Running Trac using nginx and supervisord

The mission is to run trac using nginx and keeping tracd alive using supervisord.

First the nginx configuration. The http://trac.edgewall.org/wiki/TracNginxRecipe site was a really good starting point.

Nginx is working as a proxy to port 3050 on localhost. If the payload on the tracd is too much it is easy to add addional servers with for example port 3051, 3052, .... Because we want to use only ssl all http traffic is redirected to https.

upstream trac_example_org {
      server  127.0.0.1:3050;
      # additional servers here
}

server {
  listen 80;
  server_name example.org;
  rewrite ^/(.*) https://example.org/$1 redirect;
}

server {
      listen          443;
      server_name     example.org;

      access_log      /var/log/nginx/trac.access.log;
      error_log       /var/log/nginx/trac.error_log;

      ssl                  on;
      ssl_certificate      /etc/nginx/ssl/exampleorg_cert.pem;
      ssl_certificate_key  /etc/nginx/ssl/exampleorg_privatekey.pem;
      keepalive_timeout    70;
      add_header           Front-End-Https    on;


      location / {
              proxy_pass      http://trac_example_org;
              proxy_set_header Host $host;
      }
}

Now we have to run tracd on port 3050 only visible for localhost. For this I use a shell script with all data needed. This includes the trac folder and an htpasswd file for authentication. The hostname=localhost setting keeps tracd only listening on localhost.

#!/bin/bash

exec /usr/local/bin/tracd --hostname=localhost -p 3050 --pidfile=/var/run/tracd.3050 --protocol=http \
  /srv/www/trac/trac -s --basic-auth="trac,/srv/www/trac.htpasswd,Example"

Now keep this script alive using supervisord. I run trac with the user trac.

[program:trac]
command=/var/www/trac-run.sh
user=trac
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/trac.log
redirect_stderr=true

For questions or improvement please leave a note in the comments.