Changes between Version 25 and Version 26 of TracNginxRecipe
- Timestamp:
- Jan 25, 2016, 4:52:37 PM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
TracNginxRecipe
v25 v26 1 [[PageOutline(2-5,Contents,pullout)]] 2 1 3 = Using Nginx as your main web server for multiple Trac Projects 2 4 3 This recipe below is actually a very simple setup but the instructions did not make it obvious. This setup is perfect if you use Nginx as your main webserver. First you set up Nginx as your main web server and then youset up multiple instances of Tracd Web Server. Trac has an embedded webserver that is included in Trac and called Tracd. Then you have Nginx serve requests to your Tracd web server instances.5 This recipe below describes some setups where [http://www.nginx.net/ Nginx] is your main webserver. Nginx is an Apache replacement by [http://sysoev.ru/en/ Igor Sysoev]. First set up Nginx as your main web server and then set up multiple instances of Tracd Web Server. Trac has an embedded webserver that is included in Trac and called Tracd. Then you have Nginx serve requests to your Tracd web server instances. 4 6 5 7 == Why you should use Tracd behind Nginx 6 8 7 This is a n easy set up which allows Nginx to act as an excellent load balancer. Tracd is lightweight and fast and its easy to get working with your Trac projects. You can start multiple instances of the Tracd web server on different ports for different Trac projects. Nginx as your main webserver can serve requests to these various running instances of the Tracd web server. This also works for multiple Trac Projects on multiple vhosts. In short its fast, lightweight, and easy to set up.8 9 Here are the steps you need to take .9 This is a setup where Nginx acts as a load balancer. Tracd is lightweight and fast and it is easy to get working with Trac. You can start multiple instances of the Tracd web server on different ports for different Trac projects. Nginx as your main webserver can serve requests to these instances of the Tracd web server. This also works for multiple Trac Projects on multiple vhosts. In short it's fast, lightweight, and easy to set up. 10 11 Here are the steps you need to take: 10 12 11 13 1. Set up Nginx as your main webserver on port 80. 12 1. Start multiple instances of the Tracd embedded web server on different ports for each Trac Project.13 1. Configure Nginx to serve requests to your various running instances of Tracd Webserver.14 1. Start multiple instances of the Tracd embedded web server on different ports for each Trac project. 15 1. Configure Nginx to serve requests to your various running instances of Tracd webserver. 14 16 15 17 == Using Tracd with Nginx in Cluster Mode 16 I am intensely dissatisfied with Trac and Apache. We have multiple vhosts, and multiple Trac sites per vhost. When we tried upgrading from Subversion 1.2.3 we hit [ticket:2611 this bug]: 17 * apache/mod_python still occasionally segfaults. 18 19 When using Trac and Apache with multiple vhosts, and multiple Trac sites per vhost, and upgrading from Subversion 1.2.3 to 1.4, we hit [ticket:2611 this bug]: 20 * apache/mod_python occasionally segfaults. 18 21 * apache/mod_python was causing strange occasional delays, likely related to the segfaults. 19 * We would like to upgrade to SVN 1.4 20 21 '''Caveat''': Only use this with PostgreSQL. If you want to do this, but are on SQLite, then use Pacopablos [http://trac-hacks.org/wiki/SqliteToPgScript Sqlite-to-Pg]. We use it here, and it's great. 22 23 '''Caveat''': Only use this with PostgreSQL. If you want to do this, but are on SQLite, then use Pacopablos [http://trac-hacks.org/wiki/SqliteToPgScript Sqlite-to-Pg] script. We use it here, and it's great. 22 24 23 25 == Tracd - Trac's light and fast embedded web server … … 25 27 Run multiple tracd instances. This offers a speed benefit if you use [http://fasterfox.mozdev.org/ FasterFox], as well as good concurrency responsiveness. 26 28 27 Using the Gentoo init system, it was easy to create simple init scripts (which I attached to this page). Here is a simplified example, which makes for easier wiki'ing:29 Using the Gentoo init system, it was easy to create simple init scripts, which are attached to this page. Here is a simplified example: 28 30 29 31 '''Multi-Site tracd Startup''': works with Trac-0.10 and up: … … 37 39 == Nginx 38 40 39 Install [http://www.nginx.net/ Nginx], the Excellent Apache Replacement by [http://sysoev.ru/en/ Igor Sysoev]. All examples are based on Gentoo and the Gentoo package is under /etc/nginx. 40 41 Sample /etc/nginx/nginx.conf: 42 {{{ 43 #!nginx 41 Install Nginx. All examples are based on Gentoo and the Gentoo package is under `/etc/nginx`. 42 43 Sample `/etc/nginx/nginx.conf`: 44 {{{#!nginx 44 45 http { 45 46 include /etc/nginx/mime.types; … … 61 62 error_log /var/log/nginx/live.error_log info; 62 63 64 location / { 65 proxy_pass http://live_trachosts_com; 66 include /etc/nginx/proxy.conf; 67 # if your system doesn't have the proxy.conf file, add the following two lines to get redirects working: 68 # proxy_redirect on; 69 # proxy_set_header Host $host; 70 } 71 72 } 73 }}} 74 75 == Nginx + SSL 76 77 Here is what we do for SSL in `/etc/nginx/nginx.conf`: 78 {{{#!nginx 79 http { 80 include /etc/nginx/mime.types; 81 default_type application/octet-stream; 82 83 include /etc/nginx/nginx-defaults.conf; 84 85 upstream live_trachosts_com { 86 server 127.0.0.1:3050; 87 server 127.0.0.1:3051; 88 #[... up to the number of instance, or more, if you want to be free to add more ...] 89 } 90 91 server { 92 listen 192.168.1.254:80; 93 server_name live.trachosts.com live; 94 95 access_log /var/log/nginx/live.access.log main; 96 error_log /var/log/nginx/live.error_log info; 97 98 location / { 99 rewrite ^/(.*)$ https://imrlive.com/$1 redirect; 100 } 101 102 } 103 server { 104 listen 192.168.1.254:443; 105 server_name live.trachosts.com live; 106 107 access_log /var/log/nginx/live.access.log main; 108 error_log /var/log/nginx/live.error_log info; 109 110 ssl on; 111 ssl_certificate /etc/nginx/ssl/_nginx.cert; 112 ssl_certificate_key /etc/nginx/ssl/traclive.key; 113 keepalive_timeout 70; 114 add_header Front-End-Https on; 115 63 116 location / { 64 117 proxy_pass http://live_trachosts_com; … … 70 123 71 124 } 72 }}}73 74 == Nginx + SSL75 76 Here is what we do for SSL in /etc/nginx/nginx.conf:77 {{{78 #!nginx79 http {80 include /etc/nginx/mime.types;81 default_type application/octet-stream;82 83 include /etc/nginx/nginx-defaults.conf;84 85 upstream live_trachosts_com {86 server 127.0.0.1:3050;87 server 127.0.0.1:3051;88 #[... up to the number of instance, or more, if you want to be free to add more ...]89 }90 91 server {92 listen 192.168.1.254:80;93 server_name live.trachosts.com live;94 95 access_log /var/log/nginx/live.access.log main;96 error_log /var/log/nginx/live.error_log info;97 98 location / {99 rewrite ^/(.*)$ https://imrlive.com/$1 redirect;100 }101 102 }103 server {104 listen 192.168.1.254:443;105 server_name live.trachosts.com live;106 107 access_log /var/log/nginx/live.access.log main;108 error_log /var/log/nginx/live.error_log info;109 110 ssl on;111 ssl_certificate /etc/nginx/ssl/_nginx.cert;112 ssl_certificate_key /etc/nginx/ssl/traclive.key;113 keepalive_timeout 70;114 add_header Front-End-Https on;115 116 location / {117 proxy_pass http://live_trachosts_com;118 include /etc/nginx/proxy.conf;119 # my system doesn't have the proxy.conf file so I needed to add the following two lines to get redirects working:120 # proxy_redirect on;121 # proxy_set_header Host $host;122 }123 124 }125 125 } 126 126 }}} … … 128 128 === Static Content 129 129 130 Serving static files from htdocs dir ala /<site>/chrome/site aliases `http://live.trachosts.com/myproj/chrome/site` to `/var/trachosts/trac/myproj/htdocs` 131 {{{ 132 #!nginx 130 Serving static files from htdocs dir ala /<site>/chrome/site aliases `http://live.trachosts.com/myproj/chrome/site` to `/var/trachosts/trac/myproj/htdocs`: 131 {{{#!nginx 133 132 location ~ /(.*?)/chrome/site/ { 134 133 rewrite /(.*?)/chrome/site/(.*) /$1/htdocs/$2 break; 135 134 root /var/trachosts/trac; 136 135 } 137 138 136 }}} 139 137 140 138 == Subversion 141 139 142 This section can be skip edif you're using tracd and start it as follows:143 {{{ 140 This section can be skipped, if you're using tracd and start it as follows: 141 {{{#!sh 144 142 /usr/bin/python /usr/bin/tracd -d -p 3050 --basic-auth projec1,/var/www/trac/project1/db/users.htdigest,svn --pidfile=/var/www/trac/tracd.3050 --protocol=http -e /var/www/trac 145 143 }}} 146 144 147 We still need to get access to subversion via Apache mod_dav_svn. I created a vhost in apache for _only_ the svn URLs. Other people might not use this setup. 148 149 {{{ 150 #!apache 145 We still need to get access to Subversion via Apache mod_dav_svn. I created a vhost in Apache for _only_ the svn URLs. Other people might not use this setup. 146 147 {{{#!apache 151 148 Listen 127.0.0.1:80 152 149 <VirtualHost *:80> 153 150 ServerAdmin webmaster@trachosts.com 154 151 155 # in order to support COPY and MOVE, etc - 152 # in order to support COPY and MOVE, etc - over https (443), 156 153 # ServerName _must_ be the same as the nginx servername 157 154 ServerName live.trachosts.com … … 185 182 186 183 Add this to the server section of the Nginx config, in the :80 line, or the :443: 187 {{{ 188 #!nginx 184 {{{#!nginx 189 185 location /svn { 190 186 proxy_pass http://127.0.0.1:80; … … 201 197 202 198 `start-meta-site.sh`: 203 {{{ 204 #!sh 199 {{{#!sh 205 200 INSTANCES="3050 3051 3052 3053 3054 3055 3056" 206 201 USER="apache" … … 230 225 231 226 `start-single-site.sh` 232 {{{ 233 #!sh 227 {{{#!sh 234 228 INSTANCES="3050 3051 3052" 235 229 USER="apache" … … 265 259 266 260 `/usr/local/etc/rc.d/trac`: 267 {{{ 268 #!sh 261 {{{#!sh 269 262 #!/bin/sh 270 263 # … … 422 415 == Handling authentication in Nginx 423 416 424 If you want to handle the authentication in Nginx rather than t rac, that is also possible. Since you are proxying the tracd server from Nginx, you just have to tell Nginx to forward the Authorization header to tracd, and be sure to use the same authentication scheme in both (Basic / Digest). Also, both Nginx and trac must access the same password file, or an identical copy. As a simple example, let's assume you are using Basic authentication. Digest would be very similar.417 If you want to handle the authentication in Nginx rather than through Trac, that is also possible. Since you are proxying the tracd server from Nginx, you just have to tell Nginx to forward the authorization header to tracd, and use the same authentication scheme in both (Basic / Digest). Also, both Nginx and Trac must access the same password file, or an identical copy. As a simple example, let's assume you are using Basic authentication. Digest would be very similar. 425 418 426 419 This is the Nginx configuration snippet: 427 {{{ 428 #!nginx 420 {{{#!nginx 429 421 server { 430 422 location / { … … 438 430 439 431 And then, you can start tracd with the following command if you use multi-project setup (notice the *): 440 {{{ 441 #!sh 432 {{{#!sh 442 433 tracd --port=8000 --hostname=127.0.0.1 --env-parent-dir=/home/trac --basic-auth="*,/etc/nginx/htpasswd,Restricted" 443 434 }}} 435 444 436 Or the following command if you run one tracd per project: 445 {{{ 446 #!sh 437 {{{#!sh 447 438 tracd --port=8000 --single-env /path/to/trac/environments/project --basic-auth="project,/etc/nginx/htpasswd,Restricted" 448 439 }}} 440 449 441 You can adjust those commands to your specific needs (daemonize, etc). 450 442 451 == Todo == 443 == Todo 444 452 445 * Post the actual config files ''somewhere''. 453 446 454 == Questions == 447 == Questions 448 455 449 * is this possible with client certificate authentication? 456 450 457 451 ---- 458 452 See also TracFastCgi#SimpleNginxConfiguration1 459 {{{ 460 #!sh453 454 {{{#!sh 461 455 if [ $? -eq 0 ] 462 456 then