I spent 2 days setting up my trac server the way I wanted it. Here's what I did.
These instructions will help you get going faster than I did. There are a few things that need to be tweaked to get it working, and a couple of modules that will make administration easier.
My setup has the following requirements:
No anonymous/public access, SSL traffic, accountmanager plugin to add and configure users through the trac webadmin interface.
Change the hostname through webmin to the fully qualified name that you want to use.
Confirm that both /var/spool/postfix/etc/hosts and /etc/hosts use the hostname.
/var/spool/postfix/etc/hosts didn't seem to get updated properly and was using "trac" as hostname.
POSTFIX CHANGES
General Options:
Set postfix to use hostname
Set the field "Internet Hostname of this mail system:" to -> Default (provided by this system)
By default, the appliance is configured for "localhost" which is not actually the default which causes mail from the server to be rejected with a SMTP 550 invalid HELO rejection
sub-plugins: (assuming the use htpasswd file for user store)
AccountManagerAdminPage
AccountManager
HTPasswdStore
AccountChangeListener
AccountChangeNotificationAdminPanel
AccountModule
LoginModule
Configure Accounts:
Used htpasswd as password store
Set /etc/trac/htpasswd as store file.
Configure Notifications in Trac:
In Trac webadmin interface -> Admin/trac.ini notification tab (or do through the actual trac.ini file)
Set always notify owner: True
Set smtp_from_name (username@host.domain.tld - that you set in previous setep in webmin)
Set smtp_from (username@host.domain.tld - that you set in previous step in webmin)
Configure Apache2 to redirect all traffic from HTTP to SSL (HTTPS)
$ nano /etc/trac/apache.conf
edit the virtual host for port 80 like so that it looks something like:
<VirtualHost *:80>
ServerName hostname.domain.tld
Redirect / https://hostname.domain.tld
# UseCanonicalName Off
# ServerAdmin webmaster@localhost
</VirtualHost>
the hostname.domain.tld is what you set the hostname in previous sections above. All browser requests to HTTP on port 80 will now automatically be redirected to HTTPS on 443.
You must restart both postfix and apache after making most of the changes above, so if something doesn't work, try restarting the services. You should do this at the very end anyway.
$ service apache2 restart
$ service postfix restart
One final note is that you'll want to set the user permissions in trac to what ever you prefer. I removed all permissions from anonymous and added all permissions to authenticated users with a few exceptions.
Trac customizations to get started
I spent 2 days setting up my trac server the way I wanted it. Here's what I did.
These instructions will help you get going faster than I did. There are a few things that need to be tweaked to get it working, and a couple of modules that will make administration easier.
My setup has the following requirements:
No anonymous/public access, SSL traffic, accountmanager plugin to add and configure users through the trac webadmin interface.
Change the hostname through webmin to the fully qualified name that you want to use.
Confirm that both /var/spool/postfix/etc/hosts and /etc/hosts use the hostname.
/var/spool/postfix/etc/hosts didn't seem to get updated properly and was using "trac" as hostname.
POSTFIX CHANGES
General Options:
Set postfix to use hostname
Set the field "Internet Hostname of this mail system:" to -> Default (provided by this system)
By default, the appliance is configured for "localhost" which is not actually the default which causes mail from the server to be rejected with a SMTP 550 invalid HELO rejection
TRAC PLUGINS:
Installed AccountManagerPlugin
sub-plugins: (assuming the use htpasswd file for user store)
AccountManagerAdminPage
AccountManager
HTPasswdStore
AccountChangeListener
AccountChangeNotificationAdminPanel
AccountModule
LoginModule
Configure Accounts:
Used htpasswd as password store
Set /etc/trac/htpasswd as store file.
In Trac webadmin interface -> Admin/Accounts/Configuration
set HTPASSWDSTORE = true (1)
filename: /etc/trac/htpasswd
DISABLE TRAC's login so you can use the form based login.
and make sure the following line is in the components section
[components]
trac.web.auth.loginmodule = disabled
Comment out Trac's HTTPD CONF so that Apache does not do the authentication and popup an http dialog.
comment out the "Require valid-user" like the example below.
<LocationMatch "/[^/]+/login">
AuthType Basic
AuthName "Trac"
AuthUserFile /etc/trac/htpasswd
# Require valid-user
</LocationMatch>
Installed NoAnonymousAccess Trac Plugin
Installed IniAdminPlugin Trac Plugin
Configure Notifications in Trac:
In Trac webadmin interface -> Admin/trac.ini notification tab (or do through the actual trac.ini file)
Set always notify owner: True
Set smtp_from_name (username@host.domain.tld - that you set in previous setep in webmin)
Set smtp_from (username@host.domain.tld - that you set in previous step in webmin)
Configure Apache2 to redirect all traffic from HTTP to SSL (HTTPS)
edit the virtual host for port 80 like so that it looks something like:
<VirtualHost *:80>
ServerName hostname.domain.tld
Redirect / https://hostname.domain.tld
# UseCanonicalName Off
# ServerAdmin webmaster@localhost
</VirtualHost>
the hostname.domain.tld is what you set the hostname in previous sections above. All browser requests to HTTP on port 80 will now automatically be redirected to HTTPS on 443.
You must restart both postfix and apache after making most of the changes above, so if something doesn't work, try restarting the services. You should do this at the very end anyway.
One final note is that you'll want to set the user permissions in trac to what ever you prefer. I removed all permissions from anonymous and added all permissions to authenticated users with a few exceptions.
The code above is the easy way to remove permissions for anonymous.
There is no easy way to add all the permissions to authenticated users however....a little bit of a time consumer.
Hope that helps!