Sunday, 31 July 2005
Configuring Trac with FastCGI and lighttpd
I initially tried getting tracd to work, but couldn’t get it to generate URLs that made sense. So, I decided to investigate all the fuss about using lighttpd and FastCGI. It works, better than tracd likely, and is certainly more flexible.
Here’s my lighttpd.conf for dev.sabi.net. It essentially implements the “Global authentication” example from the TracMultipleProjects page on the Trac wiki. You need a trunk version of Trac for this to work; 0.8.x don’t have FastCGI support.
server.port = 9013 server.document-root= "/home/nriley/web/public/" server.indexfiles = ( "index.html" ) server.pid-file = "/home/nriley/var/run/lighttpd.pid" server.errorlog = "/home/nriley/logs/lighttpd.error.log" accesslog.filename = "/home/nriley/logs/lighttpd.access.log" url.access-deny = ( "~", ".inc" ) compress.cache-dir = "/home/nriley/var/cache/lighttpd/compress/" compress.filetype = ( "text/plain", "text/html" ) fastcgi.server = ( "/trac" => ( "trac" => ( "socket" => "/home/nriley/var/run/trac-fastcgi.sock", "bin-path" => "/home/nriley/cgi-bin/trac.fcgi", "bin-environment" => ( "TRAC_ENV_PARENT_DIR" => "/home/nriley/trac" ) ) ) ) alias.url = ( "/media/" => "/home/nriley/share/trac/htdocs/" ) auth.backend = "htdigest" auth.backend.htdigest.userfile= "/home/nriley/etc/trac.digest.passwd" $HTTP["url"] =~ "^/trac/[^/]+/login" { auth.require = ( "/" => ( "method" => "digest", "realm" => "sabi.net Subversion repository", "require" => "user=nicholas" ) ) }
In order for the above FastCGI association to work, I must create a file named trac in the server’s document root, so lighttpd has something to pass along to the FastCGI script. (I got this tidbit from this article on using Django with lighttpd).
I needed to use /media instead of /trac or something like /trac-common or /trac/common because I couldn’t get lighttpd to give up the FastCGI assocation with /trac.
It appears there’s nothing equivalent to “Require valid-user” in lighttpd, and the “require” statement isn’t parsed until a request is received, so you’ll need to add a bunch of users to a group and require a group, likely. The parsing error is very poorly identified, too: (http_auth.c.345) = is missing. I had to dig through the lighttpd source to see what it was referring to.
So, everything seemingly works; the only problem I’m having is my log file getting polluted with these messages:
2005-08-01 03:08:38: (mod_fastcgi.c.2110) FastCGI-stderr:
which I’ve filed as a bug in Trac.
I also had to do some digging to figure out how to enable anonymous access to Subversion via WebDAV. The Subversion repository’s DAV interface was created as private to begin with, a sensible precaution. However, I couldn’t use <LimitExcept> to apply permissions, so instead I have a AuthzSVNAccessFile svn-access.conf that looks like this:
[dev:/] nicholas = rw * = r
Then I open up Apache access with Satisfy Any. Some more discussion of this technique is here.