Setting up PHP with Lighttpd and trac

If you want to serve php pages and restrict user's access to view their code or accidentally download them, but run a service that displays source of php pages (such as trac) at the same time, it can be done as shown below.

Enable fastcgi to serve normal site pages.

fastcgi.server = ( ".php" => ((
                     "bin-path" => "/usr/local/bin/php",
                     "socket" => "/tmp/php-fastcgi.socket",
                     "max-procs" => 2,
                     "bin-environment" => ( 
                       "PHP_FCGI_CHILDREN" => "16",
                       "PHP_FCGI_MAX_REQUESTS" => "10000" 
                     "bin-copy-environment" => (
                       "PATH", "SHELL", "USER" 
                     "broken-scriptfilename" => "enable")))

Run fastcgi for trac only when the trac area of the site is in use.

$HTTP["url"] =~ "^/trac" {
fastcgi.server = ( "/trac" =>
                   ("trac" =>
                     ("socket" => "/tmp/trac-fastcgi.sock",
                      "bin-path" => "<path to trac>/cgi-bin/trac.fcgi",
                      "check-local" => "disable",
                      "bin-environment" => ("TRAC_ENV" => "<path to trac project environment>")

Source files in trac are usually in "/trac/browser/trunk", but change accordingly.
With the following conditional we assure that access is restricted to php pages, except when we browse the source repository.

$HTTP["url"] !~ "^/trac/browser/trunk/" {
     url.access-deny = (".php")

You might also want to check out HowToSetupTrac.