Archive for the ‘trac’ Category
Customizations for a Trac & Git install
I spent 2 days setting up my trac server the way I wanted it. Here’s what I did.
These instructions will help you get going faster than I did. There are a few things that need to be tweaked to get it working, and a couple of modules that will make administration easier.
My setup has the following requirements:
No anonymous/public access, SSL traffic, accountmanager plugin to add and configure users through the trac webadmin interface, and gitplugin for use with a Git repository.
These instructions also assume that you are using a Trac appliance AMI at Amazon Web Services from Turnkey Linux which is built on Ubuntu 10.04.1 JeOS.
Change the hostname through webmin to the fully qualified name that you want to use.
Confirm that both /var/spool/postfix/etc/hosts and /etc/hosts use the hostname.
/var/spool/postfix/etc/hosts didn’t seem to get updated properly and was using “trac” as hostname.
POSTFIX CHANGES
General Options:
Set postfix to use hostname
Internet Hostname of this mail system: Default (provided by this system)
the appliance is configured for “localhost” which causes a SMTP 550 invalid HELO rejection
TRAC PLUGINS:
Installed AccountManagerPlugin
$ easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.11
sub-plugins (assuming the use of htpasswd file for user store)
AccountManagerAdminPage
AccountManager
HTPasswdStore
AccountChangeListener
AccountChangeNotificationAdminPanel
AccountModule
LoginModule
Configure Accounts:
You want to use htpasswd as password store which is located at /etc/trac/htpasswd
$ chgrp www-data /etc/trac $ chown www-data /etc/trac $ chgrp www-data /etc/trac/htpasswd $ chown www-data /etc/trac/htpasswd
In Trac webadmin interface -> Admin/Accounts/Configuration
HTPASSWDSTORE = true (1) filename /etc/trac/htpasswd
DISABLE TRAC’s login so you can use the form based login.
$ nano /var/local/lib/trac/git-/conf/trac.ini
and make sure the following line is in the components section
[components] trac.web.auth.loginmodule = disabled
Comment out Trac’s HTTPD CONF so that Apache does not do the authentication and popup an http dialog.
$ nano /etc/trac/apache.conf
comment out the “Require valid-user” like the example below.
AuthType Basic AuthName "Trac" AuthUserFile /etc/trac/htpasswd # Require valid-user
Installed NoAnonymousAccess Trac Plugin
$ easy_install http://trac-hacks.org/svn/noanonymousplugin/0.11
Installed IniAdminPlugin Trac Plugin
$ easy_install http://trac-hacks.org/svn/iniadminplugin/0.11
Configure Notifications in Trac:
In Trac webadmin interface -> Admin/trac.ini notification tab (or do through the actual trac.ini file)
Set always notify owner: True
Set smtp_from_name (username@host.domain.tld – that you set in previous setep in webmin)
Set smtp_from (username@host.domain.tld – that you set in previous step in webmin)
Configure Apache2 to redirect all traffic from HTTP to SSL (HTTPS)
$ nano /etc/trac/apache.conf
edit the virtual host for port 80 like so that it looks something like:
ServerName hostname.domain.tld Redirect / https://hostname.domain.tld # UseCanonicalName Off # ServerAdmin webmaster@localhost
the hostname.domain.tld is what you set the hostname in previous sections above. All browser requests to HTTP will now automatically be redirected to HTTPS.
You must restart both postfix and apache after making most of the changes above, so if something doesn’t work, try restarting the services. You should do this at the very end anyway.
$ service apache2 restart $ service postfix restart
One final note is that you’ll want to set the user permissions in trac to what ever you prefer. I removed all permissions from anonymous and added all permissions to authenticated users with a few exceptions.
$ trac-admin /var/local/lib/trac/git-permission remove anonymous '*'
The code above is the easy to remove permissions for anonymous.
There is no easy way to add all the permissions to authenticated users however….a little bit of a time consumer.
Hope that helps!