Best file layout for Centos7 + apache

Hello All I have previously installed rt4 files in /var/www/rt4 (by setting the $PREFIX) but my concern is that this creates a security risk. The gist of my questions are what is the minimum set of files required in the web server document root? And what is the best way of installing only those files there? I have tried setting the $htmldir configuration direction but not sure exactly which files it puts there. What are other peoples opinions and configurations for rt4 with respect to this> Thanks in advance.

Hello All

I have previously installed rt4 files in /var/www/rt4 (by setting the
$PREFIX) but my concern is that this creates a security risk.

Can you detail that concern? Not saying it’s wrong, I just don’t see
anything particularly risky. It’s not the way I deploy RT, but I don’t
see a clear risk in it…

The gist of my questions are what is the minimum set of files required
in the web server document root?

Zero.

I’ve been running RT versions since v2 from subdirectories of /opt/
(i.e. the default layout) on various versions of FreeBSD and Linux and
never had a need to point a server-wide document root there. I’ve not
put a 4.x on CentOS7 instance into production yet, but I have an
extended demo instance of RT4.4rc1 on CentOS7 system running, being
lightly exercised and tweaked for a prospective customer for months now
with no problems related to filesystem location, entirely in /opt/rt4/.

Thanks Bill. So what you are saying is don’t make any configuration changes as far as file locations and put everything in the doc root?

Thanks

Duncan

Sent: Saturday, May 07, 2016 at 8:58 AM

From: “Bill Cole” <rtusers-20090205@billmail.scconsult.com>

To: rt-users@lists.bestpractical.com

Subject: Re: [rt-users] Best file layout for Centos7 + apacheOn 7 May 2016, at 10:46, Duncan Morgan wrote:

> Hello All

>

> I have previously installed rt4 files in /var/www/rt4 (by setting the

> $PREFIX) but my concern is that this creates a security risk.

Can you detail that concern? Not saying it’s wrong, I just don’t see

anything particularly risky. It’s not the way I deploy RT, but I don’t

see a clear risk in it…

> The gist of my questions are what is the minimum set of files required

> in the web server document root?

Zero.

I’ve been running RT versions since v2 from subdirectories of /opt/

(i.e. the default layout) on various versions of FreeBSD and Linux and

never had a need to point a server-wide document root there. I’ve not

put a 4.x on CentOS7 instance into production yet, but I have an

extended demo instance of RT4.4rc1 on CentOS7 system running, being

lightly exercised and tweaked for a prospective customer for months now

with no problems related to filesystem location, entirely in /opt/rt4/.

RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Washington DC - May 23 & 24, 2016

Hello Duncan,Am 07.05.2016 um 18:47 schrieb Duncan Morgan:

Thanks Bill.
So what you are saying is don’t make any configuration changes as far as
file locations and put everything in the doc root?

Isn’t /var/www what the Apache server uses as its default DocumentRoot?

I would certainly not recommend that path or any of its subdirectories
as an RT installation root - if only to make absolutely sure that you
don’t expose your configuration that way when somebody manages to access
the default VHost.

Instead, I’d move the installation to /opt - i.e. use --prefix=/opt/rt4
or somesuch when running configure.

Then make a separate Apache vHost with

DocumentRoot “/opt/rt4/share/html”

That way, accesses to the default vHost of Apache will go to the default
pages in /var/www, and the accesses for the web elements of RT will go
into a subdirectory of your RT installation.

HTH,
Thomas
Just my $0.02

Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.

Thanks Bill.

So what you are saying is don’t make any configuration changes as far
as file locations and put everything in the doc root?

No, I’m saying that I do exactly as Thomas Bätzler described: install
to /opt/rt4/ and configure an Apache VirtualHost with ‘DocumentRoot
“/opt/rt4/share/html”’

One advantage to this is that if you keep SELinux enabled, you don’t
need to worry about any policy changes (which you do need for RT to
work) being entangled with the default system policy.

Thank you.

Sent: Saturday, May 07, 2016 at 12:07 PM

From: “Bill Cole” <rtusers-20090205@billmail.scconsult.com>

To: rt-users@lists.bestpractical.com

Subject: Re: [rt-users] Best file layout for Centos7 + apacheOn 7 May 2016, at 12:47, Duncan Morgan wrote:

> Thanks Bill.

>

> So what you are saying is don’t make any configuration changes as far

> as file locations and put everything in the doc root?

No, I’m saying that I do exactly as Thomas Bätzler described: install

to /opt/rt4/ and configure an Apache VirtualHost with 'DocumentRoot

“/opt/rt4/share/html”’

One advantage to this is that if you keep SELinux enabled, you don’t

need to worry about any policy changes (which you do need for RT to

work) being entangled with the default system policy.

RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Washington DC - May 23 & 24, 2016