Bill Cole-8 wrote > That's.... odd. The RT configure script should have figured out a better > ownership/permissions model and generated a Makefile that did the right > thing for you. There is some stuff in RT that's 640 or 750, but if > fixperms did the wrong thing it was because configure couldn't determine > the right owner and/or group, not because the apache user wasn't in the > right group. > > > REPLY: > I flubbed up from the begining and just discovered what my first mistake > was (fixable mistake but very annoying)...when I ran ./configure I should > have passed it as such being that I'm installing on RHEL/CentOS...anyone > installing on RHEL/CentOS take note this could save you a lot of time if > you configure this way from the get go I believe: */ > ./configure --with-web-user=apache --with-web-group=apache /* > > Since the default on RHEL/CentOS is to use the apache:apache user and > group and not www/www-data/nobody as far as I know and with other > distributions. > > ******************************************************************************* > > That's slightly odd: I'd expect that to get you the default (httpd.conf) > document root. > > I STRONGLY recommend a long read of the Apache docs. Particularly: > > https://httpd.apache.org/docs/2.4/dns-caveats.html > https://httpd.apache.org/docs/2.4/vhosts/details.html > https://httpd.apache.org/docs/2.4/vhosts/name-based.html > > > REPLY: > > Duly noted...The first link helped me immensely! Thank you! I changed my > VirtualHost to use my server's IP address rather than the FQDN > <VirtualHost 192.168.1.100:80> > ............ instead of........ > <VirtualHost rt-ir-sandbox.xxx.xxx.xxx.edu:80> > That seemed to do the trick and stop the majority of the strangeness I was > experiencing. The rest was permissions issues due to my first mistake > above from what I can tell. > > After I installed & enabled the RT-IR addon for RT I had to fix the > permissions here also due to my first mistake as well: > > From /opt/rt4/var/mason_data/ ..... chown -R apache:apache * > > This got RT-IR working. > > *********************************************************************** > > That sounds like it could be an iptables issue, except that I'd expect > an error complaining about the connection. > > Apache's logs should be helpful if you're getting a connection and > making a request but then not getting anything back. > > REPLY: > > Again you're on point sir. I suspected this may be iptables as well but > was slightly caught off guard as my defauly policy for the INPUT & FORWARD > chains were ACCEPT...I did not notice the default DENY rule at the bottom > of the INPUT chain that FILTERS traffic that doesn't match rules above > it....I re-hashed my iptables rulebase with default DENY for INPUT & > FORWARD and provisioned proper rules above to allow operations of > RT/RT-IR. > > > *********************************************************************** > > > Seems reasonable, but I'd suggest 3 things: > > 1. Set( $DatabaseHost, '' ); > This causes RT to connect over the mysql local socket rather than > TCP to localhost:3306, which means slightly better performance and one > more network listener you can kill (unless you need that mysqld for > other things that aren't local or are too dumb to use sockets) > > 2. Remove any mention of WebBaseURL. Unless you have RT behind a proxy > or have Apache doing HTTPS on a port other than 443, the code in > RT_Config.pm will build the correct value for you. > > 3. Set( $WebPort, '443' ); > Yes, that also means you will need to set up HTTPS in Apache. > However, if your RT is serving anything other than you on the same host > (don't laugh, I've seen that) you're going to want it only every using > TLS. Even more true if you have it on a campus network of a major public > university known to operate intensive network sniffing and scanning > projects as research. > > > REPLY: > > Great stuff. I def. implemented item #1 here as this is a better way to > go for my sandbox and for my dev RT/RT-IR servers. > > Item #2 I also went ahead and did as recommend as that makes sense. > > Item #3 That is the plan once I get to the part where I am building my > production server...I will be setting up apache to use our SSO > implementation here that requires SSL/TLS at our super scanning major > university (I've nothing to do with that research other than dealing with > some of its fallout on occasion so trust me I totally understand what you > mean.) > > From what I've read thus far setting up https/TLS may be a challenge with > RT/RT-IR especially with getting rt-mailgate/e-mail ticket creation > working which is in scope for us so these two things will be my next > challenge....and I'm sure you'll see posts from me here about in the very > near future : ) > > On that note....this is the best resource i've found on setting up > rt-mailgate/e-mail ticketing...is there something better out there or an > example config/tutorial I do not know about yet? > > http://requesttracker.wikia.com/wiki/ManualEmailConfig > > Thank you very much for all your help!!! > > -Drew
-- View this message in context: http://requesttracker.8502.n7.nabble.com/Trouble-Error-with-Web-deployment-CentOS-httpd-mod-fcgid-tp60979p61071.html Sent from the Request Tracker - User mailing list archive at Nabble.com.
