Christopher Opena skrev 24. jan. 2011 07:36: > Hello folks, > > I've gotten Trac working with <Location></Location> directives before as > described here: > > http://trac.edgewall.org/wiki/TracModPython
First, please keep in mind that mod_python is "dead", and mod_wsgi is a
recommended alternative. Wsgi configuration also works somewhat better
(more natural) with apache IMNHO, allowing you to "mount" wsgi-proxies
somewhat similar to mod_jk and mod_proxy.
> However, once I bring Virtual Hosts and forcing SSL (using mod_rewrite) into
> the game, I have problems with "the requested URL /trac was not found on
> this server".
So, the configuration below, *without the force-ssl part* does what you
want for trac/svn over http ?
(...)
> So my vhost config for my trac-and-svn vhost looks something like this
> (sanitized to protect the innocent):
>
> NameVirtualHost 1.2.3.4:80
> <VirtualHost 1.2.3.4:80>
> ServerName dev.mydomain.com
> DocumentRoot /path/to/some/local/dir/html
> <Directory " /path/to/some/local/dir/html">
> Options FollowSymLinks -Indexes
> AllowOverride All
> Order deny,allow
> Allow from all
> Satisfy all
> </Directory>
> RewriteEngine On
>
> # Redirect any trac/changeset to trac/myproject/changeset to handle any
> old URLs
> RewriteRule ^/trac/changeset/(.*) /trac/myproject/changeset/$1 [R]
>
You seem to want this rule to be global for all port 80 requests? I'd
suggest simply dropping all access to svn/trac via port 80, set up an
empty webroot.
> # If a request comes in on port 80 it will be redirected to port 443
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R]
>
> # Error and access logs.
> ErrorLog /var/log/httpd/error_log
> LogLevel warn
> CustomLog /var/log/httpd/access_log combined
>
> ServerSignature Off
> </VirtualHost>
I.e., for your http-vhost:
NameVirtualHost 1.2.3.4:80
<VirtualHost 1.2.3.4:80>
ServerName dev.mydomain.com
DocumentRoot /path/to/some/local/dir/www #empty - don't map secure
#resources to a
# configuration served
# over http
<Directory "/path/to/some/local/dir/www">
Options -FollowSymLinks -Indexes
AllowOverride All
Order deny,allow
Allow from all
</Directory>
# No http content:
RedirectPermanent / https://dev.mydomain.com
# apache whill append traling url-parameters, see:
# http://httpd.apache.org/docs/current/mod/mod_alias.html#redirect
</VirtualHost>
Now, test the vhost below sepearately, make sure you're not breaking your
urls with the "old-rewrite" bit.
Similarily you shouldn't need to use mod_rewrite, below:
> RewriteRule ^/trac/changeset/(.*) /trac/myproject/changeset/$1 [R]
should be equivalent to:
RedirectPermanent /trac/changeset/
https://dev.mydomain.com/trac/myproject/changeset/
For a suggested (not tested!) take on the ssl-vhost, see below.
> NameVirtualHost 1.2.3.4:443
> <VirtualHost 1.2.3.4:443>
> ServerName dev.mydomain.com
> DocumentRoot /path/to/some/local/dir/html
> SSLEngine on
> SSLCertificateFile /path/to/mydomain.crt
> SSLCertificateKeyFile /path/to/*.mydomain.com.key
> SSLCertificateChainFile /path/to/gd_bundle.crt
>
> RequestHeader set X_FORWARDED_PROTO 'https'
>
> RewriteEngine On
> # Redirect any /trac/changeset to /trac/myproject/changeset to handle
> any old URLs
> RewriteRule ^/trac/changeset/(.*) /trac/myproject/changeset/$1 [R]
>
> # Subversion-related Location-based directives
> <Location />
> DAV svn
> SVNPath /svnrepos/myproject/
> SVNReposName MyProject
> AuthType Digest
> AuthName "Company"
> AuthUserFile /path/to/the.htdigest
> Require valid-user
> AuthzSVNAccessFile /path/to/the.authz
> </Location>
>
> # Trac-related Location-based directives
> <IfModule mod_python.c>
> <Location /trac>
> SetHandler mod_python
> PythonInterpreter main_interpreter
> PythonHandler trac.web.modpython_frontendi
> PythonPath "sys.path + ['/trac']"
> PythonOption TracEnvParentDir /trac
> PythonOption TracEnv /trac/myproject
> PythonOption TracUriRoot /trac
> </Location>
>
> <LocationMatch "/trac/[^/]+/login">
> AuthType Digest
> AuthName "Shotgun"
> AuthUserFile /path/to/the.htdigest
> Require valid-user
> </LocationMatch>
>
> ErrorLog /var/log/httpd/error_log
> LogLevel warn
> CustomLog /var/log/httpd/access_log combine
> ServerSignature Off
> </VirtualHost>
>
NameVirtualHost 1.2.3.4:443
<VirtualHost 1.2.3.4:443>
ServerName dev.mydomain.com
DocumentRoot /path/to/some/local/dir/ssl # Seperate DocumentRoot
# for encrypted webpages
# You might even want to run separate httpds -- running as separate
# users -- but apache w/o any "extra" modules, running just a redirect-
# service, should be reasonably safe, IMO.
SSLEngine on
SSLCertificateFile /path/to/mydomain.crt
SSLCertificateKeyFile /path/to/*.mydomain.com.key
SSLCertificateChainFile /path/to/gd_bundle.crt
#
# RequestHeader set X_FORWARDED_PROTO 'https'
# I think you mean:
SSLRequireSSL
# http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrequiressl
# Redirect any /trac/changeset to /trac/myproject/changeset to handle
# any old URLs
RedirectPermanent /trac/changeset/ https://dev.mydomain.com/changeset/
RedirectPermanent /trac/changeset/ https://dev.mydomain.com/changeset/
#This is ok, I think ?
# Subversion-related Location-based directives
<Location />
DAV svn
SVNPath /svnrepos/myproject/
SVNReposName MyProject
AuthType Digest
AuthName "Company"
AuthUserFile /path/to/the.htdigest
Require valid-user
AuthzSVNAccessFile /path/to/the.authz
</Location>
# Should be ok? But I'd recommend using mod_wsgi.
# Trac-related Location-based directives
<IfModule mod_python.c>
<Location /trac>
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontendi
PythonPath "sys.path + ['/trac']"
PythonOption TracEnvParentDir /trac
PythonOption TracEnv /trac/myproject
PythonOption TracUriRoot /trac
</Location>
<LocationMatch "/trac/[^/]+/login">
AuthType Digest
AuthName "Shotgun"
AuthUserFile /path/to/the.htdigest
Require valid-user
</LocationMatch>
ErrorLog /var/log/httpd/error_log
LogLevel warn
CustomLog /var/log/httpd/access_log combine
ServerSignature Off
</VirtualHost>
Mod_rewrite is quite powerful, but usually not needed when you have full
access to the server/setup -- unless you need to do something really
crazy. See: http://wiki.apache.org/httpd/WhenNotToUseRewrite
Hope that helps.
Best regards,
--
.---. Eirik Schwenke <[email protected]>
( NSD ) Harald HÃ¥rfagresgate 29 Rom 150
'---' N-5007 Bergen tlf: (555) 889 13
GPG-key at pgp.mit.edu Id 0x8AA3392C
signature.asc
Description: OpenPGP digital signature
