62 | ƒŠ | Out of the box, Trac will pass static resources such as style sheets or images through itself. For a CGI setup this is '''highly undesirable''', because this way CGI script is invoked for documents that could be much more efficiently served directly by web server.ƒŠ |
63 | ƒŠ | ƒŠ |
64 | ƒŠ | Web servers such as [http://httpd.apache.org/ Apache] allow you to create âÀÜAliasesâÀÝ to resources, giving them a virtual URL that doesn't necessarily reflect the layout of the servers file system. We already used this capability by defining a `ScriptAlias` for the CGI script. We also can map requests for static resources directly to the directory on the file system, avoiding processing these requests by CGI script.ƒŠ |
65 | ƒŠ | ƒŠ |
66 | ƒŠ | Add the following snippet to Apache configuration '''before''' the `ScriptAlias` for the CGI script, changing paths to match your deployment:ƒŠ |
67 | ƒŠ | {{{ƒŠ |
68 | ƒŠ | Alias /trac/chrome/common /path/to/www/trac/htdocsƒŠ |
69 | ƒŠ | <Directory "/path/to/www/trac/htdocs">ƒŠ |
70 | ƒŠ | Order allow,denyƒŠ |
71 | ƒŠ | Allow from allƒŠ |
72 | ƒŠ | </Directory>ƒŠ |
73 | ƒŠ | }}}ƒŠ |
74 | ƒŠ | ƒŠ |
75 | ƒŠ | Note that we mapped `/trac` part of the URL to the `trac.cgi` script, and the path `/chrome/common` is the path you have to append to that location to intercept requests to the static resources. ƒŠ |
76 | ƒŠ | ƒŠ |
77 | ƒŠ | For example, if Trac is mapped to `/cgi-bin/trac.cgi` on your server, the URL of the Alias should be `/cgi-bin/trac.cgi/chrome/common`.ƒŠ |
78 | ƒŠ | ƒŠ |
79 | ƒŠ | Similarly, if you have static resources in a project's htdocs directory (which is referenced by /chrome/site URL in themes), you can configure Apache to serve those resources (again, put this '''before''' the `ScriptAlias` for the CGI script, and adjust names and locations to match your installation):ƒŠ |
80 | ƒŠ | ƒŠ |
81 | ƒŠ | {{{ƒŠ |
82 | ƒŠ | Alias /trac/chrome/site /path/to/projectenv/htdocsƒŠ |
83 | ƒŠ | <Directory "/path/to/projectenv/htdocs">ƒŠ |
84 | ƒŠ | Order allow,denyƒŠ |
85 | ƒŠ | Allow from allƒŠ |
86 | ƒŠ | </Directory>ƒŠ |
87 | ƒŠ | }}}ƒŠ |
88 | ƒŠ | ƒŠ |
89 | ƒŠ | Alternatively to hacking `/trac/chrome/site`, you can directly specify path to static resources using `htdocs_location` configuration option in [wiki:TracIni trac.ini]:ƒŠ |
90 | ƒŠ | {{{ƒŠ |
91 | ƒŠ | [trac]ƒŠ |
92 | ƒŠ | htdocs_location = http://yourhost.example.org/trac-htdocsƒŠ |
93 | ƒŠ | }}}ƒŠ |
94 | ƒŠ | ƒŠ |
95 | ƒŠ | Trac will then use this URL when embedding static resources into HTML pages. Of course, you still need to make the Trac `htdocs` directory available through the web server at the specified URL, for example by copying (or linking) the directory into the document root of the web server:ƒŠ |
96 | ƒŠ | {{{ƒŠ |
97 | ƒŠ | $ ln -s /path/to/www/trac/htdocs /var/www/yourhost.example.org/trac-htdocsƒŠ |
98 | ƒŠ | }}}ƒŠ |
99 | ƒŠ | ƒŠ |
100 | ƒŠ | Note that in order to get this `htdocs` directory, you need first to extract the relevant Trac resources using the `deploy` command of TracAdmin:ƒŠ |
101 | ƒŠ | [[TracAdminHelp(deploy)]]ƒŠ |
102 | ƒŠ | ƒŠ |
ƒŠ | 66 | See TracInstall#MappingStaticResources.ƒŠ |
106 | ƒŠ | The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file:ƒŠ |
107 | ƒŠ | {{{ƒŠ |
108 | ƒŠ | $ htpasswd -c /somewhere/trac.htpasswd adminƒŠ |
109 | ƒŠ | New password: <type password>ƒŠ |
110 | ƒŠ | Re-type new password: <type password again>ƒŠ |
111 | ƒŠ | Adding password for user adminƒŠ |
112 | ƒŠ | }}}ƒŠ |
113 | ƒŠ | ƒŠ |
114 | ƒŠ | After the first user, you dont need the "-c" option anymore:ƒŠ |
115 | ƒŠ | {{{ƒŠ |
116 | ƒŠ | $ htpasswd /somewhere/trac.htpasswd johnƒŠ |
117 | ƒŠ | New password: <type password>ƒŠ |
118 | ƒŠ | Re-type new password: <type password again>ƒŠ |
119 | ƒŠ | Adding password for user johnƒŠ |
120 | ƒŠ | }}}ƒŠ |
121 | ƒŠ | ƒŠ |
122 | ƒŠ | ''See the man page for `htpasswd` for full documentation.''ƒŠ |
123 | ƒŠ | ƒŠ |
124 | ƒŠ | After you've created the users, you can set their permissions using TracPermissions.ƒŠ |
125 | ƒŠ | ƒŠ |
126 | ƒŠ | Now, you'll need to enable authentication against the password file in the Apache configuration:ƒŠ |
127 | ƒŠ | {{{ƒŠ |
128 | ƒŠ | <Location "/trac/login">ƒŠ |
129 | ƒŠ | AuthType BasicƒŠ |
130 | ƒŠ | AuthName "Trac"ƒŠ |
131 | ƒŠ | AuthUserFile /somewhere/trac.htpasswdƒŠ |
132 | ƒŠ | Require valid-userƒŠ |
133 | ƒŠ | </Location>ƒŠ |
134 | ƒŠ | }}}ƒŠ |
135 | ƒŠ | ƒŠ |
136 | ƒŠ | If you're hosting multiple projects you can use the same password file for all of them:ƒŠ |
137 | ƒŠ | {{{ƒŠ |
138 | ƒŠ | <LocationMatch "/trac/[^/]+/login">ƒŠ |
139 | ƒŠ | AuthType BasicƒŠ |
140 | ƒŠ | AuthName "Trac"ƒŠ |
141 | ƒŠ | AuthUserFile /somewhere/trac.htpasswdƒŠ |
142 | ƒŠ | Require valid-userƒŠ |
143 | ƒŠ | </LocationMatch>ƒŠ |
144 | ƒŠ | }}}ƒŠ |
145 | ƒŠ | ƒŠ |
146 | ƒŠ | For better security, it is recommended that you either enable SSL or at least use the âÀÜdigestâÀÝ authentication scheme instead of âÀÜBasicâÀÝ. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section in apache configuration can look like this:ƒŠ |
147 | ƒŠ | {{{ƒŠ |
148 | ƒŠ | <Location "/trac/login">ƒŠ |
149 | ƒŠ | LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.soƒŠ |
150 | ƒŠ | AuthType DigestƒŠ |
151 | ƒŠ | AuthName "trac"ƒŠ |
152 | ƒŠ | AuthDigestDomain /tracƒŠ |
153 | ƒŠ | AuthUserFile /somewhere/trac.htpasswdƒŠ |
154 | ƒŠ | Require valid-userƒŠ |
155 | ƒŠ | </Location>ƒŠ |
156 | ƒŠ | }}}ƒŠ |
157 | ƒŠ | and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows:ƒŠ |
158 | ƒŠ | {{{ƒŠ |
159 | ƒŠ | # htdigest /somewhere/trac.htpasswd trac adminƒŠ |
160 | ƒŠ | }}}ƒŠ |
161 | ƒŠ | where the "trac" parameter above is the same as !AuthName above ("Realm" in apache-docs). ƒŠ |
ƒŠ | 70 | See TracInstall#ConfiguringAuthentication.ƒŠ |