| 419 | == Handling authentication in ngynx == |
| 420 | |
| 421 | If you want to handle the authentication in ngynx rather than trac, that is also possible. Since you are proxying the tracd server from ngynx, you just have to tell ngynx to forward the Authorization header to tracd, and be sure to use the same authentication scheme in both (Basic / Digest). Also, both ngynx and trac must access the same password file, or an identical copy. As a simple example, lets assume that you are using Basic authentication. Digest would be very similar. |
| 422 | |
| 423 | This is the ngynx configuration snippet: |
| 424 | {{{ |
| 425 | server { |
| 426 | location / { |
| 427 | proxy_pass http://localhost:8000; # Replace localhost:8000 with your server:port |
| 428 | auth_basic "Restricted"; |
| 429 | auth_basic_user_file htpasswd; # Will effectively be /etc/ngynx/htpasswd in Ubuntu, check your distribution |
| 430 | proxy_pass_header Authorization; # Here you tell ngynx to forward the Authorization header to tracd |
| 431 | } |
| 432 | } |
| 433 | }}} |
| 434 | |
| 435 | And then, you can start tracd with the following command if you use multi-project setup (notice the *): |
| 436 | {{{ |
| 437 | tracd --port=8000 --hostname=127.0.0.1 --env-parent-dir=/home/trac --basic-auth="*,/etc/nginx/htpasswd,Restricted" |
| 438 | }}} |
| 439 | Or the following command if you run one tracd per project: |
| 440 | {{{ |
| 441 | tracd --port=8000 --single-env /path/to/trac/environments/project --basic-auth="project,/etc/nginx/htpasswd,Restricted" |
| 442 | }}} |
| 443 | You can adjust those commands to your specific needs (daemonize, etc). |
| 444 | |