57 | | Out of the box, Trac will serve static resources such as style sheets or images itself. For a CGI setup, though, this is highly undesirable, because it results in the CGI script being invoked for documents that could be much more efficiently served by the web server directly. |
58 | | |
59 | | Web servers such as [http://httpd.apache.org/ Apache HTTPD] allow you to create “Aliases” to resources, thereby giving them a virtual URL that doesn't necessarily bear any resemblance to the layout of the servers file system. We already used this capability above when defining a `ScriptAlias` for the CGI script, and we'll use it now to map requests to the static resources to the directory on the file system that contains them, thereby bypassing the processing of such requests by the CGI script. |
60 | | |
61 | | Edit the Apache configuration file again and add the following snippet '''before''' the `ScriptAlias` for the CGI script , file names and locations changed to match your installation: |
62 | | {{{ |
63 | | Alias /trac/chrome/common /usr/share/trac/htdocs |
64 | | <Directory "/usr/share/trac/htdocs"> |
65 | | Order allow,deny |
66 | | Allow from all |
67 | | </Directory> |
68 | | }}} |
69 | | |
70 | | Note that whatever URL path you mapped the `trac.cgi` script to, the path `/chrome/common` is the path you have to append to that location to intercept requests to the static resources. |
71 | | |
72 | | For example, if Trac is mapped to `/cgi-bin/trac.cgi` on your server, the URL of the Alias should be `/cgi-bin/trac.cgi/chrome/common`. |
73 | | |
74 | | Similarly, if you have static resources in a projects htdocs directory, you can configure apache to serve those resources (again, put this '''before''' the `ScriptAlias` for the CGI script, and adjust names and locations to match your installation): |
75 | | |
76 | | {{{ |
77 | | Alias /trac/chrome/site /path/to/projectenv/htdocs |
78 | | <Directory "/path/to/projectenv/htdocs"> |
79 | | Order allow,deny |
80 | | Allow from all |
81 | | </Directory> |
82 | | }}} |
83 | | |
84 | | Alternatively, you can set the `htdocs_location` configuration option in [wiki:TracIni trac.ini]: |
85 | | {{{ |
86 | | [trac] |
87 | | htdocs_location = /trac-htdocs |
88 | | }}} |
89 | | |
90 | | Trac will then use this URL when embedding static resources into HTML pages. Of course, you still need to make the Trac `htdocs` directory available through the web server at the specified URL, for example by copying (or linking) the directory into the document root of the web server: |
91 | | {{{ |
92 | | $ ln -s /usr/share/trac/htdocs /var/www/your_site.com/htdocs/trac-htdocs |
93 | | }}} |
94 | | |
95 | | Note that in order to get this `htdocs` directory, you need first to extract the relevant Trac resources using the `deploy` command of TracAdmin: |
96 | | [[TracAdminHelp(deploy)]] |
97 | | |
| 66 | See TracInstall#MappingStaticResources. |
101 | | The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file: |
102 | | {{{ |
103 | | $ htpasswd -c /somewhere/trac.htpasswd admin |
104 | | New password: <type password> |
105 | | Re-type new password: <type password again> |
106 | | Adding password for user admin |
107 | | }}} |
108 | | |
109 | | After the first user, you dont need the "-c" option anymore: |
110 | | {{{ |
111 | | $ htpasswd /somewhere/trac.htpasswd john |
112 | | New password: <type password> |
113 | | Re-type new password: <type password again> |
114 | | Adding password for user john |
115 | | }}} |
116 | | |
117 | | ''See the man page for `htpasswd` for full documentation.'' |
118 | | |
119 | | After you've created the users, you can set their permissions using TracPermissions. |
120 | | |
121 | | Now, you'll need to enable authentication against the password file in the Apache configuration: |
122 | | {{{ |
123 | | <Location "/trac/login"> |
124 | | AuthType Basic |
125 | | AuthName "Trac" |
126 | | AuthUserFile /somewhere/trac.htpasswd |
127 | | Require valid-user |
128 | | </Location> |
129 | | }}} |
130 | | |
131 | | If you're hosting multiple projects you can use the same password file for all of them: |
132 | | {{{ |
133 | | <LocationMatch "/trac/[^/]+/login"> |
134 | | AuthType Basic |
135 | | AuthName "Trac" |
136 | | AuthUserFile /somewhere/trac.htpasswd |
137 | | Require valid-user |
138 | | </LocationMatch> |
139 | | }}} |
140 | | |
141 | | For better security, it is recommended that you either enable SSL or at least use the “Digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section in apache configuration can look like this: |
142 | | {{{ |
143 | | <Location "/trac/login"> |
144 | | LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so |
145 | | AuthType Digest |
146 | | AuthName "trac" |
147 | | AuthDigestDomain /trac |
148 | | AuthDigestFile /somewhere/trac.htpasswd |
149 | | Require valid-user |
150 | | </Location> |
151 | | }}} |
152 | | and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows: |
153 | | {{{ |
154 | | # htdigest /somewhere/trac.htpasswd trac admin |
155 | | }}} |
156 | | where the "trac" parameter above is the same as !AuthName above ("Realm" in apache-docs). |
| 70 | See TracInstall#ConfiguringAuthentication. |