Changes between Initial Version and Version 1 of TracModPython


Ignore:
Timestamp:
2011-01-03 17:38:02 (14 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracModPython

    v1 v1  
     1= Trac and mod_python = 
     2[[TracGuideToc]] 
     3 
     4Trac supports [http://www.modpython.org/ mod_python], which speeds up Trac's response times considerably, especially compared to [TracCgi CGI], and permits use of many Apache features not possible with [wiki:TracStandalone tracd]/mod_proxy. 
     5 
     6These instructions are for Apache 2; if you are still using Apache 1.3, you may have some luck with [trac:wiki:TracModPython2.7 TracModPython2.7]. 
     7 
     8== Simple configuration == 
     9 
     10If you just installed mod_python, you may have to add a line to load the module in the Apache configuration: 
     11{{{ 
     12LoadModule python_module modules/mod_python.so 
     13}}} 
     14 
     15''Note: The exact path to the module depends on how the HTTPD installation is laid out.'' 
     16 
     17On Debian using apt-get 
     18{{{ 
     19apt-get install libapache2-mod-python libapache2-mod-python-doc 
     20}}} 
     21(Still on Debian) after you have installed mod_python, you must enable the modules in apache2 (equivalent of the above Load Module directive): 
     22{{{ 
     23a2enmod mod_python 
     24}}} 
     25On Fedora use, using yum: 
     26{{{ 
     27yum install mod_python 
     28}}} 
     29You can test your mod_python installation by adding the following to your httpd.conf.  You should remove this when you are done testing for security reasons. Note: mod_python.testhandler is only available in mod_python 3.2+. 
     30{{{ 
     31#!xml 
     32<Location /mpinfo> 
     33   SetHandler mod_python 
     34   PythonInterpreter main_interpreter 
     35   PythonHandler mod_python.testhandler 
     36</Location> 
     37}}} 
     38 
     39A simple setup of Trac on mod_python looks like this: 
     40{{{ 
     41#!xml 
     42<Location /projects/myproject> 
     43   SetHandler mod_python 
     44   PythonInterpreter main_interpreter 
     45   PythonHandler trac.web.modpython_frontend  
     46   PythonOption TracEnv /var/trac/myproject 
     47   PythonOption TracUriRoot /projects/myproject 
     48</Location> 
     49}}} 
     50 
     51The option '''`TracUriRoot`''' may or may not be necessary in your setup. Try your configuration without it; if the URLs produced by Trac look wrong, if Trac does not seem to recognize URLs correctly, or you get an odd "No handler matched request to..." error, add the '''`TracUriRoot`''' option.  You will notice that the `Location` and '''`TracUriRoot`''' have the same path. 
     52 
     53The options available are 
     54{{{ 
     55    # For a single project 
     56    PythonOption TracEnv /var/trac/myproject 
     57    # For multiple projects 
     58    PythonOption TracEnvParentDir /var/trac/myprojects 
     59    # For the index of multiple projects 
     60    PythonOption TracEnvIndexTemplate /srv/www/htdocs/trac/project_list_template.html 
     61    # A space delimitted list, with a "," between key and value pairs. 
     62    PythonOption TracTemplateVars key1,val1 key2,val2 
     63    # Useful to get the date in the wanted order 
     64    PythonOption TracLocale en_GB.UTF8 
     65    # See description above         
     66    PythonOption TracUriRoot /projects/myproject 
     67}}} 
     68 
     69=== Python Egg Cache === 
     70 
     71Compressed python eggs like Genshi are normally extracted into a directory named `.python-eggs` in the users home directory. Since apache's home usually is not writable an alternate egg cache directory can be specified like this: 
     72{{{ 
     73PythonOption PYTHON_EGG_CACHE /var/trac/myprojects/egg-cache 
     74}}} 
     75 
     76or you can uncompress the Genshi egg to resolve problems extracting from it. 
     77=== Configuring Authentication === 
     78 
     79Creating password files and configuring authentication works similar to the process for [wiki:TracCgi#AddingAuthentication CGI]: 
     80{{{ 
     81#!xml 
     82<Location /projects/myproject/login> 
     83  AuthType Basic 
     84  AuthName "myproject" 
     85  AuthUserFile /var/trac/myproject/.htpasswd 
     86  Require valid-user 
     87</Location> 
     88}}} 
     89 
     90Configuration for mod_ldap authentication in Apache is a bit tricky (httpd 2.2.x and OpenLDAP: slapd 2.3.19) 
     91 
     921. You need to load the following modules in Apache httpd.conf 
     93{{{ 
     94LoadModule ldap_module modules/mod_ldap.so 
     95LoadModule authnz_ldap_module modules/mod_authnz_ldap.so 
     96}}} 
     97 
     982. Your httpd.conf also needs to look something like: 
     99 
     100{{{ 
     101#!xml 
     102<Location /trac/> 
     103  SetHandler mod_python 
     104  PythonInterpreter main_interpreter 
     105  PythonHandler trac.web.modpython_frontend 
     106  PythonOption TracEnv /home/trac/ 
     107  PythonOption TracUriRoot /trac/ 
     108  Order deny,allow 
     109  Deny from all 
     110  Allow from 192.168.11.0/24 
     111  AuthType Basic 
     112  AuthName "Trac" 
     113  AuthBasicProvider "ldap" 
     114  AuthLDAPURL "ldap://127.0.0.1/dc=example,dc=co,dc=ke?uid?sub?(objectClass=inetOrgPerson)" 
     115  authzldapauthoritative Off 
     116  require valid-user 
     117</Location> 
     118}}} 
     119 
     120Or the LDAP interface to a Microsoft Active Directory: 
     121 
     122{{{ 
     123#!xml 
     124<Location /trac/> 
     125  SetHandler mod_python 
     126  PythonInterpreter main_interpreter 
     127  PythonHandler trac.web.modpython_frontend 
     128  PythonOption TracEnv /home/trac/ 
     129  PythonOption TracUriRoot /trac/ 
     130  Order deny,allow 
     131  Deny from all 
     132  Allow from 192.168.11.0/24 
     133  AuthType Basic 
     134  AuthName "Trac" 
     135  AuthBasicProvider "ldap" 
     136  AuthLDAPURL "ldap://adserver.company.com:3268/DC=company,DC=com?sAMAccountName?sub?(objectClass=user)" 
     137  AuthLDAPBindDN       ldap-auth-user@company.com 
     138  AuthLDAPBindPassword "the_password" 
     139  authzldapauthoritative Off 
     140  # require valid-user 
     141  require ldap-group CN=Trac Users,CN=Users,DC=company,DC=com 
     142</Location> 
     143}}} 
     144 
     145Note 1: This is the case where the LDAP search will get around the multiple OUs, conecting to Global Catalog Server portion of AD (Notice the port is 3268, not the normal LDAP 389). The GCS is basically a "flattened" tree which allows searching for a user without knowing to which OU they belong. 
     146 
     147Note 2: Active Directory requires an authenticating user/password to access records (AuthLDAPBindDN and AuthLDAPBindPassword). 
     148 
     149Note 3: The directive "require ldap-group ..."  specifies an AD group whose members are allowed access. 
     150 
     151 
     152=== Setting the Python Egg Cache === 
     153 
     154If the Egg Cache isn't writeable by your Web server, you'll either have to change the permissions, or point Python to a location where Apache can write. This can manifest itself as a ''500 internal server error'' and/or a complaint in the syslog.  
     155 
     156{{{ 
     157#!xml 
     158<Location /projects/myproject> 
     159  ... 
     160  PythonOption PYTHON_EGG_CACHE /tmp  
     161  ... 
     162</Location> 
     163}}} 
     164 
     165 
     166=== Setting the !PythonPath === 
     167 
     168If the Trac installation isn't installed in your Python path, you'll have to tell Apache where to find the Trac mod_python handler  using the `PythonPath` directive: 
     169{{{ 
     170#!xml 
     171<Location /projects/myproject> 
     172  ... 
     173  PythonPath "sys.path + ['/path/to/trac']" 
     174  ... 
     175</Location> 
     176}}} 
     177 
     178Be careful about using the !PythonPath directive, and ''not'' `SetEnv PYTHONPATH`, as the latter won't work. 
     179 
     180== Setting up multiple projects == 
     181 
     182The Trac mod_python handler supports a configuration option similar to Subversion's `SvnParentPath`, called `TracEnvParentDir`: 
     183{{{ 
     184#!xml 
     185<Location /projects> 
     186  SetHandler mod_python 
     187  PythonInterpreter main_interpreter 
     188  PythonHandler trac.web.modpython_frontend  
     189  PythonOption TracEnvParentDir /var/trac 
     190  PythonOption TracUriRoot /projects 
     191</Location> 
     192}}} 
     193 
     194When you request the `/projects` URL, you will get a listing of all subdirectories of the directory you set as `TracEnvParentDir` that look like Trac environment directories. Selecting any project in the list will bring you to the corresponding Trac environment. 
     195 
     196If you don't want to have the subdirectory listing as your projects home page you can use a 
     197{{{ 
     198#!xml 
     199<LocationMatch "/.+/"> 
     200}}} 
     201 
     202This will instruct Apache to use mod_python for all locations different from root while having the possibility of placing a custom home page for root in your !DocumentRoot folder. 
     203 
     204You can also use the same authentication realm for all of the projects using a `<LocationMatch>` directive: 
     205{{{ 
     206#!xml 
     207<LocationMatch "/projects/[^/]+/login"> 
     208  AuthType Basic 
     209  AuthName "Trac" 
     210  AuthUserFile /var/trac/.htpasswd 
     211  Require valid-user 
     212</LocationMatch> 
     213}}} 
     214 
     215== Virtual Host Configuration == 
     216 
     217Below is the sample configuration required to set up your trac as a virtual server (i.e. when you access it at the URLs like 
     218!http://trac.mycompany.com): 
     219 
     220{{{ 
     221#!xml 
     222<VirtualHost * > 
     223    DocumentRoot /var/www/myproject 
     224    ServerName trac.mycompany.com 
     225    <Location /> 
     226        SetHandler mod_python 
     227        PythonInterpreter main_interpreter 
     228        PythonHandler trac.web.modpython_frontend 
     229        PythonOption TracEnv /var/trac/myproject 
     230        PythonOption TracUriRoot / 
     231    </Location> 
     232    <Location /login> 
     233        AuthType Basic 
     234        AuthName "MyCompany Trac Server" 
     235        AuthUserFile /var/trac/myproject/.htpasswd 
     236        Require valid-user 
     237    </Location> 
     238</VirtualHost> 
     239}}} 
     240 
     241This does not seem to work in all cases. What you can do if it does not: 
     242 * Try using `<LocationMatch>` instead of `<Location>` 
     243 * <Location /> may, in your server setup, refer to the complete host instead of simple the root of the server. This means that everything (including the login directory referenced below) will be sent to python and authentication does not work (i.e. you get the infamous Authentication information missing error). If this applies to you, try using a sub-directory for trac instead of the root (i.e. /web/ and /web/login instead of / and /login). 
     244 * Depending on apache's `NameVirtualHost` configuration, you may need to use `<VirtualHost *:80>` instead of `<VirtualHost *>`. 
     245 
     246For a virtual host that supports multiple projects replace "`TracEnv`" /var/trac/myproject with "`TracEnvParentDir`" /var/trac/ 
     247 
     248Note: !DocumentRoot should not point to your Trac project env. As Asmodai wrote on #trac: "suppose there's a webserver bug that allows disclosure of !DocumentRoot they could then leech the entire Trac environment". 
     249 
     250== Troubleshooting == 
     251 
     252In general, if you get server error pages, you can either check the Apache error log, or enable the `PythonDebug` option: 
     253{{{ 
     254#!xml 
     255<Location /projects/myproject> 
     256  ... 
     257  PythonDebug on 
     258</Location> 
     259}}} 
     260 
     261For multiple projects, try restarting the server as well. 
     262 
     263=== Expat-related segmentation faults === #expat 
     264 
     265This problem will most certainly hit you on Unix when using Python 2.4. 
     266In Python 2.4, some version of Expat (an XML parser library written in C) is used,  
     267and if Apache is using another version, this results in segmentation faults. 
     268As Trac 0.11 is using Genshi, which will indirectly use Expat, that problem 
     269can now hit you even if everything was working fine before with Trac 0.10. 
     270 
     271See Graham Dumpleton's detailed [http://www.dscpl.com.au/wiki/ModPython/Articles/ExpatCausingApacheCrash explanation and workarounds] for the issue. 
     272 
     273=== Form submission problems === 
     274 
     275If you're experiencing problems submitting some of the forms in Trac (a common problem is that you get redirected to the start page after submission), check whether your {{{DocumentRoot}}} contains a folder or file with the same path that you mapped the mod_python handler to. For some reason, mod_python gets confused when it is mapped to a location that also matches a static resource. 
     276 
     277=== Problem with virtual host configuration === 
     278 
     279If the <Location /> directive is used, setting the `DocumentRoot` may result in a ''403 (Forbidden)'' error. Either remove the `DocumentRoot` directive, or make sure that accessing the directory it points is allowed (in a corresponding `<Directory>` block). 
     280 
     281Using <Location /> together with `SetHandler` resulted in having everything handled by mod_python, which leads to not being able download any CSS or images/icons. I used <Location /trac> `SetHandler None` </Location> to circumvent the problem, though I do not know if this is the most elegant solution. 
     282 
     283=== Using .htaccess === 
     284 
     285Although it may seem trivial to rewrite the above configuration as a directory in your document root with a `.htaccess` file, this does not work. Apache will append a "/" to any Trac URLs, which interferes with its correct operation. 
     286 
     287It may be possible to work around this with mod_rewrite, but I failed to get this working. In all, it is more hassle than it is worth. Stick to the provided instructions. :) 
     288 
     289A success story: For me it worked out-of-box, with following trivial config: 
     290{{{ 
     291SetHandler mod_python 
     292PythonInterpreter main_interpreter 
     293PythonHandler trac.web.modpython_frontend  
     294PythonOption TracEnv /system/path/to/this/directory 
     295PythonOption TracUriRoot /path/on/apache 
     296 
     297AuthType Basic 
     298AuthName "ProjectName" 
     299AuthUserFile /path/to/.htpasswd 
     300Require valid-user 
     301}}} 
     302 
     303The `TracUriRoot` is obviously the path you need to enter to the browser to get to the trac (e.g. domain.tld/projects/trac) 
     304 
     305=== Additional .htaccess help === 
     306 
     307If you are using the .htaccess method you may have additional problems if your trac directory is inheriting .htaccess directives from another.  This may also help to add to your .htaccess file: 
     308 
     309{{{ 
     310<IfModule mod_rewrite.c> 
     311  RewriteEngine Off 
     312</IfModule> 
     313}}} 
     314 
     315 
     316=== Win32 Issues === 
     317If you run trac with mod_python < 3.2 on Windows, uploading attachments will '''not''' work. This problem is resolved in mod_python 3.1.4 or later, so please upgrade mod_python to fix this. 
     318 
     319 
     320=== OS X issues === 
     321 
     322When using mod_python on OS X you will not be able to restart Apache using `apachectl restart`. This is apparently fixed in mod_python 3.2, but there's also a patch available for earlier versions [http://www.dscpl.com.au/projects/vampire/patches.html here]. 
     323 
     324=== SELinux issues === 
     325 
     326If Trac reports something like: ''Cannot get shared lock on db.lock'' 
     327The security context on the repository may need to be set: 
     328 
     329{{{ 
     330chcon -R -h -t httpd_sys_content_t PATH_TO_REPOSITORY 
     331}}} 
     332 
     333See also [http://subversion.tigris.org/faq.html#reposperms] 
     334 
     335=== FreeBSD issues === 
     336Pay attention to the version of the installed mod_python and sqlite packages. Ports have both the new and old ones, but earlier versions of pysqlite and mod_python won't integrate as the former requires threaded support in python, and the latter requires a threadless install. 
     337 
     338If you compiled and installed apache2, apache wouldn´t support threads (cause it doesn´t work very well on FreeBSD). You could force thread support when running ./configure for apache, using --enable-threads, but this isn´t recommendable. 
     339The best option [http://modpython.org/pipermail/mod_python/2006-September/021983.html seems to be] adding to /usr/local/apache2/bin/ennvars the line  
     340 
     341{{{ 
     342export LD_PRELOAD=/usr/lib/libc_r.so 
     343}}} 
     344 
     345=== Subversion issues === 
     346 
     347If you get the following Trac Error `Unsupported version control system "svn"` only under mod_python, though it works well on the command-line and even with TracStandalone, chances are that you forgot to add the path to the Python bindings with the [TracModPython#ConfiguringPythonPath PythonPath] directive. (The better way is to add a link to the bindings in the Python `site-packages` directory, or create a `.pth` file in that directory.) 
     348 
     349If this is not the case, it's possible that you're using Subversion libraries that are binary incompatible with the apache ones (an incompatibility of the `apr` libraries is usually the cause). In that case, you also won't be able to use the svn modules for Apache (`mod_dav_svn`). 
     350 
     351You also need a recent version of `mod_python` in order to avoid a runtime error ({{{argument number 2: a 'apr_pool_t *' is expected}}}) due to the default usage of multiple sub-interpreters. 3.2.8 ''should'' work, though it's probably better to use the workaround described in [trac:#3371 #3371], in order to force the use of the main interpreter: 
     352{{{ 
     353PythonInterpreter main_interpreter 
     354}}} 
     355This is anyway the recommended workaround for other well-known issues seen when using the Python bindings for Subversion within mod_python ([trac:#2611 #2611], [trac:#3455 #3455]). See in particular Graham Dumpleton's comment in [trac:comment:9:ticket:3455 #3455] explaining the issue. 
     356 
     357=== Page layout issues === 
     358 
     359If the formatting of the Trac pages look weird chances are that the style sheets governing the page layout are not handled properly by the web server. Try adding the following lines to your apache configuration: 
     360{{{ 
     361#!xml 
     362Alias /myproject/css "/usr/share/trac/htdocs/css" 
     363<Location /myproject/css> 
     364    SetHandler None 
     365</Location> 
     366}}} 
     367 
     368Note: For the above configuration to have any effect it must be put after the configuration of your project root location, i.e. {{{<Location /myproject />}}}. 
     369 
     370=== HTTPS issues === 
     371 
     372If you want to run Trac fully under https you might find that it tries to redirect to plain http. In this case just add the following line to your apache configuration: 
     373{{{ 
     374#!xml 
     375<VirtualHost * > 
     376    DocumentRoot /var/www/myproject 
     377    ServerName trac.mycompany.com 
     378    SetEnv HTTPS 1 
     379    .... 
     380</VirtualHost> 
     381}}} 
     382 
     383=== Fedora 7 Issues === 
     384Make sure you install the 'python-sqlite2' package as it seems to be required for TracModPython but not for tracd 
     385 
     386 
     387=== Segmentation fault with php5-mhash or other php5 modules === 
     388You may encounter segfaults (reported on debian etch) if php5-mhash module is installed. Try to remove it to see if this solves the problem. See debian bug report [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411487] 
     389 
     390Some people also have troubles when using php5 compiled with its own 3rd party libraries instead of system libraries. Check here [http://www.djangoproject.com/documentation/modpython/#if-you-get-a-segmentation-fault] 
     391 
     392---- 
     393See also:  TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracFastCgi FastCGI], [wiki:TracModPython ModPython], [trac:TracNginxRecipe TracNginxRecipe]