| 329 | === Simple Nginx Configuration === |
| 330 | |
| 331 | 1) Nginx configuration snippet - confirmed to work on 0.5.36 |
| 332 | {{{ |
| 333 | server { |
| 334 | listen 10.9.8.7:443; |
| 335 | server_name trac.example; |
| 336 | |
| 337 | ssl on; |
| 338 | ssl_certificate /etc/ssl/trac.example.crt; |
| 339 | ssl_certificate_key /etc/ssl/trac.example.key; |
| 340 | |
| 341 | ssl_session_timeout 5m; |
| 342 | |
| 343 | ssl_protocols SSLv2 SSLv3 TLSv1; |
| 344 | ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; |
| 345 | ssl_prefer_server_ciphers on; |
| 346 | |
| 347 | location / { |
| 348 | auth_basic "trac realm"; |
| 349 | auth_basic_user_file /home/trac/htpasswd; |
| 350 | |
| 351 | # full path |
| 352 | if ($uri ~ ^/([^/]+)(/.*)) { |
| 353 | set $script_name $1; |
| 354 | set $path_info $2; |
| 355 | } |
| 356 | |
| 357 | # index redirect |
| 358 | if ($uri ~ ^/([^/]+)$) { |
| 359 | rewrite (.+) $1/ permanent; |
| 360 | } |
| 361 | |
| 362 | # socket address |
| 363 | fastcgi_pass unix:/home/trac/run/instance.sock; |
| 364 | |
| 365 | # python - wsgi specific |
| 366 | fastcgi_param HTTPS on; |
| 367 | |
| 368 | ## WSGI REQUIRED VARIABLES |
| 369 | # WSGI application name - trac instance prefix. |
| 370 | fastcgi_param SCRIPT_NAME /$script_name; |
| 371 | fastcgi_param PATH_INFO $path_info; |
| 372 | |
| 373 | ## WSGI NEEDED VARIABLES - trac warns about them |
| 374 | fastcgi_param REQUEST_METHOD $request_method; |
| 375 | fastcgi_param SERVER_NAME $server_name; |
| 376 | fastcgi_param SERVER_PORT $server_port; |
| 377 | fastcgi_param SERVER_PROTOCOL $server_protocol; |
| 378 | |
| 379 | # for authentication to work |
| 380 | fastcgi_param REMOTE_USER $remote_user; |
| 381 | } |
| 382 | } |
| 383 | }}} |
| 384 | |
| 385 | 2) Modified trac.fcgi: |
| 386 | |
| 387 | {{{ |
| 388 | #!/usr/bin/env python |
| 389 | |
| 390 | sockaddr = '/home/trac/run/instance.sock' |
| 391 | |
| 392 | try: |
| 393 | from trac.web.main import dispatch_request |
| 394 | import trac.web._fcgi |
| 395 | |
| 396 | fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request, bindAddress = sockaddr) |
| 397 | fcgiserv.run() |
| 398 | |
| 399 | except SystemExit: |
| 400 | raise |
| 401 | except Exception, e: |
| 402 | print 'Content-Type: text/plain\r\n\r\n', |
| 403 | print 'Oops...' |
| 404 | print |
| 405 | print 'Trac detected an internal error:' |
| 406 | print |
| 407 | print e |
| 408 | print |
| 409 | import traceback |
| 410 | import StringIO |
| 411 | tb = StringIO.StringIO() |
| 412 | traceback.print_exc(file=tb) |
| 413 | print tb.getvalue() |
| 414 | |
| 415 | }}} |
| 416 | |
| 417 | 3) reload nginx and launch trac.fcgi like that: |
| 418 | |
| 419 | {{{ |
| 420 | trac@trac.example ~ $ TRAC_ENV=/home/trac/instance ./trac-standalone-fcgi.py |
| 421 | }}} |
| 422 | |
| 423 | The above assumes that: |
| 424 | * There is a user trac for running trac instances and keeping trac environments in its home directory. |
| 425 | * /home/trac/instance contains a trac environment |
| 426 | * /home/trac/htpasswd contains authentication information |
| 427 | |
| 428 | You may have to chmod the unix socket file so that nginx can connect to it. Check this if you keep getting 502 errors. |
| 429 | |
| 430 | Unfortunately nginx does not support variable expansion in fastcgi_pass directive, thus it is not possible to serve multiple trac instances from one server block. |
| 431 | |
| 432 | If you worry enough about security, run trac instances under separate users. |
| 433 | |
| 434 | Another way to run trac as a FCGI external application is offered in ticket #6224 |
| 435 | |