Re: [rt-users] Best file layout for Centos7 + apache
Thank you. Sent: Saturday, May 07, 2016 at 12:07 PM From: "Bill Cole" To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Best file layout for Centos7 + apache On 7 May 2016, at 12:47, Duncan Morgan wrote: > Thanks Bill. > > So what you are saying is don't make any configuration changes as far > as file locations and put everything in the doc root? No, I'm saying that I do exactly as Thomas Bätzler described: install to /opt/rt4/ and configure an Apache VirtualHost with 'DocumentRoot "/opt/rt4/share/html"' One advantage to this is that if you keep SELinux enabled, you don't need to worry about any policy changes (which you do need for RT to work) being entangled with the default system policy. - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016 - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016
Re: [rt-users] Best file layout for Centos7 + apache
On 7 May 2016, at 12:47, Duncan Morgan wrote: Thanks Bill. So what you are saying is don't make any configuration changes as far as file locations and put everything in the doc root? No, I'm saying that I do exactly as Thomas Bätzler described: install to /opt/rt4/ and configure an Apache VirtualHost with 'DocumentRoot "/opt/rt4/share/html"' One advantage to this is that if you keep SELinux enabled, you don't need to worry about any policy changes (which you do need for RT to work) being entangled with the default system policy. - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016
Re: [rt-users] Best file layout for Centos7 + apache
Hello Duncan, Am 07.05.2016 um 18:47 schrieb Duncan Morgan: Thanks Bill. So what you are saying is don't make any configuration changes as far as file locations and put everything in the doc root? Isn't /var/www what the Apache server uses as its default DocumentRoot? I would certainly not recommend that path or any of its subdirectories as an RT installation root - if only to make absolutely sure that you don't expose your configuration that way when somebody manages to access the default VHost. Instead, I'd move the installation to /opt - i.e. use --prefix=/opt/rt4 or somesuch when running configure. Then make a separate Apache vHost with DocumentRoot "/opt/rt4/share/html" That way, accesses to the default vHost of Apache will go to the default pages in /var/www, and the accesses for the web elements of RT will go into a subdirectory of your RT installation. HTH, Thomas -- Just my $0.02 --- Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft. https://www.avast.com/antivirus - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016
Re: [rt-users] Best file layout for Centos7 + apache
Thanks Bill. So what you are saying is don't make any configuration changes as far as file locations and put everything in the doc root? Thanks Duncan Sent: Saturday, May 07, 2016 at 8:58 AM From: "Bill Cole" To: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Best file layout for Centos7 + apache On 7 May 2016, at 10:46, Duncan Morgan wrote: > Hello All > > I have previously installed rt4 files in /var/www/rt4 (by setting the > $PREFIX) but my concern is that this creates a security risk. Can you detail that concern? Not saying it's wrong, I just don't see anything particularly risky. It's not the way I deploy RT, but I don't see a clear risk in it... > The gist of my questions are what is the minimum set of files required > in the web server document root? Zero. I've been running RT versions since v2 from subdirectories of /opt/ (i.e. the default layout) on various versions of FreeBSD and Linux and never had a need to point a server-wide document root there. I've not put a 4.x on CentOS7 instance into production yet, but I have an extended demo instance of RT4.4rc1 on CentOS7 system running, being lightly exercised and tweaked for a prospective customer for months now with no problems related to filesystem location, entirely in /opt/rt4/. - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016 - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016
Re: [rt-users] Best file layout for Centos7 + apache
On 7 May 2016, at 10:46, Duncan Morgan wrote: Hello All I have previously installed rt4 files in /var/www/rt4 (by setting the $PREFIX) but my concern is that this creates a security risk. Can you detail that concern? Not saying it's wrong, I just don't see anything particularly risky. It's not the way I deploy RT, but I don't see a clear risk in it... The gist of my questions are what is the minimum set of files required in the web server document root? Zero. I've been running RT versions since v2 from subdirectories of /opt/ (i.e. the default layout) on various versions of FreeBSD and Linux and never had a need to point a server-wide document root there. I've not put a 4.x on CentOS7 instance into production yet, but I have an extended demo instance of RT4.4rc1 on CentOS7 system running, being lightly exercised and tweaked for a prospective customer for months now with no problems related to filesystem location, entirely in /opt/rt4/. - RT 4.4 and RTIR Training Sessions https://bestpractical.com/training * Washington DC - May 23 & 24, 2016