Rewrite + SSL + apache2 + FastCGI + RHEL4

Hello,

Thanks to a little fiddling and the very nice post by William Harrison,
I can see RT3 at https://rt.example.com/rt. Also, any http attempts
are automatically rewritten into https. I’m using a self-signed cert.

However, I want to see it at https://rt.example.com

I’ve tried (blindly, I’m afraid) a bunch of things, all evidently wrong.
Can anyone help? Here is my starting point, which works as described
above:

httpd.conf
<VirtualHost :80>
ServerAdmin root
DocumentRoot /var/www/html/
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.
) https://%{SERVER_NAME}/$1 [L,R,NC]

General setup for the virtual host

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.example.com.key
DocumentRoot /opt/rt3/share/html/
ServerName rt.example.com
ServerAdmin root

Adding the following for RT (the ticket tracker)

AddHandler fastcgi-script fcgi

<Directory “/opt/rt3/share/html”>
SSLOptions +StdEnvVars
Options FollowSymLinks ExecCGI
AllowOverride None

Pass through requests to display images

Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/

FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi

diff RT_SiteConfig.pm RT_Config.pm

27c27
< Set($rtname , “rt”);

Set($rtname , “example.com”);
122c122
< Set($ParseNewMessageForTicketCcs , 1);
Set($ParseNewMessageForTicketCcs , undef);
127c127
< Set($RTAddressRegexp , ‘^rt@rt.example.com$’);
Set($RTAddressRegexp , ‘^rt@example.com$’);
274c274
< Set($WebPath , “/rt”);
Set($WebPath , “”);
279c279
< Set($WebBaseURL , “http://rt.example.com:80”);

set up this rule on port 80 , and modify it as needed

RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^192.168.254.250$
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

then set up a nnew virt host for port 443 with all your options.

thats allOn Apr 14, 2005, at 11:57 AM, Phil Lawrence wrote:

Hello,

Thanks to a little fiddling and the very nice post by William
Harrison, I can see RT3 at https://rt.example.com/rt. Also, any http
attempts are automatically rewritten into https. I’m using a
self-signed cert.

However, I want to see it at https://rt.example.com

I’ve tried (blindly, I’m afraid) a bunch of things, all evidently
wrong. Can anyone help? Here is my starting point, which works as
described above:

httpd.conf
<VirtualHost :80>
ServerAdmin root
DocumentRoot /var/www/html/
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.
) https://%{SERVER_NAME}/$1 [L,R,NC]

General setup for the virtual host

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.example.com.key
DocumentRoot /opt/rt3/share/html/
ServerName rt.example.com
ServerAdmin root

Adding the following for RT (the ticket tracker)

AddHandler fastcgi-script fcgi

<Directory “/opt/rt3/share/html”>
SSLOptions +StdEnvVars
Options FollowSymLinks ExecCGI
AllowOverride None

Pass through requests to display images

Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/

FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi

diff RT_SiteConfig.pm RT_Config.pm

27c27
< Set($rtname , “rt”);

Set($rtname , “example.com”);
122c122
< Set($ParseNewMessageForTicketCcs , 1);


Set($ParseNewMessageForTicketCcs , undef);
127c127
< Set($RTAddressRegexp , ‘^rt@rt.example.com$’);


Set($RTAddressRegexp , ‘^rt@example.com$’);
274c274
< Set($WebPath , “/rt”);


Set($WebPath , “”);
279c279
< Set($WebBaseURL , “http://rt.example.com:80”);


Set($WebBaseURL , “http://RT::WebBaseURL.not.configured:80”);


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

RT Administrator and Developer training is coming to your town soon!
(Boston, San Francisco, Austin, Sydney) Contact
training@bestpractical.com for details.

Be sure to check out the RT Wiki at http://wiki.bestpractical.com

Steve Rieger
(212) 804-1131 (Work)
(646) 335-8915 (Cell)
chozrim (aim)

I saw the other guy’s response, so perhaps I don’t understand what you are
trying to do, and so maybe I am way off…

I also put RT in the root directory, though I don’t use fastcgi, so all I
had to do was:
DocumentRoot /usr/local/rt3/share/html

I don’t know if ScriptAlias is allowed to be blank, I would try:
ScriptAlias / /opt/rt3/bin/mason_handler.fcgiOn Thu, 14 Apr 2005, Phil Lawrence wrote:

Thanks to a little fiddling and the very nice post by William Harrison, I can
see RT3 at https://rt.example.com/rt. Also, any http attempts are
automatically rewritten into https. I’m using a self-signed cert.

However, I want to see it at https://rt.example.com

I’ve tried (blindly, I’m afraid) a bunch of things, all evidently wrong.
Can anyone help? Here is my starting point, which works as described above:

httpd.conf
<VirtualHost :80>
ServerAdmin root
DocumentRoot /var/www/html/
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.
) https://%{SERVER_NAME}/$1 [L,R,NC]

General setup for the virtual host

SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.example.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.example.com.key
DocumentRoot /opt/rt3/share/html/
ServerName rt.example.com
ServerAdmin root

Adding the following for RT (the ticket tracker)

AddHandler fastcgi-script fcgi

<Directory “/opt/rt3/share/html”>
SSLOptions +StdEnvVars
Options FollowSymLinks ExecCGI
AllowOverride None

Pass through requests to display images

Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/

FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi

diff RT_SiteConfig.pm RT_Config.pm

27c27
< Set($rtname , “rt”);

Set($rtname , “example.com”);
122c122
< Set($ParseNewMessageForTicketCcs , 1);


Set($ParseNewMessageForTicketCcs , undef);
127c127
< Set($RTAddressRegexp , ‘^rt@rt.example.com$’);


Set($RTAddressRegexp , ‘^rt@example.com$’);
274c274
< Set($WebPath , “/rt”);


Set($WebPath , “”);
279c279
< Set($WebBaseURL , “http://rt.example.com:80”);


Set($WebBaseURL , “http://RT::WebBaseURL.not.configured:80”);


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

RT Administrator and Developer training is coming to your town soon! (Boston,
San Francisco, Austin, Sydney) Contact training@bestpractical.com for
details.

Be sure to check out the RT Wiki at http://wiki.bestpractical.com

Turns out RHEL4 snuck an ssl.conf file in /etc/httpd/conf.d/ssl.conf.
So it was overriding my attempts within /etc/httpd/conf/httpd.conf!

Still working on the details, will post again. But here’s the big CLUE:

httpd -S

[Thu Apr 14 14:22:00 2005] [warn] default VirtualHost overlap on port
443, the first has precedence
VirtualHost configuration:
wildcard NameVirtualHosts and default servers:
default:443 rt.example.com (/etc/httpd/conf.d/ssl.conf:88)
default:443 rt.Example.COM (/etc/httpd/conf/httpd.conf:1033)
*:80 is a NameVirtualHost
default server rt.example.com (/etc/httpd/conf/httpd.conf:1027)
port 80 namevhost rt.example.com (/etc/httpd/conf/httpd.conf:1027)
Syntax OK

Thanks,
phil