Trac, apache2 httpd, linux, multiple trac environments.
I need to get apache2 to dispatch multiple trac environments
from a common parent filesystem directory. Documentation is
very fragmented and incomplete on this issue.
I have no problems with the trac stand-alone web server, but
I need the encryption and authentication access capabilities
provided by the apache2 (https:) server.
I am still testing...
/etc/apache2/envvars
export TRAC_ENV_PARENT_DIR=/export/trac
export PYTHON_EGG_CACHE=/export/www/trac/.egg-cache
It appears that the (trac.wsgi) is not seeing the environment
variable name associated with 'trac.env_parent_dir':
The following (trac.wsgi) file was generated using the Trac deploy
command.
--- (trac.wsgi) ---
import os
def application(environ, start_request):
if not 'trac.env_parent_dir' in environ:
environ.setdefault('trac.env_path', '/export/trac/Sandbox')
if 'PYTHON_EGG_CACHE' in environ:
os.environ['PYTHON_EGG_CACHE'] = environ['PYTHON_EGG_CACHE']
elif 'trac.env_path' in environ:
os.environ['PYTHON_EGG_CACHE'] = \
os.path.join(environ['trac.env_path'], '.egg-cache')
elif 'trac.env_parent_dir' in environ:
os.environ['PYTHON_EGG_CACHE'] = \
os.path.join(environ['trac.env_parent_dir'], '.egg-cache')
from trac.web.main import dispatch_request
return dispatch_request(environ, start_request)
--- END (trac.wsgi) ---
The /export/trac/Sandbox/ trac environment is the only one that becomes
active using the apache2 web interface. Other Trac project environments
are not usable. I have no such issues with the standalone trac server.
My file system layout:
/export/www/trac/cgi-bin/trac.wsgi
/export/www/trac/.egg-cache/
/export/www/trac/htdocs/common/* -- the trac js and graphics files
/export/www/trac/htdocs/site/* -- the site-specific files
/export/trac-svn/conf/global-trac.ini -- global trac.ini [import] content
/export/trac-svn/htdigest -- authentication (htdigest) file
/export/trac-svn/log/* -- various log files
Resource = https://host-url/trac/* -- the Trac environments [BAD]
/export/trac/ -- trac parent directory
/export/trac/Sandbox -- the trac "Sandbox" environment
/export/trac/ADMIN -- the trac "ADMIN" environment
/export/trac/OSU -- the trac "OSU" environment
/export/trac/OSPSVN -- the trac "OSPSVN" environment
Resource = https://host-url/repos/* -- the Subversion repositories [OK]
/export/svn/repos/ -- subversion parent path
/export/svn/repos/*/ -- subversion repositories
testing ...
I am able to reference a single Trac project environment over HTTPS:
complete with mod_auth_digest authentication. However, I can only
use one (default) trac project at this time via apache2 using the
trac "deploy" autocreated (trac.wsgi) file.
The previous (trac.wsgi) example was created by the trac "deploy" command.
The following (trac.wsgi) resolves my issue, giving the ability to
select a Trac project environment from a menu.
--- (trac.wsgi) ---
import os
def application(environ, start_request):
os.environ['TRAC_ENV_PARENT_DIR'] = '/export/trac'
os.environ['PYTHON_EGG_CACHE'] = '/export/www/trac/.egg-cache'
from trac.web.main import dispatch_request
return dispatch_request(environ, start_request)
--- END (trac.wsgi) ---
NOTE: With apache2, I don't know how to pass httpd startup environment
variables to the trac.wsgi application.
NOTE: There is no default 'trac.env_path' assignment on purpose.
NOTE: Including 'trac.env_path' assignment breaks the ability
to use 'trac.env_parent_dir' configurations.
testing ...
Looks like I need to revisit mod_auth_digest authentication. It
appears to be broken.
I need to have separate authentication and access rules for each
Trac Project environment. The infrastructure works .. I just have
to find the magic. -- Here is some configuration that works !!!
File: /etc/apache2/conf.d/trac.conf
--- (trac.conf) ---
Alias /trac/chrome/common /export/www/trac/htdocs/common
Alias /trac/chrome/site /export/www/trac/htdocs/site
# Protect everything in the /export tree with https: encryption
<Directory /export>
SSLRequireSSL
</Directory>
<Directory "/export/www/trac/htdocs">
Order allow,deny
Allow from all
</Directory>
<Location "/trac/chrome/common/">
SetHandler None
</Location>
<Directory /export/trac>
SetHandler None
Order deny,allow
Allow from all
</Directory>
WSGIScriptAlias /trac /export/www/trac/cgi-bin/trac.wsgi
<Directory /export/www/trac/cgi-bin>
WSGIApplicationGroup ${GLOBAL}
Order deny,allow
Allow from all
</Directory>
# Replacing <LocationMatch "/export/trac/[^/]+/login">
# with an explicit <Location> directive for each /login.
<Location /trac/ADMIN/login>
AuthType Digest
AuthName "ospsvn"
AuthDigestDomain "/trac/ADMIN"
AuthDigestProvider file
AuthUserFile /export/trac-svn/htdigest
AuthGroupFile /export/trac-svn/htgroup
Require group svnadmin
</Location>
<Location /trac/OSPSVN/login>
AuthType Digest
AuthName "ospsvn"
AuthDigestDomain "/trac/OSPSVN"
AuthDigestProvider file
AuthUserFile /export/trac-svn/htdigest
AuthGroupFile /export/trac-svn/htgroup
Require valid-user
</Location>
<Location /trac/OSU/login>
AuthType Digest
AuthName "capstone"
AuthDigestDomain "/trac/OSU"
AuthDigestProvider file
AuthUserFile /export/trac-svn/htdigest
AuthGroupFile /export/trac-svn/htgroup
Require valid-user
</Location>
<Location /trac/WWW/login>
AuthType Digest
AuthName "ospsvn"
AuthDigestDomain "/trac/WWW"
AuthDigestProvider file
AuthUserFile /export/trac-svn/htdigest
AuthGroupFile /export/trac-svn/htgroup
Require svnadmin
</Location>
<Location /trac/Sandbox/login>
AuthType Digest
AuthName "ospsvn"
AuthDigestDomain "/trac/Sandbox"
AuthDigestProvider file
AuthUserFile /export/trac-svn/htdigest
AuthGroupFile /export/trac-svn/htgroup
Require valid-user
</Location>
----------
When doing your initial deployment, you will need to take time
to check your directory and file permissions between Apache2
running as www-data, and the directory tree permissions used
by Trac and the Subversion repositories.
Sincerely,
Steven J. Hathaway
Systems Integrator
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
