[TOC]
Installing trac 11.6 is complicated but easy, even with apache 2.2 (httpd)
PREPARATION STEP: Having a web server installed!
Centos uses "yum" to install software packages, Debian uses "apt"
which httpd //will find if your system already has httpd (or the http daemon)
yum install httpd
yum install mod_ssl //this allows apache (httpd) work with OpenSSL
# yum install httpd-manual //if you want the manual
yum list-security //if you want to ensure you have the newest security updates
DEBIAN/UBUNTU
sudo apt-get install apache2 libapache2-mod-python
# sudo apt-get install libapache2-mod-python-doc //if you want the manual
VERIFY YOUR APACHE IS OK
http://127.0.0.1 (or your ip address)
( ALWAYS watch out for firewalls! iptables -L -n --line-numbers -v )
BASIC HTTPD / APACHE CONFIGURATION
BEFORE making changes ALWAYS to back things up...
cd /etc/httpd/conf/
cd /etc/apache2/sites-available/default/ //DEBIAN/UBUNTU
cp httpd.conf httpd.conf.bak
nano /etc/httpd/conf/httpd.conf
# least amount of info given out increase security
ServerTokens Prod
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
# Lower from 120 to 60 if you're worried about Denial of Service
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
#Listen 80
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
Listen 12.34.56.78:80
User apache
Group apache
### Section 2
UseCanonicalName Off
DocumentRoot "/var/www/html"
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Permissions
chown -R root:root /usr/sbin/httpd //ensure only root can run apache
chown -R root:root /usr/conf/httpd.conf //ensure only root can modify apache
NOTE that there's already a Include conf.d/*.conf to load any /etc/httpd/conf.d files
After any apache config file changes it's best to restart and reload
/etc/init.d/httpd restart
/etc/init.d/httpd reload
service httpd reload //load the new configuration
service httpd restart //(re)start apache (the http daemon)
chkconfig --level 235 httpd on //ensure that apache starts at bootup (run levels 2,3,5)
# ServerName
INSTALLING TRAC
Installing trac on debian/ubuntu is pretty easy, unfortunately for Centos/Red Hat it's a lot more complicated...
First ensure you have python
which python //will tell you if it's already installed, otherwise...
yum install python
yum install mod_python //the module that allows apache to work with python
wget http://peak.telecommunity.com/dist/ez_setup.py
$ sudo python ez_setup.py
#run the easy_install app which isnstalls required dependencies + trac
sudo easy_install Trac
mkdir -p /trac-root/projects/trac
(this makes all of the directories at once)
trac-admin /trac-root/projects/trac/test initenv
Project Name: test
Database: hit enter for default
SVN: hit enter for default (no svn usage)
Path to Repository: enter for default (no svn usage)
trac-admin version
Welcome to trac-admin 0.11.6
Interactive Trac administration console.
Copyright (c) 2003-2009 Edgewall Software
Type: '?' or 'help' for help on commands.
Trac [/trac-root/tracScripts/version]> quit
CONGRATULATIONS, YOU HAVE TRAC INSTALLED But not quite configured...
MAKE A GLOBAL SYMBOLIC LINK
cd /
ln -s /trac-root/projects/trac /trac
ENSURE APACHE CAN ACCESS TRAC FILES
chown -R apache:apache trac //note that ubuntu user = www-data
FINALLY, THE TRAC SPECIFIC "VIRTUAL HOST" SECTION:
httpd.conf (or sites-available/default)
<VirtualHost *:80>
<Location /trac>
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /trac-root/projects/trac
PythonOption TracUriRoot /trac
</Location>
</VirtualHost>
http://127.0.0.1/trac //or http://domain.com/trac
Trac Error
Authentication information not available. Please refer to the installation documentation.
TO ACTUALLY BE ABLE TO LOGIN
htpasswd -c filename username // to create a new htpasswd file
// AND that the apache user (or www-data) has read access to it!
chgrp apache projects.password
chmod 740 projects.password
htpasswd /trac-root/projects.password newuser@domain.com //add a user
MORE APACHE CONFIGURATION
<Location /trac>
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /trac-root/projects/trac
PythonOption TracUriRoot /trac
</Location>
# for a trac installation controlling multiple projects (with the same login info)
<LocationMatch "/trac/[^/]+/login">
AuthType Basic
AuthName "Trac"
AuthUserFile /trac-root/projects.password
Require valid-user
</LocationMatch>
# for only one project
<Location "/trac/login">
AuthType Basic
AuthName "Trac"
AuthUserFile /somewhere/trac.htpasswd
Require valid-user
</Location>
if you force all users to authenticate via apache
<LocationMatch "/trac">
AuthType Basic
AuthName "Please Authenticate"
AuthUserFile /trac-root/projects.password
Require valid-user
</LocationMatch>
Then they won't notice the silly default "WIKI_VIEW privileges" aren't given to anonymous users and they'll immediately see the wikistart page.
Troubleshooting permissions
TracError: The user apache requires read _and_ write permissions to the database file
/trac-root/projects/trac/projectname/db/trac.db and the directory
don't forget! chown -R apache /trac-root/projects/trac //note that ubuntu user = www-data
migrating projects is easily begun by copying the project directory into the new server...
BUT you'll have to modify permissions (for the apache user to have read/write access)...
AND you'll have to clean up any absolute links, or SVN connections (if you've a different or removed the repository entirely then set the repository_dir to blank...), also, hopefully your project url is a relative path (and NOT an absolute url!)
nano trac.ini
[project]
url = /trac/projectname
...
[trac]
repository_dir =
Plugins
ALL OF YOUR PLUGINS SHOULD ALREADY BE IN THE "plugins" DIRECTORY IN YOUR PROJECT...
TO install new or upgrade plugins:
- http://trac-hacks.org/wiki/PrivateTicketsPlugin
- http://trac-hacks.org/wiki/TicketDeletePlugin
- http://trac-hacks.org/wiki/AccountManagerPlugin
download the source (usually in .zip files) if necessary upload the zip to your server using ftp/sftp (ssh!)
unzip filename (without the .zip, use unzip --help for examples)
unzip accountmanagerplugin_0.11-r7785.zip
cd accountmanagerplugin/0.11
cat README
Then enter the plugin directory with the "setup.py" file...
python setup.py bdist_egg
if the above is entered in exactly it will create some directories...
cp pluginname/dist/pluginname.egg /trac-root/projects/trac/projectname/plugins
cp dist/.egg /trac-root/projects/trac/projectname/plugins
chmod 640 /trac-root/projects/trac/projectname/plugins/*
e.g. /trac-root/projects/trac/umr5series/plugins/TracAccountManager-0.2.1dev-py2.4.egg
of course do this for every trac project that uses that Plugin
Then restart your web server (e.g. /etc/init.d/apache2 restart ... or httpd restart)
ACCOUNT MANAGER PLUGIN
After you've put the "egg" in the plugins directory you will probably change the basic security requirements, e.g. you should have at least one WIKI_ADMIN user!
trac-admin /trac-root/projects/trac/projectname/ permission list testuser
trac-admin /trac-root/projects/trac/projectname/ permission add testuser TRAC_ADMIN
http://127.0.0.1/trac //or http://domain.com/trac
The TRAC_ADMIN user(s) can see the Admin menu on the far right Besides "Basic Settings" of the project name/url
The Permissions area on the left allows you to modify existing user permissions (e.g. first thing would be to remove Anonymous user permissions)
Plugins List the plugins installed (at least ones compatible with Web Admin)
Click on: TracAccountManager 0.2.1dev to expand it and enable the checkboxes
DO NOT HAVE HtDigestStore enabled with HtPasswdStore, mutually exclusive on or the other!
http://trac-hacks.org/wiki/AccountManagerPlugin
acct_mgr.api = The core of this plugin. This component must be enabled acct_mgr.admin = Adds a new page to the trac:WebAdmin for TRAC_ADMIN managing user accounts.
acct_mgr.web_ui = Allows users to change their password, or delete their account.
AccountModule, EmailVerificationModule, LoginModule, RegistrationModule
HTTPAUTHSTORE
acct_mgr.http = Delegates authentication to web server (access based on LDAP, pass file, etc )
HTPASSWDSTORE
acct_mgr.htfile = store passwords in the htpasswd file format
(may not work with mod_python - bug using Pythons md5 module under mod_python) If you experience problems try FastCGI, mod_wsgi, or tracd.
acct_mgr.db =
Stores passwords in the trac database. You must enable one of the hash method components. HtDigestHashMethod is the default. May be better with large numbers of users (errors due to write contention on the password file)
acct_mgr.htfile = Used to store passwords in the htdigest file format. (may not work with mod_python due to a bug using Python's md5 module under mod_python) If you experience problems try FastCGI, mod_wsgi, or tracd.
acct_mgr.svnserve = Allows Trac to use SVN users
trac.ini
NOTE THAT THE WEB INTERFACE CHECKBOXES ABOVE ARE EQUIVALENT TO trac.ini CHANGES BELOW:
[components]
; be sure to enable the component
acct_mgr.http.HttpAuthStore = enabled
[account-manager]
; configure the plugin to use a page that is secured with http authentication
authentication_url = http://hostname/path
password_store = HttpAuthStore
[components]
; be sure to enable the component
acct_mgr.http.HttpAuthStore = enabled
[account-manager]
; configure the plugin to use a page that is secured with http authentication
authentication_url = http://hostname/path
password_store = HttpAuthStore
This will generally be matched with an Apache config like:
<Directory /var/www/html/path>
HTTP authentication configuration
Require valid-user
</Directory>
Trac Admin Account Configuration
Trac -> Admin -> Accounts (Configuration)
DON'T MAKE A TYPO MISTAKE!
HtPasswdStore = Dropdown = 1 ... HtPasswdStore
filename: /trac-root/projects.password
HtPasswdStore = Dropdown = 1 ... HtPasswdStore
auth_url: http://domain.com/trac
See the httpd (apache default) corresponding settings:
<VirtualHost domain.com:80>
<LocationMatch "/trac">
AuthType Basic
AuthName "Wiki Access"
AuthUserFile /trac-root/projects.password
Require valid-user
</LocationMatch>
trac.ini is then updated by the ACCOUNT MANAGER WEB ADMIN MODULE:
[account-manager]
authentication_url = http://domain.com/trac
force_passwd_change = true
password_file = /trac-root/projects.password
password_store = HttpAuthStore,HtPasswdStore
persistent_sessions = true
[components]
acct_mgr.admin.* = enabled
acct_mgr.api.* = enabled
acct_mgr.db.* = enabled
acct_mgr.db.sessionstore = disabled
acct_mgr.htfile.* = enabled
acct_mgr.htfile.abstractpasswordfilestore = disabled
acct_mgr.htfile.htdigeststore = disabled
acct_mgr.http.* = enabled
acct_mgr.notification.* = enabled
acct_mgr.pwhash.* = enabled
acct_mgr.pwhash.htdigesthashmethod = disabled
acct_mgr.svnserve.* = enabled
acct_mgr.svnserve.svnservepasswordstore = disabled
acct_mgr.web_ui.* = enabled
privatetickets.* = enabled
ticketdelete.* = enabled
Trac Admin add a User Account
Trac -> Admin -> Accounts (Users)
Add Account
Random Troubleshooting
Trac detected an internal error:
AttributeError: TracError instance has no attribute 'acctmgr'
SOLVED: When I tried to delete a user it told me that trac needed read/write permissions on not only the user-auth file, but also the parent directory of this file.
Giving read/write to the parent (containing) directory of the htdigest.user-auth file (in my case /trac-root/user-auth.htaccess), eliminated this error!