Hey,
Is /opt/rt5/etc/RT_SiteConfig.pm readable by your web server? Quite likely needs to be owned by www-data.
Cheers,
Andrew
Not sure how to check but that is what it looks like from the logs. So I can change the ownership to www-data and it won’t mess up anything then.
Well I did that and it looks like it is going further:
Cannot create directory '/opt/rt5/var/mason_data/obj' (mkdir /opt/rt5/var/mason_data/obj: Permission denied at /usr/local/share/perl/5.34.0/HTML/Mason/Interp.pm line 301.
) for user 'www-data', group 'www-data'. Perhaps you need to create or set permissions on your data_dir ('/opt/rt5/var/mason_data').
Stack:
[/usr/local/share/perl/5.34.0/HTML/Mason/Interp.pm:318]
[/usr/local/share/perl/5.34.0/HTML/Mason/Interp.pm:222]
[/usr/local/share/perl/5.34.0/HTML/Mason/Interp.pm:169]
[/usr/local/share/perl/5.34.0/HTML/Mason/Interp.pm:155]
[/usr/local/share/perl/5.34.0/Class/Container.pm:329]
[/usr/local/share/perl/5.34.0/Class/Container.pm:53]
[/usr/local/share/perl/5.34.0/HTML/Mason/CGIHandler.pm:38]
[/usr/local/share/perl/5.34.0/HTML/Mason/PSGIHandler.pm:14]
[/opt/rt5/sbin/../lib/RT/Interface/Web/Handler.pm:114]
[/opt/rt5/sbin/../lib/RT/Interface/Web/Handler.pm:270]
[/opt/rt5/sbin/../lib/RT/PlackRunner.pm:108]
[/opt/rt5/sbin/../lib/RT/PlackRunner.pm:72]
[/opt/rt5/sbin/rt-server.fcgi:153] (/opt/rt5/sbin/../lib/RT.pm:409)
It looks like something in the permissions is wonky.
ok I got it to work… kinda for now I suppose… I changed the permissions:
chmod o+rwx /opt/rt5/var/mason_data -r
that let me get to the login screen. Can’t login though. Not sure why. What can I check?
This is the error I am seeing:
[Wed Jan 10 14:34:34.321835 2024] [authz_core:error] [pid 8589] [client 192.168.1.90:51442] AH01630: client denied by server configuration: /opt/rt5/share/html/, referer: http://192.168.1.244/rt/
[Wed Jan 10 14:35:45.124673 2024] [authz_core:error] [pid 8592] [client 192.168.1.90:51465] AH01630: client denied by server configuration: /opt/rt5/share/html/NoAuth/Login.html, referer: http://192.168.1.244/rt/
Ok so I have been messing with this and looking at the apache logs and what it looks like is that there is a misconfiguration between the /opt/rt5/etc/RT_SiteConfig.pm file and what apache is using/seeing now that I have changed it to try to make it work right.
Example is that the RT_SiteConfig.pm file was originally set to 443 but I don’t have enough know-how to setup the cert required so I missed this and setup everything else to use 80. When I access the site… . apache logs even say
[8966] [Wed Jan 10 15:45:03 2024] [warning]: The requested port (80) does NOT match the configured WebPort (443). Perhaps you should Set($WebPort, 80); in RT_SiteConfig.pm, otherwise your internal hyperlinks may be broken. (/opt/rt5/sbin/../lib/RT/Interface/Web.pm:1448)
I have since changed it and in the RT_SiteConfig.pm file now shows:
# WebPort is the port where the RT web server runs. Edit the number below if
# you're not using the standard HTTPS port.
#Set($WebPort, '443');
Set($WebPort, '80');
I commented out the old in case I ever need to come back to it. I created the other one to set the port. The site comes up on 80 seemingly fine. Again I can’t login. So I’m not sure if I am doing something wrong or need to run something, I’m not sure. It does not look like I have changed the file but I have. That’s why I’m not sure if I need to re-run something. I have rebooted just because I am not sure if there is a service I need to restart and just don’t know it; that should take care of it.
Hey, heh, yeah, that’d cause some confusion. The wrong file permissions are odd, did you use make install?
For the login issues that’ll be because 5.0.4 has changed a default to turn WebSecureCookies to on, which requires TLS for cookies. See RT 5.0.4 beta1 Available for Testing
You need to turn that off. Try adding Set($WebSecureCookies, 'off') to your RT_SiteConfig.pm file.
Cheers,
Andrew
So I did use make install… I wouldn’t have been able to do anything without that.
I added the line and still cannot login. I am getting this:
[Thu Jan 11 18:43:53.229917 2024] [core:notice] [pid 1226] AH00094: Command line: '/usr/sbin/apache2'
[Thu Jan 11 18:43:57.183266 2024] [authz_core:error] [pid 1228] [client 192.168.1.90:54587] AH01630: client denied by server configuration: /opt/rt5/share/html/
[Thu Jan 11 18:44:05.198308 2024] [authz_core:error] [pid 1230] [client 192.168.1.90:54589] AH01630: client denied by server configuration: /opt/rt5/share/html/NoAuth/Login.html, referer: http://192.168.1.244/rt/
[Thu Jan 11 18:44:05.589518 2024] [authz_core:error] [pid 1230] [client 192.168.1.90:54589] AH01630: client denied by server configuration: /opt/rt5/share/html/, referer: http://192.168.1.244/rt/
From what I saw from this error, the config is the way it should be to NOT get that error so I’m at a loss.
Hey,
Have another look at your Apache configuration, it isn’t allowing access to those paths. Doing a web search for AH01630 gives lots of hints.
Cheers,
Andrew
Yes, sorry I did not go into further detail. I see that this is generally caused by a secure cookies thing. The files it is referencing are not present however in the 000-default.conf it does have the line Require all granted in the <Location /rt></Location> tag.
I just don’t get what it is looking for. I’ve searched and there is tons to do with that error. The things I can attempt to do/change I feel like I have already before I came here and what I can’t well… I can’t.
I think this install was just doomed from the start. Maybe time to wipe, give it one more go and if I can’t get it then I’ll just move on to something else. Not worth the hassle and my time to figure this out has all but ran out.
Just a random thought, but you did remember to restart/reload your Apache if you did tweak the config? It only reads its configuration files then.
Can you provide your apache config file?
Can the www-data user access /opt/rt5/share/html (including parent directories)?
Well I already wiped my system and got back and at least now I don’t get those errors in Apache. I am at a point now where I am getting a login screen, type the login of root and my password and nothing. Now when I check the Apache logs I have nothing there. …literally nothing. I restarted the service and that is all that I see:
[Tue Jan 23 21:38:16.381856 2024] [core:notice] [pid 1311] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jan 23 21:40:22.794121 2024] [mpm_prefork:notice] [pid 1311] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Jan 23 21:40:22.911969 2024] [mpm_prefork:notice] [pid 1346] AH00163: Apache/2.4.52 (Ubuntu) mod_fcgid/2.3.9 configured -- resuming normal operations
[Tue Jan 23 21:40:22.912072 2024] [core:notice] [pid 1346] AH00094: Command line: '/usr/sbin/apache2'
So yea I don’ tknow now.
I can tell you that I had to still fix the permissions on two folders to even get to this point.
Hi!
Does Apache’s access_log show a “Successful login”? If so, check again:
Set($WebSecureCookies, 0);
I cleared the logs and restarted Apache…
[Tue Jan 23 21:38:16.381743 2024] [mpm_prefork:notice] [pid 1311] AH00163: Apache/2.4.52 (Ubuntu) mod_fcgid/2.3.9 configured -- resuming normal operations
[Tue Jan 23 21:38:16.381856 2024] [core:notice] [pid 1311] AH00094: Command line: '/usr/sbin/apache2'
[Tue Jan 23 21:40:22.794121 2024] [mpm_prefork:notice] [pid 1311] AH00170: caught SIGWINCH, shutting down gracefully
[Tue Jan 23 21:40:22.911969 2024] [mpm_prefork:notice] [pid 1346] AH00163: Apache/2.4.52 (Ubuntu) mod_fcgid/2.3.9 configured -- resuming normal operations
[Tue Jan 23 21:40:22.912072 2024] [core:notice] [pid 1346] AH00094: Command line: '/usr/sbin/apache2'
[Wed Jan 24 12:15:37.432577 2024] [mpm_prefork:notice] [pid 1346] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Jan 24 12:15:37.529862 2024] [mpm_prefork:notice] [pid 5027] AH00163: Apache/2.4.52 (Ubuntu) mod_fcgid/2.3.9 configured -- resuming normal operations
[Wed Jan 24 12:15:37.529966 2024] [core:notice] [pid 5027] AH00094: Command line: '/usr/sbin/apache2'
[Wed Jan 24 12:18:51.080840 2024] [mpm_prefork:notice] [pid 5027] AH00170: caught SIGWINCH, shutting down gracefully
[Wed Jan 24 12:18:51.198707 2024] [mpm_prefork:notice] [pid 5082] AH00163: Apache/2.4.52 (Ubuntu) mod_fcgid/2.3.9 configured -- resuming normal operations
[Wed Jan 24 12:18:51.198807 2024] [core:notice] [pid 5082] AH00094: Command line: '/usr/sbin/apache2'
[5090] [Wed Jan 24 12:29:18 2024] [error]: FAILED LOGIN for rhall from 192.168.1.90 (/opt/rt5/sbin/../lib/RT/Interface/Web.pm:899)
That is from the Error Log. The last line is just me putting in a username I know doesn’t exist and password to see if it would show anything if it failed.
This is what the other_vhosts_access.log shows…
127.0.1.1:80 192.168.1.90 - - [24/Jan/2024:12:19:02 +0000] "POST /NoAuth/Login.html HTTP/1.1" 302 372 "http://192.168.1.244/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
127.0.1.1:80 192.168.1.90 - - [24/Jan/2024:12:19:04 +0000] "GET / HTTP/1.1" 200 2478 "http://192.168.1.244/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
127.0.1.1:80 192.168.1.90 - - [24/Jan/2024:12:28:11 +0000] "GET / HTTP/1.1" 200 2480 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
127.0.1.1:80 192.168.1.90 - - [24/Jan/2024:12:28:21 +0000] "GET /rt/ HTTP/1.1" 302 427 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
127.0.1.1:80 192.168.1.90 - - [24/Jan/2024:12:28:21 +0000] "GET /NoAuth/Login.html?next=6f25da10600a39bd4e731ded928646cd HTTP/1.1" 200 2484 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
127.0.1.1:80 192.168.1.90 - - [24/Jan/2024:12:28:30 +0000] "POST /NoAuth/Login.html HTTP/1.1" 302 372 "http://192.168.1.244/NoAuth/Login.html?next=6f25da10600a39bd4e731ded928646cd" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
127.0.1.1:80 192.168.1.90 - - [24/Jan/2024:12:28:30 +0000] "GET / HTTP/1.1" 200 2481 "http://192.168.1.244/NoAuth/Login.html?next=6f25da10600a39bd4e731ded928646cd" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
127.0.1.1:80 192.168.1.90 - - [24/Jan/2024:12:29:17 +0000] "POST /NoAuth/Login.html HTTP/1.1" 200 2599 "http://192.168.1.244/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
Again, nothing out of the ordinary really.
And the access.log is empty.
Here are my two main config files. First the /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
# ServerAdmin webmaster@localhost
# DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
# ErrorLog ${APACHE_LOG_DIR}/error.log
# CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
####### All above was original #######
### Optional apache logs for RT
# Ensure that your log rotation scripts know about these files
# ErrorLog /opt/rt5/var/log/apache2.error
# TransferLog /opt/rt5/var/log/apache2.access
# LogLevel debug
AddDefaultCharset UTF-8
# ScriptAlias and Location should match RT's WebPath
# If WebPath is empty then use a single slash:
ScriptAlias / /opt/rt5/sbin/rt-server.fcgi/
# If WebPath is 'rt' then add that after the slash:
# ScriptAlias /rt /opt/rt5/sbin/rt-server.fcgi/
DocumentRoot "/opt/rt5/share/html"
# If WebPath is empty then use a single slash:
<Location />
# If WebPath is 'rt' then add that after the slash:
# <Location /rt>
Require all granted
Options +ExecCGI
AddHandler fcgid-script fcgi
</Location>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
and the /opt/rt5/etc/RT_SiteConfig.pm file
use utf8;
# Any configuration directives you include here will override
# RT's default configuration file, RT_Config.pm
#
# To include a directive here, just copy the equivalent statement
# from RT_Config.pm and change the value. We've included a single
# sample value below.
#
# If this file includes non-ASCII characters, it must be encoded in
# UTF-8.
#
# This file is actually a perl module, so you can include valid
# perl code, as well.
#
# The converse is also true, if this file isn't valid perl, you're
# going to run into trouble. To check your SiteConfig file, use
# this command:
#
# perl -c /path/to/your/etc/RT_SiteConfig.pm
#
# You must restart your webserver after making changes to this file.
#
# You may also split settings into separate files under the etc/RT_SiteConfig.d/
# directory. All files ending in ".pm" will be parsed, in alphabetical order,
# after this file is loaded.
#Set( $rtname, 'example.com');
# You must install Plugins on your own, this is only an example
# of the correct syntax to use when activating them:
# Plugin( "RT::Extension::HelpDesk" );
#1;
####### All above was old file #######
Set( %FullTextSearch,
Enable => 1,
Indexed => 1,
Column => 'ContentIndex',
Table => 'AttachmentsIndex',
);
# Single-quote all values EXCEPT the special value `undef`
# that turns off a setting.
# rtname appears in ticket email subjects. It needs to be globally unique,
# so use your organization's domain name.
Set($rtname, '192.168.1.244');
# Organization is used in the database for ticket links, etc. It also needs to
# be globally unique, so use your organization's domain name.
Set($Organization, '192.168.1.244');
# WebDomain is domain name of the RT web server. RT uses it to construct links
# and defend against CSRFs.
Set($WebDomain, '192.168.1.244');
# WebPort is the port where the RT web server runs. Edit the number below if
# you're not using the standard HTTPS port.
Set($WebPort, '80');
# WebPath is the path where the RT web server runs on your WebDomain.
# Edit the path below only if you're using a specific path like example.com/rt
#Set($WebPath, '/rt');
Set($WebPath, '');
# DatabaseUser is the name of the database account RT uses to read and store
# data. 'rt_user' is the default but you can change it if you like.
# DO NOT use the 'rt_admin' superuser created in the instructions above.
Set($DatabaseUser, 'rt_user');
# DatabasePassword is the password for DatabaseUser.
Set($DatabasePassword, 'dbpassword');
# DatabaseHost is the hostname of the database server RT should use.
# Change 'localhost' if it lives on a different server.
Set($DatabaseHost, 'localhost');
# DatabasePort is the port number of the database server RT should use.
# `undef` means the default for that database. Change it if you're not
# using the standard port.
Set($DatabasePort, undef);
# DatabaseName is the name of RT's database hosted on DatabaseHost.
# 'rt5' is the default but you can change it if you like.
Set($DatabaseName, 'rt5');
# DatabaseAdmin is the name of the user in the database used to perform
# major administrative tasks. Change 'rt_admin' if you're using a user
# besides the one created in this guide.
Set($DatabaseAdmin, 'rt_admin');
# RT can log to syslog, stderr, and/or a dedicated file.
# Log settings are used both by the primary server and by command line
# tools like rt-crontool, rt-ldapimport, etc.
# You set all of RT's $LogTo* paramaters to a standard log level: 'debug',
# 'info', 'notice', 'warning', 'error', 'critical', 'alert', or 'emergency'.
# For a modern install, if you log to syslog, it goes
# to journald where it's easy to query and automatically gets rotated.
# Some syslogs log only warn and error, so lower levels like debug won't appear here.
Set($LogToSyslog, 'warning');
# When the RT server logs to stderr, that will go to the rt-server journal.
# Command line tools log to their own stderr. Setting this to
# 'warning' or 'error' helps ensure you get notified if RT's cron jobs
# encounter problems.
# When running with Apache, these logs will go to the Apache error log,
# which should be set up with logrotate automatically.
Set($LogToSTDERR, 'warning');
# Turn off optional features that require additional configuration.
# If you want to use these, refer to the RT_Config documentation for
# instructions on how to set them up.
Set(%GnuPG, 'Enable' => '0');
Set(%SMIME, 'Enable' => '0');
# Perl expects to find this 1 at the end of the file.
1;
I’m not entirely sure what I am doing in these so there COULD be something wrong. Yesterday before I left it appears that I fixed the permissions issue and a config mismatch which is why I am not getting errors but again I’m not really getting anything other than a login page so who knows. I do like how if the login/pass combination is wrong then I am at least getting something there. I am going to try to uncomment the coupld of log lines from the 000-default.conf file and see if that fixes anything. It looks like that may be why it is not logging. I’ll update here shortly.
I enabled all the logging lines in the 000-default.conf file and the only change was that now the one log is combined which it states in the lines:
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
And then I enabled these two lines:
# ErrorLog /opt/rt5/var/log/apache2.error
# TransferLog /opt/rt5/var/log/apache2.access
The only thing that happened after restarting apache was the following:
/opt/rt5/var/log/apache2.access
192.168.1.90 - - [24/Jan/2024:12:48:11 +0000] "GET / HTTP/1.1" 200 2051
192.168.1.90 - - [24/Jan/2024:12:48:21 +0000] "POST /NoAuth/Login.html HTTP/1.1" 302 -
192.168.1.90 - - [24/Jan/2024:12:48:21 +0000] "GET / HTTP/1.1" 200 2051
192.168.1.90 - - [24/Jan/2024:12:58:56 +0000] "GET / HTTP/1.1" 200 2051
192.168.1.90 - - [24/Jan/2024:12:59:12 +0000] "POST /NoAuth/Login.html HTTP/1.1" 302 -
192.168.1.90 - - [24/Jan/2024:12:59:12 +0000] "GET / HTTP/1.1" 200 2048
192.168.1.90 - - [24/Jan/2024:12:59:22 +0000] "POST /NoAuth/Login.html HTTP/1.1" 200 2166
No other logs show any change.
I posted the answer below but no, it shows nothing unless I fail a login.
Also, I was not sure where to set that setting. I put it in the RT_SiteConfig.pm
I believe that is what did the trick. I am in. Thank you.
Grate!
But take a look to:
This configuration is ok for testing in localhost without SSL (no cert). It’s not suitable for a production server. Take care.
Understood. I would love to do a self-signed deal and use SSL but that is beyond my knowledge of setting up this stuff.
If there were instructions I would follow them but there aren’t, or at least don’t appear to be.
It’s not an RT matter, it’s about Apache configuration. Googling for “self signed certificate Apache” you can try to configure a dummy certificate for Apache. For instance:
When all is working OK in your installation, you can pay for a certificate or maybe you can find one at no cost anywhere. I don’t care about certificates where I’m working now but maybe someone else can guide you about this topic.