Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Initial Version and Version 1 of TracModPython

Timestamp:: 08/22/08 18:11:06 (16 years ago)
Author:: trac
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

TracModPython

v1	v1
	1	= Trac and mod_python =
	2	[[TracGuideToc]]
	3
	4	Trac supports [http://www.modpython.org/ mod_python], which speeds up Trac's response times considerably, especially compared to [TracCgi CGI], and permits use of many Apache features not possible with [wiki:TracStandalone tracd]/mod_proxy.
	5
	6	These instructions are for Apache 2; if you are still using Apache 1.3, you may have some luck with [wiki:TracModPython2.7 TracModPython2.7].
	7
	8	== Simple configuration ==
	9
	10	If you just installed mod_python, you may have to add a line to load the module in the Apache configuration:
	11	{{{
	12	LoadModule python_module modules/mod_python.so
	13	}}}
	14
	15	''Note: The exact path to the module depends on how the HTTPD installation is laid out.''
	16	On Debian using apt-get
	17	{{{
	18	apt-get install libapache2-mod-python libapache2-mod-python-doc
	19	}}}
	20	(Still on Debian) after you have installed mod_python, you must enable the modules in apache2 (equivalent of the above Load Module directive):
	21	{{{
	22	a2enmod mod_python
	23	}}}
	24	On Fedora use, using yum:
	25	{{{
	26	yum install mod_python
	27	}}}
	28	You can test your mod_python installation by adding the following to your httpd.conf. You should remove this when you are done testing for security reasons. Note: mod_python.testhandler is only available in mod_python 3.2+.
	29	{{{
	30	#!xml
	31	<Location /mpinfo>
	32	SetHandler mod_python
	33	PythonInterpreter main_interpreter
	34	PythonHandler mod_python.testhandler
	35	</Location>
	36	}}}
	37
	38	A simple setup of Trac on mod_python looks like this:
	39	{{{
	40	#!xml
	41	<Location /projects/myproject>
	42	SetHandler mod_python
	43	PythonInterpreter main_interpreter
	44	PythonHandler trac.web.modpython_frontend
	45	PythonOption TracEnv /var/trac/myproject
	46	PythonOption TracUriRoot /projects/myproject
	47	</Location>
	48	}}}
	49
	50	The option '''`TracUriRoot`''' may or may not be necessary in your setup. Try your configuration without it; if the URLs produced by Trac look wrong, if Trac does not seem to recognize URLs correctly, or you get an odd "No handler matched request to..." error, add the '''`TracUriRoot`''' option. You will notice that the `Location` and '''`TracUriRoot`''' have the same path.
	51
	52	The options available are
	53	{{{
	54	# For a single project
	55	PythonOption TracEnv /var/trac/myproject
	56	# For multiple projects
	57	PythonOption TracEnvParentDir /var/trac/myprojects
	58	# For the index of multiple projects
	59	PythonOption TracEnvIndexTemplate /srv/www/htdocs/trac/project_list_tepmlate.html
	60	# A space delimitted list, with a "," between key and value pairs.
	61	PythonOption TracTemplateVars key1,val1 key2,val2
	62	# Useful to get the date in the wanted order
	63	PythonOption TracLocale en_GB.UTF8
	64	# See description above
	65	PythonOption TracUriRoot /projects/myproject
	66	}}}
	67
	68	=== Configuring Authentication ===
	69
	70	Creating password files and configuring authentication works similar to the process for [wiki:TracCgi#AddingAuthentication CGI]:
	71	{{{
	72	#!xml
	73	<Location /projects/myproject/login>
	74	AuthType Basic
	75	AuthName "myproject"
	76	AuthUserFile /var/trac/myproject/.htpasswd
	77	Require valid-user
	78	</Location>
	79	}}}
	80
	81	Configuration for mod_ldap authentication in Apache is a bit tricky (httpd 2.2.x and OpenLDAP: slapd 2.3.19)
	82
	83	1. You need to load the following modules in Apache httpd.conf
	84	{{{
	85	LoadModule ldap_module modules/mod_ldap.so
	86	LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
	87	}}}
	88
	89	2. Your httpd.conf also needs to look something like:
	90
	91	{{{
	92	#!xml
	93	<Location /trac/>
	94	SetHandler mod_python
	95	PythonInterpreter main_interpreter
	96	PythonHandler trac.web.modpython_frontend
	97	PythonOption TracEnv /home/trac/
	98	PythonOption TracUriRoot /trac/
	99	Order deny,allow
	100	Deny from all
	101	Allow from 192.168.11.0/24
	102	AuthType Basic
	103	AuthName "Trac"
	104	AuthBasicProvider "ldap"
	105	AuthLDAPURL "ldap://127.0.0.1/dc=example,dc=co,dc=ke?uid?sub?(objectClass=inetOrgPerson)"
	106	authzldapauthoritative Off
	107	require valid-user
	108	</Location>
	109	}}}
	110
	111	Or the LDAP interface to a Microsoft Active Directory:
	112
	113	{{{
	114	#!xml
	115	<Location /trac/>
	116	SetHandler mod_python
	117	PythonInterpreter main_interpreter
	118	PythonHandler trac.web.modpython_frontend
	119	PythonOption TracEnv /home/trac/
	120	PythonOption TracUriRoot /trac/
	121	Order deny,allow
	122	Deny from all
	123	Allow from 192.168.11.0/24
	124	AuthType Basic
	125	AuthName "Trac"
	126	AuthBasicProvider "ldap"
	127	AuthLDAPURL "ldap://adserver.company.com:3268/DC=company,DC=com?sAMAccountName?sub?(objectClass=user)"
	128	AuthLDAPBindDN ldap-auth-user@company.com
	129	AuthLDAPBindPassword "the_password"
	130	authzldapauthoritative Off
	131	# require valid-user
	132	require ldap-group CN=Trac Users,CN=Users,DC=company,DC=com
	133	</Location>
	134	}}}
	135
	136	Note 1: This is the case where the LDAP search will get around the multiple OUs, conecting to Global Catalog Server portion of AD (Notice the port is 3268, not the normal LDAP 389). The GCS is basically a "flattened" tree which allows searching for a user without knowing to which OU they belong.
	137
	138	Note 2: Active Directory requires an authenticating user/password to access records (AuthLDAPBindDN and AuthLDAPBindPassword).
	139
	140	Note 3: The directive "require ldap-group ..." specifies an AD group whose members are allowed access.
	141
	142
	143
	144	=== Setting the !PythonPath ===
	145
	146	If the Trac installation isn't installed in your Python path, you'll have to tell Apache where to find the Trac mod_python handler using the `PythonPath` directive:
	147	{{{
	148	#!xml
	149	<Location /projects/myproject>
	150	...
	151	PythonPath "sys.path + ['/path/to/trac']"
	152	...
	153	</Location>
	154	}}}
	155
	156	Be careful about using the !PythonPath directive, and ''not'' `SetEnv PYTHONPATH`, as the latter won't work.
	157
	158	== Setting up multiple projects ==
	159
	160	The Trac mod_python handler supports a configuration option similar to Subversion's `SvnParentPath`, called `TracEnvParentDir`:
	161	{{{
	162	#!xml
	163	<Location /projects>
	164	SetHandler mod_python
	165	PythonInterpreter main_interpreter
	166	PythonHandler trac.web.modpython_frontend
	167	PythonOption TracEnvParentDir /var/trac
	168	PythonOption TracUriRoot /projects
	169	</Location>
	170	}}}
	171
	172	When you request the `/projects` URL, you will get a listing of all subdirectories of the directory you set as `TracEnvParentDir` that look like Trac environment directories. Selecting any project in the list will bring you to the corresponding Trac environment.
	173
	174	If you don't want to have the subdirectory listing as your projects home page you can use a
	175	{{{
	176	#!xml
	177	<LocationMatch "/.+/">
	178	}}}
	179
	180	This will instruct Apache to use mod_python for all locations different from root while having the possibility of placing a custom home page for root in your !DocumentRoot folder.
	181
	182	You can also use the same authentication realm for all of the projects using a `<LocationMatch>` directive:
	183	{{{
	184	#!xml
	185	<LocationMatch "/projects/[^/]+/login">
	186	AuthType Basic
	187	AuthName "Trac"
	188	AuthUserFile /var/trac/.htpasswd
	189	Require valid-user
	190	</LocationMatch>
	191	}}}
	192
	193	== Virtual Host Configuration ==
	194
	195	Below is the sample configuration required to set up your trac as a virtual server (i.e. when you access it at the URLs like
	196	!http://trac.mycompany.com):
	197
	198	{{{
	199	#!xml
	200	<VirtualHost * >
	201	DocumentRoot /var/www/myproject
	202	ServerName trac.mycompany.com
	203	<Location />
	204	SetHandler mod_python
	205	PythonInterpreter main_interpreter
	206	PythonHandler trac.web.modpython_frontend
	207	PythonOption TracEnv /var/trac/myproject
	208	PythonOption TracUriRoot /
	209	</Location>
	210	<Location /login>
	211	AuthType Basic
	212	AuthName "MyCompany Trac Server"
	213	AuthUserFile /var/trac/myproject/.htpasswd
	214	Require valid-user
	215	</Location>
	216	</VirtualHost>
	217	}}}
	218
	219	if you have issues with login try using `<LocationMatch>` instead of `<Location>`
	220
	221	For a virtual host that supports multiple projects replace "`TracEnv`" /var/trac/myproject with "`TracEnvParentDir`" /var/trac/
	222
	223	Note: !DocumentRoot should not point to your Trac project env. As Asmodai wrote on #trac: "suppose there's a webserer bug that allows disclosure of !DocumentRoot they could then leech the entire Trac environment".
	224
	225	== Troubleshooting ==
	226
	227	In general, if you get server error pages, you can either check the Apache error log, or enable the `PythonDebug` option:
	228	{{{
	229	#!xml
	230	<Location /projects/myproject>
	231	...
	232	PythonDebug on
	233	</Location>
	234	}}}
	235
	236	For multiple projects, try restarting the server as well.
	237
	238	=== Expat-related segmentation faults === #expat
	239
	240	This problem will most certainly hit you on Unix when using Python 2.4.
	241	In Python 2.4, some version of Expat (an XML parser library written in C) is used,
	242	and if Apache is using another version, this results in segmentation faults.
	243	As Trac 0.11 is using Genshi, which will indirectly use Expat, that problem
	244	can now hit you even if everything was working fine before with Trac 0.10.
	245
	246	See Graham Dumpleton's detailed [http://www.dscpl.com.au/wiki/ModPython/Articles/ExpatCausingApacheCrash explanation and workarounds] for the issue.
	247
	248	=== Form submission problems ===
	249
	250	If you're experiencing problems submitting some of the forms in Trac (a common problem is that you get redirected to the start page after submission), check whether your {{{DocumentRoot}}} contains a folder or file with the same path that you mapped the mod_python handler to. For some reason, mod_python gets confused when it is mapped to a location that also matches a static resource.
	251
	252	=== Problem with virtual host configuration ===
	253
	254	If the <Location /> directive is used, setting the `DocumentRoot` may result in a ''403 (Forbidden)'' error. Either remove the `DocumentRoot` directive, or make sure that accessing the directory it points is allowed (in a corresponding `<Directory>` block).
	255
	256	Using <Location /> together with `SetHandler` resulted in having everything handled by mod_python, which leads to not being able download any CSS or images/icons. I used <Location /trac> `SetHandler None` </Location> to circumvent the problem, though I do not know if this is the most elegant solution.
	257
	258	=== Using .htaccess ===
	259
	260	Although it may seem trivial to rewrite the above configuration as a directory in your document root with a `.htaccess` file, this does not work. Apache will append a "/" to any Trac URLs, which interferes with its correct operation.
	261
	262	It may be possible to work around this with mod_rewrite, but I failed to get this working. In all, it is more hassle than it is worth. Stick to the provided instructions. :)
	263
	264	=== Win32 Issues ===
	265	If you run trac with mod_python < 3.2 on Windows, uploading attachments will '''not''' work. This problem is resolved in mod_python 3.1.4 or later, so please upgrade mod_python to fix this.
	266
	267
	268	=== OS X issues ===
	269
	270	When using mod_python on OS X you will not be able to restart Apache using `apachectl restart`. This is apparently fixed in mod_python 3.2, but there's also a patch available for earlier versions [http://www.dscpl.com.au/projects/vampire/patches.html here].
	271
	272	=== SELinux issues ===
	273
	274	If Trac reports something like: ''Cannot get shared lock on db.lock''
	275	The security context on the repository may need to be set:
	276
	277	{{{
	278	chcon -R -h -t httpd_sys_content_t PATH_TO_REPOSITORY
	279	}}}
	280
	281	See also [[http://subversion.tigris.org/faq.html#reposperms]]
	282
	283	=== FreeBSD issues ===
	284	Pay attention to the version of the installed mod_python and sqlite packages. Ports have both the new and old ones, but earlier versions of pysqlite and mod_python won't integrate as the former requires threaded support in python, and the latter requires a threadless install.
	285
	286	If you compiled and installed apache2, apache wouldn´t support threads (cause it doesn´t work very well on FreeBSD). You could force thread support when running ./configure for apache, using --enable-threads, but this isn´t recommendable.
	287	The best option [[http://modpython.org/pipermail/mod_python/2006-September/021983.html seems to be]] adding to /usr/local/apache2/bin/ennvars the line
	288
	289	{{{
	290	export LD_PRELOAD=/usr/lib/libc_r.so
	291	}}}
	292
	293	=== Subversion issues ===
	294
	295	If you get the following Trac Error `Unsupported version control system "svn"` only under mod_python, though it works well on the command-line and even with TracStandalone, chances are that you forgot to add the path to the Python bindings with the [TracModPython#ConfiguringPythonPath PythonPath] directive. (The better way is to add a link to the bindings in the Python `site-packages` directory, or create a `.pth` file in that directory.)
	296
	297	If this is not the case, it's possible that you're using Subversion libraries that are binary incompatible with the apache ones (an incompatibility of the `apr` libraries is usually the cause). In that case, you also won't be able to use the svn modules for Apache (`mod_dav_svn`).
	298
	299	You also need a recent version of `mod_python` in order to avoid a runtime error ({{{argument number 2: a 'apr_pool_t *' is expected}}}) due to the default usage of multiple sub-interpreters. 3.2.8 ''should'' work, though it's probably better to use the workaround described in #3371, in order to force the use of the main interpreter:
	300	{{{
	301	PythonInterpreter main_interpreter
	302	}}}
	303	This is anyway the recommended workaround for other well-known issues seen when using the Python bindings for Subversion within mod_python (#2611, #3455). See in particular Graham Dumpleton's comment in [comment:ticket:3455:9 #3455] explaining the issue.
	304
	305	=== Page layout issues ===
	306
	307	If the formatting of the Trac pages look weird chances are that the style sheets governing the page layout are not handled properly by the web server. Try adding the following lines to your apache configuration:
	308	{{{
	309	#!xml
	310	Alias /myproject/css "/usr/share/trac/htdocs/css"
	311	<Location /myproject/css>
	312	SetHandler None
	313	</Location>
	314	}}}
	315
	316	Note: For the above configuration to have any effect it must be put after the configuration of your project root location, i.e. {{{<Location /myproject />}}}.
	317
	318	=== HTTPS issues ===
	319
	320	If you want to run Trac fully under https you might find that it tries to redirect to plain http. In this case just add the following line to your apache configuration:
	321	{{{
	322	#!xml
	323	<VirtualHost * >
	324	DocumentRoot /var/www/myproject
	325	ServerName trac.mycompany.com
	326	SetEnv HTTPS 1
	327	....
	328	</VirtualHost>
	329	}}}
	330
	331	=== Fedora 7 Issues ===
	332	Make sure you install the 'python-sqlite2' package as it seems to be required for TracModPython but not for tracd
	333
	334
	335	=== Segmentation fault with php5-mhash or other php5 modules ===
	336	You may encounter segfaults (reported on debian etch) if php5-mhash module is installed. Try to remove it to see if this solves the problem. See debian bug report [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411487]]
	337
	338	Some people also have troubles when using php5 compiled with its own 3rd party libraries instead of system libraries. Check here [[http://www.djangoproject.com/documentation/modpython/#if-you-get-a-segmentation-fault]]
	339
	340	----
	341	See also TracGuide, TracInstall, TracCgi, TracFastCgi