3

I'm having trouble setting up mod_proxy and tracd. Seems almost all the search results for this problem take me to the built-in trac documentation page that mentions it as an option.

I have several VirtualServers already running on the box in question, so running tracd on port 80 or 443 is not an option, but I do want to make my trac server accessible on this machine without exposing an additional port via the firewall.

Making things even more complicated is that I have multiple trac repositories being served by the same instance of tracd, and so I want to set it up so: http://trac.abc.com is proxy'd to localhost:8000/projects/abcproject, and http://trac.def.com is proxy'd to localhost:8000/projects/defproject.

Currently, the setup I have below results in 100% 403 errors. The server is running as www-data and the directory where all trac files are stored is owned by www-data, AND tracd (as show below) is running as www-data, so not sure where it's getting hung up.

The relevant configuration on /var/apache2/sites-enabled/trac.abc.com:

ProxyPass / http://localhost:8000/abcproject
ProxyPassReverse / http://localhost:8000/abcproject

The relevant configuration on /var/apache2/sites-enabled/trac.def.com:

ProxyPass / http://localhost:8000/defproject
ProxyPassReverse / http://localhost:8000/defproject

The command used to instantiate tracd:

tracd -a defproject,/var/www/vhosts/trac-common/users.htdigest,DEFProject -a abcproject,/var/www/vhosts/trac-common/users.htdigest,ABCProject -p 8000 -b localhost -e /var/www/vhosts/trac-common/projects

If I access the site at http://localhost:8000/ everything works fine, but if I try to access via any of the proxy'd hosts I end up with 403 at every turn.

I've used mod_proxy successfully as described above for other servers, such as couchdb, so maybe this has to do with the headers sent by tracd??

FilmJ
  • 756
  • 2
  • 9
  • 16

5 Answers5

1

Do you have such block in apache config, too:

ProxyRequests Off
<Proxy http://127.0.0.1:8000/*>
        Order deny,allow
        Allow from all
</Proxy>

It is needed afair.

silk
  • 918
  • 5
  • 13
0

Try adding a trailing slash and "ProxyPreserveHost On"

ProxyPreserveHost On
ProxyPass / http://localhost:8000/abcproject/
ProxyPassReverse / http://localhost:8000/abcproject/

What happens if you try the following:

ProxyPreserveHost On
ProxyPass /abcproject http://localhost:8000/abcproject
ProxyPassReverse /abcproject http://localhost:8000/abcproject
edgester
  • 583
  • 1
  • 5
  • 15
0

Have you looked into running Trac through FastCGI? http://trac.edgewall.org/wiki/TracFastCgi

Then you won't have to worry about trac camping out on another port.

thinice
  • 4,676
  • 20
  • 38
0

What does your Apache error log have to say on the matter? Is it reporting anything untoward? Also look in the trac logs to see if the request is getting to the backend and dying, or if it's Apache that's throwing the error.

womble
  • 95,029
  • 29
  • 173
  • 228
0

Error 403 seems to indicate a permissions problem rather than a server (5xx) problem. Maybe there is a problem in the htdigest file?

sybreon
  • 7,357
  • 1
  • 19
  • 19