Version 2 (modified by 17 years ago) ( diff ) | ,
---|
Using Tracd with Nginx in Cluster Mode
I am intensely dissatisfied with Trac and Apache. We have multiple vhosts, and multiple trac sites per vhost. When we tried upgrading form Subverison 1.2.3 we hit this bug.
- apache/mod_python still occasionally segfaults.
- apache/mod_python was causing strange occasional delays. (Likely related to the segfaults).
- We would like to upgrade to SVN 1.4
Caveat: Only use this with PostgreSQL. If you want to do this, but are on SQLite, then use Pacopablos Sqlite-to-Pg. We use it here, and it's great.
Tracd
Run multiple tracd instances. This offers a speed benefit if you use FasterFox, as well as good multi-user concurrency responsiveness.
Using the Gentoo init system, it was easy to create simple init scripts (which I attatched to this page). Here is a simplified example, which makes for easier wiki'ing
start-meta-site.sh
INSTANCES="3050 3051 3052 3053 3054 3055 3056" USER="apache" VERSION="0.10.1" #ENV="/var/live/trac" PIDFILE="/var/live/run/tracd" ### Extra Args here, for instance --basic-auth #ARGS="--basic-auth=${ENV},${ENV}/vccbob.pwd,FarQ" ARGS="-e /var/live/trac" PYTHON_EGG_CACHE="/var/live/egg_cache" function start(){ export PYTHON_EGG_CACHE for I in $INSTANCES; do su ${USER} -c "/usr/bin/tracd -d -p ${I} --pidfile=${PIDFILE}.${I} --protocol=http ${ARGS} ${ENV}" done } function stop(){ for x in `ls ${PIDFILE}.*}`; do kill `cat ${x}` done }
start-single-site.sh
INSTANCES="3050 3051 3052" USER="apache" VERSION="0.10.1" ENV="/var/lib/trac-single" PIDFILE="/var/lib/trac-single/run" ### Extra Args here, for instance --basic-auth #ARGS="--basic-auth=${ENV},${ENV}/vccbob.pwd,FarQ" ARGS="--basic-auth=${ENV},${ENV}/vccbob.pwd,FarQ ${ENV}" PYTHON_EGG_CACHE="${ENV}/egg_cache" function start(){ export PYTHON_EGG_CACHE for I in $INSTANCES; do su ${USER} -c "/usr/bin/tracd -d -p ${I} --pidfile=${PIDFILE}.${I} --protocol=http ${ARGS} ${ENV}" done } function stop(){ for x in `ls ${PIDFILE}.*}`; do kill `cat ${x}` done }
Nginx
Get Nginx, the Excellent Apache Replacement by Igor Sysoev. Install it. I use Gentoo, and all of my examples are based on Gentoo. Gentoo packagers create /etc/nginx.
/etc/nginx/nginx.conf
http { include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/nginx-defaults.conf; upstream live_trachosts_com { server 127.0.0.1:3050; server 127.0.0.1:3051; #[... up to the number of instance, or more, if you want to be free to add more ...] } server { listen 192.168.1.254:80; server_name live.trachosts.com live; access_log /var/log/nginx/live.access.log main; error_log /var/log/nginx/live.error_log info; location / { proxy_pass http://live_trachosts_com; include /etc/nginx/proxy.conf; } }
Nginx + SSL
You might be asking about ssl - here is what we do for ssl: /etc/nginx/nginx.conf
http { include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/nginx-defaults.conf; upstream live_trachosts_com { server 127.0.0.1:3050; server 127.0.0.1:3051; #[... up to the number of instance, or more, if you want to be free to add more ...] } server { listen 192.168.1.254:80; server_name live.trachosts.com live; access_log /var/log/nginx/live.access.log main; error_log /var/log/nginx/live.error_log info; location / { rewrite ^/(.*)$ https://imrlive.com/$1 redirect; } } server { listen 192.168.1.254:443; server_name live.trachosts.com live; access_log /var/log/nginx/live.access.log main; error_log /var/log/nginx/live.error_log info; ssl on; ssl_certificate /etc/nginx/ssl/_nginx.cert; ssl_certificate_key /etc/nginx/ssl/traclive.key; keepalive_timeout 70; add_header Front-End-Https on; location / { proxy_pass http://live_trachosts_com; include /etc/nginx/proxy.conf; } } }
Subversion
We still need to get access to subversion via Apache mod_dav_svn. I created a vhost in apache for _only_ the svn URLs. Other people will not use this setup, which is good for them.
Listen 127.0.0.1:80 <VirtualHost *:80> ServerAdmin webmaster@trachosts.com ServerName trachosts.com DocumentRoot "/var/www/live.trachosts.com/htdocs" <Directory "/var/www/live.trachosts.com/htdocs"> Options FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> # Subversion Configuration <IfModule mod_dav_svn.c> <Location /svn> DAV svn SVNParentPath /var/live/svn AuthType Basic AuthName "Client Trac Sites - Subversion Repository" AuthUserFile /var/live/conf/users <IfModule !mod_authz_svn.c> AuthzSVNAccessFile /var/live/conf/svnauthz </IfModule> Require valid-user </Location> </IfModule> </VirtualHost>
Add this to the server section of the Nginx config. (in the :80 line, or the :443, whatever)
location /svn { proxy_pass http://127.0.0.1:80; include /etc/nginx/proxy.conf; }
Todo
- Nginx Authentication Howto
- Post the actualy config files somewhere.