Blog, Development, GNU/Linux, IT Security

ChiliProject 1.4.0 + Ruby Enterprise + Passenger + Apache2

I was a happy Trac user, but after seeing Redmine, I realized that Trac has many missing features and that you must do a lot of things with plugins, Redmine has this features out-of-box. After working a bit with Redmine I discovered ChiliProject, which is a fork of Redmine, and its actually compatible with Redmine Themes and Plugins.

Here is a comparison of Redmine/ChiliProject and Trac features:
Continue reading

Blog, GNU/Linux, IT Security

Installing TRAC with mod_wsgi using virtualenv

This guide is for installing Trac as a user using virtualenv for a isolated Python environment so that the whole installation runs under a specific user.

First of all we need to install needed packages

apt-get install libapache2-mod-wsgi python-virtualenv python-setuptools

Once we have installed the required packages proceed to create the Python environment

mkdir /usr/local/trac
cd /usr/local/trac
virtualenv python

We now have the isolated Python environment locate under /usr/local/trac/python.

To make possible to use easy_install with repositories we need to upgrade easy_install. I use this to install Trac plugins directly from SVN.

/usr/local/trac/python/bin/easy_install -U trunk

We now can install trac 0.12 using the 0.12b1 SVN Tag (http://svn.edgewall.com/repos/trac/tags/trac-0.12b1 or Trac==0.12b1) or directly from SVN Trunk:

/usr/local/trac/python/bin/easy_install http://svn.edgewall.org/repos/trac/trunk

This will download and install the latest trunk version for Trac.

To have webaccess to the Trac projects, we need a .wsgi script, were we define where our local python environment is located:

# Not needed if mod_wsgi >= 3.0
import sys
sys.stdout = sys.stderr

# Load Trac
import trac.web.main
application = trac.web.main.dispatch_request

And finally we need to configure apache. If you want only one Trac project, you should define trac.env to the location of your trac, but if you want multiproject support, you must use trac.env_parent_dir (this is what I used)


    ServerName trac.dns.com

    DocumentRoot /usr/local/trac/htdocs
    ErrorLog /var/log/apache2/trac-error.log
    CustomLog /var/log/apache2/trac-access.log combined

    # Trac Auth
    
        AuthType Basic
        AuthName "Trac"
        AuthUserFile /usr/local/trac/.htpasswd
        Require valid-user
    < /location>

    #Trac
    #Define ProcessGroup with user and group under which it should run
    WSGIDaemonProcess trac user=trac group=trac python-path=/usr/local/trac/python/lib/python2.5/site-packages python-eggs=/usr/local/trac/python/cache
    WSGIScriptAlias / /usr/local/trac/htdocs/trac.wsgi

    
        WSGIProcessGroup trac
        WSGIApplicationGroup %{GLOBAL}
        SetEnv trac.env_parent_dir /usr/local/trac/projects
    

We need to create the user and change the permissions for /usr/local/trac for that user trac

adduser --home /usr/local/trac --shell /bin/false --no-create-home trac
chown -R trac:trac /usr/local/trac

If you get an error “ImportError: No module named simplejson” just install it using easy_install

/usr/local/trac/python/bin/easy_install simplejson
Blog, GNU/Linux

Multiples proyectos con trac y svn usando HTTPS

Voy a explicar como montar el sistema de gestion de proyectos trac y subversion usando https para trabajar con subversion. Yo lo he montado en una debian usando apache2, asi que lo primero que necesitamos es instalar todo lo necesario

apt-get install trac subversion apache2 subversion libapache2-svn libapache2-mod-python2.3

Una vez descargado e instalado creamos el certificado necesario para usar tanto trac y subversion bajo https. Entra en el directorio /etc/apache2/ssl y ejecuta lo siguiente:

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Ahora ya tenemos listo los certificados, asi que ahora solo nos queda configurar el apache. Yo he creado un trac.dominio.ext y un svn.dominio.ext para hacer esto, pero esto va a gusto de cada uno. Yo como uso dos subdominios distintos, lo tengo en ficheros separados.

Primero editaremos el trac, asi que creamos el fichero /etc/apache2/sites-available/trac.domain.ext

NameVirtualHost *:443

#Activate SSL
SSLEngine on

SSLCertificateFile    /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

#VirtualHost Servername
ServerName trac.domain.ext
ServerAdmin [email protected]

DocumentRoot /opt/projects/trac

#Authentication

AuthType Basic
AuthName "Trac"
AuthUserFile /opt/projects/.htpasswd
Require valid-user

#Trac
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /opt/projects/trac/
PythonOption TracUriRoot /



El fichero no necesita demasiada explicacion, simplemente le decimos que active el SSL, que pida autentificacion y cargamos el modulo del trac y le especificamos el path de donde estan todos nuestros proyectos.

Ahora vamos con el fichero /etc/apache2/sites-available/svn.domain.ext

NameVirtualHost *:443

#Activate SSL
SSLEngine on

SSLCertificateFile    /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

#VirtualHost Servername
ServerName svn.domain.ext
ServerAdmin [email protected]

DocumentRoot /opt/projects/svn

DAV svn

#Authentication
AuthType Basic
AuthName "Subversion"
AuthUserFile /opt/projects/.htpasswd
Require valid-user

#Subversion
SVNParentPath /opt/projects/svn
SVNListParentPath on
SVNAutoVersioning On



#Subversion permission file
AuthzSVNAccessFile /opt/projects/svn/.htpasswd


Es importante separar el AuthzSVNAccessFile de ya que sino no listara todos los proyectos en http://svn.domain.ext/ por problemas de permisos.

Ahora que tenemos estos ficheros listos, hay que activar el modulo de ssl en el apache2 y los dos dominios.

vi /etc/apache2/ports.conf

Listen 443

cd /etc/apache2/mods-enabled
ln -s /etc/apache2/mods-available/dav.load .
ln -s /etc/apache2/mods-available/dav_svn.load .
ln -s /etc/apache2/mods-available/mod_python.load .
ln -s /etc/apache2/mods-available/ssl.conf .
ln -s /etc/apache2/mods-available/ssl.load .

cd /etc/apache2/sites-enabled
ln -s /etc/apache2/sites-available/svn.domain.ext 001-svn.domain.ext
ln -s /etc/apache2/sites-available/trac.domain.ext 001-trac.domain.ext

Ahora vamos a crear un proyecto de prueba

mkdir -p /opt/projects/svn
mkdir -p /opt/projects/trac
svnadmin create /opt/projects/svn/NewProject
trac-admin /opt/projects/trac/NewProject initenv
Project Name [My Project]> NewProject
Database connection string [sqlite:db/trac.db]>
Path to repository [/var/svn/test]> /opt/projects/svn/NewProject
Templates directory [/usr/share/trac/templates]>
Creating and Initializing Project
Configuring Project
trac.repository_dir
trac.database
trac.templates_dir
project.name
Installing default wiki pages
..............

Ahora creamos los ficheros de acceso de usuarios.

[Repositorio:/Path]
user = [ [r[w]]]

Por ejemplo, queremos que el user1 pueda leer y escribir, el user2 leer, y anonymous nada (no deberia haber anonymous ya que el htpasswd no los deja pasar, pero siempre viene bien protegerse por si acaso), el fichero quedaria asi

[NewProject:/]
user1 = rw
user2 = r
* =

Ahora ya tenemos todo listo, podemos instalar el modulo TracWebAdmin para que sea mas facil la administracion del trac.