Am Freitag, 22. Januar 2016 06:42:45 UTC+1 schrieb RjOllos:
>
>
> If we could eventually assemble a solid page describing how to setup Nginx
> it could be moved into the pages that are distributed with Trac.
>
I definitely agree with that. At the beginning when I was installing Trac
with Nginx I was trying hard to get more information. While I still have
some uncertainties and questions regarding how to serve static content
faster (as I'm no Nginx expert) I would like to share my working setup here
with Nginx+uWSGI+Trac which in my opinion is a fast and modern combination
for serving Python. I would like to see an official Nginx-Guide on our
install wikis soon...
Setup for 2 trac instances (pro and test) with SSL and plain http access:
/etc/nginx/nginx.conf
user nginx nginx;
worker_processes auto;
error_log syslog:server=unix:/dev/log error;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
server {
listen 80;
server_name project;
# Rewrite to force SSL:
#location / {
# rewrite ^/(.*)$ https://project/$1 redirect;
#}
location / {
root /mnt/data/trac/start;
}
location /trac-pro {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/trac-pro.sock;
uwsgi_param SCRIPT_NAME /trac-pro;
uwsgi_modifier1 30;
}
location /trac-test {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/trac-test.sock;
uwsgi_param SCRIPT_NAME /trac-test;
uwsgi_modifier1 30;
}
}
server {
listen 443;
server_name project;
root /mnt/data/trac;
ssl on;
ssl_certificate /etc/ssl/nginx/nginx.crt;
ssl_certificate_key /etc/ssl/nginx/nginx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-
SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-
AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-
SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA
:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:
ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-
AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:
AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK;
ssl_dhparam /etc/ssl/nginx/nginx.dh4096.pem;
keepalive_timeout 70;
add_header Front-End-Https on;
location / {
root /mnt/data/trac/start;
}
location /trac-pro {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/trac-pro.sock;
uwsgi_param SCRIPT_NAME /trac-pro;
uwsgi_modifier1 30;
}
location /trac-test {
include uwsgi_params;
uwsgi_pass unix:/run/uwsgi/trac-test.sock;
uwsgi_param SCRIPT_NAME /trac-test;
uwsgi_modifier1 30;
}
# different approaches for serving static content by nginx directly:
#location ~ /(.*?)/chrome/site/ {
# rewrite /(.*?)/chrome/site/(.*) /$1/htdocs/$2 break;
# root /mnt/data/trac/projects;
#}
#location ~ /(.*?)/chrome/common/ {
# rewrite /(.*?)/chrome/common/(.*) /$1/htdocs/$2 break;
# root /mnt/data/trac/projects;
#}
#location /mnt/data/trac/projects/trac-pro/htdocs {
# internal;
# alias /mnt/data/trac/projects/trac-pro/htdocs;
#}
#location /mnt/data/trac/projects/trac-pro/files {
# internal;
# alias /mnt/data/trac/projects/trac-pro/files;
#}
#location /*/chrome/common {
# alias /usr/lib64/python2.7/site-packages/trac/htdocs;
#}
#location ~ /(?<project>.+)/chrome/site {
# alias /mnt/data/trac/projects/$project/htdocs/;
#}
#ocation /trac/files {
# alias /mnt/data/trac/project/files;
#
#ocation /trac/trac-test/login {
# auth_basic_user_file
/mnt/data/trac/projects/trac-test/trac.htpasswd;
# auth_basic "Login for trac-test";
#
}
}
/etc/uwsgi.d/trac-pro.ini
[uwsgi]
plugins = python27
chown-socket = trac:nginx
uid = trac
gid = trac
workers = 6
socket = /run/uwsgi/%n.sock
env = TRAC_ENV=/mnt/data/trac/projects/trac-pro
env = PYTHON_EGG_CACHE=/mnt/data/trac/.python-eggs
module = trac.web.main
callable = dispatch_request
--
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.
