Christopher Opena skrev 24. jan. 2011 07:36:
Hello folks,
I've gotten Trac working with Location/Location directives before as
described here:
http://trac.edgewall.org/wiki/TracModPython
First, please keep in mind that mod_python is dead, and mod_wsgi is a
recommended alternative. Wsgi configuration also works somewhat better
(more natural) with apache IMNHO, allowing you to mount wsgi-proxies
somewhat similar to mod_jk and mod_proxy.
However, once I bring Virtual Hosts and forcing SSL (using mod_rewrite) into
the game, I have problems with the requested URL /trac was not found on
this server.
So, the configuration below, *without the force-ssl part* does what you
want for trac/svn over http ?
(...)
So my vhost config for my trac-and-svn vhost looks something like this
(sanitized to protect the innocent):
NameVirtualHost 1.2.3.4:80
VirtualHost 1.2.3.4:80
ServerName dev.mydomain.com
DocumentRoot /path/to/some/local/dir/html
Directory /path/to/some/local/dir/html
Options FollowSymLinks -Indexes
AllowOverride All
Order deny,allow
Allow from all
Satisfy all
/Directory
RewriteEngine On
# Redirect any trac/changeset to trac/myproject/changeset to handle any
old URLs
RewriteRule ^/trac/changeset/(.*) /trac/myproject/changeset/$1 [R]
You seem to want this rule to be global for all port 80 requests? I'd
suggest simply dropping all access to svn/trac via port 80, set up an
empty webroot.
# If a request comes in on port 80 it will be redirected to port 443
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R]
# Error and access logs.
ErrorLog /var/log/httpd/error_log
LogLevel warn
CustomLog /var/log/httpd/access_log combined
ServerSignature Off
/VirtualHost
I.e., for your http-vhost:
NameVirtualHost 1.2.3.4:80
VirtualHost 1.2.3.4:80
ServerName dev.mydomain.com
DocumentRoot /path/to/some/local/dir/www #empty - don't map secure
#resources to a
# configuration served
# over http
Directory /path/to/some/local/dir/www
Options -FollowSymLinks -Indexes
AllowOverride All
Order deny,allow
Allow from all
/Directory
# No http content:
RedirectPermanent / https://dev.mydomain.com
# apache whill append traling url-parameters, see:
# http://httpd.apache.org/docs/current/mod/mod_alias.html#redirect
/VirtualHost
Now, test the vhost below sepearately, make sure you're not breaking your
urls with the old-rewrite bit.
Similarily you shouldn't need to use mod_rewrite, below:
RewriteRule ^/trac/changeset/(.*) /trac/myproject/changeset/$1 [R]
should be equivalent to:
RedirectPermanent /trac/changeset/
https://dev.mydomain.com/trac/myproject/changeset/
For a suggested (not tested!) take on the ssl-vhost, see below.
NameVirtualHost 1.2.3.4:443
VirtualHost 1.2.3.4:443
ServerName dev.mydomain.com
DocumentRoot /path/to/some/local/dir/html
SSLEngine on
SSLCertificateFile /path/to/mydomain.crt
SSLCertificateKeyFile /path/to/*.mydomain.com.key
SSLCertificateChainFile /path/to/gd_bundle.crt
RequestHeader set X_FORWARDED_PROTO 'https'
RewriteEngine On
# Redirect any /trac/changeset to /trac/myproject/changeset to handle
any old URLs
RewriteRule ^/trac/changeset/(.*) /trac/myproject/changeset/$1 [R]
# Subversion-related Location-based directives
Location /
DAV svn
SVNPath /svnrepos/myproject/
SVNReposName MyProject
AuthType Digest
AuthName Company
AuthUserFile /path/to/the.htdigest
Require valid-user
AuthzSVNAccessFile /path/to/the.authz
/Location
# Trac-related Location-based directives
IfModule mod_python.c
Location /trac
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontendi
PythonPath sys.path + ['/trac']
PythonOption TracEnvParentDir /trac
PythonOption TracEnv /trac/myproject
PythonOption TracUriRoot /trac
/Location
LocationMatch /trac/[^/]+/login
AuthType Digest
AuthName Shotgun
AuthUserFile /path/to/the.htdigest
Require valid-user
/LocationMatch
ErrorLog /var/log/httpd/error_log
LogLevel warn
CustomLog /var/log/httpd/access_log combine
ServerSignature Off
/VirtualHost
NameVirtualHost 1.2.3.4:443
VirtualHost 1.2.3.4:443
ServerName dev.mydomain.com
DocumentRoot /path/to/some/local/dir/ssl # Seperate DocumentRoot
# for encrypted webpages
# You might even want to run separate httpds -- running as separate
# users -- but apache w/o any extra modules, running just a redirect-
#
