Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Version 3 and Version 4 of TracModPython

Timestamp:: 2015-03-21T12:46:07Z (10 years ago)
Author:: trac
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

TracModPython

-                      v3
+                      v4
 = Trac and mod_python =
+= Trac and mod_python
 [[TracGuideToc]]
+Mod_python is an [https://httpd.apache.org/ Apache] module that embeds the Python interpreter within the server, so that web-based applications in Python will run many times faster than traditional CGI and will have the ability to retain database connections.
 Trac supports [http://www.modpython.org/ mod_python], which speeds up Trac's response times considerably, especially compared to [TracCgi CGI], and permits use of many Apache features not possible with [wiki:TracStandalone tracd]/mod_proxy.
+These instructions are for Apache 2; if you are still using Apache 1.3, you may have some luck with [trac:wiki:TracModPython2.7 TracModPython2.7].
+== A Word of Warning ==
+As of 16^th^ June 2010, the mod_python project is officially dead.  If you are considering using mod_python for a new installation, '''please don't'''!  There are known issues which will not be fixed and there are now better alternatives.  Check out the main TracInstall pages for your target version for more information.
+== Simple configuration ==
+These instructions are for Apache 2. If you are using Apache 1.3, you may have some luck with [trac:wiki:TracModPython2.7 TracModPython2.7], but that is a deprecated setup.
+[[PageOutline(2-3,Overview,inline)]]
+== Simple configuration: single project == #Simpleconfiguration
 If you just installed mod_python, you may have to add a line to load the module in the Apache configuration:
 …
 ''Note: The exact path to the module depends on how the HTTPD installation is laid out.''
 On Debian using apt-get
+On Debian using apt-get:
 {{{
 apt-get install libapache2-mod-python libapache2-mod-python-doc
 }}}
 (Still on Debian) after you have installed mod_python, you must enable the modules in apache2 (equivalent of the above Load Module directive):
+Still on Debian, after you have installed mod_python, you must enable the modules in apache2, equivalent to the above Load Module directive:
 {{{
 a2enmod python
 …
 yum install mod_python
 }}}
 You can test your mod_python installation by adding the following to your httpd.conf.  You should remove this when you are done testing for security reasons. Note: mod_python.testhandler is only available in mod_python 3.2+.
+You can test your mod_python installation by adding the following to your httpd.conf. You should remove this when you are done testing for security reasons. Note: mod_python.testhandler is only available in mod_python 3.2+.
 {{{
 #!xml
 …
 }}}
 The option '''`TracUriRoot`''' may or may not be necessary in your setup. Try your configuration without it; if the URLs produced by Trac look wrong, if Trac does not seem to recognize URLs correctly, or you get an odd "No handler matched request to..." error, add the '''`TracUriRoot`''' option.  You will notice that the `Location` and '''`TracUriRoot`''' have the same path.
 The options available are
+The option '''`TracUriRoot`''' may or may not be necessary in your setup. Try your configuration without it; if the URLs produced by Trac look wrong, if Trac does not seem to recognize URLs correctly, or you get an odd "No handler matched request to..." error, add the '''`TracUriRoot`''' option. You will notice that the `Location` and '''`TracUriRoot`''' have the same path.
+The options available are:
 {{{
     # For a single project
     PythonOption TracEnv /var/trac/myproject
     # For multiple projects
     PythonOption TracEnvParentDir /var/trac/myprojects
     # For the index of multiple projects
     PythonOption TracEnvIndexTemplate /srv/www/htdocs/trac/project_list_template.html
     # A space delimitted list, with a "," between key and value pairs.
     PythonOption TracTemplateVars key1,val1 key2,val2
     # Useful to get the date in the wanted order
     PythonOption TracLocale en_GB.UTF8
     # See description above
     PythonOption TracUriRoot /projects/myproject
 }}}
 === Python Egg Cache ===
 Compressed python eggs like Genshi are normally extracted into a directory named `.python-eggs` in the users home directory. Since apache's home usually is not writable an alternate egg cache directory can be specified like this:
+=== Python Egg Cache
+Compressed python eggs like Genshi are normally extracted into a directory named `.python-eggs` in the users home directory. Since apache's home usually is not writable, an alternate egg cache directory can be specified like this:
 {{{
 PythonOption PYTHON_EGG_CACHE /var/trac/myprojects/egg-cache
 …
 or you can uncompress the Genshi egg to resolve problems extracting from it.
+=== Configuring Authentication ===
+Creating password files and configuring authentication works similar to the process for [wiki:TracCgi#AddingAuthentication CGI]:
+{{{
+#!xml
+<Location /projects/myproject/login>
+  AuthType Basic
+  AuthName "myproject"
+  AuthUserFile /var/trac/myproject/.htpasswd
+  Require valid-user
+</Location>
+}}}
+Configuration for mod_ldap authentication in Apache is a bit tricky (httpd 2.2.x and OpenLDAP: slapd 2.3.19)
+. You need to load the following modules in Apache httpd.conf
+{{{
+LoadModule ldap_module modules/mod_ldap.so
+LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
+}}}
+. Your httpd.conf also needs to look something like:
+{{{
+#!xml
+<Location /trac/>
+  SetHandler mod_python
+  PythonInterpreter main_interpreter
+  PythonHandler trac.web.modpython_frontend
+  PythonOption TracEnv /home/trac/
+  PythonOption TracUriRoot /trac/
+  Order deny,allow
+  Deny from all
+  Allow from 192.168.11.0/24
+  AuthType Basic
+  AuthName "Trac"
+  AuthBasicProvider "ldap"
+  AuthLDAPURL "ldap://127.0.0.1/dc=example,dc=co,dc=ke?uid?sub?(objectClass=inetOrgPerson)"
+  authzldapauthoritative Off
+  require valid-user
+</Location>
+}}}
+Or the LDAP interface to a Microsoft Active Directory:
+{{{
+#!xml
+<Location /trac/>
+  SetHandler mod_python
+  PythonInterpreter main_interpreter
+  PythonHandler trac.web.modpython_frontend
+  PythonOption TracEnv /home/trac/
+  PythonOption TracUriRoot /trac/
+  Order deny,allow
+  Deny from all
+  Allow from 192.168.11.0/24
+  AuthType Basic
+  AuthName "Trac"
+  AuthBasicProvider "ldap"
+  AuthLDAPURL "ldap://adserver.company.com:3268/DC=company,DC=com?sAMAccountName?sub?(objectClass=user)"
+  AuthLDAPBindDN       ldap-auth-user@company.com
+  AuthLDAPBindPassword "the_password"
+  authzldapauthoritative Off
+  # require valid-user
+  require ldap-group CN=Trac Users,CN=Users,DC=company,DC=com
+</Location>
+}}}
+Note 1: This is the case where the LDAP search will get around the multiple OUs, conecting to Global Catalog Server portion of AD (Notice the port is 3268, not the normal LDAP 389). The GCS is basically a "flattened" tree which allows searching for a user without knowing to which OU they belong.
+Note 2: Active Directory requires an authenticating user/password to access records (AuthLDAPBindDN and AuthLDAPBindPassword).
+Note 3: The directive "require ldap-group ..."  specifies an AD group whose members are allowed access.
+=== Setting the Python Egg Cache ===
+=== Configuring Authentication
+See corresponding section in the [wiki:TracModWSGI#ConfiguringAuthentication] page.
+== Advanced Configuration
+=== Setting the Python Egg Cache
 If the Egg Cache isn't writeable by your Web server, you'll either have to change the permissions, or point Python to a location where Apache can write. This can manifest itself as a ''500 internal server error'' and/or a complaint in the syslog.
 …
 }}}
+=== Setting the !PythonPath ===
+=== Setting the !PythonPath
 If the Trac installation isn't installed in your Python path, you'll have to tell Apache where to find the Trac mod_python handler  using the `PythonPath` directive:
 …
 Be careful about using the !PythonPath directive, and ''not'' `SetEnv PYTHONPATH`, as the latter won't work.
 == Setting up multiple projects ==
+=== Setting up multiple projects
 The Trac mod_python handler supports a configuration option similar to Subversion's `SvnParentPath`, called `TracEnvParentDir`:
 …
 }}}
 == Virtual Host Configuration ==
 Below is the sample configuration required to set up your trac as a virtual server (i.e. when you access it at the URLs like
 !http://trac.mycompany.com):
+=== Virtual Host Configuration
+Below is the sample configuration required to set up your trac as a virtual server, ie when you access it at the URLs like
+!http://trac.mycompany.com:
 {{{
 …
 This does not seem to work in all cases. What you can do if it does not:
  * Try using `<LocationMatch>` instead of `<Location>`
  * <Location /> may, in your server setup, refer to the complete host instead of simple the root of the server. This means that everything (including the login directory referenced below) will be sent to python and authentication does not work (i.e. you get the infamous Authentication information missing error). If this applies to you, try using a sub-directory for trac instead of the root (i.e. /web/ and /web/login instead of / and /login).
+ * <Location /> may, in your server setup, refer to the complete host instead of simple the root of the server. This means that everything (including the login directory referenced below) will be sent to python and authentication does not work (i.e. you get the infamous Authentication information missing error). If this applies to you, try using a sub-directory for trac instead of the root, ie /web/ and /web/login instead of / and /login.
  * Depending on apache's `NameVirtualHost` configuration, you may need to use `<VirtualHost *:80>` instead of `<VirtualHost *>`.
 …
 Note: !DocumentRoot should not point to your Trac project env. As Asmodai wrote on #trac: "suppose there's a webserver bug that allows disclosure of !DocumentRoot they could then leech the entire Trac environment".
 == Troubleshooting ==
+== Troubleshooting
 In general, if you get server error pages, you can either check the Apache error log, or enable the `PythonDebug` option:
 …
 For multiple projects, try restarting the server as well.
+=== Login Not Working
+If you've used `<Location />` directive, it will override any other directives, as well as `<Location /login>`.
+The workaround is to use negation expression as follows (for multi project setups):
+{{{
+#!xml
+#this one for other pages
+<Location ~ "/*(?!login)">
+   SetHandler mod_python
+   PythonHandler trac.web.modpython_frontend
+   PythonOption TracEnvParentDir /projects
+   PythonOption TracUriRoot /
+</Location>
+#this one for login page
+<Location ~ "/[^/]+/login">
+   SetHandler mod_python
+   PythonHandler trac.web.modpython_frontend
+   PythonOption TracEnvParentDir /projects
+   PythonOption TracUriRoot /
+   #remove these if you don't want to force SSL
+   RewriteEngine On
+   RewriteCond %{HTTPS} off
+   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
+   AuthType Basic
+   AuthName "Trac"
+   AuthUserFile /projects/.htpasswd
+   Require valid-user
+</Location>
+}}}
 === Expat-related segmentation faults === #expat
 This problem will most certainly hit you on Unix when using Python 2.4.
+In Python 2.4, some version of Expat (an XML parser library written in C) is used,
+and if Apache is using another version, this results in segmentation faults.
+As Trac 0.11 is using Genshi, which will indirectly use Expat, that problem
+can now hit you even if everything was working fine before with Trac 0.10.
+See Graham Dumpleton's detailed [http://www.dscpl.com.au/wiki/ModPython/Articles/ExpatCausingApacheCrash explanation and workarounds] for the issue.
+=== Form submission problems ===
+In Python 2.4, some version of [http://expat.sourceforge.net/ Expat] (an XML parser library written in C) is used and if Apache is using another version, this results in segmentation faults.
+As Trac 0.11 is using Genshi, which will indirectly use Expat, that problem can now hit you even if everything was working fine before with Trac 0.10. This problem has not been reported for Python 2.5+, so best to upgrade.
+=== Form submission problems
 If you're experiencing problems submitting some of the forms in Trac (a common problem is that you get redirected to the start page after submission), check whether your {{{DocumentRoot}}} contains a folder or file with the same path that you mapped the mod_python handler to. For some reason, mod_python gets confused when it is mapped to a location that also matches a static resource.
 === Problem with virtual host configuration ===
 If the <Location /> directive is used, setting the `DocumentRoot` may result in a ''403 (Forbidden)'' error. Either remove the `DocumentRoot` directive, or make sure that accessing the directory it points is allowed (in a corresponding `<Directory>` block).
 Using <Location /> together with `SetHandler` resulted in having everything handled by mod_python, which leads to not being able download any CSS or images/icons. I used <Location /trac> `SetHandler None` </Location> to circumvent the problem, though I do not know if this is the most elegant solution.
 === Problem with zipped egg ===
+=== Problem with virtual host configuration
+If the <Location /> directive is used, setting the `DocumentRoot` may result in a ''403 (Forbidden)'' error. Either remove the `DocumentRoot` directive, or make sure that accessing the directory it points is allowed, in a corresponding `<Directory>` block.
+Using <Location /> together with `SetHandler` resulted in having everything handled by mod_python, which leads to not being able to download any CSS or images/icons. Use <Location /trac> `SetHandler None` </Location> to circumvent the problem, though this may not be the most elegant solution.
+=== Problem with zipped egg
 It's possible that your version of mod_python will not import modules from zipped eggs. If you encounter an `ImportError: No module named trac` in your Apache logs but you think everything is where it should be, this might be your problem. Look in your site-packages directory; if the Trac module appears as a ''file'' rather than a ''directory'', then this might be your problem. To rectify, try installing Trac using the `--always-unzip` option, like this:
 …
 }}}
 === Using .htaccess ===
+=== Using .htaccess
 Although it may seem trivial to rewrite the above configuration as a directory in your document root with a `.htaccess` file, this does not work. Apache will append a "/" to any Trac URLs, which interferes with its correct operation.
 It may be possible to work around this with mod_rewrite, but I failed to get this working. In all, it is more hassle than it is worth. Stick to the provided instructions. :)
 A success story: For me it worked out-of-box, with following trivial config:
 {{{
+It may be possible to work around this with mod_rewrite, but I failed to get this working. In all, it is more hassle than it is worth.
+This also works out-of-box, with following trivial config:
+{{{#!xml
 SetHandler mod_python
 PythonInterpreter main_interpreter
 …
 }}}
 The `TracUriRoot` is obviously the path you need to enter to the browser to get to the trac (e.g. domain.tld/projects/trac)
 === Additional .htaccess help ===
 If you are using the .htaccess method you may have additional problems if your trac directory is inheriting .htaccess directives from another.  This may also help to add to your .htaccess file:
+The `TracUriRoot` is obviously the path you need to enter to the browser to get to Trac, eg domain.tld/projects/trac.
+=== Additional .htaccess help
+If you are using the .htaccess method you may have additional problems if your trac directory is inheriting .htaccess directives from another. This may also help to add to your .htaccess file:
 {{{
 …
 }}}
+=== Win32 Issues ===
+=== Platform specific issues
+==== Win32 Issues
 If you run trac with mod_python < 3.2 on Windows, uploading attachments will '''not''' work. This problem is resolved in mod_python 3.1.4 or later, so please upgrade mod_python to fix this.
+=== OS X issues ===
+When using mod_python on OS X you will not be able to restart Apache using `apachectl restart`. This is apparently fixed in mod_python 3.2, but there's also a patch available for earlier versions [http://www.dscpl.com.au/projects/vampire/patches.html here].
+=== SELinux issues ===
+==== OS X issues
+When using mod_python on OS X you will not be able to restart Apache using `apachectl restart`. This is apparently fixed in mod_python 3.2, so please upgrade.
+==== SELinux issues
 If Trac reports something like: ''Cannot get shared lock on db.lock''
 …
 }}}
+See also [http://subversion.tigris.org/faq.html#reposperms]
+=== FreeBSD issues ===
+Pay attention to the version of the installed mod_python and sqlite packages. Ports have both the new and old ones, but earlier versions of pysqlite and mod_python won't integrate as the former requires threaded support in python, and the latter requires a threadless install.
+If you compiled and installed apache2, apache wouldn´t support threads (cause it doesn´t work very well on FreeBSD). You could force thread support when running ./configure for apache, using --enable-threads, but this isn´t recommendable.
+The best option [http://modpython.org/pipermail/mod_python/2006-September/021983.html seems to be] adding to /usr/local/apache2/bin/ennvars the line
+See also [http://subversion.apache.org/faq.html#reposperms How do I set repository permissions correctly?]
+==== FreeBSD issues
+The FreeBSD ports have both the new and old versions of mod_python and SQLite, but earlier versions of pysqlite and mod_python won't integrate as the former requires threaded support in Python, and the latter requires a threadless install.
+If you compiled and installed apache2, threads are not automatically supported on FreeBSD. You could force thread support when running `./configure` for Apache, using `--enable-threads`, but this isn´t recommended.
+The best option [http://modpython.org/pipermail/mod_python/2006-September/021983.html seems to be] adding to /usr/local/apache2/bin/ennvars the line:
 {{{
 …
 }}}
+=== Subversion issues ===
+If you get the following Trac Error `Unsupported version control system "svn"` only under mod_python, though it works well on the command-line and even with TracStandalone, chances are that you forgot to add the path to the Python bindings with the [TracModPython#ConfiguringPythonPath PythonPath] directive. (The better way is to add a link to the bindings in the Python `site-packages` directory, or create a `.pth` file in that directory.)
+If this is not the case, it's possible that you're using Subversion libraries that are binary incompatible with the apache ones (an incompatibility of the `apr` libraries is usually the cause). In that case, you also won't be able to use the svn modules for Apache (`mod_dav_svn`).
+You also need a recent version of `mod_python` in order to avoid a runtime error ({{{argument number 2: a 'apr_pool_t *' is expected}}}) due to the default usage of multiple sub-interpreters. 3.2.8 ''should'' work, though it's probably better to use the workaround described in [trac:#3371 #3371], in order to force the use of the main interpreter:
+==== Fedora 7 Issues
+Make sure you install the 'python-sqlite2' package as it seems to be required for TracModPython but not for tracd.
+=== Subversion issues
+If you get the following Trac error `Unsupported version control system "svn"` only under mod_python, though it works well on the command-line and even with TracStandalone, chances are that you forgot to add the path to the Python bindings with the [TracModPython#ConfiguringPythonPath PythonPath] directive. The better way is to add a link to the bindings in the Python `site-packages` directory, or create a `.pth` file in that directory.
+If this is not the case, it's possible that you're using Subversion libraries that are binary incompatible with the Apache ones and an incompatibility of the `apr` libraries is usually the cause. In that case, you also won't be able to use the svn modules for Apache (`mod_dav_svn`).
+You also need a recent version of `mod_python` in order to avoid a runtime error ({{{argument number 2: a 'apr_pool_t *' is expected}}}) due to the default usage of multiple sub-interpreters. Version 3.2.8 ''should'' work, though it's probably better to use the workaround described in [trac:#3371 #3371], in order to force the use of the main interpreter:
 {{{
 PythonInterpreter main_interpreter
 }}}
 This is anyway the recommended workaround for other well-known issues seen when using the Python bindings for Subversion within mod_python ([trac:#2611 #2611], [trac:#3455 #3455]). See in particular Graham Dumpleton's comment in [trac:comment:9:ticket:3455 #3455] explaining the issue.
 === Page layout issues ===
 If the formatting of the Trac pages look weird chances are that the style sheets governing the page layout are not handled properly by the web server. Try adding the following lines to your apache configuration:
+=== Page layout issues
+If the formatting of the Trac pages look weird, chances are that the style sheets governing the page layout are not handled properly by the web server. Try adding the following lines to your apache configuration:
 {{{
 #!xml
 …
 Note: For the above configuration to have any effect it must be put after the configuration of your project root location, i.e. {{{<Location /myproject />}}}.
 Also, setting `PythonOptimize On` seems to mess up the page headers and footers, in addition to hiding the documentation for macros and plugins (see #Trac8956). Considering how little effect the option has, it is probably a good idea to leave it `Off`.
 === HTTPS issues ===
+Also, setting `PythonOptimize On` seems to mess up the page headers and footers, in addition to hiding the documentation for macros and plugins (see #Trac8956). Considering how little effect the option has, leave it `Off`.
+=== HTTPS issues
 If you want to run Trac fully under https you might find that it tries to redirect to plain http. In this case just add the following line to your apache configuration:
 …
 }}}
+=== Fedora 7 Issues ===
+Make sure you install the 'python-sqlite2' package as it seems to be required for TracModPython but not for tracd
+=== Segmentation fault with php5-mhash or other php5 modules ===
+You may encounter segfaults (reported on debian etch) if php5-mhash module is installed. Try to remove it to see if this solves the problem. See debian bug report [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411487]
+Some people also have troubles when using php5 compiled with its own 3rd party libraries instead of system libraries. Check here [http://www.djangoproject.com/documentation/modpython/#if-you-get-a-segmentation-fault]
+=== Segmentation fault with php5-mhash or other php5 modules
+You may encounter segfaults (reported on Debian etch) if php5-mhash module is installed. Try to remove it to see if this solves the problem. See [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=411487 Debian bug report].
+Some people also have troubles when using php5 compiled with its own 3rd party libraries instead of system libraries. Check [http://www.djangoproject.com/documentation/modpython/#if-you-get-a-segmentation-fault Django segmentation fault].
 ----
 See also:  TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracFastCgi FastCGI],  [trac:TracNginxRecipe TracNginxRecipe]
+See also: TracGuide, TracInstall, [wiki:TracModWSGI ModWSGI], [wiki:TracFastCgi FastCGI], [trac:TracNginxRecipe]