Changes between Version 2 and Version 3 of TracStandalone

Timestamp:

2014-01-26 00:59:52 (11 years ago)

Author:

trac

Comment:

--

TracStandalone

@@ -83 +83 @@
 
 Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service.
+
+=== Option 3 ===
+
+also cygwin's cygrunsrv.exe can be used:
+{{{
+$ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects'
+$ net start tracd
+}}}
 
 == Using Authentication ==
@@ -128 +136 @@
 This section describes how to use `tracd` with Apache .htpasswd files.
 
+  Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to
+  decode the htpasswd format.  Trac source code attempt an `import crypt` first, but there
+  is no such package for Python 2.6.
+
 To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache):
 {{{
@@ -156 +168 @@
 === Generating Passwords Without Apache ===
 
-Basic Authorization can be accomplished via this [http://www.4webhelp.net/us/password.php online HTTP Password generator].  Copy the generated password-hash line to the .htpasswd file on your system.
+Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator].  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5.
 
 You can use this simple Python script to generate a '''digest''' password file:
@@ -202 +214 @@
 It is possible to use `md5sum` utility to generate digest-password file:
 {{{
- $ printf "${user}:trac:${password}" | md5sum - >>user.htdigest
-}}}
-and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'.
+user=
+realm=
+password=
+path_to_file=
+echo ${user}:${realm}:$(printf "${user}:${realm}:${password}" | md5sum - | sed -e 's/\s\+-//') > ${path_to_file}
+}}}
 
 == Reference ==
@@ -222 +237 @@
   -b HOSTNAME, --hostname=HOSTNAME
                         the host name or IP address to bind to
-  --protocol=PROTOCOL   http|scgi|ajp
+  --protocol=PROTOCOL   http|scgi|ajp|fcgi
   -q, --unquote         unquote PATH_INFO (may be needed when using ajp)
-  --http10              use HTTP/1.0 protocol version (default)
-  --http11              use HTTP/1.1 protocol version instead of HTTP/1.0
+  --http10              use HTTP/1.0 protocol version instead of HTTP/1.1
+  --http11              use HTTP/1.1 protocol version (default)
   -e PARENTDIR, --env-parent-dir=PARENTDIR
                         parent directory of the project environments
@@ -232 +247 @@
   -r, --auto-reload     restart automatically when sources are modified
   -s, --single-env      only serve a single project without the project list
-}}}
+  -d, --daemonize       run in the background as a daemon
+  --pidfile=PIDFILE     When daemonizing, file to which to write pid
+  --umask=MASK          When daemonizing, file mode creation mask to use, in
+                        octal notation (default 022)
+}}}
+
+Use the -d option so that tracd doesn't hang if you close the terminal window where tracd was started.
 
 == Tips ==
@@ -261 +282 @@
 See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe].
 
+=== Authentication for tracd behind a proxy
+It is convenient to provide central external authentication to your tracd instances, instead of using {{{--basic-auth}}}. There is some discussion about this in #9206.
+
+Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap.
+
+First we bring tracd into Apache's location namespace.
+
+{{{
+<Location /project/proxified>
+        Require ldap-group cn=somegroup, ou=Groups,dc=domain.com
+        Require ldap-user somespecificusertoo
+        ProxyPass http://localhost:8101/project/proxified/
+        # Turns out we don't really need complicated RewriteRules here at all
+        RequestHeader set REMOTE_USER %{REMOTE_USER}s
+</Location>
+}}}
+
+Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory:
+{{{
+#!python
+from trac.core import *
+from trac.config import BoolOption
+from trac.web.api import IAuthenticator
+
+class MyRemoteUserAuthenticator(Component):
+
+    implements(IAuthenticator)
+
+    obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false', 
+               """Whether the 'Remote-User:' HTTP header is to be trusted for user logins 
+                (''since ??.??').""") 
+
+    def authenticate(self, req):
+        if self.obey_remote_user_header and req.get_header('Remote-User'): 
+            return req.get_header('Remote-User') 
+        return None
+
+}}}
+
+Add this new parameter to your TracIni:
+{{{
+...
+[trac]
+...
+obey_remote_user_header = true
+...
+}}}
+
+Run tracd:
+{{{
+tracd -p 8101 -r -s proxified --base-path=/project/proxified
+}}}
+
 === Serving a different base path than / ===
 Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is