Changes between Version 5 and Version 6 of TracModWSGI


Ignore:
Timestamp:
Feb 21, 2016, 9:52:25 PM (8 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • TracModWSGI

    v5 v6  
    8080<Directory /usr/local/trac/mysite/apache>
    8181    WSGIApplicationGroup %{GLOBAL}
    82     Order deny,allow
    83     Allow from all
     82    # For Apache 2.2
     83    <IfModule !mod_authz_core.c>
     84        Order deny,allow
     85        Allow from all
     86    </IfModule>
     87    # For Apache 2.4
     88    <IfModule mod_authz_core.c>
     89        Require all granted
     90    </IfModule>
    8491</Directory>
    8592}}}
     
    94101<Directory /usr/share/trac/cgi-bin>
    95102    WSGIApplicationGroup %{GLOBAL}
    96     Order deny,allow
    97     Allow from all
     103    # For Apache 2.2
     104    <IfModule !mod_authz_core.c>
     105        Order deny,allow
     106        Allow from all
     107    </IfModule>
     108    # For Apache 2.4
     109    <IfModule mod_authz_core.c>
     110        Require all granted
     111    </IfModule>
    98112</Directory>
    99113}}}
     
    278292See also [trac:TracOnWindows/Advanced].
    279293
     294=== Using CA !SiteMinder Authentication
     295Setup CA !SiteMinder to protect your Trac login URL (e.g. `/trac/login`).  Also, make sure the policy is set to include the HTTP_REMOTE_USER variable.  If your site allows it, you can set this in LocalConfig.conf:
     296{{{#!apache
     297RemoteUserVar="WHATEVER_IT_SHOULD_BE"
     298SetRemoteUser="YES"
     299}}}
     300The specific variable is site-dependent.  Ask your site administrator.  If your site does not allow the use of LocalConfig.conf for security reasons, have your site administrator set the policy on the server to set REMOTE_USER.
     301
     302Also add a !LogOffUri parameter to the agent configuration (e.g. `/trac/logout`).
     303
     304Then modify the trac.wsgi script generated using `trac-admin <env> deploy <dir>` to add the following lines, which extract the `HTTP_REMOTE_USER` variable and set it to `REMOTE_USER`:
     305
     306{{{#!python
     307def application(environ, start_request):
     308    # Set authenticated username on CA SiteMinder to REMOTE_USER variable
     309    # strip() is used to remove any spaces on the end of the string
     310    if 'HTTP_SM_USER' in environ:
     311        environ['REMOTE_USER'] = environ['HTTP_REMOTE_USER'].strip()
     312    ...
     313}}}
     314
     315Note:  you do not need any Apache "Location" directives.
     316
    280317=== Using Apache authentication with the Account Manager plugin's Login form ===
    281318
     
    298335{{{#!apache
    299336<Location /authFile>
    300    …HTTP authentication configuration…
     337   # HTTP authentication configuration
    301338   Require valid-user
    302339</Location>
     
    398435//This is not a recommended approach though. See also the notes at the bottom of the [http://code.google.com/p/modwsgi/wiki/IntegrationWithTrac mod_wsgi's IntegrationWithTrac] wiki page.//
    399436
     437=== Missing Headers and Footers
     438
     439If python optimizations are enabled, then headers and footers will not be rendered.
     440
     441In your WSGI configuration file, the `WSGIPythonOptimize` setting must be set to `0` as follows (`1` or `2` will not work):
     442
     443{{{#!apache
     444    WSGIPythonOptimize 0
     445}}}
     446
     447On Ubuntu, the WSGI mod configuration is at `/etc/apache2/mods-enabled/wsgi.conf`.
     448
     449NOTE: This is the WSGI equivalent of the same issue that happens with `PythonOptimize On` in [TracModPython#Pagelayoutissues ModPython] (see [trac:#8956]).
     450
    400451=== Other resources
    401452