Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Version 1 and Version 2 of TracFastCgi

Timestamp:: 02/09/09 14:47:05 (19 months ago)
Author:: trac
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

TracFastCgi

v1	v2
2	2
3	3	Since version 0.9, Trac supports being run through the [http://www.fastcgi.com/ FastCGI] interface. Like [wiki:TracModPython mod_python], this allows Trac to remain resident, and is faster than external CGI interfaces which must start a new process for each request. However, unlike mod_python, it is able to support [http://httpd.apache.org/docs/suexec.html SuEXEC]. Additionally, it is supported by much wider variety of web servers.
	4
	5	'''Note for Windows:''' Trac's FCGI does not run under Windows, as Windows does not implement `Socket.fromfd`, which is used by `_fcgi.py`. If you want to connect to IIS, your choice may be [trac:TracOnWindowsIisAjp AJP].
4	6
5	7	== Simple Apache configuration ==
…	…
7	9	There are two FastCGI modules commonly available for Apache: `mod_fastcgi` and
8	10	`mod_fcgid`. The `FastCgiIpcDir` and `FastCgiConfig` directives discussed
9		below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_fgcid`
	11	below are `mod_fastcgi` directives; the `DefaultInitEnv` is a `mod_fcgid`
10	12	directive.
11	13
…	…
62	64	renaming `trac.fcgi` and adding the above code to create each such script.
63	65
	66	See [https://coderanger.net/~coderanger/httpd/fcgi_example.conf this fcgid example config] which uses a !ScriptAlias directive with trac.fcgi with a trailing / like this:
	67	{{{
	68	ScriptAlias / /srv/tracsite/cgi-bin/trac.fcgi/
	69	}}}
	70
	71	== Simple Cherokee Configuration ==
	72
	73	Configuration wanted.
	74
64	75	== Simple Lighttpd Configuration ==
65	76
…	…
69	80	environments. It has a very low memory footprint compared to other web servers and takes care of CPU load.
70	81
71		For using `trac.fcgi` with lighttpd add the following to your lighttpd.conf:
72		{{{
	82	For using `trac.fcgi`(prior to 0.11) / fcgi_frontend.py (0.11) with lighttpd add the following to your lighttpd.conf:
	83	{{{
	84	#var.fcgi_binary="/path/to/fcgi_frontend.py" # 0.11 if installed with easy_setup, it is inside the egg directory
	85	var.fcgi_binary="/path/to/cgi-bin/trac.fcgi" # 0.10 name of prior fcgi executable
73	86	fastcgi.server = ("/trac" =>
	87
74	88	("trac" =>
75	89	("socket" => "/tmp/trac-fastcgi.sock",
76		"bin-path" => ~~"/path/to/cgi-bin/trac.fcgi"~~,
	90	"bin-path" => fcgi_binary,
77	91	"check-local" => "disable",
78	92	"bin-environment" =>
…	…
92	106	("first" =>
93	107	("socket" => "/tmp/trac-fastcgi-first.sock",
94		"bin-path" => ~~"/path/to/cgi-bin/trac.fcgi"~~,
	108	"bin-path" => fcgi_binary,
95	109	"check-local" => "disable",
96	110	"bin-environment" =>
…	…
101	115	("second" =>
102	116	("socket" => "/tmp/trac-fastcgi-second.sock",
103		"bin-path" => ~~"/path/to/cgi-bin/trac.fcgi"~~,
	117	"bin-path" => fcgi_binary,
104	118	"check-local" => "disable",
105	119	"bin-environment" =>
…	…
115	129	if both are running from the same `trac.fcgi` script.
116	130	{{{
117		#!html
118		<p style="background: #fdc; border: 2px solid #d00; font-style: italic; padding: 0 .5em; margin: 1em 0;">
119		<strong>Note from c00i90wn:</strong> It's very important the order on which server.modules are loaded, if mod_auth is not loaded <strong>BEFORE</strong> mod_fastcgi, then the server will fail to authenticate the user.
120		</p>
	131	#!div class=important
	132	'''Note''' It's very important the order on which server.modules are loaded, if mod_auth is not loaded '''BEFORE''' mod_fastcgi, then the server will fail to authenticate the user.
121	133	}}}
122	134	For authentication you should enable mod_auth in lighttpd.conf 'server.modules', select auth.backend and auth rules:
…	…
177	189	("trac" =>
178	190	("socket" => "/tmp/trac-fastcgi.sock",
179		"bin-path" => ~~"/path/to/cgi-bin/trac.fcgi"~~,
	191	"bin-path" => fcgi_binary,
180	192	"check-local" => "disable",
181	193	"bin-environment" =>
…	…
196	208	(
197	209	"socket" => "/tmp/trac.sock",
198		"bin-path" => ~~"/path/to/cgi-bin/trac.fcgi"~~,
	210	"bin-path" => fcgi_binary,
199	211	"check-local" => "disable",
200	212	"bin-environment" =>
…	…
222	234	("trac" =>
223	235	("socket" => "/tmp/trac-fastcgi.sock",
224		"bin-path" => ~~"/path/to/cgi-bin/trac.fcgi"~~,
	236	"bin-path" => fcgi_binary,
225	237	"check-local" => "disable",
226	238	"bin-environment" =>
…	…
231	243	)
232	244	}}}
233		For details about languages specification see ~~TracFaq~~ question 2.13.
	245	For details about languages specification see [trac:TracFaq TracFaq] question 2.13.
234	246
235	247	Other important information like [http://trac.lighttpd.net/trac/wiki/TracInstall this updated TracInstall page], [wiki:TracCgi#MappingStaticResources and this] are useful for non-fastcgi specific installation aspects.
…	…
244	256
245	257
246		== Simple LiteSpeed Configuration ==
	258	== Simple !LiteSpeed Configuration ==
247	259
248	260	The FastCGI front-end was developed primarily for use with alternative webservers, such as [http://www.litespeedtech.com/ LiteSpeed].
249	261
250		~~LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources.~~ LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.
	262	!LiteSpeed web server is an event-driven asynchronous Apache replacement designed from the ground-up to be secure, scalable, and operate with minimal resources. !LiteSpeed can operate directly from an Apache config file and is targeted for business-critical environments.
251	263
252	264	Setup
…	…
293	305	URI: /trac/ <--- URI path to bind to python fcgi app we created
294	306	Fast CGI App: [VHost Level] MyTractFCGI <--- select the trac fcgi extapp we just created
295		Realm: TracUserDB <--- only if (4) is set. select ream created in (4)
	307	Realm: TracUserDB <--- only if (4) is set. select realm created in (4)
296	308	}}}
297	309
…	…
305	317	}}}
306	318
307		7) Restart LiteSpeed, “lswsctrl restart”, and access your new Trac project at:
	319	7) Restart !LiteSpeed, “lswsctrl restart”, and access your new Trac project at:
308	320
309	321	{{{
…	…
311	323	}}}
312	324
	325	=== Simple Nginx Configuration ===
	326
	327	1) Nginx configuration snippet - confirmed to work on 0.5.36
	328	{{{
	329	server {
	330	listen 10.9.8.7:443;
	331	server_name trac.example;
	332
	333	ssl on;
	334	ssl_certificate /etc/ssl/trac.example.crt;
	335	ssl_certificate_key /etc/ssl/trac.example.key;
	336
	337	ssl_session_timeout 5m;
	338
	339	ssl_protocols SSLv2 SSLv3 TLSv1;
	340	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
	341	ssl_prefer_server_ciphers on;
	342
	343	location / {
	344	auth_basic "trac realm";
	345	auth_basic_user_file /home/trac/htpasswd;
	346
	347	# full path
	348	if ($uri ~ ^/([^/]+)(/.*)) {
	349	set $script_name $1;
	350	set $path_info $2;
	351	}
	352
	353	# index redirect
	354	if ($uri ~ ^/([^/]+)$) {
	355	rewrite (.+) $1/ permanent;
	356	}
	357
	358	# socket address
	359	fastcgi_pass unix:/home/trac/run/instance.sock;
	360
	361	# python - wsgi specific
	362	fastcgi_param HTTPS on;
	363
	364	## WSGI REQUIRED VARIABLES
	365	# WSGI application name - trac instance prefix.
	366	fastcgi_param SCRIPT_NAME /$script_name;
	367	fastcgi_param PATH_INFO $path_info;
	368
	369	## WSGI NEEDED VARIABLES - trac warns about them
	370	fastcgi_param REQUEST_METHOD $request_method;
	371	fastcgi_param SERVER_NAME $server_name;
	372	fastcgi_param SERVER_PORT $server_port;
	373	fastcgi_param SERVER_PROTOCOL $server_protocol;
	374
	375	# for authentication to work
	376	fastcgi_param REMOTE_USER $remote_user;
	377	}
	378	}
	379	}}}
	380
	381	2) Modified trac.fcgi:
	382
	383	{{{
	384	#!/usr/bin/env python
	385	import os
	386	sockaddr = '/home/trac/run/instance.sock'
	387	os.environ['TRAC_ENV'] = '/home/trac/instance'
	388
	389	try:
	390	from trac.web.main import dispatch_request
	391	import trac.web._fcgi
	392
	393	fcgiserv = trac.web._fcgi.WSGIServer(dispatch_request,
	394	bindAddress = sockaddr, umask = 7)
	395	fcgiserv.run()
	396
	397	except SystemExit:
	398	raise
	399	except Exception, e:
	400	print 'Content-Type: text/plain\r\n\r\n',
	401	print 'Oops...'
	402	print
	403	print 'Trac detected an internal error:'
	404	print
	405	print e
	406	print
	407	import traceback
	408	import StringIO
	409	tb = StringIO.StringIO()
	410	traceback.print_exc(file=tb)
	411	print tb.getvalue()
	412
	413	}}}
	414
	415	3) reload nginx and launch trac.fcgi like that:
	416
	417	{{{
	418	trac@trac.example ~ $ ./trac-standalone-fcgi.py
	419	}}}
	420
	421	The above assumes that:
	422	* There is a user named 'trac' for running trac instances and keeping trac environments in its home directory.
	423	* /home/trac/instance contains a trac environment
	424	* /home/trac/htpasswd contains authentication information
	425	* /home/trac/run is owned by the same group the nginx runs under
	426	* and if your system is Linux the /home/trac/run has setgid bit set (chmod g+s run)
	427	* and patch from ticket #T7239 is applied, or you'll have to fix the socket file permissions every time
	428
	429	Unfortunately nginx does not support variable expansion in fastcgi_pass directive.
	430	Thus it is not possible to serve multiple trac instances from one server block.
	431
	432	If you worry enough about security, run trac instances under separate users.
	433
	434	Another way to run trac as a FCGI external application is offered in ticket #T6224
	435
313	436	----
314		See also TracCgi, TracModPython, TracInstall, TracGuide
	437	See also TracCgi, TracModPython, TracInstall, TracGuide, [trac:TracNginxRecipe TracNginxRecipe]