Centos 7 - Forbidden, You don't have permission to access /rt4 on this server

Hello

I’m struggling a lot to understand how to configure Apache for RT.
I have gone through the documentation in the “Web deployment” section
but I don’t understand
what am I supposed to do. Under the apache section it talks about
"mod_fastcgi" and “mod_fcgid”.

Do I have these modules? What I add to “httpd.conf” depends on which one
of these modules I have or use?
I also borrowed the RT essentials book from our library but the book is
a bit out-of date and talks about RT3. There are a number of how-to’s
online available but all a bit different to each other. I presume that
is because they are written by people who know what they are doing so
they config things they way, they believe is right.

Whenever I try to view RT I get this error: Forbidden, You don’t have
permission to access /rt4 on this server. In a desperate attempt to
solve this permissions issue I did: "chown apache:apache -R /opt/rt4"
but with no luck.

I’m stuck at the moment because I don’t know how to use Apache, so I am
asking for your help, please.
Below are my current configurations. When you can, please let me know
what I should do/correct.

Apache/2.4.6 (CentOS 7)

RT_SiteConfig.pm looks like this:

Set( $rtname, ‘AD’);
Set( $Organization, ‘www.jimmy.ad.biosci.ac.uk’);
Set( $Timezone, ‘GB’);
Set( $WebDomain, ‘jimmy.ad.biosci.ac.uk’);
Set( $WebBaseURL, ‘http://jimmy.ad.biosci.ac.uk’);
Set( $WebPath, ‘/rt4’);
Set( $WebPort, 443);
Set( $CorrespondAddress, ‘bio@mail.biosci.ac.uk’);
Set( $CommentAddress, ‘comment@mail.biosci.ac.uk’);
Set( $SendMailPath, ‘/usr/lib/sendmail’);
Set( $DatabaseType, ‘mysql’);
Set( $DatabaseUser, ‘rtuser’);
Set( $DatabasePassword, ‘mypassword’);
Set( $DatabaseName, ‘rt4db’);
Set( $LogtoSyslog, ‘’);
Set ($LogToFile, ‘debug’);

HTTPD.CONF:

<VirtualHost *:443>
ServerName jimmy.ad.biosci.ac.uk:443
Redirect / https://jimmy.ad.biosci.ac.uk/rt4

SSL.CONF:

#

 # Request Tracker
 # ServerName rt.corp.example.com:443
   ServerName jimmy.ad.biosci.ac.uk:443

   AddDefaultCharset UTF-8
   DocumentRoot /opt/rt4/share/html
   Alias /NoAuth/images/ /opt/rt4/share/html/NoAuth/images/
   ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/
   <Location />
   Order allow,deny
   Allow from all
   </Location>
   <Directory "/opt/rt4/sbin">
   SSLOptions +StdEnvVars
   </Directory>
   </VirtualHost>

Hi,

You need to firstly pick your deployment method from the web deployment
documentation.

I go for the nginx option, but I would suggest you use Apache and
mod_fastcgi as lots of people on this
list seem to be using RT in that manner.

The following will install mod_fastcgi on your CentOS box
yum install mod_fastcgi

Copy that example from the fastcgi section of the documentation:

https://docs.bestpractical.com/rt/4.4.0/web_deployment.html#mod_fastcgi

If you have installed RT in the default location the paths should be
fine.

Now make the changes described in the section regarding Running RT under
/rt

https://docs.bestpractical.com/rt/4.4.0/web_deployment.html#Running-RT-at-rt-rather-than

You have already set the webpath in RT_Config.pm, however you haven’t
added the correct
ScriptAlias path nor Location to your apache configuration.

Hope that helps

Best Regards

MartinOn 2016-04-21 10:28, Yanni wrote:

Hello

I’m struggling a lot to understand how to configure Apache for RT.
I have gone through the documentation in the “Web deployment” section
but I don’t understand
what am I supposed to do. Under the apache section it talks about
"mod_fastcgi" and “mod_fcgid”.

Do I have these modules? What I add to “httpd.conf” depends on which
one of these modules I have or use?
I also borrowed the RT essentials book from our library but the book
is a bit out-of date and talks about RT3. There are a number of
how-to’s online available but all a bit different to each other. I
presume that is because they are written by people who know what they
are doing so they config things they way, they believe is right.

Whenever I try to view RT I get this error: Forbidden, You don’t have
permission to access /rt4 on this server. In a desperate attempt to
solve this permissions issue I did: "chown apache:apache -R /opt/rt4"
but with no luck.

I’m stuck at the moment because I don’t know how to use Apache, so I
am asking for your help, please.
Below are my current configurations. When you can, please let me know
what I should do/correct.


Apache/2.4.6 (CentOS 7)

RT_SiteConfig.pm looks like this:

Set( $rtname, ‘AD’);
Set( $Organization, ‘www.jimmy.ad.biosci.ac.uk [1]’);
Set( $Timezone, ‘GB’);

Set( $WebDomain, ‘jimmy.ad.biosci.ac.uk’);
Set( $WebBaseURL, ‘http://jimmy.ad.biosci.ac.uk’);
Set( $WebPath, ‘/rt4’);
Set( $WebPort, 443);

Set( $CorrespondAddress, ‘bio@mail.biosci.ac.uk’);
Set( $CommentAddress, ‘comment@mail.biosci.ac.uk’);
Set( $SendMailPath, ‘/usr/lib/sendmail’);

Set( $DatabaseType, ‘mysql’);
Set( $DatabaseUser, ‘rtuser’);
Set( $DatabasePassword, ‘mypassword’);
Set( $DatabaseName, ‘rt4db’);

Set( $LogtoSyslog, ‘’);
Set ($LogToFile, ‘debug’);

HTTPD.CONF:

<VirtualHost *:443>
ServerName jimmy.ad.biosci.ac.uk:443
Redirect / https://jimmy.ad.biosci.ac.uk/rt4

SSL.CONF:

#

# Request Tracker
# ServerName rt.corp.example.com:443
  ServerName jimmy.ad.biosci.ac.uk:443

  AddDefaultCharset UTF-8
  DocumentRoot /opt/rt4/share/html
  Alias /NoAuth/images/ /opt/rt4/share/html/NoAuth/images/
  ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/
  <Location />
  Order allow,deny
  Allow from all
  </Location>
  <Directory "/opt/rt4/sbin">
  SSLOptions +StdEnvVars
  </Directory>
  </VirtualHost>

Links:

[1] http://www.jimmy.ad.biosci.ac.uk


RT 4.4 and RTIR Training Sessions https://bestpractical.com/training

  • Washington DC - May 23 & 24, 2016

Hello,

@Martin provided some advice that needs followed, but here is some
additional info as well:

Under the apache section it talks about “mod_fastcgi” and
"mod_fcgid".

Do I have these modules?

As you are on CentOS 7, you can use yum to find out. This example shows
I have mod_fcgid installed:

yum list installed | grep fcgi
mod_fcgid.x86_64 2.3.9-4.el7 @base

What I add to “httpd.conf” depends on which one of these modules I
have or use?

Correct.

I also borrowed the RT essentials book from our library but the book is
a bit out-of date and talks about RT3. There are a number of how-to’s
online available but all a bit different to each other. I presume that
is because they are written by people who know what they are doing so
they config things they way, they believe is right.

The book is outdated, but the online documentation is up to date:

https://docs.bestpractical.com/rt/4.4.0/web_deployment.html

For reference here is the documentation index:

https://docs.bestpractical.com/rt/4.4.0/index.html

Whenever I try to view RT I get this error: Forbidden, You don’t have
permission to access /rt4 on this server. In a desperate attempt to
solve this permissions issue I did: "chown apache:apache -R /opt/rt4"
but with no luck.

This attempted solution may have weakened security a bit, you don’t want
the application files writable by the webserver user. You may want to
back up and delete /opt/rt4 and rerun ‘make install’ in your RT source
directory.

And then again @Martin provided some advice that needs followed, but
some additional advice is you’re using pre-apache 2.4 access directives:

  <Location />
  Order allow,deny
  Allow from all
  </Location>

This is the reason for the specific error you are getting. Note in the
deployment documentation:

         <IfVersion >= 2.4> # For Apache 2.4
             Require all granted
         </IfVersion>
         <IfVersion < 2.4>  # For Apache 2.2
             Order allow,deny
             Allow from all
         </IfVersion>

Since you are on an apache > 2.4, you want to use the ‘Require all
granted’ directive.

Regards,