close
Warning:
BrowserModule failed with ConfigurationError: Look in the Trac log for more information.
- Timestamp:
-
Feb 24, 2024, 4:07:16 PM (9 months ago)
- Author:
-
trac
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v3
|
v4
|
|
| 7 | 7 | == The `trac.wsgi` script |
| 8 | 8 | |
| 9 | | Trac can be run on top of mod_wsgi with the help of an application script, which is a Python file saved with a `.wsgi` extension. |
| | 9 | Trac can be run on top of mod_wsgi with the help of an application script, which is a Python file saved with a `.wsgi` extension. |
| 10 | 10 | |
| 11 | 11 | A robust and generic version of this file can be created using the `trac-admin <env> deploy <dir>` command which automatically substitutes the required paths, see TracInstall#cgi-bin. The script should be sufficient for most installations and users not wanting more information can proceed to [#Mappingrequeststothescript configuring Apache]. |
| 12 | 12 | |
| 13 | | If you are using Trac with multiple projects, you can specify their common parent directory using the `TRAC_ENV_PARENT_DIR` in trac.wsgi: |
| | 13 | If you are using Trac with multiple projects, you can specify their common parent directory in `trac.wsgi`: |
| 14 | 14 | {{{#!python |
| 15 | 15 | def application(environ, start_request): |
| 16 | | # Add this to config when you have multiple projects |
| 17 | | environ.setdefault('trac.env_parent_dir', '/usr/share/trac/projects') |
| | 16 | # Add this when you have multiple projects |
| | 17 | environ.setdefault('trac.env_parent_dir', '/usr/share/trac/projects') |
| 18 | 18 | .. |
| 19 | 19 | }}} |
| | 20 | |
| | 21 | Directories residing in `trac.env_parent_dir` that are not environment directories will display an error message on the [TracInterfaceCustomization#ProjectList project index page]. The directories can be excluded by listing them in a `.tracignore` file residing in `trac.env_parent_dir`. Unix [https://docs.python.org/2/library/fnmatch.html shell-style wildcard patterns] can be used in the newline separated list of directories. |
| 20 | 22 | |
| 21 | 23 | === A very basic script |
| … |
… |
|
| 47 | 49 | === A more elaborate script |
| 48 | 50 | |
| 49 | | If you are using multiple `.wsgi` files (for example one per Trac environment) you must ''not'' use `os.environ['TRAC_ENV']` to set the path to the Trac environment. Using this method may lead to Trac delivering the content of another Trac environment, as the variable may be filled with the path of a previously viewed Trac environment. |
| | 51 | If you are using multiple `.wsgi` files (for example one per Trac environment) you must ''not'' use `os.environ['TRAC_ENV']` to set the path to the Trac environment. Using this method may lead to Trac delivering the content of another Trac environment, as the variable may be filled with the path of a previously viewed Trac environment. |
| 50 | 52 | |
| 51 | 53 | To solve this problem, use the following `.wsgi` file instead: |
| … |
… |
|
| 57 | 59 | import trac.web.main |
| 58 | 60 | def application(environ, start_response): |
| 59 | | environ['trac.env_path'] = '/usr/local/trac/mysite' |
| | 61 | environ['trac.env_path'] = '/usr/local/trac/mysite' |
| 60 | 62 | return trac.web.main.dispatch_request(environ, start_response) |
| 61 | 63 | }}} |
| 62 | 64 | |
| 63 | | For clarity, you should give this file a `.wsgi` extension. You should probably put the file in its own directory, since you will expose it to Apache. |
| | 65 | For clarity, you should give this file a `.wsgi` extension. You should probably put the file in its own directory, since you will expose it to Apache. |
| 64 | 66 | |
| 65 | 67 | If you have installed Trac and Python eggs in a path different from the standard one, you should add that path by adding the following code at the top of the wsgi script: |
| … |
… |
|
| 128 | 130 | == Configuring Authentication |
| 129 | 131 | |
| 130 | | The following sections describe different methods for setting up authentication. See also [http |
| | 132 | The following sections describe different methods for setting up authentication. See also [https://httpd.apache.org/docs/2.4/howto/auth.html Authentication, Authorization and Access Control] in the Apache guide. |
| 131 | 133 | |
| 132 | 134 | === Using Basic Authentication |
| … |
… |
|
| 206 | 208 | See also the [https://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html mod_auth_digest] documentation. |
| 207 | 209 | |
| 208 | | === Using LDAP Authentication |
| | 210 | === Using LDAP Authentication |
| 209 | 211 | |
| 210 | 212 | Configuration for [https://httpd.apache.org/docs/2.4/mod/mod_ldap.html mod_ldap] authentication in Apache is more involved (httpd 2.2+ and OpenLDAP: slapd 2.3.19). |
| … |
… |
|
| 258 | 260 | }}} |
| 259 | 261 | |
| 260 | | Note 1: This is the case where the LDAP search will get around the multiple OUs, con |
| | 262 | Note 1: This is the case where the LDAP search will get around the multiple OUs, connecting to the Global Catalog Server portion of AD. Note the port is 3268, not the normal LDAP 389. The GCS is basically a "flattened" tree which allows searching for a user without knowing to which OU they belong. |
| 261 | 263 | |
| 262 | 264 | Note 2: You can also require the user be a member of a certain LDAP group, instead of just having a valid login: |
| … |
… |
|
| 266 | 268 | |
| 267 | 269 | See also: |
| 268 | | - [https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html mod_authnz_ldap], documentation for mod_authnz_ldap. |
| | 270 | - [https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html mod_authnz_ldap], documentation for mod_authnz_ldap. |
| 269 | 271 | - [https://httpd.apache.org/docs/2.4/mod/mod_ldap.html mod_ldap], documentation for mod_ldap, which provides connection pooling and a shared cache. |
| 270 | 272 | - [https://trac-hacks.org/wiki/LdapPlugin TracHacks:LdapPlugin] for storing TracPermissions in LDAP. |
| … |
… |
|
| 272 | 274 | === Using SSPI Authentication |
| 273 | 275 | |
| 274 | | If you are using Apache on Windows, you can use mod_auth_sspi to provide single-sign-on. Download the module from the !SourceForge [http |
| | 276 | If you are using Apache on Windows, you can use mod_auth_sspi to provide single-sign-on. Download the module from the !SourceForge [https://sourceforge.net/projects/mod-auth-sspi/ mod-auth-sspi project] and then add the following to your !VirtualHost: |
| 275 | 277 | {{{#!apache |
| 276 | 278 | <Location /trac/login> |
| … |
… |
|
| 308 | 310 | |
| 309 | 311 | {{{#!python |
| 310 | | def application(environ, start_request): |
| 311 | | # Set authenticated username on CA SiteMinder to REMOTE_USER variable |
| | 312 | def application(environ, start_request): |
| | 313 | # Set authenticated username on CA SiteMinder to REMOTE_USER variable |
| 312 | 314 | # strip() is used to remove any spaces on the end of the string |
| 313 | | if 'HTTP_SM_USER' in environ: |
| | 315 | if 'HTTP_SM_USER' in environ: |
| 314 | 316 | environ['REMOTE_USER'] = environ['HTTP_REMOTE_USER'].strip() |
| 315 | 317 | ... |
| … |
… |
|
| 367 | 369 | Please use either version 1.6, 2.4 or later of `mod_wsgi`. Versions prior to 2.4 in the 2.X branch have problems with some Apache configurations that use WSGI file wrapper extension. This extension is used in Trac to serve up attachments and static media files such as style sheets. If you are affected by this problem, attachments will appear to be empty and formatting of HTML pages will appear not to work due to style sheet files not loading properly. Another frequent symptom is that binary attachment downloads are truncated. See mod_wsgi tickets [https://code.google.com/archive/p/modwsgi/issues/100 #100] and [https://code.google.com/archive/p/modwsgi/issues/132 #132]. |
| 368 | 370 | |
| 369 | | '''Note''': using mod_wsgi 2.5 and Python 2.6.1 gave an Internal Server Error on my system (Apache 2.2.11 and Trac 0.11.2.1). Upgrading to Python 2.6.2 (as suggested [http |
| | 371 | '''Note''': using mod_wsgi 2.5 and Python 2.6.1 gave an Internal Server Error on my system (Apache 2.2.11 and Trac 0.11.2.1). Upgrading to Python 2.6.2 (as suggested [https://www.mail-archive.com/modwsgi@googlegroups.com/msg01917.html here]) solved this for me[[BR]]-- Graham Shanks |
| 370 | 372 | |
| 371 | 373 | If you plan to use `mod_wsgi` in embedded mode on Windows or with the MPM worker on Linux, then you will need version 3.4 or greater. See [trac:#10675] for details. |
| … |
… |
|
| 413 | 415 | //This is not a recommended approach though. See also the notes at the bottom of the [https://code.google.com/archive/p/modwsgi/wikis/IntegrationWithTrac.wiki mod_wsgi's IntegrationWithTrac] wiki page.// |
| 414 | 416 | |
| 415 | | === Missing Headers and Footers |
| 416 | | |
| 417 | | If python optimizations are enabled, then headers and footers will not be rendered. An error will be raised in Trac 1.0.11 and later when optimizations are enabled. |
| 418 | | |
| 419 | | In your WSGI configuration file, the `WSGIPythonOptimize` setting must be set to `0` (`1` or `2` will not work): |
| 420 | | |
| 421 | | {{{#!apache |
| 422 | | WSGIPythonOptimize 0 |
| 423 | | }}} |
| 424 | | |
| 425 | | On Ubuntu, the WSGI mod configuration is at `/etc/apache2/mods-enabled/wsgi.conf`. |
| 426 | | |
| 427 | | The same issue is seen with `PythonOptimize On` in [TracModPython#Pagelayoutissues ModPython]. |
| 428 | | |
| 429 | 417 | === Other resources |
| 430 | 418 | |
