| | 329 | === Simple Nginx Configuration === |
| | 330 | |
| | 331 | 1) Nginx configuration snippet - confirmed to work on 0.5.36 |
| | 332 | {{{ |
| | 333 | server { |
| | 334 | listen 10.9.8.7:443; |
| | 335 | server_name trac.example; |
| | 336 | |
| | 337 | ssl on; |
| | 338 | ssl_certificate /etc/ssl/trac.example.crt; |
| | 339 | ssl_certificate_key /etc/ssl/trac.example.key; |
| | 340 | |
| | 341 | ssl_session_timeout 5m; |
| | 342 | |
| | 343 | ssl_protocols SSLv2 SSLv3 TLSv1; |
| | 344 | ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; |
| | 345 | ssl_prefer_server_ciphers on; |
| | 346 | |
| | 347 | location / { |
| | 348 | auth_basic "trac realm"; |
| | 349 | auth_basic_user_file /home/trac/htpasswd; |
| | 350 | |
| | 351 | # full path |
| | 352 | if ($uri ~ ^/([^/]+)(/.*)) { |
| | 353 | set $script_name $1; |
| | 354 | set $path_info $2; |
| | 355 | } |
| | 356 | |
| | 357 | # index redirect |
| | 358 | if ($uri ~ ^/([^/]+)$) { |
| | 359 | rewrite (.+) $1/ permanent; |
| | 360 | } |
| | 361 | |
| | 362 | # socket address |
| | 363 | fastcgi_pass unix:/home/trac/run/instance.sock; |
| | 364 | |
| | 365 | # python - wsgi specific |
| | 366 | fastcgi_param HTTPS on; |
| | 367 | |
| | 368 | ## WSGI REQUIRED VARIABLES |
| | 369 | # WSGI application name - trac instance prefix. |
| | 370 | fastcgi_param SCRIPT_NAME /$script_name; |
| | 371 | fastcgi_param PATH_INFO $path_info; |
| | 372 | |
| | 373 | ## WSGI NEEDED VARIABLES - trac warns about them |
| | 374 | fastcgi_param REQUEST_METHOD $request_method; |
| | 375 | fastcgi_param SERVER_NAME $server_name; |
| | 376 | fastcgi_param SERVER_PORT $server_port; |
| | 377 | fastcgi_param SERVER_PROTOCOL $server_protocol; |
| | 378 | |
| | 379 | # for authentication to work |
| | 380 | fastcgi_param REMOTE_USER $remote_user; |
| | 381 | } |
| | 382 | } |
| | 383 | }}} |
| | 384 | |
| | 385 | 2) Modified trac.fcgi: |
| | 386 | |
| | 387 | {{{ |
| | 388 | #!/usr/bin/env python |
| | 389 | |
| | 390 | sockaddr = '/home/trac/run/instance.sock' |
| | 391 | |
| | 392 | try: |
| | 393 | from trac.web.main import dispatch_request |
| | 394 | import trac.web._fcgi |
| | 395 | |
| | 396 | fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request, bindAddress = sockaddr) |
| | 397 | fcgiserv.run() |
| | 398 | |
| | 399 | except SystemExit: |
| | 400 | raise |
| | 401 | except Exception, e: |
| | 402 | print 'Content-Type: text/plain\r\n\r\n', |
| | 403 | print 'Oops...' |
| | 404 | print |
| | 405 | print 'Trac detected an internal error:' |
| | 406 | print |
| | 407 | print e |
| | 408 | print |
| | 409 | import traceback |
| | 410 | import StringIO |
| | 411 | tb = StringIO.StringIO() |
| | 412 | traceback.print_exc(file=tb) |
| | 413 | print tb.getvalue() |
| | 414 | |
| | 415 | }}} |
| | 416 | |
| | 417 | 3) reload nginx and launch trac.fcgi like that: |
| | 418 | |
| | 419 | {{{ |
| | 420 | trac@trac.example ~ $ TRAC_ENV=/home/trac/instance ./trac-standalone-fcgi.py |
| | 421 | }}} |
| | 422 | |
| | 423 | The above assumes that: |
| | 424 | * There is a user trac for running trac instances and keeping trac environments in its home directory. |
| | 425 | * /home/trac/instance contains a trac environment |
| | 426 | * /home/trac/htpasswd contains authentication information |
| | 427 | |
| | 428 | You may have to chmod the unix socket file so that nginx can connect to it. Check this if you keep getting 502 errors. |
| | 429 | |
| | 430 | Unfortunately nginx does not support variable expansion in fastcgi_pass directive, thus it is not possible to serve multiple trac instances from one server block. |
| | 431 | |
| | 432 | If you worry enough about security, run trac instances under separate users. |
| | 433 | |
| | 434 | Another way to run trac as a FCGI external application is offered in ticket #6224 |
| | 435 | |
