39 | | WIP. Should be completed by 24th July 2007. |
| 45 | Create a user account for Trac: |
| 46 | {{{ |
| 47 | $ su - |
| 48 | # useradd -d /home/trac -c 'Trac server user' trac |
| 49 | }}} |
| 50 | |
| 51 | Be sure to add the trac user to any groups necessary for access to your subversion repository. |
| 52 | |
| 53 | === Create a new project environment === |
| 54 | |
| 55 | {{{ |
| 56 | # su - trac |
| 57 | $ mkdir -p -m 0700 $HOME/projects |
| 58 | $ trac-admin $HOME/projects/PROJECT_NAME initenv |
| 59 | }}} |
| 60 | |
| 61 | See TracInstall for generic information. |
| 62 | |
| 63 | === Web server gateway === |
| 64 | |
| 65 | In order to connect Apache to Trac we will make use of http://trac.saddi.com/flup which is |
| 66 | an AJP to WSGI gateway. Download the latest prepackaged tarball version of flup into the |
| 67 | trac account and install: |
| 68 | |
| 69 | {{{ |
| 70 | $ tar zxf flup-0.5.tar.gz |
| 71 | $ cd flup-0.5 |
| 72 | $ mkdir -p -m 0700 $HOME/lib/python |
| 73 | $ PYTHONPATH=$HOME/lib/python python setup.py install --home=$HOME |
| 74 | }}} |
| 75 | |
| 76 | Now we need to create a simple gateway: |
| 77 | {{{ |
| 78 | $ mkdir -m 0700 $HOME/bin |
| 79 | }}} |
| 80 | |
| 81 | then create the file '''$HOME/bin/ajp_to_wsgi_gateway''' with the following contents: |
| 82 | {{{ |
| 83 | #!python |
| 84 | #! /usr/bin/python |
| 85 | # |
| 86 | # |
| 87 | # AJP to WSGI gateway to run Trac. |
| 88 | |
| 89 | import os, sys |
| 90 | |
| 91 | # System path configuration. Nasty hack below. |
| 92 | sys.path.append(os.environ['HOME'] + '/lib/python/setuptools-0.6c3-py2.4.egg') |
| 93 | sys.path.append(os.environ['HOME'] + '/lib/python/flup-0.5-py2.4.egg') |
| 94 | |
| 95 | def usage() : |
| 96 | print """Usage: ajp_to_wsgi_gateway PATH_TO_TRAC_ENV URL_PREFIX PORT""" |
| 97 | sys.exit(1) |
| 98 | |
| 99 | if __name__ == '__main__': |
| 100 | |
| 101 | if len(sys.argv) != 4 : |
| 102 | usage() |
| 103 | else : |
| 104 | path = sys.argv[1] |
| 105 | prefix = sys.argv[2] |
| 106 | port = int(sys.argv[3]) |
| 107 | |
| 108 | # WSGI application configuration. |
| 109 | os.environ['TRAC_ENV'] = path |
| 110 | os.environ['PYTHON_EGG_CACHE'] = path + '/eggs' |
| 111 | |
| 112 | import trac.web.main |
| 113 | application = trac.web.main.dispatch_request |
| 114 | |
| 115 | # AJP to WSGI gateway. |
| 116 | import logging |
| 117 | from flup.server.ajp import WSGIServer |
| 118 | ret = WSGIServer(application, |
| 119 | bindAddress=('localhost', port), |
| 120 | scriptName=prefix, |
| 121 | loggingLevel=logging.ERROR, |
| 122 | debug=False |
| 123 | ).run() |
| 124 | sys.exit(ret and 42 or 0) |
| 125 | }}} |
| 126 | |
| 127 | You may need to modify the script above to fixup the system path information. Set the |
| 128 | permissions on the script: |
| 129 | {{{ |
| 130 | chmod 700 $HOME/bin/ajp_to_wsgi_gateway |
| 131 | }}} |
| 132 | |
| 133 | Create '''$HOME/bin/trac_server_wrapper''' with the following contents: |
| 134 | |
| 135 | {{{ |
| 136 | #! /bin/bash |
| 137 | # |
| 138 | # Wrapper script to start a trac server for multiple environments. |
| 139 | |
| 140 | trac_project() |
| 141 | { |
| 142 | local trac_env=$1 |
| 143 | local path_prefix=$2 |
| 144 | local port=$3 |
| 145 | local status=42 |
| 146 | |
| 147 | while test $status -eq 42; do |
| 148 | $HOME/bin/ajp_to_wsgi_gateway "$trac_env" "$path_prefix" $port |
| 149 | status=$? |
| 150 | done & |
| 151 | } |
| 152 | |
| 153 | # Individul project servers. |
| 154 | trac_project $HOME/projects/PROJECT_NAME /PROJECT_PATH SERVER_PORT |
| 155 | }}} |
| 156 | |
| 157 | Edit the script to replace PROJECT_NAME, PROJECT_PATH, and SERVER_PORT as appropriate. PROJECT_PATH must not have a '/' after it and does not include the protocol or hostname. |
| 158 | |
| 159 | Set the permissions on the script: |
| 160 | {{{ |
| 161 | chmod 700 $HOME/bin/trac_server_wrapper |
| 162 | }}} |
| 163 | |
| 164 | Set the server script to start on system boot: |
| 165 | {{{ |
| 166 | $ cat <<EOF > cron.fragment |
| 167 | @reboot $HOME/bin/trac_server_wrapper |
| 168 | EOF |
| 169 | $ crontab cron.fragment |
| 170 | $ rm cron.fragment |
| 171 | }}} |
| 172 | |
| 173 | Now start the gateway: |
| 174 | {{{ |
| 175 | trac_server_wrapper |
| 176 | }}} |
| 177 | |
| 178 | === Common web content === |
| 179 | |
| 180 | Now we copy the common icons, stylesheets, etc that Apache will server directly into our hosting account: |
| 181 | {{{ |
| 182 | $ mkdir -m 0701 $HOME/public_html |
| 183 | $ cp -a /usr/share/trac/htdocs/* $HOME/public_html/trac |
| 184 | $ chmod 701 $HOME |
| 185 | }}} |
| 186 | |
| 187 | Edit '''$HOME/projects/PROJECT_NAME/conf/trac.ini''' and adust the following values: |
| 188 | |
| 189 | * In the ''[header_logo]'' section set ''src'' to ''/trac/trac_banner.png'' |
| 190 | * In the ''[project]'' section set ''icon'' to ''/trac/trac.ico'' |
| 191 | * In the ''[trac]'' section set ''htdocs_location'' to ''https''://trac.example.org/trac'' |
| 192 | |
| 193 | === Start trac servers === |
| 194 | |
| 195 | Start trac by running: |
| 196 | {{{ |
| 197 | $ trac_server_wrapper |
| 198 | }}} |
| 199 | |
| 200 | === SELinux configuration === |
| 201 | |
| 202 | Apache will need network access in order to communicate to the trac daemon. As root run: |
| 203 | {{{ |
| 204 | # setsebool httpd_can_network_connect on |
| 205 | }}} |
| 206 | |
| 207 | For Apache to be able to access the common trac files, the will need to be correctly labeled. As root run: |
| 208 | {{{ |
| 209 | # fixfiles restore /home/trac |
| 210 | }}} |
| 211 | |
| 212 | === Apache configuration === |
| 213 | |
| 214 | Create your SSL certificate for trac.example.org. As root: |
| 215 | {{{ |
| 216 | # cd /etc/pki/tls/certs |
| 217 | # make trac.example.org.crt |
| 218 | }}} |
| 219 | |
| 220 | Make sure the ''mod_ssl' package is installed. |
| 221 | |
| 222 | Create an Apache virtual host in ''/etc/httpd/conf/httpd.conf'' (or an included file) with |
| 223 | contents like: |
| 224 | {{{ |
| 225 | <VirtualHost YOUR_IP_ADDRESS:443> |
| 226 | ServerName trac.example.org:443 |
| 227 | |
| 228 | ServerAdmin support@example.org |
| 229 | DocumentRoot /home/trac/public_html |
| 230 | |
| 231 | CustomLog logs/trac.example.org_log combined |
| 232 | ErrorLog logs/trac_error_log |
| 233 | |
| 234 | <IfModule mod_ssl.c> |
| 235 | SSLEngine on |
| 236 | |
| 237 | SSLCertificateFile /etc/pki/tls/certs/trac.example.org.crt |
| 238 | SSLCertificateKeyFile /etc/pki/tls/private/trac.example.org_key |
| 239 | #SSLCACertificateFile /etc/pki/tls/certs/A_CA_CERT.crt |
| 240 | </IfModule> |
| 241 | |
| 242 | # Security restrictions. |
| 243 | <Location /> |
| 244 | # Require password authentication via LDAP. |
| 245 | #AuthType basic |
| 246 | #AuthName "Trac" |
| 247 | #AuthBasicProvider ldap |
| 248 | #AuthLDAPURL ldap://localhost/dc=example,dc=org |
| 249 | #AuthLDAPGroupAttribute memberUID |
| 250 | #AuthLDAPGroupAttributeIsDN off |
| 251 | #require ldap-group cn=devel,ou=Groups,dc=example,dc=org |
| 252 | |
| 253 | #Order Allow,Deny |
| 254 | #Allow from staff.example.org |
| 255 | </Location> |
| 256 | |
| 257 | # Trac runs as a daemon inside the 'trac' account. |
| 258 | # It is written in Python, however there is a |
| 259 | # AJP <-> WSGI gateway that handles the requests on |
| 260 | # a per project basis. |
| 261 | Redirect /PROJECT_PATH https://trac.example.org/PROJECT_PATH/ |
| 262 | ProxyPass /PROJECT_PATH/ ajp://localhost:SERVER_PORT/PROJECT_PATH/ |
| 263 | ProxyPassReverse /PROJECT_PATH/ ajp://localhost:SERVER_PORT/PROJECT_PATH/ |
| 264 | </VirtualHost> |
| 265 | }}} |
| 266 | |
| 267 | Check the syntax via '''service httpd configtest''' and restart via '''service httpd restart'''. |
| 268 | |
| 269 | Everything should now work! |
| 270 | |
| 271 | === Troubleshooting === |
| 272 | |
| 273 | The above is quite complicated and easy to make a mistake with. Things to check: |
| 274 | * Check the apache server error log and the trac user error log; |
| 275 | * Check with ''ps xfwww'' that ''ajp_to_wsgi_gateway'' is running; |
| 276 | * Check with ''netstat -tunlp'' that the gateway is listening on the correct port; |
| 277 | * Modify ''ajp_to_wsgi_gateway'' and set ''debug'' to ''True'' and ''loggingLevel'' to ''logging.DEBUG'' to see the requests hit the gateway; |
| 278 | * Modify ''$HOME/projects/PROJECT_NAME/conf/trac.ini'' and set ''log_type'' to ''stderr'' to get error messages from trac itself. |