62 | | Out of the box, Trac will pass static resources such as style sheets or images through itself. For a CGI setup this is '''highly undesirable''', because this way CGI script is invoked for documents that could be much more efficiently served directly by web server. |
63 | | |
64 | | Web servers such as [http://httpd.apache.org/ Apache] allow you to create “Aliases” to resources, giving them a virtual URL that doesn't necessarily reflect the layout of the servers file system. We already used this capability by defining a `ScriptAlias` for the CGI script. We also can map requests for static resources directly to the directory on the file system, avoiding processing these requests by CGI script. |
65 | | |
66 | | Add the following snippet to Apache configuration '''before''' the `ScriptAlias` for the CGI script, changing paths to match your deployment: |
67 | | {{{ |
68 | | Alias /trac/chrome/common /path/to/www/trac/htdocs |
69 | | <Directory "/path/to/www/trac/htdocs"> |
70 | | Order allow,deny |
71 | | Allow from all |
72 | | </Directory> |
73 | | }}} |
74 | | |
75 | | Note that we mapped `/trac` part of the URL to the `trac.cgi` script, and the path `/chrome/common` is the path you have to append to that location to intercept requests to the static resources. |
76 | | |
77 | | For example, if Trac is mapped to `/cgi-bin/trac.cgi` on your server, the URL of the Alias should be `/cgi-bin/trac.cgi/chrome/common`. |
78 | | |
79 | | Similarly, if you have static resources in a project's htdocs directory (which is referenced by /chrome/site URL in themes), you can configure Apache to serve those resources (again, put this '''before''' the `ScriptAlias` for the CGI script, and adjust names and locations to match your installation): |
80 | | |
81 | | {{{ |
82 | | Alias /trac/chrome/site /path/to/projectenv/htdocs |
83 | | <Directory "/path/to/projectenv/htdocs"> |
84 | | Order allow,deny |
85 | | Allow from all |
86 | | </Directory> |
87 | | }}} |
88 | | |
89 | | Alternatively to hacking `/trac/chrome/site`, you can directly specify path to static resources using `htdocs_location` configuration option in [wiki:TracIni trac.ini]: |
90 | | {{{ |
91 | | [trac] |
92 | | htdocs_location = http://yourhost.example.org/trac-htdocs |
93 | | }}} |
94 | | |
95 | | Trac will then use this URL when embedding static resources into HTML pages. Of course, you still need to make the Trac `htdocs` directory available through the web server at the specified URL, for example by copying (or linking) the directory into the document root of the web server: |
96 | | {{{ |
97 | | $ ln -s /path/to/www/trac/htdocs /var/www/yourhost.example.org/trac-htdocs |
98 | | }}} |
99 | | |
100 | | Note that in order to get this `htdocs` directory, you need first to extract the relevant Trac resources using the `deploy` command of TracAdmin: |
101 | | [[TracAdminHelp(deploy)]] |
102 | | |
| 66 | See TracInstall#MappingStaticResources. |
106 | | The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file: |
107 | | {{{ |
108 | | $ htpasswd -c /somewhere/trac.htpasswd admin |
109 | | New password: <type password> |
110 | | Re-type new password: <type password again> |
111 | | Adding password for user admin |
112 | | }}} |
113 | | |
114 | | After the first user, you dont need the "-c" option anymore: |
115 | | {{{ |
116 | | $ htpasswd /somewhere/trac.htpasswd john |
117 | | New password: <type password> |
118 | | Re-type new password: <type password again> |
119 | | Adding password for user john |
120 | | }}} |
121 | | |
122 | | ''See the man page for `htpasswd` for full documentation.'' |
123 | | |
124 | | After you've created the users, you can set their permissions using TracPermissions. |
125 | | |
126 | | Now, you'll need to enable authentication against the password file in the Apache configuration: |
127 | | {{{ |
128 | | <Location "/trac/login"> |
129 | | AuthType Basic |
130 | | AuthName "Trac" |
131 | | AuthUserFile /somewhere/trac.htpasswd |
132 | | Require valid-user |
133 | | </Location> |
134 | | }}} |
135 | | |
136 | | If you're hosting multiple projects you can use the same password file for all of them: |
137 | | {{{ |
138 | | <LocationMatch "/trac/[^/]+/login"> |
139 | | AuthType Basic |
140 | | AuthName "Trac" |
141 | | AuthUserFile /somewhere/trac.htpasswd |
142 | | Require valid-user |
143 | | </LocationMatch> |
144 | | }}} |
145 | | |
146 | | For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section in apache configuration can look like this: |
147 | | {{{ |
148 | | <Location "/trac/login"> |
149 | | LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so |
150 | | AuthType Digest |
151 | | AuthName "trac" |
152 | | AuthDigestDomain /trac |
153 | | AuthUserFile /somewhere/trac.htpasswd |
154 | | Require valid-user |
155 | | </Location> |
156 | | }}} |
157 | | and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows: |
158 | | {{{ |
159 | | # htdigest /somewhere/trac.htpasswd trac admin |
160 | | }}} |
161 | | where the "trac" parameter above is the same as !AuthName above ("Realm" in apache-docs). |
| 70 | See TracInstall#ConfiguringAuthentication. |