-get install subversion libapache2-svn |
| 41 | | }}} |
| 42 | | |
| 43 | | * Our next task is to create the subversion repository, and add a dummy project named test to it: |
| 44 | | |
| 45 | | {{{ |
| 46 | | $ sudo mkdir /var/lib/svn |
| 47 | | $ sudo ln -s /var/lib/svn /svn |
| 48 | | $ sudo svnadmin create /svn |
| 49 | | $ sudo chmod -R 777 /var/lib/svn |
| 50 | | $ sudo chown -R www-data:www-data /var/lib/svn |
| 51 | | |
| 52 | | $ mkdir /tmp/svn |
| 53 | | $ mkdir /tmp/svn/test |
| 54 | | $ mkdir /tmp/svn/test/branches |
| 55 | | $ mkdir /tmp/svn/test/tags |
| 56 | | $ mkdir /tmp/svn/test/trunks |
| 57 | | |
| 58 | | $ svn import /tmp/svn file:///svn -m "initial import" |
| 59 | | }}} |
| 60 | | |
| 61 | | |
| 62 | | == trac == |
| 63 | | |
| 64 | | Trac installation is straightforward once setuptools is installed. |
| 65 | | |
| 66 | | {{{ |
| 67 | | $ sudo easy_install Trac==0.11rc1 |
| 68 | | }}} |
| 69 | | |
| 70 | | Trac needs a directory to put the environments on where apache can read/write. We'll also add a symlink to this directory so it's easier to get there: |
| 71 | | |
| 72 | | {{{ |
| 73 | | $ sudo mkdir /var/lib/trac |
| 74 | | $ sudo chown -R www-data:www-data /var/lib/trac |
| 75 | | $ sudo ln -s /var/lib/trac/ /trac |
| 76 | | }}} |
| 77 | | |
| 78 | | Let's initialize the trac environment for our test project. The only thing I had to fill in here was the name of my project and the path to my subversion repository: |
| 79 | | |
| 80 | | {{{ |
| 81 | | $ trac-admin /trac/test initenv |
| 82 | | Project Name [My Project]> Test |
| 83 | | Database connection string [sqlite:db/trac.db]> |
| 84 | | Repository type [svn]> |
| 85 | | Path to repository [/path/to/repos]> /svn/teste |
| 86 | | Templates directory [/usr/share/trac/templates]> |
| 87 | | Congratulations! |
| 88 | | }}} |
| 89 | | |
| 90 | | If you haven't been congratulated at the end, there's something wrong. You can test your new Trac setup by issuing: |
| 91 | | {{{ |
| 92 | | $ sudo tracd --port 8080 /trac/test |
| 93 | | }}} |
| 94 | | |
| 95 | | Then point your browser to http://localhost:8080/ . You should see the list of available projects (with only the one you just created). Click on it, and go to Browse source. Everything should be fine. |
| 96 | | |
| 97 | | * We will not use tracd's digest authentication support. |
| 98 | | |
| 99 | | |
| 100 | | == Apache == |
| 101 | | |
| 102 | | If you are going to use TracStandalone, stop right here. Everything is set. This guide won't cover how to set tracd up. |
| 103 | | |
| 104 | | apt-get configures everything you need and your webroot will be configured to {{{/var/www}}}. Ubuntu (actually, Debian) divides apache websites (virtualhost) in a set of directories under {{{/etc/apache2/sites-available}}} and has two utilities to configure them: {{{a2ensite}}} and {{{a2dissite}}}. We'll make use of these tools throughout this guide. |
| 105 | | |
| 106 | | === Setting up Apache+SVN === |
| 107 | | |
| 108 | | If you want to keep SVN access local only, you can skip to the next subsection. |
| 109 | | |
| 110 | | We'll now configure {{{mod_dav_svn}}}. We start by editing {{{/etc/apache2/mods-enabled/dav_svn.conf}}} |
| 111 | | |
| 112 | | {{{ |
| 113 | | $ sudo vim /etc/apache2/mods-enabled/dav_svn.conf |
| 114 | | }}} |
| 115 | | |
| 116 | | This file probably has already a set of directives in it. I just show here the final version without the comments and changed to enable Basic authentication: |
| 117 | | |
| 118 | | {{{ |
| 119 | | <Location /svn> |
| 120 | | DAV svn |
| 121 | | SVNPath /svn |
| 122 | | SVNListParentPath Off |
| 123 | | |
| 124 | | AuthType Basic |
| 125 | | AuthName "Subversion Repository" |
| 126 | | AuthUserFile /etc/apache2/dav_svn.passwd |
| 127 | | AuthzSVNAccessFile /etc/apache2/authz_svn.access |
| 128 | | |
| 129 | | Require valid-user |
| 130 | | </Location> |
| 131 | | }}} |
| 132 | | |
| 133 | | * The next step is to create a user for subversion. |
| 134 | | |
| 135 | | {{{ |
| 136 | | $ sudo htpasswd -cm /etc/apache2/dav_svn.passwd johndoe |
| 137 | | New password: my_password |
| 138 | | Re-type new password: my_password |
| 139 | | }}} |
| 140 | | |
| 141 | | * Additionally we'll create the authorization file for our users |
| 142 | | |
| 143 | | {{{ |
| 144 | | $ sudo vim /etc/apache2/authz_svn.access |
| 145 | | }}} |
| 146 | | |
| 147 | | * And add the following rule for our user. In this case, we'll be allowing him full access to the {{{teste}}} repository. |
| 148 | | |
| 149 | | {{{ |
| 150 | | [svn:/test] |
| 151 | | johndoe = rw |
| 152 | | }}} |
| 153 | | |
| 154 | | * Finally we restart apache. |
| 155 | | |
| 156 | | {{{ |
| 157 | | $ sudo /etc/init.d/apache2 restart |
| 158 | | * Restarting web server apache2 |
| 159 | | ...done. |
| 160 | | }}} |
| 161 | | |
| 162 | | We can now point a browser to http://localhost/svn and an authentication pop-up should appear and, after that, our repository. Our projects will be located at http://localhost/svn/projectname. Now is a good time to read some more on the "Per-Directory Access Control" part of the subversion book. One big part of the security involved in this installation only has to do with Subversion so some reading on [http://svnbook.red-bean.com/en/1.0/svn-book.html#svn-ch-6-sect-4.4.2 Per-Directory Access Control] might be useful at this time. In particular, if you want people to access only some of the projects, you '''must''' configure this. |
| 163 | | |
| 164 | | |
| 165 | | === Trac on Apache === |
| 166 | | |
| 167 | | |
| 168 | | Now we need another site for apache: |
| 169 | | |
| 170 | | {{{ |
| 171 | | $ sudo vim /etc/apache2/sites-available/trac |
| 172 | | }}} |
| 173 | | |
| 174 | | * And add the following code to it: |
| 175 | | |
| 176 | | {{{ |
| 177 | | Alias /trac/[^/]+/chrome/common /usr/share/python-support/trac/trac/htdocs |
| 178 | | |
| 179 | | <Directory "/usr/share/python-support/trac/trac/htdocs"> |
| 180 | | Order allow,deny |
| 181 | | Allow from all |
| 182 | | </Directory> |
| 183 | | |
| 184 | | ScriptAlias /trac /usr/lib/cgi-bin/trac.cgi |
| 185 | | |
| 186 | | <Location /trac> |
| 187 | | SetEnv TRAC_ENV_PARENT_DIR "/boreste/trac" |
| 188 | | </Location> |
| 189 | | |
| 190 | | <LocationMatch "/trac/[^/]+/login"> |
| 191 | | AuthType Basic |
| 192 | | AuthName "Trac" |
| 193 | | AuthUserFile /etc/apache2/dav_svn.passwd |
| 194 | | SVNPath /svn |
| 195 | | AuthzSVNAccessFile /etc/apache2/authz_svn.access |
| 196 | | Require valid-user |
| 197 | | </LocationMatch> |
| 198 | | }}} |
| 199 | | |
| 200 | | We must give Apache permission to read and write your trac environment: |
| 201 | | |
| 202 | | {{{ |
| 203 | | $ sudo chown -R www-data.www-data /trac |
| 204 | | }}} |
| 205 | | |
| 206 | | Let's now enable this site: |
| 207 | | |
| 208 | | {{{ |
| 209 | | $ sudo a2ensite trac |
| 210 | | Site trac installed; run /etc/init.d/apache2 reload to enable. |
| 211 | | }}} |
| 212 | | |
| 213 | | At this point we are still without any authentication. We'll start by removing permissions to the anonymous user, allowing him only to see the initial page. Then we'll also set our main user as the trac's root: |
| 214 | | |
| 215 | | {{{ |
| 216 | | $ sudo trac-admin /trac/test permission remove anonymous BROWSER_VIEW CHANGESET_VIEW FILE_VIEW LOG_VIEW MILESTONE_VIEW REPORT_SQL_VIEW REPORT_VIEW ROADMAP_VIEW SEARCH_VIEW TICKET_CREATE TICKET_MODIFY TICKET_VIEW TIMELINE_VIEW WIKI_CREATE WIKI_MODIFY |
| 217 | | |
| 218 | | $ sudo trac-admin /trac/teste permission add johndoe TRAC_ADMIN |
| 219 | | }}} |
| 220 | | |
| 221 | | Let's now reload apache: |
| 222 | | |
| 223 | | {{{ |
| 224 | | $ sudo /etc/init.d/apache2 reload |
| 225 | | Reloading web server config... [ OK ] |
| 226 | | }}} |
| 227 | | |
| 228 | | You can now check http://localhost/trac and you should see a list with all the projects for which you have a trac environment set. clicking on one of them will get you to a page where you could have a small description of your project but you won't see any other links (important ones at least). Try to login to see the differences. |
| 229 | | |
| 230 | | If performance bugs you, then head to TracGuide, TracInstall, TracFastCgi, TracModPython or [wiki:TracModWSGI] |
| | 1 | moved to wiki:0.11/TracOnUbuntuHardy |
