Changes between Version 3 and Version 4 of TracModPython


Ignore:
Timestamp:
2015-03-21T12:46:07Z (5 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracModPython

    v3 v4  
    1 = Trac and mod_python =
     1= Trac and mod_python
    22[[TracGuideToc]]
    33
     4Mod_python is an [https://httpd.apache.org/ Apache] module that embeds the Python interpreter within the server, so that web-based applications in Python will run many times faster than traditional CGI and will have the ability to retain database connections.
    45Trac supports [http://www.modpython.org/ mod_python], which speeds up Trac's response times considerably, especially compared to [TracCgi CGI], and permits use of many Apache features not possible with [wiki:TracStandalone tracd]/mod_proxy.
    56
    6 These instructions are for Apache 2; if you are still using Apache 1.3, you may have some luck with [trac:wiki:TracModPython2.7 TracModPython2.7].
    7 
    8 == A Word of Warning ==
    9 
    10 As of 16^th^ June 2010, the mod_python project is officially dead.  If you are considering using mod_python for a new installation, '''please don't'''!  There are known issues which will not be fixed and there are now better alternatives.  Check out the main TracInstall pages for your target version for more information.
    11 
    12 == Simple configuration ==
     7These instructions are for Apache 2. If you are using Apache 1.3, you may have some luck with [trac:wiki:TracModPython2.7 TracModPython2.7], but that is a deprecated setup.
     8
     9[[PageOutline(2-3,Overview,inline)]]
     10
     11== Simple configuration: single project == #Simpleconfiguration
    1312
    1413If you just installed mod_python, you may have to add a line to load the module in the Apache configuration:
     
    1918''Note: The exact path to the module depends on how the HTTPD installation is laid out.''
    2019
    21 On Debian using apt-get
     20On Debian using apt-get:
    2221{{{
    2322apt-get install libapache2-mod-python libapache2-mod-python-doc
    2423}}}
    25 (Still on Debian) after you have installed mod_python, you must enable the modules in apache2 (equivalent of the above Load Module directive):
     24Still on Debian, after you have installed mod_python, you must enable the modules in apache2, equivalent to the above Load Module directive:
    2625{{{
    2726a2enmod python
     
    3130yum install mod_python
    3231}}}
    33 You can test your mod_python installation by adding the following to your httpd.conf.  You should remove this when you are done testing for security reasons. Note: mod_python.testhandler is only available in mod_python 3.2+.
     32You can test your mod_python installation by adding the following to your httpd.conf. You should remove this when you are done testing for security reasons. Note: mod_python.testhandler is only available in mod_python 3.2+.
    3433{{{
    3534#!xml
     
    5756}}}
    5857
    59 The option '''`TracUriRoot`''' may or may not be necessary in your setup. Try your configuration without it; if the URLs produced by Trac look wrong, if Trac does not seem to recognize URLs correctly, or you get an odd "No handler matched request to..." error, add the '''`TracUriRoot`''' option.  You will notice that the `Location` and '''`TracUriRoot`''' have the same path.
    60 
    61 The options available are
     58The option '''`TracUriRoot`''' may or may not be necessary in your setup. Try your configuration without it; if the URLs produced by Trac look wrong, if Trac does not seem to recognize URLs correctly, or you get an odd "No handler matched request to..." error, add the '''`TracUriRoot`''' option. You will notice that the `Location` and '''`TracUriRoot`''' have the same path.
     59
     60The options available are:
    6261{{{
    6362    # For a single project
    6463    PythonOption TracEnv /var/trac/myproject
     64
    6565    # For multiple projects
    6666    PythonOption TracEnvParentDir /var/trac/myprojects
     67
    6768    # For the index of multiple projects
    6869    PythonOption TracEnvIndexTemplate /srv/www/htdocs/trac/project_list_template.html
     70
    6971    # A space delimitted list, with a "," between key and value pairs.
    7072    PythonOption TracTemplateVars key1,val1 key2,val2
     73
    7174    # Useful to get the date in the wanted order
    7275    PythonOption TracLocale en_GB.UTF8
     76
    7377    # See description above       
    7478    PythonOption TracUriRoot /projects/myproject
    7579}}}
    7680
    77 === Python Egg Cache ===
    78 
    79 Compressed python eggs like Genshi are normally extracted into a directory named `.python-eggs` in the users home directory. Since apache's home usually is not writable an alternate egg cache directory can be specified like this:
     81=== Python Egg Cache
     82
     83Compressed python eggs like Genshi are normally extracted into a directory named `.python-eggs` in the users home directory. Since apache's home usually is not writable, an alternate egg cache directory can be specified like this:
    8084{{{
    8185PythonOption PYTHON_EGG_CACHE /var/trac/myprojects/egg-cache
     
    8387
    8488or you can uncompress the Genshi egg to resolve problems extracting from it.
    85 === Configuring Authentication ===
    86 
    87 Creating password files and configuring authentication works similar to the process for [wiki:TracCgi#AddingAuthentication CGI]:
    88 {{{
    89 #!xml
    90 <Location /projects/myproject/login>
    91   AuthType Basic
    92   AuthName "myproject"
    93   AuthUserFile /var/trac/myproject/.htpasswd
    94   Require valid-user
    95 </Location>
    96 }}}
    97 
    98 Configuration for mod_ldap authentication in Apache is a bit tricky (httpd 2.2.x and OpenLDAP: slapd 2.3.19)
    99 
    100 1. You need to load the following modules in Apache httpd.conf
    101 {{{
    102 LoadModule ldap_module modules/mod_ldap.so
    103 LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
    104 }}}
    105 
    106 2. Your httpd.conf also needs to look something like:
    107 
    108 {{{
    109 #!xml
    110 <Location /trac/>
    111   SetHandler mod_python
    112   PythonInterpreter main_interpreter
    113   PythonHandler trac.web.modpython_frontend
    114   PythonOption TracEnv /home/trac/
    115   PythonOption TracUriRoot /trac/
    116   Order deny,allow
    117   Deny from all
    118   Allow from 192.168.11.0/24
    119   AuthType Basic
    120   AuthName "Trac"
    121   AuthBasicProvider "ldap"
    122   AuthLDAPURL "ldap://127.0.0.1/dc=example,dc=co,dc=ke?uid?sub?(objectClass=inetOrgPerson)"
    123   authzldapauthoritative Off
    124   require valid-user
    125 </Location>
    126 }}}
    127 
    128 Or the LDAP interface to a Microsoft Active Directory:
    129 
    130 {{{
    131 #!xml
    132 <Location /trac/>
    133   SetHandler mod_python
    134   PythonInterpreter main_interpreter
    135   PythonHandler trac.web.modpython_frontend
    136   PythonOption TracEnv /home/trac/
    137   PythonOption TracUriRoot /trac/
    138   Order deny,allow
    139   Deny from all
    140   Allow from 192.168.11.0/24
    141   AuthType Basic
    142   AuthName "Trac"
    143   AuthBasicProvider "ldap"
    144   AuthLDAPURL "ldap://adserver.company.com:3268/DC=company,DC=com?sAMAccountName?sub?(objectClass=user)"
    145   AuthLDAPBindDN       ldap-auth-user@company.com
    146   AuthLDAPBindPassword "the_password"
    147   authzldapauthoritative Off
    148   # require valid-user
    149   require ldap-group CN=Trac Users,CN=Users,DC=company,DC=com
    150 </Location>
    151 }}}
    152 
    153 Note 1: This is the case where the LDAP search will get around the multiple OUs, conecting to Global Catalog Server portion of AD (Notice the port is 3268, not the normal LDAP 389). The GCS is basically a "flattened" tree which allows searching for a user without knowing to which OU they belong.
    154 
    155 Note 2: Active Directory requires an authenticating user/password to access records (AuthLDAPBindDN and AuthLDAPBindPassword).
    156 
    157 Note 3: The directive "require ldap-group ..."  specifies an AD group whose members are allowed access.
    158 
    159 
    160 === Setting the Python Egg Cache ===
     89
     90=== Configuring Authentication
     91
     92See corresponding section in the [wiki:TracModWSGI#ConfiguringAuthentication] page.
     93
     94== Advanced Configuration
     95
     96=== Setting the Python Egg Cache
    16197
    16298If the Egg Cache isn't writeable by your Web server, you'll either have to change the permissions, or point Python to a location where Apache can write. This can manifest itself as a ''500 internal server error'' and/or a complaint in the syslog.
     
    171107}}}
    172108
    173 
    174 === Setting the !PythonPath ===
     109=== Setting the !PythonPath
    175110
    176111If the Trac installation isn't installed in your Python path, you'll have to tell Apache where to find the Trac mod_python handler  using the `PythonPath` directive:
     
    186121Be careful about using the !PythonPath directive, and ''not'' `SetEnv PYTHONPATH`, as the latter won't work.
    187122
    188 == Setting up multiple projects ==
     123=== Setting up multiple projects
    189124
    190125The Trac mod_python handler supports a configuration option similar to Subversion's `SvnParentPath`, called `TracEnvParentDir`:
     
    221156}}}
    222157
    223 == Virtual Host Configuration ==
    224 
    225 Below is the sample configuration required to set up your trac as a virtual server (i.e. when you access it at the URLs like
    226 !http://trac.mycompany.com):
     158=== Virtual Host Configuration
     159
     160Below is the sample configuration required to set up your trac as a virtual server, ie when you access it at the URLs like
     161!http://trac.mycompany.com:
    227162
    228163{{{
     
    249184This does not seem to work in all cases. What you can do if it does not:
    250185 * Try using `<LocationMatch>` instead of `<Location>`
    251  * <Location /> may, in your server setup, refer to the complete host instead of simple the root of the server. This means that everything (including the login directory referenced below) will be sent to python and authentication does not work (i.e. you get the infamous Authentication information missing error). If this applies to you, try using a sub-directory for trac instead of the root (i.e. /web/ and /web/login instead of / and /login).
     186 * <Location /> may, in your server setup, refer to the complete host instead of simple the root of the server. This means that everything (including the login directory referenced below) will be sent to python and authentication does not work (i.e. you get the infamous Authentication information missing error). If this applies to you, try using a sub-directory for trac instead of the root, ie /web/ and /web/login instead of / and /login.
    252187 * Depending on apache's `NameVirtualHost` configuration, you may need to use `<VirtualHost *:80>` instead of `<VirtualHost *>`.
    253188
     
    256191Note: !DocumentRoot should not point to your Trac project env. As Asmodai wrote on #trac: "suppose there's a webserver bug that allows disclosure of !DocumentRoot they could then leech the entire Trac environment".
    257192
    258 == Troubleshooting ==
     193== Troubleshooting
    259194
    260195In general, if you get server error pages, you can either check the Apache error log, or enable the `PythonDebug` option:
     
    269204For multiple projects, try restarting the server as well.
    270205
     206=== Login Not Working
     207
     208If you've used `<Location />` directive, it will override any other directives, as well as `<Location /login>`.
     209The workaround is to use negation expression as follows (for multi project setups):
     210{{{
     211#!xml
     212#this one for other pages
     213<Location ~ "/*(?!login)">
     214   SetHandler mod_python
     215   PythonHandler trac.web.modpython_frontend
     216   PythonOption TracEnvParentDir /projects
     217   PythonOption TracUriRoot /
     218
     219</Location>
     220#this one for login page
     221<Location ~ "/[^/]+/login">
     222   SetHandler mod_python
     223   PythonHandler trac.web.modpython_frontend
     224   PythonOption TracEnvParentDir /projects
     225   PythonOption TracUriRoot /
     226
     227   #remove these if you don't want to force SSL
     228   RewriteEngine On
     229   RewriteCond %{HTTPS} off
     230   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
     231
     232   AuthType Basic
     233   AuthName "Trac"
     234   AuthUserFile /projects/.htpasswd
     235   Require valid-user
     236</Location>
     237}}}
     238
    271239=== Expat-related segmentation faults === #expat
    272240
    273241This problem will most certainly hit you on Unix when using Python 2.4.
    274 In Python 2.4, some version of Expat (an XML parser library written in C) is used,
    275 and if Apache is using another version, this results in segmentation faults.
    276 As Trac 0.11 is using Genshi, which will indirectly use Expat, that problem
    277 can now hit you even if everything was working fine before with Trac 0.10.
    278 
    279 See Graham Dumpleton's detailed [http://www.dscpl.com.au/wiki/ModPython/Articles/ExpatCausingApacheCrash explanation and workarounds] for the issue.
    280 
    281 === Form submission problems ===
     242In Python 2.4, some version of [http://expat.sourceforge.net/ Expat] (an XML parser library written in C) is used and if Apache is using another version, this results in segmentation faults.
     243As Trac 0.11 is using Genshi, which will indirectly use Expat, that problem can now hit you even if everything was working fine before with Trac 0.10. This problem has not been reported for Python 2.5+, so best to upgrade.
     244
     245=== Form submission problems
    282246
    283247If you're experiencing problems submitting some of the forms in Trac (a common problem is that you get redirected to the start page after submission), check whether your {{{DocumentRoot}}} contains a folder or file with the same path that you mapped the mod_python handler to. For some reason, mod_python gets confused when it is mapped to a location that also matches a static resource.
    284248
    285 === Problem with virtual host configuration ===
    286 
    287 If the <Location /> directive is used, setting the `DocumentRoot` may result in a ''403 (Forbidden)'' error. Either remove the `DocumentRoot` directive, or make sure that accessing the directory it points is allowed (in a corresponding `<Directory>` block).
    288 
    289 Using <Location /> together with `SetHandler` resulted in having everything handled by mod_python, which leads to not being able download any CSS or images/icons. I used <Location /trac> `SetHandler None` </Location> to circumvent the problem, though I do not know if this is the most elegant solution.
    290 
    291 === Problem with zipped egg ===
     249=== Problem with virtual host configuration
     250
     251If the <Location /> directive is used, setting the `DocumentRoot` may result in a ''403 (Forbidden)'' error. Either remove the `DocumentRoot` directive, or make sure that accessing the directory it points is allowed, in a corresponding `<Directory>` block.
     252
     253Using <Location /> together with `SetHandler` resulted in having everything handled by mod_python, which leads to not being able to download any CSS or images/icons. Use <Location /trac> `SetHandler None` </Location> to circumvent the problem, though this may not be the most elegant solution.
     254
     255=== Problem with zipped egg
    292256
    293257It's possible that your version of mod_python will not import modules from zipped eggs. If you encounter an `ImportError: No module named trac` in your Apache logs but you think everything is where it should be, this might be your problem. Look in your site-packages directory; if the Trac module appears as a ''file'' rather than a ''directory'', then this might be your problem. To rectify, try installing Trac using the `--always-unzip` option, like this:
     
    297261}}}
    298262
    299 === Using .htaccess ===
     263=== Using .htaccess
    300264
    301265Although it may seem trivial to rewrite the above configuration as a directory in your document root with a `.htaccess` file, this does not work. Apache will append a "/" to any Trac URLs, which interferes with its correct operation.
    302266
    303 It may be possible to work around this with mod_rewrite, but I failed to get this working. In all, it is more hassle than it is worth. Stick to the provided instructions. :)
    304 
    305 A success story: For me it worked out-of-box, with following trivial config:
    306 {{{
     267It may be possible to work around this with mod_rewrite, but I failed to get this working. In all, it is more hassle than it is worth.
     268
     269This also works out-of-box, with following trivial config:
     270{{{#!xml
    307271SetHandler mod_python
    308272PythonInterpreter main_interpreter
     
    317281}}}
    318282
    319 The `TracUriRoot` is obviously the path you need to enter to the browser to get to the trac (e.g. domain.tld/projects/trac)
    320 
    321 === Additional .htaccess help ===
    322 
    323 If you are using the .htaccess method you may have additional problems if your trac directory is inheriting .htaccess directives from another.  This may also help to add to your .htaccess file:
     283The `TracUriRoot` is obviously the path you need to enter to the browser to get to Trac, eg domain.tld/projects/trac.
     284
     285=== Additional .htaccess help
     286
     287If you are using the .htaccess method you may have additional problems if your trac directory is inheriting .htaccess directives from another. This may also help to add to your .htaccess file:
    324288
    325289{{{
     
    329293}}}
    330294
    331 
    332 === Win32 Issues ===
     295=== Platform specific issues
     296==== Win32 Issues
     297
    333298If you run trac with mod_python < 3.2 on Windows, uploading attachments will '''not''' work. This problem is resolved in mod_python 3.1.4 or later, so please upgrade mod_python to fix this.
    334299
    335 
    336 === OS X issues ===
    337 
    338 When using mod_python on OS X you will not be able to restart Apache using `apachectl restart`. This is apparently fixed in mod_python 3.2, but there's also a patch available for earlier versions [http://www.dscpl.com.au/projects/vampire/patches.html here].
    339 
    340 === SELinux issues ===
     300==== OS X issues
     301
     302When using mod_python on OS X you will not be able to restart Apache using `apachectl restart`. This is apparently fixed in mod_python 3.2, so please upgrade.
     303
     304==== SELinux issues
    341305
    342306If Trac reports something like: ''Cannot get shared lock on db.lock''
     
    347311}}}
    348312
    349 See also [http://subversion.tigris.org/faq.html#reposperms]
    350 
    351 === FreeBSD issues ===
    352 Pay attention to the version of the installed mod_python and sqlite packages. Ports have both the new and old ones, but earlier versions of pysqlite and mod_python won't integrate as the former requires threaded support in python, and the latter requires a threadless install.
    353 
    354 If you compiled and installed apache2, apache wouldn´t support threads (cause it doesn´t work very well on FreeBSD). You could force thread support when running ./configure for apache, using --enable-threads, but this isn´t recommendable.
    355 The best option [http://modpython.org/pipermail/mod_python/2006-September/021983.html seems to be] adding to /usr/local/apache2/bin/ennvars the line
     313See also [http://subversion.apache.org/faq.html#reposperms How do I set repository permissions correctly?]
     314
     315==== FreeBSD issues
     316
     317The FreeBSD ports have both the new and old versions of mod_python and SQLite, but earlier versions of pysqlite and mod_python won't integrate as the former requires threaded support in Python, and the latter requires a threadless install.
     318
     319If you compiled and installed apache2, threads are not automatically supported on FreeBSD. You could force thread support when running `./configure` for Apache, using `--enable-threads`, but this isn´t recommended.
     320The best option [http://modpython.org/pipermail/mod_python/2006-September/021983.html seems to be] adding to /usr/local/apache2/bin/ennvars the line:
    356321
    357322{{{
     
    359324}}}
    360325
    361 === Subversion issues ===
    362 
    363 If you get the following Trac Error `Unsupported version control system "svn"` only under mod_python, though it works well on the command-line and even with TracStandalone, chances are that you forgot to add the path to the Python bindings with the [TracModPython#ConfiguringPythonPath PythonPath] directive. (The better way is to add a link to the bindings in the Python `site-packages` directory, or create a `.pth` file in that directory.)
    364 
    365 If this is not the case, it's possible that you're using Subversion libraries that are binary incompatible with the apache ones (an incompatibility of the `apr` libraries is usually the cause). In that case, you also won't be able to use the svn modules for Apache (`mod_dav_svn`).
    366 
    367 You also need a recent version of `mod_python` in order to avoid a runtime error ({{{argument number 2: a 'apr_pool_t *' is expected}}}) due to the default usage of multiple sub-interpreters. 3.2.8 ''should'' work, though it's probably better to use the workaround described in [trac:#3371 #3371], in order to force the use of the main interpreter:
     326==== Fedora 7 Issues
     327
     328Make sure you install the 'python-sqlite2' package as it seems to be required for TracModPython but not for tracd.
     329
     330=== Subversion issues
     331
     332If you get the following Trac error `Unsupported version control system "svn"` only under mod_python, though it works well on the command-line and even with TracStandalone, chances are that you forgot to add the path to the Python bindings with the [TracModPython#ConfiguringPythonPath PythonPath] directive. The better way is to add a link to the bindings in the Python `site-packages` directory, or create a `.pth` file in that directory.
     333
     334If this is not the case, it's possible that you're using Subversion libraries that are binary incompatible with the Apache ones and an incompatibility of the `apr` libraries is usually the cause. In that case, you also won't be able to use the svn modules for Apache (`mod_dav_svn`).
     335
     336You also need a recent version of `mod_python` in order to avoid a runtime error ({{{argument number 2: a 'apr_pool_t *' is expected}}}) due to the default usage of multiple sub-interpreters. Version 3.2.8 ''should'' work, though it's probably better to use the workaround described in [trac:#3371 #3371], in order to force the use of the main interpreter:
    368337{{{
    369338PythonInterpreter main_interpreter
    370339}}}
     340
    371341This is anyway the recommended workaround for other well-known issues seen when using the Python bindings for Subversion within mod_python ([trac:#2611 #2611], [trac:#3455 #3455]). See in particular Graham Dumpleton's comment in [trac:comment:9:ticket:3455 #3455] explaining the issue.
    372342
    373 === Page layout issues ===
    374 
    375 If the formatting of the Trac pages look weird chances are that the style sheets governing the page layout are not handled properly by the web server. Try adding the following lines to your apache configuration:
     343=== Page layout issues
     344
     345If the formatting of the Trac pages look weird, chances are that the style sheets governing the page layout are not handled properly by the web server. Try adding the following lines to your apache configuration:
    376346{{{
    377347#!xml
     
    384354Note: For the above configuration to have any effect it must be put after the configuration of your project root location, i.e. {{{<Location /myproject />}}}.
    385355
    386 Also, setting `PythonOptimize On` seems to mess up the page headers and footers, in addition to hiding the documentation for macros and plugins (see #Trac8956). Considering how little effect the option has, it is probably a good idea to leave it `Off`.
    387 
    388 === HTTPS issues ===
     356Also, setting `PythonOptimize On` seems to mess up the page headers and footers, in addition to hiding the documentation for macros and plugins (see #Trac8956). Considering how little effect the option has, leave it `Off`.
     357
     358=== HTTPS issues
    389359
    390360If you want to run Trac fully under https you might find that it tries to redirect to plain http. In this case just add the following line to your apache configuration:
     
    399369}}}
    400370
    401 === Fedora 7 Issues ===
    402 Make sure you install the 'python-sqlite2' package as it seems to be required for TracModPython but not for tracd
    403 
    404 
    405 === Segmentation fault with php5-mhash or other php5 modules ===
    406 You may encounter segfaults (reported on debian etch) if php5-mhash module is installed. Try to remove it to see if this solves the problem. See debian bug report [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411487]
    407 
    408 Some people also have troubles when using php5 compiled with its own 3rd party libraries instead of system libraries. Check here [http://www.djangoproject.com/documentation/modpython/#if-you-get-a-segmentation-fault]
     371=== Segmentation fault with php5-mhash or other php5 modules
     372
     373You may encounter segfaults (reported on Debian etch) if php5-mhash module is installed. Try to remove it to see if this solves the problem. See [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411487 Debian bug report].
     374
     375Some people also have troubles when using php5 compiled with its own 3rd party libraries instead of system libraries. Check [http://www.djangoproject.com/documentation/modpython/#if-you-get-a-segmentation-fault Django segmentation fault].
    409376
    410377----
    411 See also:  TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracFastCgi FastCGI],  [trac:TracNginxRecipe TracNginxRecipe]
     378See also: TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracFastCgi FastCGI], [trac:TracNginxRecipe]