= Running Trac on IIS 6 using AJP = Contributed by:[[br]] Wilfred Berger, Statistisches Landesamt, Stuttgart, Germany, wilfred.berger[[html(@)]]stala.bwl.de I did this with: * Windows Server 2003 SP2 * IIS 6 * Trac 0.11 It may work for other versions. It has been reported to work with Trac 0.11.6 on Windows Server 2008. In May 2011 I upgraded to Trac 0.12.2 without any problems or modifications. == Why this? == If you want to run Trac on a Windows system, your first choice will be running [TracOnWindowsStandalone tracd stand-alone].[[BR]] This may be impossible for several reasons: * tracd does not support HTTPS. If you want to serve HTTPS, you will have to connect Trac to a common web server. * If you want to mix Trac with other content in your web site, you will again have to connect Trac to another web server. In both cases, the web server on a Windows system will most probably be IIS. Generally, it is not a good idea to use CGI on a Windows system. CGI implies starting a new system process for every single request, which, on Windows, causes significant overhead and makes things slow. The following solution uses [http://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html AJP]. This protocol was developed for connecting Tomcat to a web server which is very similar to what we are doing here. == 1. Install Trac == ... exactly as if you were going to run [TracOnWindowsStandalone tracd stand-alone], with two exceptions: * Since port 80 will be occupied by IIS, choose a different port, adding "`-p 8009`" to the tracd start command. 8009 is the standard port for AJP. Of course, you are free to use any other port as well. At this point you should check whether Trac is running properly. * Add "`--protocol=ajp`" to the tracd start command to make tracd use AJP instead of HTTP. You may also add "`--unquote`" if you have problems browsing repositories with spaces in filenames. Now you will get an error message indicating that module flup.server.ajp is missing. (If you don't, flup is already installed and you may skip the following step.) == 2. Install [http://trac.saddi.com/flup flup] == * Copy `flup-1.0-py2.5.egg` from [http://www.saddi.com/software/flup/dist/ Saddi Software binaries] to C:\Python25\Scripts (or whatever may be your Python installation directory). * Run `easy_install flup`. Now tracd should start without an error. == 3. Install [http://tomcat.apache.org/connectors-doc/reference/iis.html Tomcat AJP Connector for IIS] == * Set up the directory structure. We assume there will be a base directory named C:\AJP-Connector and three subdirectories bin, conf and logs. Of course, you may choose anything else for the base directory. * Copy `tomcat-connectors-1.2.37-windows-i386-iis.zip` (or `tomcat-connectors-1.2.37-windows-x86_64-iis.zip` in a 64 bit environment) or a newer version from [http://www.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/windows/ Apache binaries] and extract `isapi_redirect.dll` to the bin subdirectory. * Create a configuration file `isapi_redirect.properties` for the ISAPI redirector. This must be in the same directory as the DLL and have exactly the same name but with a .properties extension. The configuration file should contain this: (be sure to replace "C:\AJP-Connector" with your actual directory) {{{ # Configuration file for the ISAPI Redirector # The path to the ISAPI Redirector Extension, relative to the website # This must be in a virtual directory with execute privileges extension_uri=/AJP-Connector/isapi_redirect.dll # Full path to the log file for the ISAPI Redirector log_file=C:\AJP-Connector\logs\isapi_redirect.log # Log level (debug, info, warn, error or trace) log_level=info # Full path to the workers.properties file worker_file=C:\AJP-Connector\conf\workers.properties # Full path to the uriworkermap.properties file worker_mount_file=C:\AJP-Connector\conf\uriworkermap.properties }}} * Create the workers.properties file with the following content: (replace the host name and port if necessary) {{{ # Define 1 real worker worker.list=trac # Set properties for trac (ajp13) worker.trac.type=ajp13 worker.trac.host=localhost worker.trac.port=8009 worker.trac.socket_keepalive=0 }}} * Create the uriworkermap.properties file with the following content: (replace foo and bar with your trac project names) {{{ /foo*=trac /bar*=trac }}} == 4. Define the virtual directory for AJP-Connector == * Start the IIS Manager (normally found at %!SystemRoot%\system32\inetsrv\iis.msc). * Inside the web site where you want to publish Trac, define a virtual directory named AJP-Connector, pointing to your bin subdirectory, with permissions to execute executables (not only scripts). The only purpose for this virtual directory is to allow the ISAPI filter defined in step 6 to find the DLL. == 5. Allow execution of the DLL as Web Service Extension == * In the IIS Manager, open Web Service Extensions. * Define a new Web Service Extension called AJP-Connector (or whatever you want). * Add C:\AJP-Connector\bin\isapi_redirect.dll to the required files (replace "C:\AJP-Connector" with your actual directory). * Set extension status to Allowed. * Click OK. == 6. Add AJP-Connector to the ISAPI filters == * In the IIS Manager, open the properties of the web site where you want to publish Trac. * Open "ISAPI Filters". * Add a new filter with any filter name (I prefer "AJP-Connector") and the complete path to isapi_redirect-1.2.28.dll as executable. * Close the two property windows (clicking OK in each of them). Perhaps you will have to restart IIS. == 7. Any further questions? == Feel free to send me a mail. My address is given at the top of this page. == Trouble with Authentication == I had some trouble with authentication. If tracd uses Digest Authentication it does not support Basic Authentication. But if Basic Authentication is enabled in IIS, it sends an additional Basic Authentication HTTP header. Some browsers (including Firefox) try to use Basic Authentication if both Basic and Digest Authentication headers are sent by the server. tracd can not handle this information and will resend the authentication request. So be sure to turn off Basic Authentication on IIS.