| 62 | | Out of the box, Trac will pass static resources such as style sheets or images through itself. For a CGI setup this is '''highly undesirable''', because this way CGI script is invoked for documents that could be much more efficiently served directly by web server. |
| 63 | | |
| 64 | | Web servers such as [http://httpd.apache.org/ Apache] allow you to create “Aliases” to resources, giving them a virtual URL that doesn't necessarily reflect the layout of the servers file system. We already used this capability by defining a `ScriptAlias` for the CGI script. We also can map requests for static resources directly to the directory on the file system, avoiding processing these requests by CGI script. |
| 65 | | |
| 66 | | There are two primary URL paths for static resources - `/chrome/common` and `/chrome/site`. Plugins can add their own resources usually accessible by `/chrome/plugin` path, so its important to override only known paths and not try to make universal `/chrome` alias for everything. |
| 67 | | |
| 68 | | Add the following snippet to Apache configuration '''before''' the `ScriptAlias` for the CGI script, changing paths to match your deployment: |
| 69 | | {{{ |
| 70 | | Alias /trac/chrome/common /path/to/trac/htdocs/common |
| 71 | | Alias /trac/chrome/site /path/to/trac/htdocs/site |
| 72 | | <Directory "/path/to/www/trac/htdocs"> |
| 73 | | Order allow,deny |
| 74 | | Allow from all |
| 75 | | </Directory> |
| 76 | | }}} |
| 77 | | |
| 78 | | If using mod_python, you might want to add this too (otherwise, the alias will be ignored): |
| 79 | | {{{ |
| 80 | | <Location "/trac/chrome/common/"> |
| 81 | | SetHandler None |
| 82 | | </Location> |
| 83 | | }}} |
| 84 | | |
| 85 | | Note that we mapped `/trac` part of the URL to the `trac.cgi` script, and the path `/chrome/common` is the path you have to append to that location to intercept requests to the static resources. |
| 86 | | |
| 87 | | For example, if Trac is mapped to `/cgi-bin/trac.cgi` on your server, the URL of the Alias should be `/cgi-bin/trac.cgi/chrome/common`. |
| 88 | | |
| 89 | | Similarly, if you have static resources in a project's htdocs directory (which is referenced by /chrome/site URL in themes), you can configure Apache to serve those resources (again, put this '''before''' the `ScriptAlias` for the CGI script, and adjust names and locations to match your installation): |
| 90 | | |
| 91 | | {{{ |
| 92 | | Alias /trac/chrome/site /path/to/projectenv/htdocs |
| 93 | | <Directory "/path/to/projectenv/htdocs"> |
| 94 | | Order allow,deny |
| 95 | | Allow from all |
| 96 | | </Directory> |
| 97 | | }}} |
| 98 | | |
| 99 | | Alternatively to hacking `/trac/chrome/site`, you can directly specify path to static resources using `htdocs_location` configuration option in [wiki:TracIni trac.ini]: |
| 100 | | {{{ |
| 101 | | [trac] |
| 102 | | htdocs_location = http://yourhost.example.org/trac-htdocs |
| 103 | | }}} |
| 104 | | |
| 105 | | Trac will then use this URL when embedding static resources into HTML pages. Of course, you still need to make the Trac `htdocs` directory available through the web server at the specified URL, for example by copying (or linking) the directory into the document root of the web server: |
| 106 | | {{{ |
| 107 | | $ ln -s /path/to/www/trac/htdocs /var/www/yourhost.example.org/trac-htdocs |
| 108 | | }}} |
| 109 | | |
| 110 | | Note that in order to get this `htdocs` directory, you need first to extract the relevant Trac resources using the `deploy` command of TracAdmin: |
| 111 | | [[TracAdminHelp(deploy)]] |
| 112 | | |
| | 66 | See TracInstall#MappingStaticResources. |
| 116 | | The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file: |
| 117 | | {{{ |
| 118 | | $ htpasswd -c /somewhere/trac.htpasswd admin |
| 119 | | New password: <type password> |
| 120 | | Re-type new password: <type password again> |
| 121 | | Adding password for user admin |
| 122 | | }}} |
| 123 | | |
| 124 | | After the first user, you dont need the "-c" option anymore: |
| 125 | | {{{ |
| 126 | | $ htpasswd /somewhere/trac.htpasswd john |
| 127 | | New password: <type password> |
| 128 | | Re-type new password: <type password again> |
| 129 | | Adding password for user john |
| 130 | | }}} |
| 131 | | |
| 132 | | ''See the man page for `htpasswd` for full documentation.'' |
| 133 | | |
| 134 | | After you've created the users, you can set their permissions using TracPermissions. |
| 135 | | |
| 136 | | Now, you'll need to enable authentication against the password file in the Apache configuration: |
| 137 | | {{{ |
| 138 | | <Location "/trac/login"> |
| 139 | | AuthType Basic |
| 140 | | AuthName "Trac" |
| 141 | | AuthUserFile /somewhere/trac.htpasswd |
| 142 | | Require valid-user |
| 143 | | </Location> |
| 144 | | }}} |
| 145 | | |
| 146 | | If you're hosting multiple projects you can use the same password file for all of them: |
| 147 | | {{{ |
| 148 | | <LocationMatch "/trac/[^/]+/login"> |
| 149 | | AuthType Basic |
| 150 | | AuthName "Trac" |
| 151 | | AuthUserFile /somewhere/trac.htpasswd |
| 152 | | Require valid-user |
| 153 | | </LocationMatch> |
| 154 | | }}} |
| 155 | | |
| 156 | | For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section in apache configuration can look like this: |
| 157 | | {{{ |
| 158 | | <Location "/trac/login"> |
| 159 | | LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so |
| 160 | | AuthType Digest |
| 161 | | AuthName "trac" |
| 162 | | AuthDigestDomain /trac |
| 163 | | AuthUserFile /somewhere/trac.htpasswd |
| 164 | | Require valid-user |
| 165 | | </Location> |
| 166 | | }}} |
| 167 | | and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows: |
| 168 | | {{{ |
| 169 | | # htdigest /somewhere/trac.htpasswd trac admin |
| 170 | | }}} |
| 171 | | where the "trac" parameter above is the same as !AuthName above ("Realm" in apache-docs). |
| | 70 | See TracInstall#ConfiguringAuthentication. |
